Hírolvasó

AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0242 - [Ubuntu] Thunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0242 USN-4701-1: Thunderbird vulnerabilities 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Thunderbird Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Remote with User Interaction Reduced Security -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-35113 CVE-2020-35111 CVE-2020-26978 CVE-2020-26974 CVE-2020-26973 CVE-2020-26971 CVE-2020-26970 CVE-2020-16044 CVE-2020-16042 Reference: ESB-2021.0100 ESB-2021.0011 ESB-2020.4524 ESB-2020.4515 ESB-2020.4458 Original Bulletin: https://ubuntu.com/security/notices/USN-4701-1 - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4701-1: Thunderbird vulnerabilities 20 January 2021 Several security issues were fixed in Thunderbird. Releases o Ubuntu 20.10 Packages o thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass the CSS sanitizer, or execute arbitrary code. ( CVE-2020-16042 , CVE-2020-16044 , CVE-2020-26971 , CVE-2020-26973 , CVE-2020-26974 , CVE-2020-26978 , CVE-2020-35113 ) It was discovered that the proxy.onRequest API did not catch view-source URLs. If a user were tricked in to installing an extension with the proxy permission and opening View Source, an attacker could potentially exploit this to obtain sensitive information. ( CVE-2020-35111 ) A stack overflow was discovered due to incorrect parsing of SMTP server response codes. An attacker could potentially exploit this to execute arbitrary code. ( CVE-2020-26970 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o thunderbird - 1:78.6.1+build1-0ubuntu0.20.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References o CVE-2020-16042 o CVE-2020-26974 o CVE-2020-26973 o CVE-2020-35113 o CVE-2020-26970 o CVE-2020-16044 o CVE-2020-26971 o CVE-2020-35111 o CVE-2020-26978 Related notices o USN-4687-1 : firefox o USN-4671-1 : firefox - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAkJ8+NLKJtyKPYoAQiBQw/+K7KbJwkb8CAFRWDlR4dgQtRB20rM0vOE NuZaaDq/LImoloivUck+brFNgvIS7CPhkk+vKczKCBfrvj4XRSraq9zfi4TIf0nY jfQT6JaIBPNheit0rsLHwXfkWZexlf9SBo6qEADZz5WNhImGmGRq441fTCBM6iLC 9hZvdNbL/KU94H3y2Ytd3+Ng2B6f1SdtxOKv8Iacp4Hr7HIQWCgk8e3kMvdDeZ8r h1yitrj18N0A6lLh2t2+44wi+4WL1IRR15najCQ+cBElcVCNO0jGsETHAzaZVuNT 9pKB/9EG6QbSeUI+rqSFqIt2kplP/bh0Cy9iY6Dmhifqbg0Sb5C+zNng2+3zEpIA x3nDHBMnF2nMw4xqhlUqnWalqzFxFH3yFow9v8A84haFoM6TU7aQcg7/yUuNMCcM kB27vPRlSyXwH0ErHu4gi0+5vEgZXHEV7SLhbwAk9jbgC+3XiWlyhMC3rWwIg0LC ON+ChShF+FUvJ5VGhUnH9GLt9TfQm26PRG7mxuWwfD8QJHzvAhbfouasPg+Yw9OY 5mxquvtkzLBOqC7kUPe+8g5cqK2yNL5GcTHYTulA0rpfIvMyTbcuTFlTz6j9dlvR JnVBddBiNEPl/3N0ThNfd30C2ggBa8qOvZIWISQQTqsuLR9rFDcp9g9Wj2QFXma2 ReWnrYfjYeE= =nS9f -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0241 - ALERT [Cisco] Cisco SD-WAN products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0241 Cisco SD-WAN multiple vulnerabilities 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco SD-WAN Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-1301 CVE-2021-1300 CVE-2021-1299 CVE-2021-1298 CVE-2021-1279 CVE-2021-1278 CVE-2021-1274 CVE-2021-1273 CVE-2021-1263 CVE-2021-1262 CVE-2021-1261 CVE-2021-1260 CVE-2021-1241 CVE-2021-1233 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG Comment: This bulletin contains four (4) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco SD-WAN Buffer Overflow Vulnerabilities Priority: Critical Advisory ID: cisco-sa-sdwan-bufovulns-B5NrSHbj First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvi69895 CSCvt11525 CVE Names: CVE-2021-1300 CVE-2021-1301 CWEs: CWE-119 CWE-20 CVSS Score: 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Affected Products o Vulnerable Products These vulnerabilities affect the following Cisco products if they are running a vulnerable release of Cisco SD-WAN Software: IOS XE SD-WAN Software SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vManage Software SD-WAN vSmart Controller Software For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Details o The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability. Details about the vulnerabilities are as follows: CVE-2021-1300: Cisco SD-WAN Buffer Overflow Vulnerability A vulnerability in Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition. The vulnerability is due to incorrect handling of IP traffic. An attacker could exploit this vulnerability by sending crafted IP traffic through an affected device, which may cause a buffer overflow when the traffic is processed. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvt11525 CVE ID: CVE-2021-1300 Security Impact Rating (SIR): High CVSS Base Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-1301: Cisco SD-WAN Buffer Overflow Vulnerability A vulnerability in the NETCONF subsystem of Cisco SD-WAN Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or system. The vulnerability is due to insufficient input validation of user-supplied input that is read by the system during the establishment of an SSH connection. An attacker could exploit this vulnerability by submitting a crafted file to be read by the affected system. A successful exploit could allow the attacker to cause a buffer overflow that could result in a DoS condition on the affected device or system . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvi69895 CVE ID: CVE-2021-1301 Security Impact Rating (SIR): Medium CVSS Base Score: 6.5 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s). To ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories: cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass Vulnerabilities cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow Vulnerabilities cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection Vulnerabilities cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service Vulnerabilities SD-WAN Software Cisco First Fixed Release First Fixed Release for All SD-WAN for These Vulnerabilities Described in the Releases Vulnerabilities Collection of Advisories Earlier Migrate to a fixed Migrate to a fixed release. than 18.3 release. 18.3 Migrate to a fixed Migrate to a fixed release. release. 18.4 18.4.5 Migrate to a fixed release. 19.2 19.2.2 Migrate to a fixed release. 19.3 Migrate to a fixed Migrate to a fixed release. release. 20.1 20.1.1 Migrate to a fixed release. 20.3 20.3.1 20.3.2 20.4 20.4.1 20.4.1 IOS XE SD-WAN Software Cisco IOS XE First Fixed Release First Fixed Release for All SD-WAN for These Vulnerabilities Described in the Releases Vulnerabilities Collection of Advisories 16.9 Migrate to a fixed Migrate to a fixed release. release. 16.10 Migrate to a fixed Migrate to a fixed release. release. 16.11 Migrate to a fixed Migrate to a fixed release. release. 16.12 16.12.4 16.12.4 IOS XE Software Cisco IOS XE First Fixed Release First Fixed Release for All Universal for These Vulnerabilities Described in the Releases Vulnerabilities Collection of Advisories 17.2 17.2.1 17.2.2 17.3 17.3.1 17.3.1 17.4 17.4.1 17.4.1 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o These vulnerabilities were found by James Spadaro of Cisco during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco SD-WAN Command Injection Vulnerabilities Priority: Critical Advisory ID: cisco-sa-sdwan-cmdinjm-9QMSmgcn First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvi59635 CSCvi59639 CSCvi69982 CSCvm26011 CSCvu28387 CSCvu28443 CVE Names: CVE-2021-1260 CVE-2021-1261 CVE-2021-1262 CVE-2021-1263 CVE-2021-1298 CVE-2021-1299 CWEs: CWE-20 Summary o Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn Affected Products o Vulnerable Products These vulnerabilities affect the following Cisco products if they are running a vulnerable release of Cisco SD-WAN Software: SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vManage Software SD-WAN vSmart Controller Software For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE SD-WAN Software. Details o The vulnerabilities are not dependent on one another; exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. Details about the vulnerabilities are as follows: CVE-2021-1299: Cisco SD-WAN vManage Command Injection Vulnerability A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected system. This vulnerability is due to improper input validation of user-supplied input to the device template configuration. An attacker could exploit this vulnerability by submitting crafted input to the device template configuration. A successful exploit could allow the attacker to gain root -level access to the affected system. This vulnerability affects only the Cisco SD-WAN vManage product. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvu28387 CVE ID: CVE-2021-1299 Security Impact Rating (SIR): Critical CVSS Base Score: 9.9 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-1261: Cisco SD-WAN CLI Command Injection Vulnerability A vulnerability in the CLI utility tcpdump of Cisco SD-WAN Software could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow the attacker to obtain root privileges. This vulnerability is due to insufficient validation of user-supplied input to the tcpdump command. An attacker could exploit this vulnerability by authenticating with a lower-privileged user account via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvi59639 CVE ID: CVE-2021-1261 Security Impact Rating (SIR): High CVSS Base Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-1260: Cisco SD-WAN CLI Command Injection Vulnerability A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow the attacker to obtain root privileges and read, write, and delete files of the underlying file system of an affected device. This vulnerability is due to insufficient validation of user-supplied input on the CLI. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvi59635 CVE ID: CVE-2021-1260 Security Impact Rating (SIR): High CVSS Base Score: 7.1 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-1263: Cisco SD-WAN CLI Command Injection Vulnerability A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow the attacker to obtain root privileges and read, write, and delete files of the underlying file system of an affected device. This vulnerability is due to insufficient validation of user-supplied input on the CLI. