Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1374 Vyatta 5600 vRouter Software Patches - Release 1801-v 23 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Vyatta 5600 vRouter Publisher: IBM Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote/Unauthenticated Increased Privileges -- Existing Account Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-6250 CVE-2019-3462 CVE-2018-19967 CVE-2018-19966 CVE-2018-19965 CVE-2018-19962 CVE-2018-19961 CVE-2018-19788 CVE-2018-19628 CVE-2018-19627 CVE-2018-18557 CVE-2018-18226 CVE-2018-18225 CVE-2018-16866 CVE-2018-16865 CVE-2018-16864 CVE-2018-16335 CVE-2018-15209 CVE-2018-12086 CVE-2018-10963 CVE-2018-8905 CVE-2018-7456 CVE-2018-5784 CVE-2018-5407 CVE-2018-1710 CVE-2018-0737 CVE-2018-0735 CVE-2018-0734 CVE-2018-0732 CVE-2017-17095 CVE-2017-11613 Reference: ASB-2019.0121 ASB-2019.0120 ASB-2019.0119 ASB-2019.0115 ESB-2018.0864 ESB-2018.0800 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881778 - --------------------------BEGIN INCLUDED TEXT-------------------- Vyatta 5600 vRouter Software Patches - Release 1801-v Product: Infrastructure service automation Software version: All Versions Operating system(s): Appliance Reference #: 0881778 Security Bulletin Summary AT&T has released version 1801-v for the Vyatta 5600. Details of this release can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliancetopic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches Vulnerability Details CVEID: CVE-2018-8905 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By persuading a victim to open a specially crafted TIFF file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140633 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2018-7456 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded a victim to use the tiffinfo tool to print specially crafted TIFF information, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139536 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-5784 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the TIFFSetDirectory function of tif_dir.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138035 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-18557 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the JBIGDecode function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151860 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 146364 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-16335 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149245 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-15209 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148105 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-10963 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143186 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-17095 DESCRIPTION: Libtiff is vulnerable to a denial of service, caused by a heap-based buffer overflow in tools/pal2rgb.c in pal2rgb. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135816 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129463 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-8905 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By persuading a victim to open a specially crafted TIFF file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 140633 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) CVEID: CVE-2018-7456 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded a victim to use the tiffinfo tool to print specially crafted TIFF information, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 139536 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-5784 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the TIFFSetDirectory function of tif_dir.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138035 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-18557 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in the JBIGDecode function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151860 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-1710 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. CVSS Base Score: 8.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 146364 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-16335 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-baesd buffer overflow in the newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 149245 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-15209 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a heap-based buffer overflow in the ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 148105 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-10963 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 143186 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-17095 DESCRIPTION: Libtiff is vulnerable to a denial of service, caused by a heap-based buffer overflow in tools/pal2rgb.c in pal2rgb. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 135816 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2017-11613 DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in the TIFFOpen function. By using a specially-crafted file, an attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 129463 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-19788 DESCRIPTION: PolicyKit could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user authorization. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary systemctl commands on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153644 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19628 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a divide-by-zero flaw in the ZigBee ZCL dissector. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153528 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-19627 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the IxVeriWave file parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153527 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-18226 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the Steam IHS Discovery dissector in epan/dissectors/ packet-steam-ihs-discovery.c. By persuading a victim to open a specially-crafted packet, a remote attacker could exploit this vulnerability to consume system memory. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151241 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-18225 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the CoAP dissector in epan/dissectors/packet-coap.c. By persuading a victim to open a specially-crafted packet, a remote attacker could exploit this vulnerability to consume system memory. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151242 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-12086 DESCRIPTION: OPC Foundation UA applications is vulnerable to a denial of service, caused by a buffer overflow. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 150147 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-16866 DESCRIPTION: systemd could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in journald. By sending specially-crafted command arguments, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155360 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-16865 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the alloca function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155359 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-16864 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the syslog function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155358 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-6250 DESCRIPTION: ZeroMQ libzmq could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the src/ v2_decoder.cpp. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155542 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19788 DESCRIPTION: PolicyKit could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper validation of user authorization. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary systemctl commands on the system. CVSS Base Score: 7.8 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153644 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19628 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a divide-by-zero flaw in the ZigBee ZCL dissector. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153528 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-19627 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the IxVeriWave file parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base Score: 5.