Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3313
Vyatta 5600 vRouter Software Patches - Release 1801-z and 1801-za
2 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Infrastructure service automation
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Root Compromise -- Existing Account
Increased Privileges -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Delete Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Provide Misleading Information -- Remote/Unauthenticated
Read-only Data Access -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-13132 CVE-2019-12749 CVE-2019-12735
CVE-2019-11884 CVE-2019-11833 CVE-2019-11815
CVE-2019-11599 CVE-2019-11486 CVE-2019-11479
CVE-2019-11478 CVE-2019-11477 CVE-2019-10161
CVE-2019-10126 CVE-2019-9503 CVE-2019-9500
CVE-2019-8325 CVE-2019-8324 CVE-2019-8323
CVE-2019-8322 CVE-2019-8321 CVE-2019-8320
CVE-2019-7317 CVE-2019-6465 CVE-2019-5489
CVE-2019-3863 CVE-2019-3862 CVE-2019-3861
CVE-2019-3860 CVE-2019-3859 CVE-2019-3858
CVE-2019-3857 CVE-2019-3856 CVE-2019-3855
CVE-2019-3846 CVE-2019-1543 CVE-2018-1000001
CVE-2018-20843 CVE-2018-6485 CVE-2018-5745
CVE-2018-5743 CVE-2017-1000366 CVE-2017-16887
CVE-2017-15804 CVE-2017-15671 CVE-2017-15670
CVE-2017-12133 CVE-2017-12132 CVE-2016-10228
CVE-2016-6323 CVE-2015-5180
Reference: ASB-2019.0212
ESB-2019.3239
ESB-2019.3208
ESB-2019.3194
ESB-2019.3135
ESB-2019.2981
ESB-2019.2919
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10887793
http://www.ibm.com/support/docview.wss?uid=ibm10960426
Comment: This bulletin contains two (2) IBM security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Vyatta 5600 vRouter Software Patches - Release 1801-z
Product: Infrastructure service automation
Software version: All Versions
Operating system(s): Appliance
Reference #: 0887793
Security Bulletin
Summary
AT&T has released versions 1801-z for the Vyatta 5600.
Details of these releases can be found at https://cloud.ibm.com/docs/
infrastructure/virtual-router-appliancetopic=
virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#
at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
CVEID: CVE-2019-3863
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in user authenticate keyboard
interactive. By sending a specially crafted message, a remote attacker could
exploit this vulnerability to trigger an out-of-bounds write and execute
arbitrary code on the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3862
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read when parsing packets with an exit status message and no
payload. By sending specially crafted SSH_MSG_CHANNEL_REQUEST packets, a remote
attacker could exploit this vulnerability to cause a denial of service or read
data in the client memory.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3861
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read when parsing packets with a padding length value greater
than the packet length. By sending a specially crafted SSH packet, a remote
attacker could exploit this vulnerability to cause a denial of service or read
data in the client memory.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158345 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3860
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read when parsing packets with empty payloads. By sending a
specially crafted SFTP packet, a remote attacker could exploit this
vulnerability to cause a denial of service or read data in the client memory.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158344 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3859
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev
functions. By sending a specially crafted packet, a remote attacker could
exploit this vulnerability to cause a denial of service or read data in the
client memory.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158343 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3858
DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an
out-of-bounds read. By sending a specially crafted SFTP packet, a remote
attacker could exploit this vulnerability to cause a denial of service or read
data in the client memory.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158342 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2019-3857
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow. By sending a specially crafted
SSH_MSG_CHANNEL_REQUEST packet with an exit signal message, a remote attacker
could exploit this vulnerability to trigger an out-of-bounds write and execute
arbitrary code on the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158341 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3856
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in keyboard interactive handling. By
sending a specially crafted request, a remote attacker could exploit this
vulnerability to trigger an out-of-bounds write and execute arbitrary code on
the client system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3855
DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on
the system, caused by an integer overflow in transport read. By sending
specially crafted packets, a remote attacker could exploit this vulnerability
to trigger an out-of-bounds read and execute arbitrary code on the client
system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
158339 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-6465
DESCRIPTION: ISC BIND could allow a remote attacker to obtain sensitive
information, caused by the failure to properly apply controls for zone
transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An
attacker could exploit this vulnerability to request and receive a zone
transfer of a DLZ even when not permitted to do so by the allow-transfer ACL.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157377 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-5745
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error
in the managed-keys feature. By replacing a trust anchor's keys with keys which
use an unsupported algorithm, a remote authenticated attacker could exploit
this vulnerability to cause an assertion failure.