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvu28443 CVE ID: CVE-2021-1263 Security Impact Rating (SIR): Medium CVSS Base Score: 6.1 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVE-2021-1262: Cisco SD-WAN CLI Command Injection Vulnerability A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker with read-only credentials to inject arbitrary commands that could allow the attacker to obtain root privileges and read files from the underlying file system of an affected device. This vulnerability is due to insufficient validation of user-supplied input on the CLI. An attacker could exploit this vulnerability by authenticating with read-only privileges via the CLI of an affected device and submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvi69982 CVE ID: CVE-2021-1262 Security Impact Rating (SIR): Medium CVSS Base Score: 5.5 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-1298: Cisco SD-WAN vManage Command Injection Vulnerability A vulnerability in the vAnalytics feature of the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected system. This vulnerability is due to improper input validation of user-supplied input to the SSO configuration. An attacker could exploit this by submitting crafted input to the SSO configuration. A successful exploit could allow the attacker to gain root -level access to the system. The vAnalytics feature of Cisco SD-WAN vManage Software must be enabled for this vulnerability to be exploited. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvm26011 CVE ID: CVE-2021-1298 Security Impact Rating (SIR): Medium CVSS Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s). To ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories: cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass Vulnerabilities cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow Vulnerabilities cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection Vulnerabilities cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service Vulnerabilities Cisco First Fixed Release First Fixed Release for All SD-WAN for These Vulnerabilities Described in the Release Vulnerabilities Collection of Advisories Earlier Migrate to a fixed Migrate to a fixed release. than 18.3 release. 18.3 Migrate to a fixed Migrate to a fixed release. release. 18.4 Migrate to a fixed Migrate to a fixed release. release. 19.2 Migrate to a fixed Migrate to a fixed release. release. 19.3 Migrate to a fixed Migrate to a fixed release. release. 20.1 20.1.2 Migrate to a fixed release. 20.3 20.3.2 20.3.2 20.4 20.4.1 20.4.1 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o The following vulnerabilities were found during the resolution of a Cisco TAC support case: CVE-2021-1260 and CVE-2021-1261. The following vulnerabilities were found during internal security testing: James Spadaro of Cisco: CVE-2021-1262 Joseph Connor of Cisco: CVE-2021-1263 Andrew Kim of Cisco: CVE-2021-1298 Alex Lumsden of Cisco: CVE-2021-1299 Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco SD-WAN Denial of Service Vulnerabilities Priority: High Advisory ID: cisco-sa-sdwan-dosmulti-48jJuEUP First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvq20708 CSCvt11522 CSCvt11523 CSCvt11530 CSCvu28409 CSCvu31763 CVE Names: CVE-2021-1241 CVE-2021-1273 CVE-2021-1274 CVE-2021-1278 CVE-2021-1279 CWEs: CWE-119 CWE-20 CWE-787 Summary o Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP Affected Products o Vulnerable Products These vulnerabilities may affect the following Cisco products if they are running a vulnerable release of Cisco SD-WAN Software: IOS XE SD-WAN Software SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vManage Software SD-WAN vSmart Controller Software See the Details section of this advisory for information on vulnerable products for each vulnerability. For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE universal image releases 17.2.1r and later. Details o The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit the other vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerability. Details about the vulnerabilities are as follows. CVE-2021-1241: Cisco SD-WAN vEdge Router VPN Denial of Service Vulnerability A vulnerability in VPN tunneling features of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvu31763 CVE ID: CVE-2021-1241 Security Impact Rating (SIR): High CVSS Base Score: 8.6 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-1273: Cisco SD-WAN IPSec Denial of Service Vulnerability A vulnerability in the IPSec tunnel management of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system. The vulnerability is due to the bounds checking in the forwarding plane of the IPSec tunnel management functionality. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 packets to a specific device. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvu28409 CVE ID: CVE-2021-1273 Security Impact Rating (SIR): High CVSS Base Score: 8.6 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-1274: Cisco SD-WAN UDP Denial of Service Vulnerability A vulnerability in the UDP connection response of Cisco IOS XE SD-WAN, Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system. The vulnerability is due to the presence of a null dereference in vDaemon. An attacker could exploit this vulnerability by sending crafted traffic to a specific device. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvt11523 CVE ID: CVE-2021-1274 Security Impact Rating (SIR): High CVSS Base Score: 8.6 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2021-1278: Cisco SD-WAN Denial of Service Vulnerabilities Multiple vulnerabilities in the symbolic link (symlink) creation functionality of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller Software could allow an authenticated, local attacker to overwrite arbitrary files that are owned by the root user on the affected system. These vulnerabilities are due to the absence of validation checks for the input that is used to create symlinks. An attacker could exploit these vulnerabilities by creating a symlink to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a DoS condition on an affected system . To exploit these vulnerabilities, the attacker would need to have valid credentials on the system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. Bug ID(s): CSCvt11522 , CSCvt11530 CVE ID: CVE-2021-1278 Security Impact Rating (SIR): Medium CVSS Base Score: 6.7 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H CVE-2021-1279: Cisco SD-WAN SNMPv3 Denial of Service Vulnerability A vulnerability in the SNMPv3 management feature of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected system. The vulnerability is due to insufficient input validation for the SNMPv3 management functionality. An attacker could exploit this vulnerability by sending crafted SNMPv3 traffic to a specific device. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Bug ID(s): CSCvq20708 CVE ID: CVE-2021-1279 Security Impact Rating (SIR): Medium CVSS Base Score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed software release as indicated in the following table(s). To ensure a complete upgrade solution, consider that this advisory is part of a collection that includes the following advisories: cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass Vulnerabilities cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow Vulnerabilities cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection Vulnerabilities cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service Vulnerabilities SD-WAN Software Cisco First Fixed Release First Fixed Release for All SD-WAN for These Vulnerabilities Described in This Releases Vulnerabilities Collection of Advisories Earlier Migrate to a fixed Migrate to a fixed release. than 18.3 release. 18.3 Migrate to a fixed Migrate to a fixed release. release. 18.4 18.4.6 Migrate to a fixed release. 19.2 Migrate to a fixed Migrate to a fixed release. release. 19.3 Migrate to a fixed Migrate to a fixed release. release. 20.1 20.1.2 Migrate to a fixed release. 20.3 20.3.1 20.3.2 20.4 20.4.1 20.4.1 IOS XE SD-WAN Software Cisco IOS XE First Fixed Release First Fixed Release for All SD-WAN for These Vulnerabilities Described in This Releases Vulnerabilities Collection of Advisories 16.9 Migrate to a fixed Migrate to a fixed release. release. 16.10 Migrate to a fixed Migrate to a fixed release. release. 16.11 Migrate to a fixed Migrate to a fixed release. release. 16.12 16.12.4 16.12.4 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o CVE-2021-1273: This vulnerability was found by Joseph Connor of Cisco during internal security testing. CVE-2021-1274: This vulnerability was found by Arthur Vidineyev of Cisco during internal security testing. CVE-2021-1278: This vulnerability was found by Andrew Kim of Cisco during internal security testing. CVE-2021-1279: This vulnerability was found during internal security testing. CVE-2021-1241: This vulnerability were found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco SD-WAN Information Disclosure Vulnerability Priority: Medium Advisory ID: cisco-sa-sdwan-infodis-2-UPO232DG First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvi69962 CVE Names: CVE-2021-1233 CWEs: CWE-20 CVSS Score: 4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG Affected Products o Vulnerable Products At the time of publication, this vulnerability affected the following Cisco products if they were running a release of Cisco SD-WAN Software earlier than Release 18.4.3: SD-WAN vBond Orchestrator Software SD-WAN vEdge Cloud Routers SD-WAN vEdge Routers SD-WAN vManage Software See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco SD-WAN Software releases 18.4.3 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj/UONLKJtyKPYoAQiI1w/+K3Uj/JBvuMwzlXrILSJicmwSkQS9fZcW gQVIAkNf0M2ZqzNDjE0yNnNfFHeZkIOlYgh6a7cTA+41rxu8bC2waJJVaAbzGVkE YKSA9pygOXI6yxk1WUFDhrlvYG1IPwntloztiIYt8poInA5dh9ilc0KSvoZW9Lt+ S35AfQffmhCtGNPGVFUzyIvNByEXDwh6JBFV10NSzjyKZoPa1SpJQkJo7pJHUZV8 1esSEsBMOfIMSVXANiQJsUIVe/WbrhFOuc2jHpKjHOC5KskJwP3y2xaW4WCUA8K9 J+2m7UYBcDxN9r97krC/XKbRp2eVUjx2u5IVafJH0KR3s7I7Hk7WOHMxz+yoiuhk 3uCburV9mspwicUhzEBRLWj8/esgJjAUAyyvqvX6EhShykzWGaFQk9/rtlrOI7Ct HhVwJ/ydKBIKwZrsRg6/eOFsE/uECgYkLWo07AlAK3/URKuNF1AoUxbQIY0IXBQ3 w+4Ri7VnQvc8h9XZ6RAPv4CjiaEgt4RbYUApdYCiISD/w+lnNzpYzE7/V1hBRfQT 60KIXSnOPAqAg69fwZ7NViwHYgOJhseUOW6rHZuTNT68g5De7AELGHrDg8YQDCc3 Q58MV3WyLRBH7y7AeOL9+cnM0IskDKm+tb2BWocFMLB8Wff6FOiaXkZTSb42wT5z QIOdTbdJffU= =Az58 -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0240 - ALERT [Cisco] Cisco Smart Software Manager Satellite: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0240 Cisco Smart Software Manager Satellite vulnerabilities 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Smart Software Manager Satellite Publisher: Cisco Systems Operating System: Cisco Impact/Access: Root Compromise -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-1222 CVE-2021-1219 CVE-2021-1218 CVE-2021-1142 CVE-2021-1141 CVE-2021-1140 CVE-2021-1139 CVE-2021-1138 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A Comment: This bulletin contains four (4) Cisco Systems security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Smart Software Manager Satellite Open Redirect Vulnerability Priority: Medium Advisory ID: cisco-sa-cssmor-MDCWkT2x First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvm45224 CVE Names: CVE-2021-1218 CWEs: CWE-601 CVSS Score: 4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web management interface of Cisco Smart Software Manager satellite could allow an authenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco Smart Software Manager satellite releases 5.0 and earlier. