Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3313 Vyatta 5600 vRouter Software Patches - Release 1801-z and 1801-za 2 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Infrastructure service automation Publisher: IBM Operating System: Network Appliance Impact/Access: Administrator Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Increased Privileges -- Remote/Unauthenticated Modify Arbitrary Files -- Remote/Unauthenticated Delete Arbitrary Files -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Read-only Data Access -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-13132 CVE-2019-12749 CVE-2019-12735 CVE-2019-11884 CVE-2019-11833 CVE-2019-11815 CVE-2019-11599 CVE-2019-11486 CVE-2019-11479 CVE-2019-11478 CVE-2019-11477 CVE-2019-10161 CVE-2019-10126 CVE-2019-9503 CVE-2019-9500 CVE-2019-8325 CVE-2019-8324 CVE-2019-8323 CVE-2019-8322 CVE-2019-8321 CVE-2019-8320 CVE-2019-7317 CVE-2019-6465 CVE-2019-5489 CVE-2019-3863 CVE-2019-3862 CVE-2019-3861 CVE-2019-3860 CVE-2019-3859 CVE-2019-3858 CVE-2019-3857 CVE-2019-3856 CVE-2019-3855 CVE-2019-3846 CVE-2019-1543 CVE-2018-1000001 CVE-2018-20843 CVE-2018-6485 CVE-2018-5745 CVE-2018-5743 CVE-2017-1000366 CVE-2017-16887 CVE-2017-15804 CVE-2017-15671 CVE-2017-15670 CVE-2017-12133 CVE-2017-12132 CVE-2016-10228 CVE-2016-6323 CVE-2015-5180 Reference: ASB-2019.0212 ESB-2019.3239 ESB-2019.3208 ESB-2019.3194 ESB-2019.3135 ESB-2019.2981 ESB-2019.2919 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10887793 http://www.ibm.com/support/docview.wss?uid=ibm10960426 Comment: This bulletin contains two (2) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Vyatta 5600 vRouter Software Patches - Release 1801-z Product: Infrastructure service automation Software version: All Versions Operating system(s): Appliance Reference #: 0887793 Security Bulletin Summary AT&T has released versions 1801-z for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/ infrastructure/virtual-router-appliancetopic= virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches# at-t-vyatta-5600-vrouter-software-patches Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in user authenticate keyboard interactive. By sending a specially crafted message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158347 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-3862 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with an exit status message and no payload. By sending specially crafted SSH_MSG_CHANNEL_REQUEST packets, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158346 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3861 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with a padding length value greater than the packet length. By sending a specially crafted SSH packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158345 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3860 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read when parsing packets with empty payloads. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158344 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3859 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the _libssh2_packet_require and _libssh2_packet_requirev functions. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158343 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3858 DESCRIPTION: libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read. By sending a specially crafted SFTP packet, a remote attacker could exploit this vulnerability to cause a denial of service or read data in the client memory. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158342 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2019-3857 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow. By sending a specially crafted SSH_MSG_CHANNEL_REQUEST packet with an exit signal message, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158341 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-3856 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in keyboard interactive handling. By sending a specially crafted request, a remote attacker could exploit this vulnerability to trigger an out-of-bounds write and execute arbitrary code on the client system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158340 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-3855 DESCRIPTION: libssh2 could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in transport read. By sending specially crafted packets, a remote attacker could exploit this vulnerability to trigger an out-of-bounds read and execute arbitrary code on the client system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 158339 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-6465 DESCRIPTION: ISC BIND could allow a remote attacker to obtain sensitive information, caused by the failure to properly apply controls for zone transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker could exploit this vulnerability to request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157377 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-5745 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure. CVSS Base Score: 4.9 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157386 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-5743 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw when setting the TCP client quota using the tcp-clients option. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the exhaustion of file descriptors. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160127 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-8325 DESCRIPTION: RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::CommandManager#run function. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform escape sequence injection. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159624 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-8324 DESCRIPTION: RubyGems could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of multi-line name. By persuading a victim to install a specially-crafted gem, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159623 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2019-8323 DESCRIPTION: RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By sending a specially-crafted API response, an attacker could exploit this vulnerability to perform escape sequence injection. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159622 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-8322 DESCRIPTION: RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the gem owner command. By sending a specially-crafted API response, an attacker could exploit this vulnerability to perform escape sequence injection. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159621 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-8321 DESCRIPTION: RubyGems could allow a remote attacker to bypass security restrictions, caused by a flaw in the Gem::UserInteraction#verbose function. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform escape sequence injection. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159619 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-8320 DESCRIPTION: RubyGems could allow a remote attacker to traverse directories on the system, caused by improper validation of user-supplied input. An attacker could send a specially-crafted symlink request containing "dot dot" sequences (/../) to delete arbitrary directory on the system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159618 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-7317 DESCRIPTION: Mozilla Firefox is vulnerable to a denial of service, caused by a use-after-free in the png_image_free function in the libpng library. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161346 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) Affected Products and Versions VRA - Vyatta 5600 Remediation/Fixes Please contact IBM Cloud Support to request that the ISO for the 1801-zbe pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window). Monitor IBM Cloud Status for Future Security Bulletins Monitor the security notifications on the IBM Cloud Status page to be advised of future security bulletins. - --- Vyatta 5600 vRouter Software Patches - Release 1801-za Product: Infrastructure service automation Software version: All Versions Operating system(s): Firmware Reference #: 0960426 Security Bulletin Summary AT&T has released versions 1801-za for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/ infrastructure/virtual-router-appliancetopic= virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches# at-t-vyatta-5600-vrouter-software-patches Vulnerability Details CVEID: CVE-2019-12749 DESCRIPTION: D-Bus could allow a remote attacker to bypass security restrictions, caused by symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. By manipulating a ~/.dbus-keyrings symlink, an attacker could exploit this vulnerability to bypass DBUS_COOKIE_SHA1 authentication to allow a DBusServer with a different uid to read and write in arbitrary locations. CVSS Base Score: 9.