RSA Authentication Manager 8.2 False Positive Security Vulnerabilities
Originally Published: 2017-04-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
CVE Identifier(s)
Article Summary
Alert Impact
Not Exploitable
Alert Impact Explanation
False Positive
Resolution
| Embedded Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Linux kernel | CVE-2016-7916 | CVE-2016-7916 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2016-9794 | CVE-2016-9794 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 7.8 High | ||||
| Linux kernel | CVE-2016-8633 | CVE-2016-8633 | Response: The flaw does not exist | 19-Apr-17 |
| drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | The RSA Authentication Manager appliance does not support this driver. | |||
| CVSS v3 Base Score: 6.8 Medium | ||||
| Linux kernel | CVE-2017-5551 | CVE-2017-5551 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 4.4 Medium | ||||
| Linux kernel | CVE-2016-9756 | CVE-2016-9756 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2015-1350 | CVE-2015-1350 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| ISC BIND | CVE-2017-3135 | CVE-2017-3135 | Response: The flaw does not exist. | |
| A denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. (There is no description for this issue at NVD.) | The RSA Authentication Manager appliance does not include the ISC BIND named service. | 19-Apr-17 |
Disclaimer
Related Articles
RSA Authentication Manager 8.2 False Positive Security Vulnerabilities Number of Views RSA Authentication Manager 8.2 False Positive Security Vulnerabilities Number of Views RSA Authentication Manager 8.7 SP1 False Positive Security Vulnerabilities Number of Views RSA Authentication Manager 8.3 False Positive Security Vulnerabilities Number of Views RSA Authentication Manager 8.7 False Positive Security Vulnerabilities Number of Views
Trending Articles
RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Configuring a Checkpoint firewall to work with SecurID RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager Patch Updates Unable to login to RSA Authentication Manager Security Console as super admin
Don't see what you're looking for?