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco Smart Software Manager On-Prem releases 5.1.0 and later contained the fix for this vulnerability. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found by Cisco during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Smart Software Manager Satellite SQL Injection Vulnerability Priority: Medium Advisory ID: cisco-sa-cssm-sqi-h5fDvZWp First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvm42654 CVE Names: CVE-2021-1222 CWEs: CWE-89 CVSS Score: 6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X Summary o A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp Affected Products o Vulnerable Products At the time of publication, this vulnerability affected Cisco Smart Software Manager Satellite releases 5.1.0 and earlier. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Fixed Releases At the time of publication, Cisco Smart Software Manager On-Prem releases 6.3.0 and later contained the fix for this vulnerability. Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was renamed to Cisco Smart Software Manager On-Prem. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Smart Software Manager Satellite Static Credential Vulnerability Priority: High Advisory ID: cisco-sa-cssm-sc-Jd42D4Tq First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvm42283 CVE Names: CVE-2021-1219 CWEs: CWE-798 CVSS Score: 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X Summary o A vulnerability in Cisco Smart Software Manager Satellite could allow an authenticated, local attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by gaining access to the static credential that is stored on the local device. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq Affected Products o Vulnerable Products This vulnerability affects Cisco Smart Software Manager Satellite releases 5.1.0 and earlier. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed this vulnerability in Cisco Smart Software Manager On-Prem releases 6.3.0 and later. Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was renamed to Cisco Smart Software Manager On-Prem. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - -------------------------------------------------------------------------------- Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities Priority: Critical Advisory ID: cisco-sa-cssm-multici-pgG5WM5A First Published: 2021 January 20 16:00 GMT Version 1.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvm42428 CSCvm42436 CSCvm42548 CSCvm42748 CSCvm45213 CVE Names: CVE-2021-1138 CVE-2021-1139 CVE-2021-1140 CVE-2021-1141 CVE-2021-1142 CWEs: CWE-20 Summary o Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A Affected Products o Vulnerable Products These vulnerabilities affect Cisco Smart Software Manager Satellite releases 5.1.0 and earlier. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by these vulnerabilities. Details o The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities. Details about the vulnerabilities are as follows: CVE-2021-1138, CVE-2021-1140, CVE-2021-1142: Cisco Smart Software Manager Satellite Web U I Command Injection Vulnerabilities Vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands as a high-privileged user on an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to an affected device. A successful exploit could allow the attacker to run arbitrary commands on the underlying operating system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. CVE-ID: CVE-2021-1138, CVE-2021-1140, CVE-2021-1142 Bug ID(s): CSCvm45213 , CSCvm42428 , CSCvm42748 Security Impact Rating (SIR): Critical CVSS Base Score: 9.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-1139, CVE-2021-1141: Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities Vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending malicious HTTP requests to an affected device. A successful exploit could allow the attacker to run arbitrary commands as the root user on the underlying operating system. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. CVE-ID: CVE-2021-1139, CVE-2021-1141 Bug ID(s): CSCvm42548 , CSCvm42436 Security Impact Rating (SIR): High CVSS Base Score: 8.8 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Workarounds o There are no workarounds that address these vulnerabilities. Fixed Software o Cisco has released free software updates that address the vulnerabilities described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Cisco fixed these vulnerabilities in Cisco Smart Software Manager On-Prem releases 6.3.0 and later. Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was renamed to Cisco Smart Software Manager On-Prem. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. Source o These vulnerabilities were found during internal security testing. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A Revision History o +----------+---------------------------+----------+--------+--------------+ | Version | Description | Section | Status | Date | +----------+---------------------------+----------+--------+--------------+ | 1.0 | Initial public release. | - | Final | 2021-JAN-20 | +----------+---------------------------+----------+--------+--------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj6a+NLKJtyKPYoAQgh9w//Y09TvkRZS/fimnzsj0ePcdGWanJVPfMP 7zHyMHvranq2GBk+sHgSX1zaHNopZNLc98Siy9XXjoUjbSVohRnXb4PU1+mNn6YD tPhiQB+jtpdoWjRoEWJ5UMzACoiHp8Qraknn4RNhR1B1J2c0xu/yFfekVByV6uWI MZ/ZnVXwagEOGGpYoVY0sWTRJcwH6TcYL1l/chDYe6bYosPvgLeM5MWhhPyC/uzN uBEvwyRevZYRlXcyErvsDBJ9cH6kTiVvpEuPLZEKl9vIOOOJPooEwgaM9lHIw6uC 28/UQzHMZNUYIUiHFxBamjTN/bZjhZY/qRj008HFVGFqbwwHFv7Z5KYNdmKksq4Q tPxIEGenl0vrW/FysrZqEDezweMvekNsOpCKTn5o3GIBAKrf2u3xYGyhQUsaeHjk P4z/SwZ0q6L20ktdgnp/u8VMJhagmFiUxyG9SILfDAHdHaQYDwiAvo88HogklFLf xEOsQgURfqAAFzyjHmtM79c4JVc8qqzFZeDtxScbg0P7q5RsuEBfIfgaFYBWZyCQ ZVcrictU0DvjSt88JK5QUcYx5/0ZUHxtWk98d132C55uB7S2HxCUFzo+qa3RNqLt GhqFIWt5FJm4uHEa9xkRcGXAYFsJa2gaISHv5SetGd4k60zbiXWlLfAOfv3QOT+L 7o8P7t+p3bA= =3PBK -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0239 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0239 Drupal core - Critical - Third-party libraries - SA-CORE-2021-001 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Drupal Publisher: Drupal Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Unauthorised Access -- Unknown/Unspecified Reduced Security -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2020-36193 Original Bulletin: https://www.drupal.org/sa-core-2021-001 - --------------------------BEGIN INCLUDED TEXT-------------------- Drupal core - Critical - Third-party libraries - SA-CORE-2021-001 Project: Drupal core Date: 2021-January-20 Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon Vulnerability: Third-party libraries Description: The Drupal project uses the pear Archive_Tar library, which has released a security update that impacts Drupal. For more information please see: CVE-2020-36193 Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz file uploads and processes them. Solution: Install the latest version: If you are using Drupal 9.1, update to Drupal 9.1.3. If you are using Drupal 9.0, update to Drupal 9.0.11. If you are using Drupal 8.9, update to Drupal 8.9.13. If you are using Drupal 7, update to Drupal 7.78. Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage. Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability. Reported By: Richard Sheppard Stephen Cross Jonathan Danaher Kim Pepper Fixed By: Lee Rowlands of the Drupal Security Team Drew Webber of the Drupal Security Team Greg Knaddison of the Drupal Security Team Vijay Mani Provisional Member of the Drupal Security Team Jess of the Drupal Security Team Michael Hess of the Drupal Security Team - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj6NeNLKJtyKPYoAQjvZBAAjRb8aPLBeGKnGEBO+7IeFHtGpH57Tn4t dyF7wrcddeOnNU54jC4+6r5+oPGPuDyHjGVvKBhP+QyFNuUCU0vUBvRu1hBOtoaP vDP/K5pF7KGeT2OHEcf6cI69hTgn1wiY0+DMO6ak+8uDQVYEBunlE81WsRwsPtA9 5dftTG97dPYVg27jSf+VOv//3m3RlH24EA8Zt8rnxWH5zn27L/Uz9EQtzAiQl3sZ 8PBQBONqNWQN52WBR9cFsPbb/Lq+W7yVOj+P5FNyIaGI5ibX1iaZXCIcCEp0dVqa eEniH2WddniGDjTfWzpY0X9KbQ/fpgPRIQfJSR2CC5EDqrxwPe6njeI0rx5wh20J BNAUs3wBoaSEVsGmGskaGKtEtuD5TeQByDFhof+RbJA7UWTtgjzIeBIhv2WKR17o N844AHxQoa4o9JRsmSy3IsuUGp2NOktllYpuf4ytyh1l1vfqJeMGgZ51oBHn2Kv5 i2wkQ0qQXcgJyS4mjQ/anExO6KdBJig4nIxbSGrfviO2l4WGVNlKbRjxfPEYnmJr w70Eh4gWYLi+mTMaoN3I9oGdo+EHJ7Ov9hf/UQM53rrJNmaD5L2pbTI/VsYmt/JF v2sOYA17mT+GK3+OzRV8lgXaf/IKqAvV0y+mCbS5W4h05UzTiPJy5f4SPDXhe0Un XE+VHIEU6Qk= =VFUY -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0238 - [RedHat] OpenShift Container Platform 3.11: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0238 OpenShift Container Platform 3.11.374 bug fix and security update 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: OpenShift Container Platform 3.11 Publisher: Red Hat Operating System: Red Hat Impact/Access: Access Confidential Data -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-26137 CVE-2020-8554 CVE-2019-11840 Reference: ESB-2021.0236 ESB-2019.2367 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:0079 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: OpenShift Container Platform 3.11.374 bug fix and security update Advisory ID: RHSA-2021:0079-01 Product: Red Hat OpenShift Enterprise Advisory URL: https://access.redhat.com/errata/RHSA-2021:0079 Issue date: 2021-01-20 CVE Names: CVE-2019-11840 CVE-2020-8554 CVE-2020-26137 ===================================================================== 1. Summary: Red Hat OpenShift Container Platform release 3.11.374 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64 3. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.11.374. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:0080 Security Fix(es): * golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter (CVE-2019-11840) * kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554) * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: See the following documentation, which will be updated shortly for release 3.11.374, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r elease_notes.html This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258. 5. Bugs fixed (https://bugzilla.redhat.com/): 1691529 - CVE-2019-11840 golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter 1866789 - remove use of upstream client plugin pipeline from openshift build e2e 1870050 - Image garbage collection is not cleaning up dangling images 1881319 - [3.11] service cannot be working for a while if the pod is running before the service is created 1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method 1891051 - CVE-2020-8554 kubernetes: MITM using LoadBalancer or ExternalIPs 6. Package List: Red Hat OpenShift Container Platform 3.11: Source: atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.src.rpm atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.src.rpm atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.src.rpm atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.src.rpm atomic-openshift-dockerregistry-3.11.374-1.git.481.e6a880c.el7.src.rpm atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.src.rpm atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.src.rpm atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.src.rpm atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.src.rpm golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.src.rpm golang-github-prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.src.rpm golang-github-prometheus-node_exporter-3.11.374-1.git.1062.490d6d5.el7.src.rpm golang-github-prometheus-prometheus-3.11.374-1.git.5026.29379c4.el7.src.rpm openshift-ansible-3.11.374-1.git.0.92f5956.el7.src.rpm openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.src.rpm openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.src.rpm openshift-kuryr-3.11.374-1.git.1478.ef11824.el7.src.rpm python-urllib3-1.26.2-1.el7.src.rpm noarch: atomic-openshift-docker-excluder-3.11.374-1.git.0.ebd3ee9.el7.noarch.rpm atomic-openshift-excluder-3.11.374-1.git.0.ebd3ee9.el7.noarch.rpm openshift-ansible-3.11.374-1.git.0.92f5956.el7.noarch.rpm openshift-ansible-docs-3.11.374-1.git.0.92f5956.el7.noarch.rpm openshift-ansible-playbooks-3.11.374-1.git.0.92f5956.el7.noarch.rpm openshift-ansible-roles-3.11.374-1.git.0.92f5956.el7.noarch.rpm openshift-ansible-test-3.11.374-1.git.0.92f5956.el7.noarch.rpm openshift-kuryr-cni-3.11.374-1.git.1478.ef11824.el7.noarch.rpm openshift-kuryr-common-3.11.374-1.git.1478.ef11824.el7.noarch.rpm openshift-kuryr-controller-3.11.374-1.git.1478.ef11824.el7.noarch.rpm python2-kuryr-kubernetes-3.11.374-1.git.1478.ef11824.el7.noarch.rpm python2-urllib3-1.26.2-1.el7.noarch.rpm ppc64le: atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.ppc64le.rpm atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.ppc64le.rpm atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-clients-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.ppc64le.rpm atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.ppc64le.rpm atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-hypershift-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-master-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.ppc64le.rpm atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.ppc64le.rpm atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.ppc64le.rpm atomic-openshift-template-service-broker-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.ppc64le.rpm golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.ppc64le.rpm openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.ppc64le.rpm openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.ppc64le.rpm prometheus-3.11.374-1.git.5026.29379c4.el7.ppc64le.rpm prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.ppc64le.rpm prometheus-node-exporter-3.11.374-1.git.1062.490d6d5.el7.ppc64le.rpm x86_64: atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-clients-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-clients-redistributable-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.x86_64.rpm atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.x86_64.rpm atomic-openshift-dockerregistry-3.11.374-1.git.481.e6a880c.el7.x86_64.rpm atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-hypershift-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-master-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.x86_64.rpm atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.x86_64.rpm atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.x86_64.rpm atomic-openshift-template-service-broker-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.x86_64.rpm golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.x86_64.rpm openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.x86_64.rpm openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.x86_64.rpm prometheus-3.11.374-1.git.5026.29379c4.el7.x86_64.rpm prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.x86_64.rpm prometheus-node-exporter-3.11.374-1.git.1062.490d6d5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-11840 https://access.redhat.com/security/cve/CVE-2020-8554 https://access.redhat.com/security/cve/CVE-2020-26137 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYAhg7tzjgjWX9erEAQhzMw/+OnzXq+T54y5tUQ4ELy0scOlhbJM7G0vR Sa5H+PeKypLxtj4Tp0Xx06GNIKprdo2wKNJej3h23IOKzCSopecU0wBMIHi4pBh6 NZIbNoWRqWv0VgPkpF1D7unihvPqZOsa3247y4xqhQCf0o0akWiyMUmbe4CKSshS kORmiAEafiT6UjS+yW+8jVjGK9CDanLgoCM5xV4DHQCookiVS0DObi2SOjzjfCdZ IEuKAkAX1C3mTeHXDYK6+EB7AGPnGwG5m1q6cdzO/4FCLKPH5LqC4otPbUKPNOga vzvXuJlOnhjs0K4/amH97K+AVw0hAxTAjb+R87XYX6ZW70yXoVzII4/w05/gxXa9 cRyb3j98pSirpweW5JhDGgyiWt7ZLbKvkNuEPtejca1jhzvOt6f9QLEKmgY210NL BwzkDLQg4tWMd36sgoeSTDVpnUC/53ZOai7gNFRENS5/8Uwu3BGZ74Mi9FIXT0Rf NXOgIsghSHpPmsMjvkvDX0kwcs+0MRnY6gycUSlJcH+ONBiG2rp4tMgvRC6TP8/X Hij4L/VmO3MOwzCa4TbkbJrv5NPa5qWbXJQ4hc5YvU27CE8o37yM0TZ8kU8iTq+K S7MDNwWcvgCXDH6s1VUqtWJQlWLJJ4wKUOFSEzHha4Ek886yl2NXWWa3FljcBlG+ 0HD7KUq3X5Y= =2CCg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj3JONLKJtyKPYoAQhKzxAAgOW41hEbI2NHZ3zclhay6iKTzwr0hkL6 ue1ayt57ckpivLa/A+mDSv7bYN2omqdt8WP5pGHkI6iPzMwdEc4GTkwcRj8ThbRH lX3CPBubyjsqbMnrdJqboDbco0ebU/tWRmh7Z84W4BSJsZY77pZQONgPP0TyJ0kW h3NC1EHG3VhDIsaMpjRtWHgvQUfuECsX5vbREL484sG3mCc5BVYF2Xjy4528Gbmp GuZN12BtZyuk8pgyr22sSmbwsxwsf7XZfz4rxbcRzzngEmg6PzViUUOK+NfUpF7S 9kqr92D3VtPvbpFsZvYiCgIGFShugHDPesiOIY9jEJ65AnghH21m1+0Lm/YvVe7/ 35nFfbLbA5uhKhROCVlXk+uDH0KoC/MVx1AUg35Xj3EvhlAthK8IAFzRkGk1j/E6 Q+mbpGgzus3HcdLxR0k+5GIM3kQMP/9PS8UZlNx6CZK99AdJeW+XBt3KEqSkUylB U2ldfYEGG1wIF97kTnNcYV3mkQymjro8mo2GeiXwJ3+T45CvAiGNtrybvywBI/bY oY3+kjAfse5ab5mx2ZYe9Da0gHUHdwtB3puz4Uo2Wl328Do7C+JMbhYqdG1GAXB0 pNSIHmc4iT1IA3KlhxmvZR9xnkMzaPfKVyjQmcrLoPQn2AvV/bytHVdA7JS/D3CN dtHfsQf/atQ= =SPLr -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0237 - [UNIX/Linux][Debian] mutt: Denial of service - Remote with user interaction

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0237 mutt security update 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mutt Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2021-3181 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mutt check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2529-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta January 21, 2021 https://wiki.debian.org/LTS - - ----------------------------------------------------------------------- Package : mutt Version : 1.7.2-1+deb9u5 CVE ID : CVE-2021-3181 Debian Bug : 980326 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. For Debian 9 stretch, this problem has been fixed in version 1.7.2-1+deb9u5. We recommend that you upgrade your mutt packages. For the detailed security status of mutt please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mutt Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAIjx0ACgkQgj6WdgbD S5bk0A/+JMLuHGnyWqpA+QYC4uNYvZKCUvA8YjV8fp/CJ6Jpekxa7LJ32VsazQcM D/8tOQibVZ+iHaxuGBgQ3Zd9Ar9b+VUkQYJtkESpho6I0r/Se1G9pfbRb94IjdiT w3KSL3wycHPH02379fe1Mf7UVZJHmF161F6SRGP8oQwFn44nY9cRwhFzqgIHcbb0 BxCYGkMsxT/jQq9MC7x5TZBZBzOw9racTYstKafUS7UxwTo/k+gzuDZH6nCjzohN ux+24HPDhdmzx0DtJZ7TsHEyXgHeF/2+rLSTg3Q7FCna+x0EXNes46UHJq89tgUi UYRD5VuhfKbTSw3vf84kqGQs9VBbfaEwpHoRqqdLgyMwIlG3jbIy+mIZgq/p0DBn E0sWVQIyr0DCtAlJ1YT2Z0cT7ox6Gn2aIQrE2IIPPxA2xw2mjdfHzK+q4bwocY3U zLvyxT1us2IU8fOZuSL1WS/rIIKN0sAXtwj2SCAEbN10o6XuXZdVJmdjxKWzCsog xj5YWAd8aD01Kw7xypuxVsf2FlujHFXGM1zFBMxy4kEYt46EiIl6ZfSNApOiuo/5 RZpqQTdOsbd2EhX4HybPj7iLun9CQlDZUFU7j4xPao9z0JWDUK35csGNrQlH5SDb cl1H6k7/zQNKfIN4mDQPrKnzroetqzyDmJJyxNMIgs50hX9mOqo= =lmGl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj3FuNLKJtyKPYoAQgUMRAAsM0ryOX6uC7HuqHQAjePdPp2OdTfSrbO eACpra73LauKYLp4xGqGe56/3Eti1nEz6G66KwTIp56O2JJBZxHD6lCOXNLAJ6UC IOIC2IFyOoDZa3Jmol3/dACqwMpvrwIBLTTuYtzAlqDmNw18cZWpNUCGK/ErB0El ANqlkTsrcnBJ7aSykZqOdnLvD2QLa7zxFxoCzl60e01tQN8ICtWWf8ezDL2IK+/X 9ID0CKS4dKB2yIYCvdTprYbFd2w7z8a/Gs+k/YJuBzZEw/I45hpqhDOr9l7eZeoO TIuBX4OCiV3vUnwj4c/4Yt++rKzq8jDApJ6XFNlp8HBMm/1jT5kLKl17AU9d8UY7 4KMzHKexPTM82r4cQFMoqYTHwbYr3n7XFCf9ui4ORETL2ivBOb2uMpAoZEz+FxD2 CV1tXRFWPZ2hWkn1Okl206bDPZz5ZT4arQsWWr73Os54zt9ZGPeqGfXZeAl32D5T QxLkl8phL1tk+TSBBZtBCLBBc8sjMnMBF07MRDg64rxXKIjzJwO/0S8zk1puHc73 Khsuic7kmU5ahUnF1hyQBYkHxc4Cdxi0GCI50Xuh+2HRh9mgVMuykeLUbMTQAru+ 6zoOnPNeYrwRPJ6c68+HvvPtr1/1n+LEb+WJbMyEP7RHqZVzp/HGnIM3EEAcKjn4 Kqz18lbi6pQ= =+ZzW -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0034 - [Win][UNIX/Linux] Oracle VM VirtualBox: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0032 - [Win][UNIX/Linux] Oracle Systems Products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0031 - [Win][UNIX/Linux] Oracle Supply Chain Products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0030 - [Win][UNIX/Linux] Siebel Applications: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0029 - [Win][UNIX/Linux] Oracle Communications Products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0028 - [Win][UNIX/Linux] Oracle PeopleSoft products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0027 - [Win][UNIX/Linux] JD Edwards EnterpriseOne products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ASB-2021.0026 - [Win][UNIX/Linux] MySQL Products: Multiple vulnerabilities

Member only content. Please view on site after logging in.
