Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1374
Vyatta 5600 vRouter Software Patches - Release 1801-v
23 April 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: IBM Vyatta 5600 vRouter
Publisher: IBM
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Access Privileged Data -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-6250 CVE-2019-3462 CVE-2018-19967
CVE-2018-19966 CVE-2018-19965 CVE-2018-19962
CVE-2018-19961 CVE-2018-19788 CVE-2018-19628
CVE-2018-19627 CVE-2018-18557 CVE-2018-18226
CVE-2018-18225 CVE-2018-16866 CVE-2018-16865
CVE-2018-16864 CVE-2018-16335 CVE-2018-15209
CVE-2018-12086 CVE-2018-10963 CVE-2018-8905
CVE-2018-7456 CVE-2018-5784 CVE-2018-5407
CVE-2018-1710 CVE-2018-0737 CVE-2018-0735
CVE-2018-0734 CVE-2018-0732 CVE-2017-17095
CVE-2017-11613
Reference: ASB-2019.0121
ASB-2019.0120
ASB-2019.0119
ASB-2019.0115
ESB-2018.0864
ESB-2018.0800
Original Bulletin:
http://www.ibm.com/support/docview.wss?uid=ibm10881778
- --------------------------BEGIN INCLUDED TEXT--------------------
Vyatta 5600 vRouter Software Patches - Release 1801-v
Product: Infrastructure service automation
Software version: All Versions
Operating system(s): Appliance
Reference #: 0881778
Security Bulletin
Summary
AT&T has released version 1801-v for the Vyatta 5600.
Details of this release can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliancetopic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
CVEID: CVE-2018-8905
DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by
improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By
persuading a victim to open a specially crafted TIFF file, a remote attacker
could overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
140633 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-7456
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL
pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded
a victim to use the tiffinfo tool to print specially crafted TIFF information,
a remote attacker could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139536 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-5784
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
uncontrolled resource consumption flaw in the TIFFSetDirectory function of
tif_dir.c. By persuading a victim to open a specially-crafted file, a remote
attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18557
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
out-of-bounds write in the JBIGDecode function. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151860 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-1710
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability
that can potentially result in arbitrary code execution. IBM X-Force ID:
146364.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
146364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-16335
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a
heap-baesd buffer overflow in the newoffsets handling in
ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149245 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-15209
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the ChopUpSingleUncompressedStrip in
tif_dirread.c. By persuading a victim to open a specially-crafted file, a
remote attacker could exploit this vulnerability to cause a denial of service
condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
148105 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10963
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c. By
persuading a victim to open a specially-crafted file, a remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143186 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-17095
DESCRIPTION: Libtiff is vulnerable to a denial of service, caused by a
heap-based buffer overflow in tools/pal2rgb.c in pal2rgb. By persuading a
victim to open a specially-crafted file, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135816 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-11613
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in
the TIFFOpen function. By using a specially-crafted file, an attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
129463 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-8905
DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by
improper bounds checking by the LZWDecodeCompat function in tif_lzw.c. By
persuading a victim to open a specially crafted TIFF file, a remote attacker
could overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
140633 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-7456
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a NULL
pointer dereference in TIFFPrintDirectory function in tif_print.c. By persuaded
a victim to use the tiffinfo tool to print specially crafted TIFF information,
a remote attacker could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
139536 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-5784
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
uncontrolled resource consumption flaw in the TIFFSetDirectory function of
tif_dir.c. By persuading a victim to open a specially-crafted file, a remote
attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
138035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18557
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
out-of-bounds write in the JBIGDecode function. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151860 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-1710
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability
that can potentially result in arbitrary code execution. IBM X-Force ID:
146364.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
146364 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-16335
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a
heap-baesd buffer overflow in the newoffsets handling in
ChopUpSingleUncompressedStrip in tif_dirread.c. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
149245 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-15209
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a
heap-based buffer overflow in the ChopUpSingleUncompressedStrip in
tif_dirread.c. By persuading a victim to open a specially-crafted file, a
remote attacker could exploit this vulnerability to cause a denial of service
condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
148105 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10963
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by an
assertion failure in the TIFFWriteDirectorySec() function in tif_dirwrite.c. By
persuading a victim to open a specially-crafted file, a remote attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
143186 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-17095
DESCRIPTION: Libtiff is vulnerable to a denial of service, caused by a
heap-based buffer overflow in tools/pal2rgb.c in pal2rgb. By persuading a
victim to open a specially-crafted file, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
135816 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-11613
DESCRIPTION: LibTIFF is vulnerable to a denial of service, caused by a flaw in
the TIFFOpen function. By using a specially-crafted file, an attacker could
exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
129463 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-19788
DESCRIPTION: PolicyKit could allow a local authenticated attacker to execute
arbitrary commands on the system, caused by improper validation of user
authorization. By sending specially-crafted request, an attacker could exploit
this vulnerability to execute arbitrary systemctl commands on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153644 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19628
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a
divide-by-zero flaw in the ZigBee ZCL dissector. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153528 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-19627
