RSA Authentication Manager 8.2 False Positive Security Vulnerabilities
Originally Published: 2017-04-20
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2
CVE Identifier(s)
Article Summary
Alert Impact
Not Exploitable
Alert Impact Explanation
False Positive
Resolution
| Embedded Component | CVE ID | Summary of Vulnerability | Reason why Product is not Vulnerable | Date Determined False Positive |
| Linux kernel | CVE-2016-7916 | CVE-2016-7916 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2016-9794 | CVE-2016-9794 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 7.8 High | ||||
| Linux kernel | CVE-2016-8633 | CVE-2016-8633 | Response: The flaw does not exist | 19-Apr-17 |
| drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets. | The RSA Authentication Manager appliance does not support this driver. | |||
| CVSS v3 Base Score: 6.8 Medium | ||||
| Linux kernel | CVE-2017-5551 | CVE-2017-5551 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 4.4 Medium | ||||
| Linux kernel | CVE-2016-9756 | CVE-2016-9756 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| Linux kernel | CVE-2015-1350 | CVE-2015-1350 | Response: The flaw exists but does not additional risk. | 19-Apr-17 |
| The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program. | The RSA Authentication Manager appliance is a secure system with a single appliance administrator capable of logging in. It is not a multi-purpose/multi-user system with non-privileged local users. The appliance administrator is already capable of obtaining root privileges. | |||
| CVSS v3 Base Score: 5.5 Medium | ||||
| ISC BIND | CVE-2017-3135 | CVE-2017-3135 | Response: The flaw does not exist. | |
| A denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. (There is no description for this issue at NVD.) | The RSA Authentication Manager appliance does not include the ISC BIND named service. | 19-Apr-17 |
Disclaimer
Related Articles
Unable to Resume or Delete a Data Archive with Archive Status Suspended in RSA Identity Governance & Lifecycle Number of Views RSA Authentication Manager 8.2 SP1 Vulnerabilities in the Linux kernel – False Positive Number of Views Install fails 'UnsatisfiedLinkError exception loading native library: njni10' Number of Views SP4 installation fails and automatic restoration breaks the replication. Number of Views Can archived aveksa.ear files stored in $AVEKSA_HOME/archive be deleted in RSA Identity Governance & Lifecycle? Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