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0206.2 - UPDATE [UNIX/Linux][Ubuntu] Pillow: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0206.2 USN-4697-1: Pillow vulnerabilities 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Pillow Publisher: Ubuntu Operating System: Ubuntu UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-35655 CVE-2020-35654 CVE-2020-35653 Original Bulletin: https://ubuntu.com/security/notices/USN-4697-1 https://ubuntu.com/security/notices/USN-4697-2 Comment: This bulletin contains two (2) Ubuntu security advisories. This advisory references vulnerabilities in products which run on platforms other than Ubuntu. It is recommended that administrators running Pillow check for an updated version of the software for their operating system. Revision History: January 21 2021: Vendor released corresponding update for Ubuntu 14.04 ESM USN-4697-2 January 19 2021: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4697-1: Pillow vulnerabilities 18 January 2021 Pillow could be made to crash or run programs as your login if it opened a specially crafted file. Releases o Ubuntu 20.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS o Ubuntu 16.04 LTS Packages o pillow - Python Imaging Library Details It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. (CVE-2020-35653) It was discovered that Pillow incorrectly handled certain Tiff image files. If a user or automated system were tricked into opening a specially-crafted Tiff file, a remote attacker could cause Pillow to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654) It was discovered that Pillow incorrectly handled certain SGI image files. If a user or automated system were tricked into opening a specially-crafted SGI file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o python3-pil - 7.2.0-1ubuntu0.1 Ubuntu 20.04 o python3-pil - 7.0.0-4ubuntu0.2 Ubuntu 18.04 o python-pil - 5.1.0-1ubuntu0.4 o python3-pil - 5.1.0-1ubuntu0.4 Ubuntu 16.04 o python-pil - 3.1.2-0ubuntu1.5 o python3-pil - 3.1.2-0ubuntu1.5 In general, a standard system update will make all the necessary changes. References o CVE-2020-35655 o CVE-2020-35654 o CVE-2020-35653 - ------------------------------------------------------------------------------- USN-4697-2: Pillow vulnerabilities 20 January 2021 Pillow could be made to crash or run programs as your login if it opened a specially crafted file. Releases o Ubuntu 14.04 ESM Packages o pillow - Python Imaging Library Details USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked into opening a specially-crafted PCX file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. ( CVE-2020-35653 ) It was discovered that Pillow incorrectly handled certain image files. If a user or automated system were tricked into opening a specially-crafted image file, a remote attacker could possibly cause Pillow to crash, resulting in a denial of service. ( CVE-2020-10177 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 o python-pil - 2.3.0-1ubuntu3.4+esm2 o python3-pil - 2.3.0-1ubuntu3.4+esm2 In general, a standard system update will make all the necessary changes. References o CVE-2020-10177 o CVE-2020-35653 Related notices o USN-4430-1 : python3-pil, python-pil, pillow o USN-4697-1 : python3-pil, python-pil, pillow o USN-4430-2 : python3-pil, pillow - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAkFNONLKJtyKPYoAQgHUw/9EjMRgcB8DboTXVS/9PRSEwamUZKwKZHB pXLvZMCkMo7EUgVHaeS0TDE7DRBQC4uDrkGM0H6jKcGlAzDahhkvo0+L9bsrQoTa 1BteQDyVttCHTCmAPp36x/a+BSD4Whk0ZYLRVJj06ihdMY8pmUkGc8VX+0HM0fxX OTrjgbJ8xTMhmorFSnHIq5Lz1QzgE9/rpZKufY9lvp2Oa4YKBDXTdOr4Dw+lTmaE 2CdbJihlVqyDbwWE3kHu77i7/In4uaFzeEJh2lQpsA1mIUGUiBDwGhMZyJq8Aj1N 25MPKW0lW27j1mUQgJB1EAjxZyWEskouxYP3hyIP2Q9akNbXiWtP4sFJwMb3LjDd jrjpLgCl37RCVTdJIyLOxNQYHqzJpsTFOQQLvHqLB9R8r6zIC44+VeeqvlxJF65j hFARPkQ1QoUxmfuMG5jkVSdcMotPZCP2me65zWjHYsdwUZ2V5dGWELFgzHcRXBHR bdIHdA5YS84UZCw1NEjf2znmksaoQabcXxW5FCoSIf1o5WRHsAgish3PpMrGx4II 0gLzzWGXULhgsyzYFPiVnuIfDPrYloRDaI/5MXZraPq1jsb7pAMH9wnMUB/B08P3 vUqSqmT24vou+cVnEPq+9Mm9pODs02DwNZAHUkG7pO3DAZxqil5jT40684sup9w6 XXHsqNRvC2I= =0tnQ -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2021.0105.3 - UPDATE [Ubuntu] Linux kernel: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0105.3 USN-4689-2: Linux kernel vulnerabilities 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Linux kernel Publisher: Ubuntu Operating System: Ubuntu Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-1056 CVE-2021-1053 CVE-2021-1052 Reference: ESB-2021.0097 Original Bulletin: https://ubuntu.com/security/notices/USN-4689-2 https://ubuntu.com/security/notices/USN-4689-3 https://ubuntu.com/security/notices/USN-4689-4 Comment: This bulletin contains three (3) Ubuntu security advisories. Revision History: January 21 2021: Vendor released update USN-4689-4 January 21 2021: Vendor minor update (USN-4689-3) details upstream release January 12 2021: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- USN-4689-2: Linux kernel vulnerabilities 11 January 2021 Several security issues were fixed in the Linux kernel. Releases o Ubuntu 20.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o linux - Linux kernel o linux-aws - Linux kernel for Amazon Web Services (AWS) systems o linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems o linux-azure - Linux kernel for Microsoft Azure Cloud systems o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems o linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems o linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel o linux-oem-5.6 - Linux kernel for OEM systems o linux-oracle - Linux kernel for Oracle Cloud systems o linux-oracle-5.4 - Linux kernel for Oracle Cloud systems Details USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. (CVE-2021-1052) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. (CVE-2021-1053) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. (CVE-2021-1056) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o linux-image-5.8.0-1015-oracle - 5.8.0-1015.16 o linux-image-5.8.0-1016-gcp - 5.8.0-1016.17 o linux-image-5.8.0-1017-azure - 5.8.0-1017.19 o linux-image-5.8.0-1018-aws - 5.8.0-1018.20 o linux-image-5.8.0-36-generic - 5.8.0-36.40 o linux-image-5.8.0-36-lowlatency - 5.8.0-36.40 o linux-image-aws - 5.8.0.1018.20 o linux-image-azure - 5.8.0.1017.17 o linux-image-gcp - 5.8.0.1016.16 o linux-image-generic - 5.8.0.36.40 o linux-image-gke - 5.8.0.1016.16 o linux-image-lowlatency - 5.8.0.36.40 o linux-image-oracle - 5.8.0.1015.15 o linux-image-virtual - 5.8.0.36.40 Ubuntu 20.04 o linux-image-5.4.0-1034-gcp - 5.4.0-1034.37 o linux-image-5.4.0-1035-aws - 5.4.0-1035.37 o linux-image-5.4.0-1035-oracle - 5.4.0-1035.38 o linux-image-5.4.0-1036-azure - 5.4.0-1036.38 o linux-image-5.4.0-60-generic - 5.4.0-60.67 o linux-image-5.4.0-60-lowlatency - 5.4.0-60.67 o linux-image-5.6.0-1042-oem - 5.6.0-1042.46 o linux-image-5.8.0-36-generic - 5.8.0-36.40~20.04.1 o linux-image-5.8.0-36-lowlatency - 5.8.0-36.40~20.04.1 o linux-image-aws - 5.4.0.1035.36 o linux-image-azure - 5.4.0.1036.34 o linux-image-gcp - 5.4.0.1034.43 o linux-image-generic - 5.4.0.60.63 o linux-image-generic-hwe-20.04 - 5.8.0.36.40~20.04.21 o linux-image-lowlatency - 5.4.0.60.63 o linux-image-lowlatency-hwe-20.04 - 5.8.0.36.40~20.04.21 o linux-image-oem - 5.4.0.60.63 o linux-image-oem-20.04 - 5.6.0.1042.38 o linux-image-oem-osp1 - 5.4.0.60.63 o linux-image-oracle - 5.4.0.1035.32 o linux-image-virtual - 5.4.0.60.63 o linux-image-virtual-hwe-20.04 - 5.8.0.36.40~20.04.21 Ubuntu 18.04 o linux-image-4.15.0-1063-oracle - 4.15.0-1063.70 o linux-image-4.15.0-1092-aws - 4.15.0-1092.98 o linux-image-4.15.0-1104-azure - 4.15.0-1104.116 o linux-image-4.15.0-130-generic - 4.15.0-130.134 o linux-image-4.15.0-130-lowlatency - 4.15.0-130.134 o linux-image-5.4.0-1034-gcp - 5.4.0-1034.37~18.04.1 o linux-image-5.4.0-1035-aws - 5.4.0-1035.37~18.04.1 o linux-image-5.4.0-1035-oracle - 5.4.0-1035.38~18.04.1 o linux-image-5.4.0-1036-azure - 5.4.0-1036.38~18.04.1 o linux-image-5.4.0-60-generic - 5.4.0-60.67~18.04.1 o linux-image-5.4.0-60-lowlatency - 5.4.0-60.67~18.04.1 o linux-image-aws - 5.4.0.1035.20 o linux-image-aws-lts-18.04 - 4.15.0.1092.94 o linux-image-azure - 5.4.0.1036.18 o linux-image-azure-lts-18.04 - 4.15.0.1104.77 o linux-image-gcp - 5.4.0.1034.22 o linux-image-generic - 4.15.0.130.117 o linux-image-generic-hwe-18.04 - 5.4.0.60.67~18.04.55 o linux-image-lowlatency - 4.15.0.130.117 o linux-image-lowlatency-hwe-18.04 - 5.4.0.60.67~18.04.55 o linux-image-oem - 5.4.0.60.67~18.04.55 o linux-image-oem-osp1 - 5.4.0.60.67~18.04.55 o linux-image-oracle - 5.4.0.1035.38~18.04.19 o linux-image-oracle-lts-18.04 - 4.15.0.1063.73 o linux-image-virtual - 4.15.0.130.117 o linux-image-virtual-hwe-18.04 - 5.4.0.60.67~18.04.55 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2021-1052 o CVE-2021-1053 o CVE-2021-1056 Related notices o USN-4689-1 : xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450, xserver-xorg-video-nvidia-440, nvidia-graphics-drivers-390, xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450, nvidia-graphics-drivers-460, xserver-xorg-video-nvidia-455 - ------------------------------------------------------------------------------- USN-4689-3: NVIDIA graphics drivers vulnerabilities 20 January 2021 Several security issues were fixed in NVIDIA graphics drivers. Releases o Ubuntu 20.