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the IxVeriWave file parser. By persuading a victim to open a
specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18226
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the Steam IHS Discovery dissector in epan/dissectors/
packet-steam-ihs-discovery.c. By persuading a victim to open a
specially-crafted packet, a remote attacker could exploit this vulnerability to
consume system memory.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151241 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-18225
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the CoAP dissector in epan/dissectors/packet-coap.c. By persuading a victim
to open a specially-crafted packet, a remote attacker could exploit this
vulnerability to consume system memory.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151242 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-12086
DESCRIPTION: OPC Foundation UA applications is vulnerable to a denial of
service, caused by a buffer overflow. By sending specially-crafted requests, a
remote attacker could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
150147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16866
DESCRIPTION: systemd could allow a local attacker to obtain sensitive
information, caused by an out-of-bounds read in journald. By sending
specially-crafted command arguments, an attacker could exploit this
vulnerability to obtain sensitive information.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-16865
DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory
corruption flaw when calling the alloca function. By sending specially-crafted
command arguments, a local attacker could exploit this vulnerability to cause a
denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16864
DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory
corruption flaw when calling the syslog function. By sending specially-crafted
command arguments, a local attacker could exploit this vulnerability to cause a
denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-6250
DESCRIPTION: ZeroMQ libzmq could allow a remote authenticated attacker to
execute arbitrary code on the system, caused by an integer overflow in the src/
v2_decoder.cpp. By persuading a victim to open a specially-crafted file, an
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155542 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19788
DESCRIPTION: PolicyKit could allow a local authenticated attacker to execute
arbitrary commands on the system, caused by improper validation of user
authorization. By sending specially-crafted request, an attacker could exploit
this vulnerability to execute arbitrary systemctl commands on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153644 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19628
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a
divide-by-zero flaw in the ZigBee ZCL dissector. By persuading a victim to open
a specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153528 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-19627
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the IxVeriWave file parser. By persuading a victim to open a
specially-crafted file, a remote attacker could exploit this vulnerability to
cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18226
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the Steam IHS Discovery dissector in epan/dissectors/
packet-steam-ihs-discovery.c. By persuading a victim to open a
specially-crafted packet, a remote attacker could exploit this vulnerability to
consume system memory.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151241 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-18225
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw
in the CoAP dissector in epan/dissectors/packet-coap.c. By persuading a victim
to open a specially-crafted packet, a remote attacker could exploit this
vulnerability to consume system memory.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
151242 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-12086
DESCRIPTION: OPC Foundation UA applications is vulnerable to a denial of
service, caused by a buffer overflow. By sending specially-crafted requests, a
remote attacker could exploit this vulnerability to cause the application to
crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
150147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16866
DESCRIPTION: systemd could allow a local attacker to obtain sensitive
information, caused by an out-of-bounds read in journald. By sending
specially-crafted command arguments, an attacker could exploit this
vulnerability to obtain sensitive information.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155360 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-16865
DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory
corruption flaw when calling the alloca function. By sending specially-crafted
command arguments, a local attacker could exploit this vulnerability to cause a
denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16864
DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory
corruption flaw when calling the syslog function. By sending specially-crafted
command arguments, a local attacker could exploit this vulnerability to cause a
denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155358 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-6250
DESCRIPTION: ZeroMQ libzmq could allow a remote authenticated attacker to
execute arbitrary code on the system, caused by an integer overflow in the src/
v2_decoder.cpp. By persuading a victim to open a specially-crafted file, an
attacker could exploit this vulnerability to execute arbitrary code on the
system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155542 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19967
DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error when
using instructions with the XACQUIRE prefix on the host physical memory range.
A local attacker could exploit this vulnerability using HLE constructs to cause
the CPU to hang and lock up the host.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152603 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2018-19965
DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error from
attempting to use INVPCID with a non-canonical address. A local attacker could
exploit this vulnerability to cause the host to crash.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153185 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2018-19962
DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on
the system, caused by the improper combining of small IOMMU mappings into
larger ones. An attacker could exploit this vulnerability to gain host OS
privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153188 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-19961
DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on
the system, caused by an error when TLB flushes do not always occur after IOMMU
mapping changes. An attacker could exploit this vulnerability to gain host OS
privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
154085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2019-3462
DESCRIPTION: Advanced Package Tool (APT) package manager, used by many major
Linux distributions, could allow a remote attacker to execute arbitrary code on
the system, caused by the improper validation of certain parameters during HTTP
redirects. An attacker could exploit this vulnerability using man-in-the-middle
techniques to inject malicious content in the HTTP transport method to trick
the system into installing altered packages and execute arbitrary code with
root privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155966 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-19967
DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error when
using instructions with the XACQUIRE prefix on the host physical memory range.
