Hírolvasó
ESB-2021.0242 - [Ubuntu] Thunderbird: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0242
USN-4701-1: Thunderbird vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Thunderbird
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Unauthorised Access -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35113 CVE-2020-35111 CVE-2020-26978
CVE-2020-26974 CVE-2020-26973 CVE-2020-26971
CVE-2020-26970 CVE-2020-16044 CVE-2020-16042
Reference: ESB-2021.0100
ESB-2021.0011
ESB-2020.4524
ESB-2020.4515
ESB-2020.4458
Original Bulletin:
https://ubuntu.com/security/notices/USN-4701-1
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-4701-1: Thunderbird vulnerabilities
20 January 2021
Several security issues were fixed in Thunderbird.
Releases
o Ubuntu 20.10
Packages
o thunderbird - Mozilla Open Source mail and newsgroup client
Details
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass the CSS sanitizer, or execute
arbitrary code. ( CVE-2020-16042 , CVE-2020-16044 , CVE-2020-26971 ,
CVE-2020-26973 , CVE-2020-26974 , CVE-2020-26978 , CVE-2020-35113 )
It was discovered that the proxy.onRequest API did not catch
view-source URLs. If a user were tricked in to installing an
extension with the proxy permission and opening View Source, an
attacker could potentially exploit this to obtain sensitive
information. ( CVE-2020-35111 )
A stack overflow was discovered due to incorrect parsing of SMTP server
response codes. An attacker could potentially exploit this to execute
arbitrary code. ( CVE-2020-26970 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.10
o thunderbird - 1:78.6.1+build1-0ubuntu0.20.10.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References
o CVE-2020-16042
o CVE-2020-26974
o CVE-2020-26973
o CVE-2020-35113
o CVE-2020-26970
o CVE-2020-16044
o CVE-2020-26971
o CVE-2020-35111
o CVE-2020-26978
Related notices
o USN-4687-1 : firefox
o USN-4671-1 : firefox
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkJ8+NLKJtyKPYoAQiBQw/+K7KbJwkb8CAFRWDlR4dgQtRB20rM0vOE
NuZaaDq/LImoloivUck+brFNgvIS7CPhkk+vKczKCBfrvj4XRSraq9zfi4TIf0nY
jfQT6JaIBPNheit0rsLHwXfkWZexlf9SBo6qEADZz5WNhImGmGRq441fTCBM6iLC
9hZvdNbL/KU94H3y2Ytd3+Ng2B6f1SdtxOKv8Iacp4Hr7HIQWCgk8e3kMvdDeZ8r
h1yitrj18N0A6lLh2t2+44wi+4WL1IRR15najCQ+cBElcVCNO0jGsETHAzaZVuNT
9pKB/9EG6QbSeUI+rqSFqIt2kplP/bh0Cy9iY6Dmhifqbg0Sb5C+zNng2+3zEpIA
x3nDHBMnF2nMw4xqhlUqnWalqzFxFH3yFow9v8A84haFoM6TU7aQcg7/yUuNMCcM
kB27vPRlSyXwH0ErHu4gi0+5vEgZXHEV7SLhbwAk9jbgC+3XiWlyhMC3rWwIg0LC
ON+ChShF+FUvJ5VGhUnH9GLt9TfQm26PRG7mxuWwfD8QJHzvAhbfouasPg+Yw9OY
5mxquvtkzLBOqC7kUPe+8g5cqK2yNL5GcTHYTulA0rpfIvMyTbcuTFlTz6j9dlvR
JnVBddBiNEPl/3N0ThNfd30C2ggBa8qOvZIWISQQTqsuLR9rFDcp9g9Wj2QFXma2
ReWnrYfjYeE=
=nS9f
-----END PGP SIGNATURE-----
ESB-2021.0241 - ALERT [Cisco] Cisco SD-WAN products: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0241
Cisco SD-WAN multiple vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco SD-WAN
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Unauthorised Access -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1301 CVE-2021-1300 CVE-2021-1299
CVE-2021-1298 CVE-2021-1279 CVE-2021-1278
CVE-2021-1274 CVE-2021-1273 CVE-2021-1263
CVE-2021-1262 CVE-2021-1261 CVE-2021-1260
CVE-2021-1241 CVE-2021-1233
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG
Comment: This bulletin contains four (4) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco SD-WAN Buffer Overflow Vulnerabilities
Priority: Critical
Advisory ID: cisco-sa-sdwan-bufovulns-B5NrSHbj
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi69895 CSCvt11525
CVE Names: CVE-2021-1300 CVE-2021-1301
CWEs: CWE-119 CWE-20
CVSS Score:
9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o Multiple vulnerabilities in Cisco SD-WAN products could allow an
unauthenticated, remote attacker to execute attacks against an affected
device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Affected Products
o Vulnerable Products
These vulnerabilities affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:
IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows:
CVE-2021-1300: Cisco SD-WAN Buffer Overflow Vulnerability
A vulnerability in Cisco SD-WAN Software could allow an unauthenticated,
remote attacker to cause a buffer overflow condition.
