

Rewterz Threat Advisory – IBM WebSphere Application Server Multiple Vulnerabilities
June 28, 2019
Rewterz Threat Alert – Riltok Banking Trojan Through Smishing and Social Engineering
June 28, 2019
Rewterz Threat Advisory – IBM WebSphere Application Server Multiple Vulnerabilities
June 28, 2019
Rewterz Threat Alert – Riltok Banking Trojan Through Smishing and Social Engineering
June 28, 2019Severity
Medium
Analysis Summary
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
Impact
Privilege escalation
Affected Vendors
IBM
Affected Products
IBM Security Guardium (formerly IBM InfoSphere Guardium) versions 10.0 through 10.5.
Remediation
Apply fix.
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&
product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform
=All&function=fixId&fixids=SqlGuard_10.0p530_Bundle_Jun-17-2019&includeSupersedes=0&source=fc