Riasztások

SANS · 5 óra 28 perc

ISC Stormcast For Thursday, July 9th 2020 https://isc.sans.edu/podcastdetail.html?id=7072, (Thu, Jul 9th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
NVD: all CVE · 8 óra 13 perc

CVE-2020-5974

NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
Linux security Advisories · 2020. július 8.

Fedora 31: xrdp 2020-9c26a458ae>

This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users.
Linux security Advisories · 2020. július 8.

Fedora 31: remmina 2020-dd8c133829>

Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
Linux security Advisories · 2020. július 8.

Fedora 31: freerdp 2020-dd8c133829>

Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
Linux security Advisories · 2020. július 8.

Fedora 31: gupnp 2020-e538e3e526>

Security update for CVE-2020-12695 (CallStranger)
Linux security Advisories · 2020. július 8.

Fedora 31: gssdp 2020-e538e3e526>

Security update for CVE-2020-12695 (CallStranger)
Linux security Advisories · 2020. július 8.

Fedora 32: xrdp 2020-9666e4c9cd>

This is a security fix release that includes fixes for the following local buffer overflow vulnerability. - CVE-2022-4044: Local users can perform a buffer overflow attack against the xrdp-sesman service and then impersonate it This update is recommended for all xrdp users.
Linux security Advisories · 2020. július 8.

Fedora 32: remmina 2020-a3ef998a70>

Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
Linux security Advisories · 2020. július 8.

Fedora 32: freerdp 2020-a3ef998a70>

Remmina 1.4.7 and FreeRDP 2.1.2 to fix many bugs and CVEs
NVD: all CVE · 2020. július 8.

CVE-2020-15072

An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
NVD: all CVE · 2020. július 8.

CVE-2020-15073

An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
CERT-SEI · 2020. július 8.

VU#290915: F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Overview

F5 BIG-IP provides a Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that has multiple vulnerabilities including a remotely exploitable command injection vulnerability that can be used to execute arbitrary commands and subsequently take control of a vulnerable system.

Description

F5 BIG-IP devices provide load-balancing capability to application services such as HTTP and DNS. The F5 BIG-IP TMUI management web interface improperly neutralizes untrusted user input and can be abused by unauthenticated remote attackers to perform malicious activities such as cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection CWE-74. F5 has also announced that BIG-IP devices do not properly enforce access controls to sensitive configuration files that be read and overwritten by an authenticated user via Secure Copy (SCP). The vulnerability identified by CVE-2020-0592 can be abused to achieve arbitrary code execution on the target device with root privileges.

Underlying causes and factors in these vulnerabilities include:

F5 recommends that the TMUI web interface should be accessible only from a secure or an out-of-band network and not directly from the Internet (K13092). However, many installations, as observed by Bad Packets, do not seem to follow this recommendation.

Impact

An unauthenticated attacker with network access to the TMUI may be able to execute arbitrary system commands, create or delete files, disable services, and subsequently execute arbitrary code with high privileges such as root. An authenticated user is also be able to perform unexpected activities such as changing configuration files on a vulnerable device.

Solution Apply updates

F5 has provided updated software for the several impacted versions of BIG-IP devices. Note that BIG-IP appliances as well as virtual instances are also vulnerable as identified by F5 advisories. It is highly recommended that you upgrade to the latest secure and stable software provided by F5. These updates are essential to your device's security, even if the TMUI is not accessible over the Internet. The upgrade reduces the risk to your device being compromised using CSRF or XSS attacks.

Workarounds

In many cases, an attack against BIG-IP's recent vulnerabilities require access to TMUI. Blocking or disabling access to TMUI from untrusted networks is highly recommended. F5 has also provided multiple temporary workaround options in their advisory.

Acknowledgements

Several of these vulnerabilities were reported by Mikhail Klyuchnikov of Positive Technologies, who worked with F5 on a coordinated disclosure.

This document was written by Vijay Sarvepalli.

NVD: all CVE · 2020. július 8.

CVE-2020-2034

An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect portal feature is not enabled. This issue impacts PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; all versions of PAN-OS 8.0 and PAN-OS 7.1. Prisma Access services are not impacted by this vulnerability.
NVD: all CVE · 2020. július 8.

CVE-2019-19415

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
NVD: all CVE · 2020. július 8.

CVE-2019-19416

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
NVD: all CVE · 2020. július 8.

CVE-2019-19417

The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en.
NVD: all CVE · 2020. július 8.

CVE-2020-1982

Certain communication between PAN-OS and cloud-delivered services inadvertently use TLS 1.0, which is known to be a cryptographically weak protocol. These cloud services include Cortex Data Lake, the Customer Support Portal, and the Prisma Access infrastructure. Conditions required for exploitation of known TLS 1.0 weaknesses do not exist for the communication between PAN-OS and cloud-delivered services. We do not believe that any communication is impacted as a result of known attacks against TLS 1.0. This issue impacts: All versions of PAN-OS 8.0; PAN-OS 8.1 versions earlier than PAN-OS 8.1.14; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 9.1 versions earlier than PAN-OS 9.1.3. PAN-OS 7.1 is not impacted by this issue.
NVD: all CVE · 2020. július 8.

CVE-2020-2030

An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.