The vulnerability is due to incorrect handling of IP traffic. An attacker
could exploit this vulnerability by sending crafted IP traffic through an
affected device, which may cause a buffer overflow when the traffic is
processed. A successful exploit could allow the attacker to execute
arbitrary code on the underlying operating system with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvt11525
CVE ID: CVE-2021-1300
Security Impact Rating (SIR): High
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1301: Cisco SD-WAN Buffer Overflow Vulnerability
A vulnerability in the NETCONF subsystem of Cisco SD-WAN Software could
allow an authenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device or system.
The vulnerability is due to insufficient input validation of user-supplied
input that is read by the system during the establishment of an SSH
connection. An attacker could exploit this vulnerability by submitting a
crafted file to be read by the affected system. A successful exploit could
allow the attacker to cause a buffer overflow that could result in a DoS
condition on the affected device or system .
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvi69895
CVE ID: CVE-2021-1301
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass
Vulnerabilities
cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow
Vulnerabilities
cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection
Vulnerabilities
cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service
Vulnerabilities
SD-WAN Software
Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.5 Migrate to a fixed release.
19.2 19.2.2 Migrate to a fixed release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.1 Migrate to a fixed release.
20.3 20.3.1 20.3.2
20.4 20.4.1 20.4.1
IOS XE SD-WAN Software
Cisco IOS XE First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
16.9 Migrate to a fixed Migrate to a fixed release.
release.
16.10 Migrate to a fixed Migrate to a fixed release.
release.
16.11 Migrate to a fixed Migrate to a fixed release.
release.
16.12 16.12.4 16.12.4
IOS XE Software
Cisco IOS XE First Fixed Release First Fixed Release for All
Universal for These Vulnerabilities Described in the
Releases Vulnerabilities Collection of Advisories
17.2 17.2.1 17.2.2
17.3 17.3.1 17.3.1
17.4 17.4.1 17.4.1
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found by James Spadaro of Cisco during internal
security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN Command Injection Vulnerabilities
Priority: Critical
Advisory ID: cisco-sa-sdwan-cmdinjm-9QMSmgcn
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi59635 CSCvi59639 CSCvi69982 CSCvm26011 CSCvu28387
CSCvu28443
CVE Names: CVE-2021-1260 CVE-2021-1261 CVE-2021-1262 CVE-2021-1263
CVE-2021-1298 CVE-2021-1299
CWEs: CWE-20
Summary
o Multiple vulnerabilities in Cisco SD-WAN products could allow an
authenticated attacker to perform command injection attacks against an
affected device, which could allow the attacker to take certain actions
with root privileges on the device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn
Affected Products
o Vulnerable Products
These vulnerabilities affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE
SD-WAN Software.
Details
o The vulnerabilities are not dependent on one another; exploitation of one
of the vulnerabilities is not required to exploit another vulnerability. In
addition, a software release that is affected by one of the vulnerabilities
may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows:
CVE-2021-1299: Cisco SD-WAN vManage Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN
vManage Software could allow an authenticated, remote attacker to execute
arbitrary commands as the root user on an affected system.
This vulnerability is due to improper input validation of user-supplied
input to the device template configuration. An attacker could exploit this
vulnerability by submitting crafted input to the device template
configuration. A successful exploit could allow the attacker to gain root
-level access to the affected system.
This vulnerability affects only the Cisco SD-WAN vManage product.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28387
CVE ID: CVE-2021-1299
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.9
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-1261: Cisco SD-WAN CLI Command Injection Vulnerability
A vulnerability in the CLI utility tcpdump of Cisco SD-WAN Software could
allow an authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges.
