Release date:
Updated on:
Affected Systems:
IBM Flex System Chassis Management Module (CMM) 1.x
IBM Flex System Integrated Management Module 2 (IMM2) 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56850
CVE (CAN) ID: CVE-2012-4838
IBM Flex System is an infrastructure that integrates computing, storage, and network resources.
Local Accounts and IMM2 SSH or SSL/TLS keys in Flex System Chassis Management Module (CMM) and Integrated Management Module 2 (IMM2) may be exposed through service or maintenance activities due to code defects, the user ID and password of SNMPv3/LDAP managed by the Chassis Management Module may also be leaked.
<* Source: IOActive Inc
Link: http://secunia.com/advisories/51508/
Https://www-304.ibm.com/connections/blogs/PSIRT/entry/flex_system_chassis_management_module_cmm_and_integrated_management_module_2_imm2_potential_security_vulnerability_with_authentication_data_cve_2012_4838_ibm_flex_system8? Lang = zh_cn
Http://xforce.iss.net/xforce/xfdb/79020
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
IBM
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www-947.ibm.com/support/entry/myportal/docdisplay? Lndocid = MIGR-5092001