CVSS Base Score: 4.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-5743
DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw
when setting the TCP client quota using the tcp-clients option. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause the exhaustion of file descriptors.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160127 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-8325
DESCRIPTION: RubyGems could allow a remote attacker to bypass security
restrictions, caused by a flaw in the Gem::CommandManager#run function. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to perform escape sequence injection.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159624 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-8324
DESCRIPTION: RubyGems could allow a remote attacker to execute arbitrary code
on the system, caused by improper handling of multi-line name. By persuading a
victim to install a specially-crafted gem, an attacker could exploit this
vulnerability to execute arbitrary code on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159623 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-8323
DESCRIPTION: RubyGems could allow a remote attacker to bypass security
restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By
sending a specially-crafted API response, an attacker could exploit this
vulnerability to perform escape sequence injection.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159622 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-8322
DESCRIPTION: RubyGems could allow a remote attacker to bypass security
restrictions, caused by a flaw in the gem owner command. By sending a
specially-crafted API response, an attacker could exploit this vulnerability to
perform escape sequence injection.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159621 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-8321
DESCRIPTION: RubyGems could allow a remote attacker to bypass security
restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to perform escape sequence injection.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159619 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-8320
DESCRIPTION: RubyGems could allow a remote attacker to traverse directories on
the system, caused by improper validation of user-supplied input. An attacker
could send a specially-crafted symlink request containing "dot dot" sequences
(/../) to delete arbitrary directory on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159618 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-7317
DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a
use-after-free in the png_image_free function in the libpng library. By
persuading a victim to visit a specially-crafted Web site, a remote attacker
could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
VRA - Vyatta 5600
Remediation/Fixes
Please contact IBM Cloud Support to request that the ISO for the 1801-zbe
pushed to your Vyatta system. Users will need to apply the upgraded code
according to their defined processes (for example during a defined maintenance
window).
Monitor IBM Cloud Status for Future Security Bulletins
Monitor the security notifications on the IBM Cloud Status page to be advised
of future security bulletins.
- ---
Vyatta 5600 vRouter Software Patches - Release 1801-za
Product: Infrastructure service automation
Software version: All Versions
Operating system(s): Firmware
Reference #: 0960426
Security Bulletin
Summary
AT&T has released versions 1801-za for the Vyatta 5600.
Details of these releases can be found at https://cloud.ibm.com/docs/
infrastructure/virtual-router-appliancetopic=
virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#
at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
CVEID: CVE-2019-12749
DESCRIPTION: D-Bus could allow a remote attacker to bypass security
restrictions, caused by symlink mishandling in the reference implementation of
DBUS_COOKIE_SHA1 in the libdbus library. By manipulating a ~/.dbus-keyrings
symlink, an attacker could exploit this vulnerability to bypass
DBUS_COOKIE_SHA1 authentication to allow a DBusServer with a different uid to
read and write in arbitrary locations.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)
CVEID: CVE-2016-10228
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused
by an error in the iconv program. By processing invalid multi-byte input
sequences, a remote attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124078 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-6323
DESCRIPTION: GNU C Library (glibc or libc6) is vulnerable to a denial of
service, caused by an incompatible error related to backtrace generation by the
makecontext function within sysdeps/posix/getaddrinfo.c. By using gccgo to
compile applications and persuading a victim to install the applications, a
remote attacker could exploit this vulnerability to cause the device to hang.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
118247 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2015-5180
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL
pointer dereference in the res_query function in libresolv. By using a
malformed pattern, a remote attacker could cause the process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
130620 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-1000366
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on
the system, caused by a vulnerability that allows specially crafted
LD_LIBRARY_PATH values to manipulate the heap/stack. By using specially-crafted
crafted LD_LIBRARY_PATH values, an attacker could exploit this vulnerability to
trigger a stack memory allocation flaw and execute arbitrary code on the
system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
127452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-16887
DESCRIPTION: FiberHome MIFI LM53Q1 could allow a remote attacker to bypass
security restrictions, caused by improper validation of user-supplied request.