This vulnerability is due to insufficient validation of user-supplied input
to the tcpdump command. An attacker could exploit this vulnerability by
authenticating with a lower-privileged user account via the CLI of an
affected device and submitting crafted input to the affected commands. A
successful exploit could allow the attacker to execute arbitrary commands
on the device with root privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvi59639
CVE ID: CVE-2021-1261
Security Impact Rating (SIR): High
CVSS Base Score: 7.8
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1260: Cisco SD-WAN CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges
and read, write, and delete files of the underlying file system of an
affected device.
This vulnerability is due to insufficient validation of user-supplied input
on the CLI. An attacker could exploit this vulnerability by authenticating
with read-only privileges via the CLI of an affected device and submitting
crafted input to the affected commands. A successful exploit could allow
the attacker to execute arbitrary commands on the device with root
privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvi59635
CVE ID: CVE-2021-1260
Security Impact Rating (SIR): High
CVSS Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-1263: Cisco SD-WAN CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges
and read, write, and delete files of the underlying file system of an
affected device.
This vulnerability is due to insufficient validation of user-supplied input
on the CLI. An attacker could exploit this vulnerability by authenticating
with read-only privileges via the CLI of an affected device and submitting
crafted input to the affected commands. A successful exploit could allow
the attacker to execute arbitrary commands on the device with root
privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28443
CVE ID: CVE-2021-1263
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2021-1262: Cisco SD-WAN CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker with read-only credentials to inject
arbitrary commands that could allow the attacker to obtain root privileges
and read files from the underlying file system of an affected device.
This vulnerability is due to insufficient validation of user-supplied input
on the CLI. An attacker could exploit this vulnerability by authenticating
with read-only privileges via the CLI of an affected device and submitting
crafted input to the affected commands. A successful exploit could allow
the attacker to execute arbitrary commands on the device with root
privileges.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvi69982
CVE ID: CVE-2021-1262
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-1298: Cisco SD-WAN vManage Command Injection Vulnerability
A vulnerability in the vAnalytics feature of the web-based management
interface of Cisco SD-WAN vManage Software could allow an authenticated,
remote attacker to execute arbitrary commands as the root user on an
affected system.
This vulnerability is due to improper input validation of user-supplied
input to the SSO configuration. An attacker could exploit this by
submitting crafted input to the SSO configuration. A successful exploit
could allow the attacker to gain root -level access to the system.
The vAnalytics feature of Cisco SD-WAN vManage Software must be enabled for
this vulnerability to be exploited.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvm26011
CVE ID: CVE-2021-1298
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass
Vulnerabilities
cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow
Vulnerabilities
cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection
Vulnerabilities
cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service
Vulnerabilities
Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in the
Release Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 Migrate to a fixed Migrate to a fixed release.
release.
19.2 Migrate to a fixed Migrate to a fixed release.
release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.2 Migrate to a fixed release.
20.3 20.3.2 20.3.2
20.4 20.4.1 20.4.1
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o The following vulnerabilities were found during the resolution of a Cisco
TAC support case: CVE-2021-1260 and CVE-2021-1261.
The following vulnerabilities were found during internal security testing:
James Spadaro of Cisco: CVE-2021-1262
Joseph Connor of Cisco: CVE-2021-1263
Andrew Kim of Cisco: CVE-2021-1298
Alex Lumsden of Cisco: CVE-2021-1299
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-cmdinjm-9QMSmgcn
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN Denial of Service Vulnerabilities
Priority: High
Advisory ID: cisco-sa-sdwan-dosmulti-48jJuEUP
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvq20708 CSCvt11522 CSCvt11523 CSCvt11530 CSCvu28409
CSCvu31763
CVE Names: CVE-2021-1241 CVE-2021-1273 CVE-2021-1274 CVE-2021-1278
CVE-2021-1279
CWEs: CWE-119 CWE-20 CWE-787
Summary
o Multiple vulnerabilities in Cisco SD-WAN products could allow an
unauthenticated, remote attacker to execute denial of service (DoS) attacks
against an affected device.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP
Affected Products
o Vulnerable Products
These vulnerabilities may affect the following Cisco products if they are
running a vulnerable release of Cisco SD-WAN Software:
IOS XE SD-WAN Software
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
SD-WAN vSmart Controller Software
See the Details section of this advisory for information on vulnerable
products for each vulnerability.