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o nvidia-graphics-drivers-418-server - NVIDIA Server Driver o nvidia-graphics-drivers-450-server - NVIDIA Server Driver Details It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. ( CVE-2021-1052 ) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. ( CVE-2021-1053 ) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. ( CVE-2021-1056 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o nvidia-dkms-418-server - 418.181.07-0ubuntu0.20.10.1 o nvidia-dkms-440-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-dkms-450-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.20.10.1 o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.20.10.1 o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-utils-418-server - 418.181.07-0ubuntu0.20.10.1 o nvidia-utils-440-server - 450.102.04-0ubuntu0.20.10.1 o nvidia-utils-450-server - 450.102.04-0ubuntu0.20.10.1 o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.20.10.1 o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.20.10.1 o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.20.10.1 Ubuntu 20.04 o nvidia-dkms-418-server - 418.181.07-0ubuntu0.20.04.1 o nvidia-dkms-440-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-dkms-450-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.20.04.1 o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.20.04.1 o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-utils-418-server - 418.181.07-0ubuntu0.20.04.1 o nvidia-utils-440-server - 450.102.04-0ubuntu0.20.04.1 o nvidia-utils-450-server - 450.102.04-0ubuntu0.20.04.1 o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.20.04.1 o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.20.04.1 o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.20.04.1 Ubuntu 18.04 o nvidia-dkms-418-server - 418.181.07-0ubuntu0.18.04.1 o nvidia-dkms-440-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-dkms-450-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.18.04.1 o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.18.04.1 o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-utils-418-server - 418.181.07-0ubuntu0.18.04.1 o nvidia-utils-440-server - 450.102.04-0ubuntu0.18.04.1 o nvidia-utils-450-server - 450.102.04-0ubuntu0.18.04.1 o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.18.04.1 o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.18.04.1 o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to reboot your computer to make all the necessary changes. References o CVE-2021-1053 o CVE-2021-1052 Related notices o USN-4689-2 : linux-image-gke, linux-image-5.8.0-1017-azure, linux-image-oracle, linux-oracle, linux-image-5.4.0-1035-oracle, linux-gcp, linux-image-5.8.0-1018-aws, linux-image-oem, linux-image-4.15.0-130-generic, linux-image-5.8.0-1016-gcp, linux-image-4.15.0-1092-aws, linux-image-oem-20.04, linux-image-4.15.0-130-lowlatency, linux-image-oracle-lts-18.04, linux-image-5.4.0-1034-gcp, linux-gcp-5.4, linux-image-azure-lts-18.04, linux-aws-5.4, linux-image-aws, linux, linux-azure-5.4, linux-image-5.6.0-1042-oem, linux-image-5.8.0-1015-oracle, linux-image-aws-lts-18.04, linux-image-virtual-hwe-18.04, linux-oem-5.6, linux-aws, linux-image-lowlatency-hwe-18.04, linux-image-4.15.0-1104-azure, linux-image-generic, linux-image-5.8.0-36-generic, linux-image-5.4.0-1036-azure, linux-image-gcp, linux-image-5.4.0-60-generic, linux-azure, linux-hwe-5.8, linux-hwe-5.4, linux-image-5.4.0-1035-aws, linux-image-generic-hwe-18.04, linux-image-virtual, linux-image-oem-osp1, linux-image-azure, linux-image-generic-hwe-20.04, linux-image-lowlatency-hwe-20.04, linux-image-4.15.0-1063-oracle, linux-image-5.4.0-60-lowlatency, linux-image-5.8.0-36-lowlatency, linux-image-virtual-hwe-20.04, linux-azure-4.15, linux-image-lowlatency, linux-oracle-5.4 o USN-4689-1 : xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450, xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450, xserver-xorg-video-nvidia-455, xserver-xorg-video-nvidia-440, nvidia-graphics-drivers-390, nvidia-graphics-drivers-460 - ------------------------------------------------------------------------------- USN-4689-4: Linux kernel update 21 January 2021 Several security issues were fixed in NVIDIA graphics drivers. Releases o Ubuntu 20.10 o Ubuntu 20.04 LTS o Ubuntu 18.04 LTS Packages o linux - Linux kernel o linux-aws - Linux kernel for Amazon Web Services (AWS) systems o linux-azure - Linux kernel for Microsoft Azure Cloud systems o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel o linux-oracle - Linux kernel for Oracle Cloud systems Details USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Original advisory details: It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial of service or escalate privileges. ( CVE-2021-1052 ) It was discovered that the NVIDIA GPU display driver for the Linux kernel did not properly validate a pointer received from userspace in some situations. A local attacker could use this to cause a denial of service. ( CVE-2021-1053 ) Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux kernel did not properly restrict device-level GPU isolation. A local attacker could use this to cause a denial of service or possibly expose sensitive information. ( CVE-2021-1056 ) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10 o linux-image-5.8.0-1017-oracle - 5.8.0-1017.18 o linux-image-5.8.0-1019-azure - 5.8.0-1019.21 o linux-image-5.8.0-1019-gcp - 5.8.0-1019.20 o linux-image-5.8.0-1020-aws - 5.8.0-1020.22 o linux-image-5.8.0-40-generic - 5.8.0-40.45 o linux-image-5.8.0-40-lowlatency - 5.8.0-40.45 o linux-image-aws - 5.8.0.1020.22 o linux-image-azure - 5.8.0.1019.19 o linux-image-gcp - 5.8.0.1019.19 o linux-image-generic - 5.8.0.40.44 o linux-image-gke - 5.8.0.1019.19 o linux-image-lowlatency - 5.8.0.40.44 o linux-image-oem-20.04 - 5.8.0.40.44 o linux-image-oracle - 5.8.0.1017.17 o linux-image-virtual - 5.8.0.40.44 Ubuntu 20.04 o linux-image-5.4.0-64-generic - 5.4.0-64.72 o linux-image-5.4.0-64-lowlatency - 5.4.0-64.72 o linux-image-5.8.0-40-generic - 5.8.0-40.45~20.04.1 o linux-image-5.8.0-40-lowlatency - 5.8.0-40.45~20.04.1 o linux-image-generic - 5.4.0.64.67 o linux-image-generic-hwe-20.04 - 5.8.0.40.45~20.04.25 o linux-image-generic-lpae-hwe-20.04 - 5.8.0.40.45~20.04.25 o linux-image-lowlatency - 5.4.0.64.67 o linux-image-lowlatency-hwe-20.04 - 5.8.0.40.45~20.04.25 o linux-image-oem - 5.4.0.64.67 o linux-image-oem-osp1 - 5.4.0.64.67 o linux-image-virtual - 5.4.0.64.67 o linux-image-virtual-hwe-20.04 - 5.8.0.40.45~20.04.25 Ubuntu 18.04 o linux-image-4.15.0-134-generic - 4.15.0-134.138 o linux-image-4.15.0-134-lowlatency - 4.15.0-134.138 o linux-image-5.4.0-64-generic - 5.4.0-64.72~18.04.1 o linux-image-5.4.0-64-lowlatency - 5.4.0-64.72~18.04.1 o linux-image-generic - 4.15.0.134.121 o linux-image-generic-hwe-18.04 - 5.4.0.64.72~18.04.59 o linux-image-lowlatency - 4.15.0.134.121 o linux-image-lowlatency-hwe-18.04 - 5.4.0.64.72~18.04.59 o linux-image-oem - 5.4.0.64.72~18.04.59 o linux-image-oem-osp1 - 5.4.0.64.72~18.04.59 o linux-image-virtual - 