By sending a specially-crafted request, an attacker could exploit this
vulnerability to change the Administrator account password.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2017-12133
DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker
to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An
attacker could exploit this vulnerability to perform off-path DNS spoofing
attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
131622 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2017-15804
DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer
overflow, caused by improper bounds checking by glob function in glob.c. By
using a specially-crafted file, a local attacker could overflow a buffer.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133996 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2017-15671
DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by a
memory leak in the glob function in glob.c. A remote attacker could exploit
this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133909 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-15670
DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow,
caused by improper bounds checking by the glob function in glob.c. By sending a
specially-crafted string, a remote attacker could overflow a buffer and execute
arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
133915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-6485
DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by an
integer overflow in the implementation of the posix_memalign in memalign
functions. A local attacker could exploit this vulnerability to cause the
application to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138627 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-1000001
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on
the system, caused by a buffer underflow in the __realpath() function in stdlib
/canonicalize.c. An attacker could exploit this vulnerability to execute
arbitrary code on the system and obtain privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
137516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-12132
DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker
to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An
attacker could exploit this vulnerability to perform off-path DNS spoofing
attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
129949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-10228
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused
by an error in the iconv program. By processing invalid multi-byte input
sequences, a remote attacker could exploit this vulnerability to cause the
application to enter into an infinite loop.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
124078 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-12735
DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute
arbitrary commands on the system, caused by improper input validation by the
:source! command in a modeline. By sending a specially-crafted request, an
attacker could exploit this vulnerability to execute arbitrary commands on the
system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-10161
DESCRIPTION: libvirt could allow a local authenticated attacker to gain
elevated privileges on the system, caused by improper access control by the
virDomainSaveImageGetXMLDesc API. By sending a specially-crafted request, an
authenticated attacker could exploit this vulnerability to obtain arbitrary
file information, cause a denial of service or execute arbitrary programs with
root privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162805 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2019-12735
DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute
arbitrary commands on the system, caused by improper input validation by the
:source! command in a modeline. By sending a specially-crafted request, an
attacker could exploit this vulnerability to execute arbitrary commands on the
system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-20843
DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error
in the XML parser. By persuading a victim to open a specially-crafted file, a
remote attacker could exploit this vulnerability to consume all available CPU
resources.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
163073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-11884
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by a flaw in the do_hidp_sock_ioctl function in net/
bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could
exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161261 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2019-11833
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain
sensitive information, caused by the failure to zero out the unused memory
region in the extent tree block in extents.c. By reading uninitialized data in
the filesystem, an attacker could exploit this vulnerability to obtain
sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-11815
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
use-after-free in the rds_tcp_kill_sock function in net/rds/tcp.c. By sending a
specially-crafted request, a remote attacker could exploit this vulnerability
to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11599
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
race condition in the coredump implementation. By using a specially-crafted
system call, a local attacker could exploit this vulnerability to cause the
