Month: November 2022

Posted on

Security Bulletin: ISC BIND on IBM i is vulnerable to denial of service due to memory leaks and a flaw in resolver code (CVE-2022-2795, CVE-2022-38177, CVE-2022-38178)

Summary

ISC BIND on IBM i is vulnerable to a denial of service attack due to memory leaks in the DNSSEC verification code and a flaw in resolver code to degrade performance as described in the vulnerability details section. IBM i has addressed the vulnerabilities in ISC BIND with a fix as described in the remediation/fixes section.

Vulnerability Details

CVEID:   CVE-2022-2795
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by a flaw in resolver code. By flooding the target resolver with queries, a remote attacker could exploit this vulnerability to severely degrade the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2022-38177
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236705 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2022-38178
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by a memory leak in the DNSSEC verification code for the EdDSA algorithm. By spoofing the target resolver with responses that have a malformed EdDSA signature, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/236706 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

 

Affected Product(s)Version(s)IBM i7.5IBM i7.4IBM i7.3IBM i7.2

Remediation/Fixes

The issue can be fixed by applying PTFs to IBM i.  IBM i releases 7.5, 7.4, 7.3, and 7.2 will be fixed.

 

The IBM i PTF numbers contain the fix for the vulnerabilities.

 

 

https://www.ibm.com/support/fixcentral

Important note: IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

References

Off

Change History

28 Nov 2022: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “”AS IS”” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. “Affected Products and Versions” referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

[{“Business Unit”:{“code”:”BU058″,”label”:”IBM Infrastructure w/TPS”},”Product”:{“code”:”SWG60″,”label”:”IBM i”},”Component”:””,”Platform”:[{“code”:”PF012″,”label”:”IBM i”}],”Version”:”7.5.0, 7.4.0, 7.3.0, 7.2.0″,”Edition”:””,”Line of Business”:{“code”:”LOB57″,”label”:”Power”}},{“Business Unit”:{“code”:”BU058″,”label”:”IBM Infrastructure w/TPS”},”Product”:{“code”:”SSTS2D”,”label”:”IBM i 7.3 Preventative Service Planning”},”Component”:””,”Platform”:[{“code”:”PF012″,”label”:”IBM i”}],”Version”:”7.3.0″,”Edition”:””,”Line of Business”:{“code”:”LOB57″,”label”:”Power”}},{“Business Unit”:{“code”:”BU058″,”label”:”IBM Infrastructure w/TPS”},”Product”:{“code”:”SSB23CE”,”label”:”IBM i 7.5 Preventative Service Planning”},”Component”:””,”Platform”:[{“code”:”PF012″,”label”:”IBM i”}],”Version”:”7.5.0″,”Edition”:””,”Line of Business”:{“code”:”LOB57″,”label”:”Power”}},{“Business Unit”:{“code”:”BU058″,”label”:”IBM Infrastructure w/TPS”},”Product”:{“code”:”SSC5L9″,”label”:”IBM i 7.2 Preventative Service Planning”},”Component”:””,”Platform”:[{“code”:”PF012″,”label”:”IBM i”}],”Version”:”7.2.0″,”Edition”:””,”Line of Business”:{“code”:”LOB57″,”label”:”Power”}},{“Business Unit”:{“code”:”BU058″,”label”:”IBM Infrastructure w/TPS”},”Product”:{“code”:”SS9QQS”,”label”:”IBM i 7.4 Preventative Service Planning”},”Component”:””,”Platform”:[{“code”:”PF012″,”label”:”IBM i”}],”Version”:”7.4.0″,”Edition”:””,”Line of Business”:{“code”:”LOB57″,”label”:”Power”}}]

Posted on

Why IT Operations and Security Needs to Include Mainframe and IBM i Systems Log Data

Decades ago, IT systems were self-contained. In an era ruled by mainframe computers, top to bottom programs all ran within a single environment and were written in a single programming language. Applications ran in relative isolation. Inputs and outputs were limited to so-called “human interfaces” (that is, keyboards and screens), supported by hard-copy printouts and tape storage.

Fast forward to today, and the world looks very different. Cloud computing and distributed architectures are everywhere. IT teams must grapple with a dizzying array of hardware, software, and platform infrastructure that is constantly changing. Customer expectations are higher; the demand for 24/7/365 availability is common. Elasticity and scale have become more important. Regulatory compliance has intensified, and security threats are a constant concern.

All this complexity has spawned a body of best practices for security incident and event management (SEIM) and IT service management (ITSM), along with a set of technology tools to support these disciplines.

As IT teams struggle to effectively manage their complex IT infrastructures and reduce risks to the business, they need to ensure that they include their mission-critical IBM i and mainframe systems in their oversight.

Read our eBook

The Ultimate Guide to IBM i Machine Data Analytics

Large global banks, airlines, and insurance carriers are using Ironstream to connect their IBM i systems to ServiceNow and Splunk, giving them much clearer visibility of IT operations, security, and data operations. To learn how your organization can benefit from a clear view of your entire IT landscape, read our free ebook.