For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Cisco has confirmed that these vulnerabilities do not affect Cisco IOS XE
universal image releases 17.2.1r and later.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit the other vulnerability.
In addition, a software release that is affected by one of the
vulnerabilities may not be affected by the other vulnerability.
Details about the vulnerabilities are as follows.
CVE-2021-1241: Cisco SD-WAN vEdge Router VPN Denial of Service
Vulnerability
A vulnerability in VPN tunneling features of Cisco SD-WAN vEdge Routers
could allow an unauthenticated, remote attacker to cause a DoS condition on
an affected system.
The vulnerability is due to insufficient handling of malformed packets. An
attacker could exploit this vulnerability by sending crafted packets
through an affected device. A successful exploit could allow the attacker
to cause the device to reboot, resulting in a DoS condition on the affected
system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu31763
CVE ID: CVE-2021-1241
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-1273: Cisco SD-WAN IPSec Denial of Service Vulnerability
A vulnerability in the IPSec tunnel management of Cisco SD-WAN vBond
Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge
Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected system.
The vulnerability is due to the bounds checking in the forwarding plane of
the IPSec tunnel management functionality. An attacker could exploit this
vulnerability by sending crafted IPv4 or IPv6 packets to a specific device.
A successful exploit could allow the attacker to cause a DoS condition on
the affected system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvu28409
CVE ID: CVE-2021-1273
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-1274: Cisco SD-WAN UDP Denial of Service Vulnerability
A vulnerability in the UDP connection response of Cisco IOS XE SD-WAN,
Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers,
Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN
vSmart Controller Software could allow an unauthenticated, remote attacker
to cause a DoS condition on an affected system.
The vulnerability is due to the presence of a null dereference in vDaemon.
An attacker could exploit this vulnerability by sending crafted traffic to
a specific device. A successful exploit could allow the attacker to cause a
DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvt11523
CVE ID: CVE-2021-1274
Security Impact Rating (SIR): High
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2021-1278: Cisco SD-WAN Denial of Service Vulnerabilities
Multiple vulnerabilities in the symbolic link (symlink) creation
functionality of Cisco SD-WAN vBond Orchestrator Software, Cisco SD-WAN
vEdge Cloud Routers, Cisco SD-WAN vEdge Routers, Cisco SD-WAN vManage
Software, and Cisco SD-WAN vSmart Controller Software could allow an
authenticated, local attacker to overwrite arbitrary files that are owned
by the root user on the affected system.
These vulnerabilities are due to the absence of validation checks for the
input that is used to create symlinks. An attacker could exploit these
vulnerabilities by creating a symlink to a target file on a specific path.
A successful exploit could allow the attacker to corrupt the contents of
the file. If the file is a critical systems file, the exploit could lead to
a DoS condition on an affected system . To exploit these vulnerabilities,
the attacker would need to have valid credentials on the system.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
Bug ID(s): CSCvt11522 , CSCvt11530
CVE ID: CVE-2021-1278
Security Impact Rating (SIR): Medium
CVSS Base Score: 6.7
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
CVE-2021-1279: Cisco SD-WAN SNMPv3 Denial of Service Vulnerability
A vulnerability in the SNMPv3 management feature of Cisco SD-WAN vBond
Orchestrator Software, Cisco SD-WAN vEdge Cloud Routers, Cisco SD-WAN vEdge
Routers, Cisco SD-WAN vManage Software, and Cisco SD-WAN vSmart Controller
Software could allow an unauthenticated, remote attacker to cause a DoS
condition on an affected system.
The vulnerability is due to insufficient input validation for the SNMPv3
management functionality. An attacker could exploit this vulnerability by
sending crafted SNMPv3 traffic to a specific device. A successful exploit
could allow the attacker to cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
Bug ID(s): CSCvq20708
CVE ID: CVE-2021-1279
Security Impact Rating (SIR): Medium
CVSS Base Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed software release
as indicated in the following table(s). To ensure a complete upgrade
solution, consider that this advisory is part of a collection that includes
the following advisories:
cisco-sa-sdwan-abyp-TnGFHrS : Cisco SD-WAN vManage Authorization Bypass
Vulnerabilities
cisco-sa-sdwan-bufovulns-B5NrSHbj : Cisco SD-WAN Buffer Overflow
Vulnerabilities
cisco-sa-sdwan-cmdinjm-9QMSmgcn : Cisco SD-WAN Command Injection
Vulnerabilities
cisco-sa-sdwan-dosmulti-48jJuEUP : Cisco SD-WAN Denial of Service
Vulnerabilities
SD-WAN Software
Cisco First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in This
Releases Vulnerabilities Collection of Advisories
Earlier Migrate to a fixed Migrate to a fixed release.
than 18.3 release.