4.15.0.134.121 o linux-image-virtual-hwe-18.04 - 5.4.0.64.72~18.04.59 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References o CVE-2021-1053 o CVE-2021-1052 Related notices o USN-4689-2 : linux-image-gke, linux-image-5.8.0-1017-azure, linux-image-oracle, linux-oracle, linux-image-5.4.0-1035-oracle, linux-gcp, linux-image-5.8.0-1018-aws, linux-image-oem, linux-image-4.15.0-130-generic, linux-image-5.8.0-1016-gcp, linux-image-4.15.0-1092-aws, linux-image-oem-20.04, linux-image-4.15.0-130-lowlatency, linux-image-oracle-lts-18.04, linux-image-5.4.0-1034-gcp, linux-gcp-5.4, linux-image-azure-lts-18.04, linux-aws-5.4, linux-image-aws, linux, linux-azure-5.4, linux-image-5.6.0-1042-oem, linux-image-5.8.0-1015-oracle, linux-image-aws-lts-18.04, linux-image-virtual-hwe-18.04, linux-oem-5.6, linux-aws, linux-image-lowlatency-hwe-18.04, linux-image-4.15.0-1104-azure, linux-image-generic, linux-image-5.8.0-36-generic, linux-image-5.4.0-1036-azure, linux-image-gcp, linux-image-5.4.0-60-generic, linux-azure, linux-hwe-5.8, linux-hwe-5.4, linux-image-5.4.0-1035-aws, linux-image-generic-hwe-18.04, linux-image-virtual, linux-image-oem-osp1, linux-image-azure, linux-image-generic-hwe-20.04, linux-image-lowlatency-hwe-20.04, linux-image-4.15.0-1063-oracle, linux-image-5.4.0-60-lowlatency, linux-image-5.8.0-36-lowlatency, linux-image-virtual-hwe-20.04, linux-azure-4.15, linux-image-lowlatency, linux-oracle-5.4 o USN-4689-3 : xserver-xorg-video-nvidia-450-server, nvidia-kernel-source-450-server, nvidia-kernel-source-440-server, nvidia-kernel-source-418-server, nvidia-kernel-common-440-server, nvidia-graphics-drivers-418-server, nvidia-utils-440-server, xserver-xorg-video-nvidia-418-server, nvidia-dkms-450-server, nvidia-kernel-common-450-server, xserver-xorg-video-nvidia-440-server, nvidia-dkms-440-server, nvidia-kernel-common-418-server, nvidia-utils-418-server, nvidia-dkms-418-server, nvidia-graphics-drivers-450-server, nvidia-utils-450-server o USN-4689-1 : xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450, xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450, xserver-xorg-video-nvidia-455, xserver-xorg-video-nvidia-440, nvidia-graphics-drivers-390, nvidia-graphics-drivers-460 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAkD6uNLKJtyKPYoAQgmBQ/+OzIcRQ+dKVRgg4N1MIKMPcN01HQBGXZ9 iexwpJKOXlkfzqJAINr32VqxMUA02vtaPG23gBtKu2upVzblYahvJwj8AADmKcpF pkjagN8BrOMq2DsYGAFj1EkRq8K+iMx4iv/IZvwCi0TMlGDw9Jd9ZRDC0+tawzdO 6ACp4AU42Fa5feE7W4xOL2tUG3XE3fVeVG0JhbpielzTEvycwH+vcuxShJTcTkJ5 SQBJK/67mR+r+GgvRFD2kPwt/zdHntQaB9BHZb8+anJi1AK1Qc4gfeHAGeq8uTYc oBNjAdEw2V6TY768oJ4NeW6gwDpch/G8drQ9jmT803Imz7AuNvqOxVE9mcSfpWFj 6BV3vtEIwDmThfR1sQA9B0HTf501n6zwaDrX5hfSzJaKCJkDhrs5PzcbqDlVgM7h 1I5IBivsIp5UDwBFmtaEcalKtPP/a0SJGqytgcZFwVoH5ppDk1O2luP8BMoSSqPj Aa+/hxNrS9OoWkSRR5sB3K3KbdfIYjv1lHfmgLaZriEsa0olzaUWVghU8uyzbLd4 uqdplNnPeL6sUqaRksLPRz8ohaP0mfSwvcyLjZVhd7yXL5AjjWm/lIJ85gXjUJ5+ /v2ReQAplmV6z+N0Re4iXQXZEsTTQWMUSn8COncml8GlAzlU7bWsemz9YQa+PG0d iXMO+Zh9Tng= =+NpH -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2020.4532.2 - UPDATE [Cisco] Cisco IP Phone Products: Denial of service - Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4532.2 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco IP Phone Products Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-3574 Reference: ESB-2020.3834 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv Revision History: January 21 2021: Vendor updated Fixed Software section December 23 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability Priority: High Advisory ID: cisco-sa-voip-phone-flood-dos-YnU9EXOv First Published: 2020 November 4 16:00 GMT Last Updated: 2021 January 19 17:34 GMT Version 1.2: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvs66815 CSCvt83239 CSCvu36012 CSCvu36026 CVE Names: CVE-2020-3574 CWEs: CWE-371 Summary o A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv Affected Products o Vulnerable Products This vulnerability affects the following Cisco IP Phones if they are running a vulnerable firmware release: IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware IP DECT 6825 with Multiplatform Firmware IP Phone 8811 Series with Multiplatform Firmware IP Phone 8841 Series with Multiplatform Firmware IP Phone 8851 Series with Multiplatform Firmware IP Phone 8861 Series with Multiplatform Firmware Unified IP Conference Phone 8831 for Third-Party Call Control Webex Room Phone Note: The default configurations of these devices are vulnerable. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that this vulnerability does not affect the following Cisco products: ATA 190 Analog Telephone Adapter ATA 191 Analog Telephone Adapter IP Conference Phone 7832 IP Conference Phone 7832 with Multiplatform Firmware IP Conference Phone 8832 IP Conference Phone 8832 with Multiplatform Firmware IP Phone 6800 Series with Multiplatform Firmware IP Phone 6821 with Multiplatform Firmware IP Phone 7800 Series IP Phone 7800 Series with Multiplatform Firmware IP Phone 8800 Series IP Phone 8845 IP Phone 8865 IP Phone 8865 with Multiplatform Firmware SPA112 2-Port Phone Adapter SPA122 Analog Telephone Adapter (ATA) with Router SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) SPA525G 5-Line IP Phone Unified IP Phone 3905 Unified IP Phone 6901 Unified IP Phone 6911 Unified IP Phone 7900 Series Unified IP Conference Phone 8831 Wireless IP Phone 8821 Note : The devices listed may see a performance impact from the same attack traffic, but will recover without user intervention once the attack traffic is stopped. Workarounds o There are no workarounds that address this vulnerability. Fixed Software o Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: https://www.cisco.com/c/en/us/products/end-user-license-agreement.html Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades. When considering software upgrades , customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page , to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers. Customers Without Service Contracts Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c /en/us/support/web/tsd-cisco-worldwide-contacts.html Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade. Fixed Releases Customers are advised to upgrade to an appropriate fixed firmware release as indicated in the following table: Cisco IP Phone Model Cisco Bug First Fixed Release ID IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware CSCvt83239 4.8.1 IP DECT 6825 with Multiplatform Firmware IP Phone 8811 Series with Multiplatform Firmware IP Phone 8841 Series with Multiplatform Firmware CSCvs66815 11.3.2 IP Phone 8851 Series with Multiplatform Firmware IP Phone 8861 Series with Multiplatform Firmware Unified IP Conference Phone 8831 CSCvu36012 There is no fixed firmware for Third-Party Call Control available at this time. Webex Room Phone CSCvu36026 1.2.0 Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. Source o This vulnerability was found during the resolution of a Cisco TAC support case. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv Revision History o +---------+-----------------------------+----------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+-----------------------------+----------+--------+-------------+ | | Updated the Fixed Software | | | | | 1.2 | section to indicate fix | Fixed | Final | 2021-JAN-19 | | | released for Webex Room | Software | | | | | Phone. | | | | +---------+-----------------------------+----------+--------+-------------+ | | Updated the Fixed Software | Fixed | | | | 1.1 | section for the Webex Room | Software | Final | 2020-DEC-22 | | | Phone. | | | | +---------+-----------------------------+----------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-NOV-04 | +---------+-----------------------------+----------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAj59+NLKJtyKPYoAQj8QA//dWgUZaRSaeYNdkBsWoh4on2XJ3S+aIy2 fCnQK1YST8utxaSfMsGEiDQHRC4A3D0fP6YEXo46up6+oKSBAkUEHMyb7vzauvxj PrVHeKSr5IwHADSbRxDnL1JbJCPvs9NAFFGTnpUvK8DHssd9W9ypFvcqKuo4dsz5 0ur57yKEATT1qA5ReBRGHaI+SPP3Sp3OcdT8gu8Km7tpizuQfp8bK1M8KYv3d8tm CxbE1uSrEX3RYk/a6/kwcel7Crpsj4sRuEB7LqVFwLzsF1CgmA1rh8S0EXJOtpUM gL5YgAuCJqZbTQ7g9BIISBuT4gH0G9mV9iQwGfOU5SFWuNluDU9fJ3OOeVgjyIeL qemMGIXngijRLzP/nsUVK4bveJmPE3oE4/uoHjfIYSnNRtxmDuQOJAXrI9pmtdUi REFOu/L74Y85FK/Rxm6eqatno5ca01zH1nMVvVBE1j7Uy/d1XjYXXQ9bNnGbrwko QHgo37yJ6UnSaH7YAtek0S/TPsKtT3aPObpmKtLYUgkPQ8If3DNYEmbg1Z12mtVy jNkMgyw90GYUFvWTsm92YFPewwXtgGOVNLsXEdom0dFOqho2rKGV4meNtVurSx8L 7HVueUKQ4qiY0BwVnCviCy3/XL/9kHrkJQp0Ec/xs/iWkxxLh3tJzYKf/lHh3eEI y/pNayDx5Tw= =X6bv -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2020.4174.2 - UPDATE [Appliance] Citrix Hypervisor & XenServer: Execute arbitrary code/commands - Existing account