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153527 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) CVEID: CVE-2018-18226 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the Steam IHS Discovery dissector in epan/dissectors/ packet-steam-ihs-discovery.c. By persuading a victim to open a specially-crafted packet, a remote attacker could exploit this vulnerability to consume system memory. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151241 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-18225 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the CoAP dissector in epan/dissectors/packet-coap.c. By persuading a victim to open a specially-crafted packet, a remote attacker could exploit this vulnerability to consume system memory. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 151242 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID: CVE-2018-12086 DESCRIPTION: OPC Foundation UA applications is vulnerable to a denial of service, caused by a buffer overflow. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 150147 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-16866 DESCRIPTION: systemd could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in journald. By sending specially-crafted command arguments, an attacker could exploit this vulnerability to obtain sensitive information. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155360 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-16865 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the alloca function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155359 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2018-16864 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory corruption flaw when calling the syslog function. By sending specially-crafted command arguments, a local attacker could exploit this vulnerability to cause a denial of service. CVSS Base Score: 6.2 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155358 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID: CVE-2019-6250 DESCRIPTION: ZeroMQ libzmq could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the src/ v2_decoder.cpp. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base Score: 7.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155542 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19967 DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error when using instructions with the XACQUIRE prefix on the host physical memory range. A local attacker could exploit this vulnerability using HLE constructs to cause the CPU to hang and lock up the host. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152603 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) CVEID: CVE-2018-19965 DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error from attempting to use INVPCID with a non-canonical address. A local attacker could exploit this vulnerability to cause the host to crash. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153185 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) CVEID: CVE-2018-19962 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by the improper combining of small IOMMU mappings into larger ones. An attacker could exploit this vulnerability to gain host OS privileges. CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153188 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2018-19961 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by an error when TLB flushes do not always occur after IOMMU mapping changes. An attacker could exploit this vulnerability to gain host OS privileges. CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154085 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2019-3462 DESCRIPTION: Advanced Package Tool (APT) package manager, used by many major Linux distributions, could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of certain parameters during HTTP redirects. An attacker could exploit this vulnerability using man-in-the-middle techniques to inject malicious content in the HTTP transport method to trick the system into installing altered packages and execute arbitrary code with root privileges. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155966 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-19967 DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error when using instructions with the XACQUIRE prefix on the host physical memory range. A local attacker could exploit this vulnerability using HLE constructs to cause the CPU to hang and lock up the host. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152603 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) CVEID: CVE-2018-19965 DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error from attempting to use INVPCID with a non-canonical address. A local attacker could exploit this vulnerability to cause the host to crash. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153185 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) CVEID: CVE-2018-19962 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by the improper combining of small IOMMU mappings into larger ones. An attacker could exploit this vulnerability to gain host OS privileges. CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153188 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2018-19961 DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on the system, caused by an error when TLB flushes do not always occur after IOMMU mapping changes. An attacker could exploit this vulnerability to gain host OS privileges. CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 154085 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) CVEID: CVE-2019-3462 DESCRIPTION: Advanced Package Tool (APT) package manager, used by many major Linux distributions, could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of certain parameters during HTTP redirects. An attacker could exploit this vulnerability using man-in-the-middle techniques to inject malicious content in the HTTP transport method to trick the system into installing altered packages and execute arbitrary code with root privileges. CVSS Base Score: 8.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 155966 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141679 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the ECDSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152086 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152085 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144658 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. CVSS Base Score: 3.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 141679 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the ECDSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152086 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152085 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. CVSS Base Score: 3.7 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 144658 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU''s internal processes. Note: This vulnerability is known as PortSmash. CVSS Base Score: 5.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 152484 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) CVEID: CVE-2018-19966 DESCRIPTION: Xen is vulnerable to a denial of service, caused by a conflict between mitigation for PV guests and shadow paging. A local attacker could exploit this vulnerability to cause the host to crash. CVSS Base Score: 7.1 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 153184 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H) Affected Products and Versions VRA - Vyatta 5600 Remediation/Fixes Please contact IBM Cloud Support to request that the ISO for the 1801-v be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window). IBM Cloud Alert Information Monitor the IBM Cloud console ( https://cloud.ibm.com/statusselected=status ) for additional alerts. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXL6tHWaOgq3Tt24GAQg5dhAA2Gq8jweiI3XyjzUUE2JD/fQN5t3BoRAC ukzDNz9BqJC0Xx+eTSMWrUZtC6IssNz7+F3Wh4pFI2opxYxHg3ujeClCz8++RRAR QoIGIBhUYPTSt51T0mUWGHGUVC5tVHzgktudAjjPArNkA4Oxn8kz3WETLzABe0tQ nO4MElyS19ussr643D0kQi0lkkdeg+G6aBP9XI8pzyMypqA8zA08cCBm8F3Vxo5c V4AOpln0xz353KHkoxYZNOWiU+qGXSk31RxFcJbi0UfaxZZiUyM+FmuTqcHqU1Io UOYC8UCdEeiAZuS0qj2cE9ELbsGC1Cxa4ApeMS3yVJ4L2qDDYx8jNnjeBSA4N4+P fkmdTeR7Y2xZbmU72abRsuwkwz5oc4JdRRJ0mgJBJo40mgNbjzK30rkznh+yvOT3 YBjtDCaG2V8hPnujIIx993vK1eJIhAbUlVk2YG9XyfPusGrF7ed5+J8oJNUUeFpi QHc5EOw+tcHCSNq4C/qKVis4EMqv3FQ0s+LMww4SZXRWxBGh4rClgzQdkKdIHKbP Vgq4hWYW5viirUfJKXePiZB2N8VyxnnychyaDBqlyBDs9cAVMR0EoaF0RsuCAAug K0etAUrU1XVRzwG4TtJRZjdEfjCa4FQimTJK23kH4C4qgKWpmtEcqcx4+HL8mhaj uSb0iDLy2d0= =YbfN -----END PGP SIGNATURE-----