18.3 Migrate to a fixed Migrate to a fixed release.
release.
18.4 18.4.6 Migrate to a fixed release.
19.2 Migrate to a fixed Migrate to a fixed release.
release.
19.3 Migrate to a fixed Migrate to a fixed release.
release.
20.1 20.1.2 Migrate to a fixed release.
20.3 20.3.1 20.3.2
20.4 20.4.1 20.4.1
IOS XE SD-WAN Software
Cisco IOS XE First Fixed Release First Fixed Release for All
SD-WAN for These Vulnerabilities Described in This
Releases Vulnerabilities Collection of Advisories
16.9 Migrate to a fixed Migrate to a fixed release.
release.
16.10 Migrate to a fixed Migrate to a fixed release.
release.
16.11 Migrate to a fixed Migrate to a fixed release.
release.
16.12 16.12.4 16.12.4
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o CVE-2021-1273: This vulnerability was found by Joseph Connor of Cisco
during internal security testing.
CVE-2021-1274: This vulnerability was found by Arthur Vidineyev of Cisco
during internal security testing.
CVE-2021-1278: This vulnerability was found by Andrew Kim of Cisco during
internal security testing.
CVE-2021-1279: This vulnerability was found during internal security
testing.
CVE-2021-1241: This vulnerability were found during the resolution of a
Cisco TAC support case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dosmulti-48jJuEUP
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco SD-WAN Information Disclosure Vulnerability
Priority: Medium
Advisory ID: cisco-sa-sdwan-infodis-2-UPO232DG
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvi69962
CVE Names: CVE-2021-1233
CWEs: CWE-20
CVSS Score:
4.4 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the CLI of Cisco SD-WAN Software could allow an
authenticated, local attacker to access sensitive information on an
affected device.
The vulnerability is due to insufficient input validation of requests that
are sent to the iperf tool. An attacker could exploit this vulnerability by
sending a crafted request to the iperf tool, which is included in Cisco
SD-WAN Software. A successful exploit could allow the attacker to obtain
any file from the filesystem of an affected device.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected the following Cisco
products if they were running a release of Cisco SD-WAN Software earlier
than Release 18.4.3:
SD-WAN vBond Orchestrator Software
SD-WAN vEdge Cloud Routers
SD-WAN vEdge Routers
SD-WAN vManage Software
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco SD-WAN Software releases 18.4.3 and later
contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-infodis-2-UPO232DG
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj/UONLKJtyKPYoAQiI1w/+K3Uj/JBvuMwzlXrILSJicmwSkQS9fZcW
gQVIAkNf0M2ZqzNDjE0yNnNfFHeZkIOlYgh6a7cTA+41rxu8bC2waJJVaAbzGVkE
YKSA9pygOXI6yxk1WUFDhrlvYG1IPwntloztiIYt8poInA5dh9ilc0KSvoZW9Lt+
S35AfQffmhCtGNPGVFUzyIvNByEXDwh6JBFV10NSzjyKZoPa1SpJQkJo7pJHUZV8
1esSEsBMOfIMSVXANiQJsUIVe/WbrhFOuc2jHpKjHOC5KskJwP3y2xaW4WCUA8K9
J+2m7UYBcDxN9r97krC/XKbRp2eVUjx2u5IVafJH0KR3s7I7Hk7WOHMxz+yoiuhk
3uCburV9mspwicUhzEBRLWj8/esgJjAUAyyvqvX6EhShykzWGaFQk9/rtlrOI7Ct
HhVwJ/ydKBIKwZrsRg6/eOFsE/uECgYkLWo07AlAK3/URKuNF1AoUxbQIY0IXBQ3
w+4Ri7VnQvc8h9XZ6RAPv4CjiaEgt4RbYUApdYCiISD/w+lnNzpYzE7/V1hBRfQT
60KIXSnOPAqAg69fwZ7NViwHYgOJhseUOW6rHZuTNT68g5De7AELGHrDg8YQDCc3
Q58MV3WyLRBH7y7AeOL9+cnM0IskDKm+tb2BWocFMLB8Wff6FOiaXkZTSb42wT5z
QIOdTbdJffU=
=Az58
-----END PGP SIGNATURE-----
ESB-2021.0240 - ALERT [Cisco] Cisco Smart Software Manager Satellite: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0240
Cisco Smart Software Manager Satellite vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Smart Software Manager Satellite
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Root Compromise -- Remote/Unauthenticated
Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Provide Misleading Information -- Remote with User Interaction
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1222 CVE-2021-1219 CVE-2021-1218
CVE-2021-1142 CVE-2021-1141 CVE-2021-1140
CVE-2021-1139 CVE-2021-1138
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A
Comment: This bulletin contains four (4) Cisco Systems security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Smart Software Manager Satellite Open Redirect Vulnerability
Priority: Medium
Advisory ID: cisco-sa-cssmor-MDCWkT2x
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvm45224
CVE Names: CVE-2021-1218
CWEs: CWE-601
CVSS Score:
4.6 AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web management interface of Cisco Smart Software