Mainframe Systems and the High Cost of Downtime

In 2014, Gartner estimated that the average cost of system downtime was $5,600 per minute. Avaya puts the number somewhere between $2,300 and $9,000 per minute, and more recent studies favor the high end of that range. A recent headline estimated the cost of a single Facebook outage at up to $90 million. That may be well above average, but the fact remains that when something goes wrong, the cost can be extraordinarily high, and every second counts.

Reputational costs can be high as well. Outages, data breaches, and compliance issues can lead to bad publicity, lost revenue, and long-term erosion of market share.

All of this is happening because systems are more complex and interconnected and customer expectations have changed. IT systems are ubiquitous in our daily lives. Consequently, the world expects virtually zero downtime.

Companies must have adequate visibility of what’s happening, in real time. They need to see all the moving parts of a system and understand the potential points of failure. Ideally, they should have automation in place that enables machines to do the heavy lifting and identify problems before they occur.

Observability and the Role of IBM i Mainframes

These challenges have led to the development of something that Gartner calls “observability” tools such as ServiceNow and Splunk. The analyst firm defines observability as “the evolution of monitoring into a process that offers insight into digital business applications, speeds innovation, and enhances customer experience.”

As the world has changed, mainframes have evolved to keep up with these latest developments. Despite some claims to the contrary, mainframes are more relevant than ever. They’re inherently resilient, with strong security and rock-solid dependability.

Nevertheless, organizations running mainframe systems face a unique set of challenges, not the least of which is the astronomical cost of system downtime.

Since mainframes house so much critical business data, that means keeping these systems up and running 24×7. Platforms like IBM i have a solid reputation for excellence in this respect. Nevertheless, mainframes and their interfaces to other systems require the same level of constant attention as the rest of the IT landscape.

IBM i offers its own monitoring and management tools, and third-party software adds further to the available options for IBM shops. Yet standalone monitoring of a mainframe or IBM i system can only provide a disjointed view of what’s happening. By opening up your critical IBM systems to industry-standard data observability tools like ServiceNow and Splunk, your IT team can bring together KPIs, metrics, and IT data points from across the data center to inform operational and security decisions.

IBM i systems contain a wealth of information, over and above the application data they house. This often includes untapped sources of insight, so-called “dark data” such as logs and machine data that is not typically used for any purpose other than troubleshooting. By unlocking that information and making it available to observability tools like ServiceNow and Splunk, organizations can gain immediate access to valuable insights previously buried deep in their mainframe systems.

Observability Use Cases

There are many use cases for this kind of data. System monitoring across the entire IT landscape provides real-time visibility to KPIs, system health and performance data, and alerts and warnings to notify IT staff when a critical incident may be imminent. Operational intelligence provides workload analysis, behavior trends, and historical comparisons, giving IT architects a clear picture of how current systems are used, and how they might be improved.

Observability also simplifies compliance, allowing companies to monitor for unauthorized access to sensitive information and making it possible to respond quickly and easily to requests for regulatory evidence and support.

Finally, observability provides critical information about security incidents, even as they unfold. With a holistic view of the IT landscape, enterprise teams can gain a complete view of privileged user activity, sensitive data access, and data movement.

Precisely Ironstream: The Critical Link for ServiceNow and Splunk

Precisely Ironstream is the industry’s most comprehensive solution for automatic forwarding of machine and log data to analytics platforms like ServiceNow and Splunk. In the past, mainframe and IBM i shops needed to engage valuable experts to extract data from the various data sources on their business-critical systems. With Ironstream, it’s easy to feed data to your analytics platform of choice for visibility into activity on all of your systems within one user interface.

Large global banks, airlines, and insurance carriers are using Ironstream to connect their mainframe and IBM i systems to ServiceNow and Splunk, giving them much clearer visibility of IT operations, security, and data operations. To learn how your organization can benefit from a clear view of your entire IT landscape, read our free ebook, The Ultimate Guide to IBM i Machine Data Analytics.

The post Why IT Operations and Security Needs to Include Mainframe and IBM i Systems Log Data appeared first on Precisely.

Posted on

A lot of good points here #IBMi #rpgpgm

A lot of good points here#IBMi #rpgpgm twitter.com/iTech_Sol/stat…

– Simon Hutchinson (@RPGPGM)13:29 – Nov 28, 2022Quoted Tweet:

“The cons of not keeping your systems current are outweighing any pros of maintaining the status quo. The biggest negative being the costs involved in fixing a problem that could have been avoided with proper planning and upkeep of your systems.” hubs.la/Q01sSCbR0 pic.twitter.com/44Xeoq4VuU

– iTech Solutions | A Service Express Company (@iTech_Sol)08:10 – Nov 28, 2022

Verified by MonsterInsights