CVE-2018-1126

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager has no method to remotely execute any procps utility with control over the invocation. The creation of any exploit would require an involved attempt by the local appliance administrator. The appliance administrator is the only user who can log in to the appliance and already has the ability to obtain root privileges.

CVE-2018-1125

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager has no method to remotely execute any procps utility with control over the invocation. The creation of any exploit would require an involved attempt by the local appliance administrator. The appliance administrator is the only user who can log in to the appliance and already has the ability to obtain root privileges.

CVE-2018-1124

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

Response: The flaw exists but does not create additional risk.

The creation of any exploit would require an involved attempt by the local appliance administrator. The appliance administrator is the only user who can log in to the appliance and already has the ability to obtain root privileges.

CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager has no method to remotely execute any procps utility with control over the invocation. The creation of any exploit would require an involved attempt by the local appliance administrator. The appliance administrator is the only user who can log in to the appliance and already has the ability to obtain root privileges.

CVE-2018-1122

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Response: The flaw exists but does not create additional risk.

The creation of any exploit would require an involved attempt by the local appliance administrator. The appliance administrator already has the ability to obtain root privileges.

CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager has no service which uses Perl and no existing capability which uses Perl's Archive::Tar module.

CVE-2014-3688

The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the SCTP protocol.

CVE-2018-0732

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the OpenSSL package for SSL/TLS connections.

CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

Response: The flaw exists and could be exploited..

The RSA Authentication Manager does not run the vulnerable ClamAV scanner by default. To exploit, an attacker would need to convince the appliance administrator to transfer a crafted file to the appliance.

CVE-2018-0361

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

Response: The flaw exists and could be exploited..

The RSA Authentication Manager does not run the vulnerable ClamAV scanner by default. To exploit, an attacker would need to convince the appliance administrator to transfer a crafted file to the appliance.

CVE-2008-1483

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the vulnerable features associated with forwarded X connections.

CVE-2016-10708

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

Response: The flaw exists and could be exploited.

The RSA Authentication Manager does not run enable ssh access by default. SSH access should not be enabled unless necessary for special maintenance activities and disabled when not in use. When enabled, ssh access should be limited to secure internal networks.

CVE-2016-10012

The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allow local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges.

CVE-2017-15906

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in read-only mode, which allows attackers to create zero-length files.

Response: The flaw exists but cannot be exploited.

The SSH server on the RSA Authentication Manage appliance does not use this feature (read-only mode).

CVE-2018-11236

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not have an external interface allowing the long pathnames required for exploit of this issue.

CVE-2018-10858

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Response: The flaw exists and could be exploited.

Could be exploited if an administrator attempts to use the smb client to connect to a malicious SMB server from the command line.

Not an issue for connections from AM services (but nonetheless, administrators should not connect and transfer files to malicious or untrusted file shares).

CVE-2018-3646

L1 Terminal Fault: VMM - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Note: The EMC Product Security Office has created a response for all RSA products. Refer to: https://community.rsa.com/docs/DOC-96325

CVE-2018-3615

L1 Terminal Fault: SGX - Systems with microprocessors utilizing speculative execution and Intel® software guard extensions (Intel® SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

Note: The EMC Product Security Office has created a response for all RSA products. Refer to: https://community.rsa.com/docs/DOC-96325

CVE-2018-3620

L1 Terminal Fault: OS/SMM - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Note: The EMC Product Security Office has created a response for all RSA products. Refer to: https://community.rsa.com/docs/DOC-96325

CVE-2018-13053

The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-13406

An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2016-8405

An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver, and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.

Response: The flaw does not exist.

The RSA Authentication Manager does not use this OS version or features.

CVE-2018-5814

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-12233

In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager appliance does not use this feature (Journaled File System).

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.
Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the vulnerable component.

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily, exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the vulnerable component in a manner which is exploitable, does not run untrusted code and does not rely upon the Java Sandbox for security.

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the vulnerable component in a manner which is exploitable, does not run untrusted code and does not rely upon the Java Sandbox for security.

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Response: The flaw exists and may be exploitable.

An issue for Web-Tier deployments on Windows. For more information refer to the description from Oracle.

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Response: The flaw exists and may be exploitable.

For more information refer to the description from Oracle.

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Response: The flaw does not exist.

The RSA Authentication Manager does not include the vulnerable component or version.

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Response: The flaw does not exist.

The RSA Authentication Manager does not include the vulnerable component or version.

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager does not use the vulnerable component in a manner which is exploitable.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Sample apps (Spring Framework)). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw does not exist.

The RSA Authentication Manager does not include the vulnerable component. The Oracle Sample Apps are not included in the RSA Authentication Manager.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists and may be exploitable.

For more information refer to the description from Oracle.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.

Response: The flaw exists and may be exploitable.

For more information refer to the description from Oracle.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

Response: The flaw does not exist.

The configuration required for the vulnerability is not present.

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: JSF). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server.

Response: The flaw does not exist.

The RSA Authentication Manager does not use the vulnerable component (JSF).

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

Response: The flaw does not exist.

The RSA Authentication Manager does not use the vulnerable component (Weblogic Console).

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data.

Response: The flaw does not exist.

The RSA Authentication Manager does not use the vulnerable component (SAML Authentication to Weblogic).

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console (jackson-databind)). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily, exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.

Response: The flaw exists but cannot be exploited

This issue is associated with an incomplete fix for another issue and this specific problem for CVE-2018-7489 will bypass a blacklist validation if the c3p0 libraries are available in the classpath. This scenario does not occur in the RSA Authentication Manager which does not use the additional libraries required for the exploit.

CVE-2018-1000204

** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit."

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager appliance does not have the required vulnerable configuration.

CVE-2017-13305

An information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.

Response: The flaw does not exist.

The RSA Authentication Manager does not use this OS version or features.

CVE-2018-1130

Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-1068

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-5803

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-7492

A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.

CVE-2018-1060

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager appliance has no service running in python and no python application accepting untrusted code to allow the exploit. The customer would need to create or install their own vulnerable application.

CVE-2018-1061

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager appliance has no service running in python and no python application accepting untrusted code to allow the exploit. The customer would need to create or install their own vulnerable application.

CVE-2016-5636

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Response: The flaw exists but cannot be exploited.

The RSA Authentication Manager appliance has no service running in python and no python application accepting untrusted code to allow the exploit. The customer would need to create or install their own vulnerable application.

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

OpenSSL.org:
https://www.openssl.org/news/secadv/20180416.txt

Response: The flaw exists but does not create additional risk.

The RSA Authentication Manager appliance administrator is the only user able to log into the system and is already capable of obtaining full system privileges and having the same impact.