Manager satellite could allow an authenticated, remote attacker to redirect
a user to an undesired web page.
The vulnerability is due to improper input validation of the URL parameters
in an HTTP request that is sent to an affected device. An attacker could
exploit this vulnerability by sending a crafted HTTP request that could
cause the web application to redirect the request to a specified malicious
URL. A successful exploit could allow the attacker to redirect a user to a
malicious website.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco Smart
Software Manager satellite releases 5.0 and earlier.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco Smart Software Manager On-Prem releases
5.1.0 and later contained the fix for this vulnerability.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found by Cisco during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssmor-MDCWkT2x
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Smart Software Manager Satellite SQL Injection Vulnerability
Priority: Medium
Advisory ID: cisco-sa-cssm-sqi-h5fDvZWp
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvm42654
CVE Names: CVE-2021-1222
CWEs: CWE-89
CVSS Score:
6.8 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Summary
o A vulnerability in the web-based management interface of Cisco Smart
Software Manager Satellite could allow an authenticated, remote attacker to
conduct SQL injection attacks on an affected system.
The vulnerability exists because the web-based management interface
improperly validates values within SQL queries. An attacker could exploit
this vulnerability by authenticating to the application and sending
malicious SQL queries to an affected system. A successful exploit could
allow the attacker to modify values on or return values from the underlying
database or the operating system.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected Cisco Smart
Software Manager Satellite releases 5.1.0 and earlier.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, Cisco Smart Software Manager On-Prem releases
6.3.0 and later contained the fix for this vulnerability.
Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was
renamed to Cisco Smart Software Manager On-Prem.
See the Details section in the bug ID(s) at the top of this advisory for
the most complete and current information.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sqi-h5fDvZWp
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Smart Software Manager Satellite Static Credential Vulnerability
Priority: High
Advisory ID: cisco-sa-cssm-sc-Jd42D4Tq
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvm42283
CVE Names: CVE-2021-1219
CWEs: CWE-798
CVSS Score:
7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Summary
o A vulnerability in Cisco Smart Software Manager Satellite could allow an
authenticated, local attacker to access sensitive information on an
affected system.
The vulnerability is due to insufficient protection of static credentials
in the affected software. An attacker could exploit this vulnerability by
gaining access to the static credential that is stored on the local device.
A successful exploit could allow the attacker to view static credentials,
which the attacker could use to carry out further attacks.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq
Affected Products
o Vulnerable Products
This vulnerability affects Cisco Smart Software Manager Satellite releases
5.1.0 and earlier.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed this vulnerability in Cisco Smart Software Manager On-Prem
releases 6.3.0 and later.
Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was
renamed to Cisco Smart Software Manager On-Prem.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-sc-Jd42D4Tq
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------------------------------------------------------------
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities
Priority: Critical
Advisory ID: cisco-sa-cssm-multici-pgG5WM5A
First Published: 2021 January 20 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvm42428 CSCvm42436 CSCvm42548 CSCvm42748 CSCvm45213
CVE Names: CVE-2021-1138 CVE-2021-1139 CVE-2021-1140 CVE-2021-1141
CVE-2021-1142
CWEs: CWE-20
Summary
o Multiple vulnerabilities in the web UI of Cisco Smart Software Manager
Satellite could allow an unauthenticated, remote attacker to execute
arbitrary commands on the underlying operating system.