application to crash or obtain sensitive information.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160262 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVEID: CVE-2019-11486
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
race condition in the Siemens R3964 line discipline code in drivers/tty/
n_r3964.c. A local attacker could exploit this vulnerability to cause a denial
of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
160016 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11479
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a
flaw when processing minimum segment size (MSS). By sending specially-crafted
MSS traffic, a remote attacker could exploit this vulnerability to cause excess
usage of system resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11478
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
issue with fragmenting the TCP retransmission queue when processing TCP
Selective Acknowledgement (SACK) capabilities. By sending specially-crafted
SACKs requests, a remote attacker could exploit this vulnerability to cause an
excess of system resource usage.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162664 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-11477
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an
integer overflow when processing TCP Selective Acknowledgement (SACK)
capabilities. By sending specially-crafted SACKs requests, a remote attacker
could exploit this vulnerability to cause a kernel panic condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-10126
DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused
by improper bounds checking by the marvell wifi chip driver. By using a
specially-crafted call, a local attacker could overflow a buffer and execute
arbitrary code on the system or cause the system to crash.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
162145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-9503
DESCRIPTION: The Broadcom brcmfmac driver could allow a remote attacker to
bypass security restrictions. By receiving firmware event frames from a remote
source, a remote attacker could exploit this vulnerability to bypass the frame
validation.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159643 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-9500
DESCRIPTION: The Broadcom brcmfmac driver is vulnerable to a heap-based buffer
overflow, caused by improper bounds checking by the brcmf_wowl_nd_results
function if the Wake-up on Wireless LAN functionality is configured. By sending
specially crafted WiFi packets, a remote attacker could overflow a buffer and
execute arbitrary code on the system or cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
159642 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-5489
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive
information, caused by a new side channel attack on the mincore()
implementation in mm/mincore.c. An attacker could exploit this vulnerability to
bypass sandbox protections, conduct keystroke timing attacks and gain access to
secret data from other applications.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155197 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2019-3846
DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused
by improper bounds checking by the mwifiex_update_bss_desc_with_ie function in
drivers/net/wireless/marvell/mwifiex/scan.c. By sending specially-crafted
beacon packets, a remote attacker could overflow a buffer and execute arbitrary
code or cause a denial of service condition on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161814 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-1543
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by an error in the ChaCha20-Poly1305 AEAD cipher. By
sending a message encrypted using a reused overly long nonce, an attacker could
exploit this vulnerability to conduct serious confidentiality and integrity
attacks.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
157841 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVEID: CVE-2019-13132
DESCRIPTION: zeromq/libzmq is vulnerable to a denial of service, caused by a
stack-based buffer overflow. A remote attacker could exploit this vulnerability
to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
163459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
[ ]
This is a Bundling Bulletin.
Affected Products and Versions
VRA - Vyatta 5600
Remediation/Fixes
Please contact IBM Cloud Support to request that the ISO for the 1801-za be
pushed to your Vyatta system. Users will need to apply the upgraded code
according to their defined processes (for example during a defined maintenance
window).
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXWxotWaOgq3Tt24GAQjQPxAAnI8F2PYugIlyo1QqFuE1AKSzJqbNyHGr
YXlQIxNQ0uOfVvAMmkr5rbJdeNGa4Z4m8Eyg6K3rteOVd/jXPRihgI9aonSFODVV
Ry1g3DZZkRna3y5Rl7RrUs2UVR2I3AaNFrrjttu9VP0Qecj58s3wH/1wyc5znX5C
uTA9DqT+q2HFSWrkfxvyYPxdTIYDMm6yrSUQwYGH8O17icSCLSi4grTiZdd0ihW0
+Bu0KC9ta3h/HngGk1mrnGGqHH8dxr7Z+fv0FgBBh/FalyQjBsXlj2xjXy4dLAqJ
vNiEWlJ0HuFTTmoX6fQgmk4IbSI/e7j+R9rD4VR4b55g7k06XgHQM+in8n/xSkKU
gk3MlnCJHDzhrq4c3Y7fMKz2YMMZ+1Xnl7IgaSrqM+EQ2IPr7B5brmVeH+wEoaTZ
pwyROVJYZYRjc6zoZw4KYVy2DO0H2hn54mVu/knA49fprjH/5fnJ84tko2xGR7qG
iQBNCXJfmzppYQ7+NCQUs8xnjyrDWeVyQgHGC64f9iqDczk0baY/MfCOyISVgoji
5lKGUCSHUNHqctWbUBlWeyM5ve4iK+qZOFIl/mbsps8tFEFOZ+k1kciJLeaw29rl
4IJYfCGOwqISH4aF81XDac8meSrHzbk/2R0T0JvfYdnRj/VgR5LyJwhGlJMEUwTb
UfRsb8HLi3k=
=KqKE
-----END PGP SIGNATURE-----