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4174.2 Citrix Hypervisor Security Update 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Citrix Hypervisor XenServer Publisher: Citrix Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-29040 Original Bulletin: https://support.citrix.com/article/CTX286511 Revision History: January 21 2021: Vendor updated with CVE ID November 25 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Citrix Hypervisor Security Update Reference: CTX286511 Category : Medium Created : 24 November 2020 Modified : 20 January 2021 Applicable Products o Citrix Hypervisor o XenServer Description of Problem A security issue has been identified that may allow privileged code running in a guest VM to compromise the host. This issue is limited to only those guest VMs where the host administrator has explicitly assigned a PCI passthrough device to the guest VM. The issue has the following identifier: CVE ID Description Vulnerability Pre-conditions Type CVE-2020-29040 Bounding error CWE-121 A PCI passthrough device updating physmap must be assigned This issue affects all currently supported versions of Citrix Hypervisor up to and including Citrix Hypervisor 8.2 LTSR. Mitigating Factors Customers who are not using the PCI passthrough feature of Citrix Hypervisor are not at risk from this issue What Customers Should Do Citrix has released hotfixes to address this issue. Citrix recommends that affected customers install these hotfixes as their patching schedule allows. The hotfixes can be downloaded from the following locations: Citrix Hypervisor 8.2 LTSR: CTX286459 - https://support.citrix.com/article/ CTX286459 Citrix Hypervisor 8.1: CTX286458 - https://support.citrix.com/article/CTX286458 Citrix XenServer 7.1 LTSR CU2: CTX286457 - https://support.citrix.com/article/ CTX286457 Citrix XenServer 7.0: CTX286456 - https://support.citrix.com/article/CTX286456 Changelog Date Change 2020-11-24 Initial Publication 2021-01-20 CVE ID Added - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAkAA+NLKJtyKPYoAQgbtQ//Tkd8n0YuT04275YEo13INk/eoJUK7OQk UQl31PsBFz8PC47SiFu47ciHOASRFp4Q/o2Sqmt+H6r+WmgTkLzj2EdrEGXQAVGl barj0yK6H52oLtorbSn4UTLAr+eKZBS/l1v3/wd70kBro9T1M1wEstVzQcYX6xMq IhQSNnZT3loAnm+H3RlOUI3yMfuoBF1wj2RUP2gcQ1A2VS7SiygszIPb8gp+PV/Q 0Tx6yby9tityMeAWJH8dtFUCb70QFKye6yvfMrSgeCsXJtudNWDb9yDbictbUTy5 dGT1NViYIRNLEJ75GQOfjH8hjYVYl9ZszTcYOqTxXmJwUij65GUdyJ/okWuPEF/H j939qVRH1FHoYXfCQZjqcIewSfWWCEQ4obq7nzBVF3uBwbP7c69iebwz9FaVKB5o EucRWrSLl796hEFYXTPXTCdITix8hsXXH6qNne/merfAoAA94oBFanGJE7wfUnMw 3QwtYDCCD/gudHsy0P3XCGboVJHjE3ZosvPWmdQP8+OJwc0C3tB8EQ1j3aPUZ2nX CroSDYZN31wWtxRq1D3/bQnTW8g4E3wQt25qvWdZVS1e9MsJWxxM+9SuRgdZOSMd 8snTs0olUczRLyte7Kkz/OWVrcrtt2rDopZZsv8SEpSsf0Uk4r6rZAQw969GHRkB NQDeW7hH4pQ= =3m4i -----END PGP SIGNATURE-----
AusCERT - Security Bulletins · 2021. január 21.

ESB-2020.4104.2 - UPDATE [Cisco] Cisco Expressway Software: Unauthorised access - Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.4104.2 Cisco Expressway Software Unauthorized Access Information Disclosure Vulnerability 21 January 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Expressway Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-3482 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV Revision History: January 21 2021: Vendor downgraded rating from medium to informationation November 19 2020: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- Cisco Expressway Software TURN Server Configuration Issue Priority: Informational Advisory ID: cisco-sa-Expressway-8J3yZ7hV First Published: 2020 November 18 16:00 GMT Last Updated: 2021 January 20 20:41 GMT Version 2.0: Final Workarounds: No workarounds available Cisco Bug IDs: CSCvt83751 CVE Names: CVE-2020-3482 CWEs: CWE-284 Summary o The Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software supports the relay of media connections through a firewall using proxy services. As a result of this feature, interfaces such as the Cisco Expressway web administrative interface may become accessible from external networks. At the time of publication, documentation of the feature did not properly explain that users are able to bypass firewall protections that are designed to restrict access to the Cisco Expressway web administrative interface. However, an attacker must have credentials sufficient to use TURN services to be able to send network requests to the web administrative interface. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV Affected Products o Vulnerable Products This issue impacts Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) with the TURN server feature enabled. Products Confirmed Not Vulnerable Only products listed in the Vulnerable Products section of this advisory are known to be affected. Cisco has confirmed that Cisco Expressway Series and Cisco TelePresence VCS systems that do not have the TURN server feature enabled are not affected. Details o The Cisco Expressway IP Port Usage Configuration Guide recommends firewall configuration to prevent access to administrative ports from external networks. However, when TURN services are enabled, administrative ports are accessible through the TURN server from external networks. Customers should be aware that enabling the TURN services exposes administrative ports on the Cisco Expressway Series or Cisco TelePresence VCS host. Workarounds o There are no workarounds that address this issue. Exploitation and Public Announcements o The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the issue that is described in this advisory. Source o Cisco would like to thank Christian Mehlmauer of WienCERT-IT-Security in the City of Vienna for reporting this issue. Cisco Security Vulnerability Policy o To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy . This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco. URL o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV Revision History o +---------+--------------------------+-------------+--------+-------------+ | Version | Description | Section | Status | Date | +---------+--------------------------+-------------+--------+-------------+ | | Changed the advisory SIR | | | | | | from Medium to | Summary, | | | | | Informational. Updated | Vulnerable | | | | 2.0 | throughout to explain | Products, | Final | 2021-JAN-20 | | | that this not a | Details, | | | | | vulnerability. Removed | and Fixed | | | | | the Fixed Software | Software | | | | | section. | | | | +---------+--------------------------+-------------+--------+-------------+ | | Included additional | | | | | 1.1 | information about the | Affected | Final | 2020-NOV-25 | | | vulnerable | Products | | | | | configuration. | | | | +---------+--------------------------+-------------+--------+-------------+ | 1.0 | Initial public release. | - | Final | 2020-NOV-18 | +---------+--------------------------+-------------+--------+-------------+ - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYAkAmuNLKJtyKPYoAQgTChAAryj3DGqup8i1UFqJUcbPe0vTLrDxuKBW n1v/vAfSVHk+STKgzIcSZhHfo4AaxVwAKyEk3bODXHkSXS+qjGnjJ6Jtx30v6NzV VFTdA4rj2vfuHK6nTceai5jP+AVKNuBBNFAFP60gwXIiLvppJWxZKsqB6cBGgIGG AIBnIXF1jrZxs5AqlF01yAZk9qR50gat2ItKWfCPkpPq1E4GYduWK6l7MGvtA9Fi 4BXKk/Ku90u+U54P7RKSPzRt82tcS7PjAP53L1J6IM8b0Qxbyl21/gXtnSF5Xxyw gkJfrOVLTJgDmBMX//W8KUPiujs37uSh+LN3K3FY9y8J2QSSadJcA4snYdJW/G/6 CDupk8RHHEEkDVhL5kOgQWEZy6euCpc2zt8IQC1SAh/PqdetFk1qW+Y2tSRSmakr 5KmG+SgGyAwgutcpzdSJVmmHtcYI26iZ8aUEd7MJK/CzOCfnyGZhmmkj7sJRKVP3 a5TtbP1GiPwjaVy/lZuj67k3McUfshLWo8XxhB/1Xs7/94qlxLBXKfbGnOciqZsQ dmiNE0OtsPYXBPSeAbXPvXOOskn4bWNi5kk2KnKVzmTS2KfEDG8nzMhXB5Q71xXI 1viwDNKJ7fCRl8pWbYSsQREiNOHkB0RxhtztB63khvm4AHNlww4yfmm70YyNFV1v 1cf5LKiJv4A= =kXek -----END PGP SIGNATURE-----