For more information about these vulnerabilities, see the Details section
of this advisory.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A
Affected Products
o Vulnerable Products
These vulnerabilities affect Cisco Smart Software Manager Satellite
releases 5.1.0 and earlier.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.
Details
o The vulnerabilities are not dependent on one another. Exploitation of one
of the vulnerabilities is not required to exploit another vulnerability. In
addition, a software release that is affected by one of the vulnerabilities
may not be affected by the other vulnerabilities.
Details about the vulnerabilities are as follows:
CVE-2021-1138, CVE-2021-1140, CVE-2021-1142: Cisco Smart Software Manager
Satellite Web U I Command Injection Vulnerabilities
Vulnerabilities in the web UI of Cisco Smart Software Manager Satellite
could allow an unauthenticated, remote attacker to execute arbitrary
commands as a high-privileged user on an affected device.
These vulnerabilities are due to insufficient input validation. An attacker
could exploit these vulnerabilities by sending malicious HTTP requests to
an affected device. A successful exploit could allow the attacker to run
arbitrary commands on the underlying operating system.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
CVE-ID: CVE-2021-1138, CVE-2021-1140, CVE-2021-1142
Bug ID(s): CSCvm45213 , CSCvm42428 , CSCvm42748
Security Impact Rating (SIR): Critical
CVSS Base Score: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-1139, CVE-2021-1141: Cisco Smart Software Manager Satellite Web UI
Command Injection Vulnerabilities
Vulnerabilities in the web UI of Cisco Smart Software Manager Satellite
could allow an authenticated, remote attacker to execute arbitrary commands
as the root user on an affected device.
These vulnerabilities are due to insufficient input validation. An attacker
could exploit these vulnerabilities by sending malicious HTTP requests to
an affected device. A successful exploit could allow the attacker to run
arbitrary commands as the root user on the underlying operating system.
Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.
CVE-ID: CVE-2021-1139, CVE-2021-1141
Bug ID(s): CSCvm42548 , CSCvm42436
Security Impact Rating (SIR): High
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Workarounds
o There are no workarounds that address these vulnerabilities.
Fixed Software
o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Cisco fixed these vulnerabilities in Cisco Smart Software Manager On-Prem
releases 6.3.0 and later.
Note: With Release 6.3.0, Cisco Smart Software Manager Satellite was
renamed to Cisco Smart Software Manager On-Prem.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.
Source
o These vulnerabilities were found during internal security testing.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-multici-pgG5WM5A
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2021-JAN-20 |
+----------+---------------------------+----------+--------+--------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj6a+NLKJtyKPYoAQgh9w//Y09TvkRZS/fimnzsj0ePcdGWanJVPfMP
7zHyMHvranq2GBk+sHgSX1zaHNopZNLc98Siy9XXjoUjbSVohRnXb4PU1+mNn6YD
tPhiQB+jtpdoWjRoEWJ5UMzACoiHp8Qraknn4RNhR1B1J2c0xu/yFfekVByV6uWI
MZ/ZnVXwagEOGGpYoVY0sWTRJcwH6TcYL1l/chDYe6bYosPvgLeM5MWhhPyC/uzN
uBEvwyRevZYRlXcyErvsDBJ9cH6kTiVvpEuPLZEKl9vIOOOJPooEwgaM9lHIw6uC
28/UQzHMZNUYIUiHFxBamjTN/bZjhZY/qRj008HFVGFqbwwHFv7Z5KYNdmKksq4Q
tPxIEGenl0vrW/FysrZqEDezweMvekNsOpCKTn5o3GIBAKrf2u3xYGyhQUsaeHjk
P4z/SwZ0q6L20ktdgnp/u8VMJhagmFiUxyG9SILfDAHdHaQYDwiAvo88HogklFLf
xEOsQgURfqAAFzyjHmtM79c4JVc8qqzFZeDtxScbg0P7q5RsuEBfIfgaFYBWZyCQ
ZVcrictU0DvjSt88JK5QUcYx5/0ZUHxtWk98d132C55uB7S2HxCUFzo+qa3RNqLt
GhqFIWt5FJm4uHEa9xkRcGXAYFsJa2gaISHv5SetGd4k60zbiXWlLfAOfv3QOT+L
7o8P7t+p3bA=
=3PBK
-----END PGP SIGNATURE-----
ESB-2021.0239 - [Win][UNIX/Linux] Drupal: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0239
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Drupal
Publisher: Drupal
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Unauthorised Access -- Unknown/Unspecified
Reduced Security -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2020-36193
Original Bulletin:
https://www.drupal.org/sa-core-2021-001
- --------------------------BEGIN INCLUDED TEXT--------------------
Drupal core - Critical - Third-party libraries - SA-CORE-2021-001
Project: Drupal core
Date: 2021-January-20
Security risk: Critical 18∕25 AC:Complex/A:User/CI:All/II:All/E:Exploit/TD:Uncommon
Vulnerability: Third-party libraries
Description:
The Drupal project uses the pear Archive_Tar library, which has released a
security update that impacts Drupal. For more information please see:
CVE-2020-36193
Exploits may be possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or
.tlz file uploads and processes them.