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162386 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) CVEID: CVE-2016-10228 DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 124078 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2016-6323 DESCRIPTION: GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by an incompatible error related to backtrace generation by the makecontext function within sysdeps/posix/getaddrinfo.c. By using gccgo to compile applications and persuading a victim to install the applications, a remote attacker could exploit this vulnerability to cause the device to hang. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 118247 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2015-5180 DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 130620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack. By using specially-crafted crafted LD_LIBRARY_PATH values, an attacker could exploit this vulnerability to trigger a stack memory allocation flaw and execute arbitrary code on the system. CVSS Base Score: 7.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 127452 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-16887 DESCRIPTION: FiberHome MIFI LM53Q1 could allow a remote attacker to bypass security restrictions, caused by improper validation of user-supplied request. By sending a specially-crafted request, an attacker could exploit this vulnerability to change the Administrator account password. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137394 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2017-12133 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 131622 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2017-15804 DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133996 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2017-15671 DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by a memory leak in the glob function in glob.c. A remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133909 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 133915 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) CVEID: CVE-2018-6485 DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by an integer overflow in the implementation of the posix_memalign in memalign functions. A local attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138627 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib /canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 137516 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2017-12132 DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129949 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) CVEID: CVE-2016-10228 DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 124078 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2019-12735 DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162255 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-10161 DESCRIPTION: libvirt could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control by the virDomainSaveImageGetXMLDesc API. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to obtain arbitrary file information, cause a denial of service or execute arbitrary programs with root privileges. CVSS Base Score: 8.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162805 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2019-12735 DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. CVSS Base Score: 9.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162255 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-20843 DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163073 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2019-11884 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the do_hidp_sock_ioctl function in net/ bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161261 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2019-11833 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to zero out the unused memory region in the extent tree block in extents.c. By reading uninitialized data in the filesystem, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161235 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-11815 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the rds_tcp_kill_sock function in net/rds/tcp.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160729 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11599 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the coredump implementation. By using a specially-crafted system call, a local attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160262 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) CVEID: CVE-2019-11486 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Siemens R3964 line discipline code in drivers/tty/ n_r3964.c. A local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 160016 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11479 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162665 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11478 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162664 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-11477 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162662 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-10126 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the marvell wifi chip driver. By using a specially-crafted call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 162145 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-9503 DESCRIPTION: The Broadcom brcmfmac driver could allow a remote attacker to bypass security restrictions. By receiving firmware event frames from a remote source, a remote attacker could exploit this vulnerability to bypass the frame validation. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159643 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2019-9500 DESCRIPTION: The Broadcom brcmfmac driver is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the brcmf_wowl_nd_results function if the Wake-up on Wireless LAN functionality is configured. By sending specially crafted WiFi packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 159642 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-5489 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a new side channel attack on the mincore() implementation in mm/mincore.c. An attacker could exploit this vulnerability to bypass sandbox protections, conduct keystroke timing attacks and gain access to secret data from other applications. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155197 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2019-3846 DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_update_bss_desc_with_ie function in drivers/net/wireless/marvell/mwifiex/scan.c. By sending specially-crafted beacon packets, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 161814 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2019-1543 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the ChaCha20-Poly1305 AEAD cipher. By sending a message encrypted using a reused overly long nonce, an attacker could exploit this vulnerability to conduct serious confidentiality and integrity attacks. CVSS Base Score: 4.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 157841 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) CVEID: CVE-2019-13132 DESCRIPTION: zeromq/libzmq is vulnerable to a denial of service, caused by a stack-based buffer overflow. A remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 163459 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) [ ] This is a Bundling Bulletin. Affected Products and Versions VRA - Vyatta 5600 Remediation/Fixes Please contact IBM Cloud Support to request that the ISO for the 1801-za be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window). - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXWxotWaOgq3Tt24GAQjQPxAAnI8F2PYugIlyo1QqFuE1AKSzJqbNyHGr YXlQIxNQ0uOfVvAMmkr5rbJdeNGa4Z4m8Eyg6K3rteOVd/jXPRihgI9aonSFODVV Ry1g3DZZkRna3y5Rl7RrUs2UVR2I3AaNFrrjttu9VP0Qecj58s3wH/1wyc5znX5C uTA9DqT+q2HFSWrkfxvyYPxdTIYDMm6yrSUQwYGH8O17icSCLSi4grTiZdd0ihW0 +Bu0KC9ta3h/HngGk1mrnGGqHH8dxr7Z+fv0FgBBh/FalyQjBsXlj2xjXy4dLAqJ vNiEWlJ0HuFTTmoX6fQgmk4IbSI/e7j+R9rD4VR4b55g7k06XgHQM+in8n/xSkKU gk3MlnCJHDzhrq4c3Y7fMKz2YMMZ+1Xnl7IgaSrqM+EQ2IPr7B5brmVeH+wEoaTZ pwyROVJYZYRjc6zoZw4KYVy2DO0H2hn54mVu/knA49fprjH/5fnJ84tko2xGR7qG iQBNCXJfmzppYQ7+NCQUs8xnjyrDWeVyQgHGC64f9iqDczk0baY/MfCOyISVgoji 5lKGUCSHUNHqctWbUBlWeyM5ve4iK+qZOFIl/mbsps8tFEFOZ+k1kciJLeaw29rl 4IJYfCGOwqISH4aF81XDac8meSrHzbk/2R0T0JvfYdnRj/VgR5LyJwhGlJMEUwTb UfRsb8HLi3k= =KqKE -----END PGP SIGNATURE-----