A local attacker could exploit this vulnerability using HLE constructs to cause
the CPU to hang and lock up the host.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152603 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2018-19965
DESCRIPTION: Xen is vulnerable to a denial of service, caused by an error from
attempting to use INVPCID with a non-canonical address. A local attacker could
exploit this vulnerability to cause the host to crash.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153185 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
CVEID: CVE-2018-19962
DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on
the system, caused by the improper combining of small IOMMU mappings into
larger ones. An attacker could exploit this vulnerability to gain host OS
privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153188 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2018-19961
DESCRIPTION: Xen could allow a local attacker to gain elevated privileges on
the system, caused by an error when TLB flushes do not always occur after IOMMU
mapping changes. An attacker could exploit this vulnerability to gain host OS
privileges.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
154085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVEID: CVE-2019-3462
DESCRIPTION: Advanced Package Tool (APT) package manager, used by many major
Linux distributions, could allow a remote attacker to execute arbitrary code on
the system, caused by the improper validation of certain parameters during HTTP
redirects. An attacker could exploit this vulnerability using man-in-the-middle
techniques to inject malicious content in the HTTP transport method to trick
the system into installing altered packages and execute arbitrary code with
root privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
155966 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-0737
DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive
information, caused by a cache-timing side channel attack in the RSA Key
generation algorithm. An attacker with access to mount cache timing attacks
during the RSA key generation process could exploit this vulnerability to
recover the private key and obtain sensitive information.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
141679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0735
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing side channel attack in the ECDSA signature
algorithm. An attacker could exploit this vulnerability using variations in the
signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152086 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0734
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing side channel attack in the DSA signature
algorithm. An attacker could exploit this vulnerability using variations in the
signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0732
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
sending of a very large prime value to the client by a malicious server during
key agreement in a TLS handshake. By spending an unreasonably long period of
time generating a key for this prime, a remote attacker could exploit this
vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
144658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-0737
DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive
information, caused by a cache-timing side channel attack in the RSA Key
generation algorithm. An attacker with access to mount cache timing attacks
during the RSA key generation process could exploit this vulnerability to
recover the private key and obtain sensitive information.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
141679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0735
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing side channel attack in the ECDSA signature
algorithm. An attacker could exploit this vulnerability using variations in the
signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152086 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0734
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive
information, caused by a timing side channel attack in the DSA signature
algorithm. An attacker could exploit this vulnerability using variations in the
signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0732
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the
sending of a very large prime value to the client by a malicious server during
key agreement in a TLS handshake. By spending an unreasonably long period of
time generating a key for this prime, a remote attacker could exploit this
vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
144658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-5407
DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could
allow a local attacker to obtain sensitive information, caused by execution
engine sharing on Simultaneous Multithreading (SMT) architecture. By using the
PortSmash new side-channel attack, an attacker could run a malicious process
next to legitimate processes using the architectures parallel thread running
capabilities to leak encrypted data from the CPU''s internal processes. Note:
This vulnerability is known as PortSmash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
152484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-19966
DESCRIPTION: Xen is vulnerable to a denial of service, caused by a conflict
between mitigation for PV guests and shadow paging. A local attacker could
exploit this vulnerability to cause the host to crash.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
153184 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)
Affected Products and Versions
VRA - Vyatta 5600
Remediation/Fixes
Please contact IBM Cloud Support to request that the ISO for the 1801-v be
pushed to your Vyatta system. Users will need to apply the upgraded code
according to their defined processes (for example during a defined maintenance
window).
IBM Cloud Alert Information
Monitor the IBM Cloud console ( https://cloud.ibm.com/statusselected=status )
for additional alerts.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXL6tHWaOgq3Tt24GAQg5dhAA2Gq8jweiI3XyjzUUE2JD/fQN5t3BoRAC
ukzDNz9BqJC0Xx+eTSMWrUZtC6IssNz7+F3Wh4pFI2opxYxHg3ujeClCz8++RRAR
QoIGIBhUYPTSt51T0mUWGHGUVC5tVHzgktudAjjPArNkA4Oxn8kz3WETLzABe0tQ
nO4MElyS19ussr643D0kQi0lkkdeg+G6aBP9XI8pzyMypqA8zA08cCBm8F3Vxo5c
V4AOpln0xz353KHkoxYZNOWiU+qGXSk31RxFcJbi0UfaxZZiUyM+FmuTqcHqU1Io
UOYC8UCdEeiAZuS0qj2cE9ELbsGC1Cxa4ApeMS3yVJ4L2qDDYx8jNnjeBSA4N4+P
fkmdTeR7Y2xZbmU72abRsuwkwz5oc4JdRRJ0mgJBJo40mgNbjzK30rkznh+yvOT3
YBjtDCaG2V8hPnujIIx993vK1eJIhAbUlVk2YG9XyfPusGrF7ed5+J8oJNUUeFpi
QHc5EOw+tcHCSNq4C/qKVis4EMqv3FQ0s+LMww4SZXRWxBGh4rClgzQdkKdIHKbP
Vgq4hWYW5viirUfJKXePiZB2N8VyxnnychyaDBqlyBDs9cAVMR0EoaF0RsuCAAug
K0etAUrU1XVRzwG4TtJRZjdEfjCa4FQimTJK23kH4C4qgKWpmtEcqcx4+HL8mhaj
uSb0iDLy2d0=
=YbfN
-----END PGP SIGNATURE-----