Solution:
Install the latest version:
If you are using Drupal 9.1, update to Drupal 9.1.3.
If you are using Drupal 9.0, update to Drupal 9.0.11.
If you are using Drupal 8.9, update to Drupal 8.9.13.
If you are using Drupal 7, update to Drupal 7.78.
Versions of Drupal 8 prior to 8.9.x are end-of-life and do not receive security coverage.
Disable uploads of .tar, .tar.gz, .bz2, or .tlz files to mitigate the vulnerability.
Reported By:
Richard Sheppard
Stephen Cross
Jonathan Danaher
Kim Pepper
Fixed By:
Lee Rowlands of the Drupal Security Team
Drew Webber of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Vijay Mani Provisional Member of the Drupal Security Team
Jess of the Drupal Security Team
Michael Hess of the Drupal Security Team
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj6NeNLKJtyKPYoAQjvZBAAjRb8aPLBeGKnGEBO+7IeFHtGpH57Tn4t
dyF7wrcddeOnNU54jC4+6r5+oPGPuDyHjGVvKBhP+QyFNuUCU0vUBvRu1hBOtoaP
vDP/K5pF7KGeT2OHEcf6cI69hTgn1wiY0+DMO6ak+8uDQVYEBunlE81WsRwsPtA9
5dftTG97dPYVg27jSf+VOv//3m3RlH24EA8Zt8rnxWH5zn27L/Uz9EQtzAiQl3sZ
8PBQBONqNWQN52WBR9cFsPbb/Lq+W7yVOj+P5FNyIaGI5ibX1iaZXCIcCEp0dVqa
eEniH2WddniGDjTfWzpY0X9KbQ/fpgPRIQfJSR2CC5EDqrxwPe6njeI0rx5wh20J
BNAUs3wBoaSEVsGmGskaGKtEtuD5TeQByDFhof+RbJA7UWTtgjzIeBIhv2WKR17o
N844AHxQoa4o9JRsmSy3IsuUGp2NOktllYpuf4ytyh1l1vfqJeMGgZ51oBHn2Kv5
i2wkQ0qQXcgJyS4mjQ/anExO6KdBJig4nIxbSGrfviO2l4WGVNlKbRjxfPEYnmJr
w70Eh4gWYLi+mTMaoN3I9oGdo+EHJ7Ov9hf/UQM53rrJNmaD5L2pbTI/VsYmt/JF
v2sOYA17mT+GK3+OzRV8lgXaf/IKqAvV0y+mCbS5W4h05UzTiPJy5f4SPDXhe0Un
XE+VHIEU6Qk=
=VFUY
-----END PGP SIGNATURE-----
ESB-2021.0238 - [RedHat] OpenShift Container Platform 3.11: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0238
OpenShift Container Platform 3.11.374 bug fix and security update
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: OpenShift Container Platform 3.11
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-26137 CVE-2020-8554 CVE-2019-11840
Reference: ESB-2021.0236
ESB-2019.2367
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:0079
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 3.11.374 bug fix and security update
Advisory ID: RHSA-2021:0079-01
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0079
Issue date: 2021-01-20
CVE Names: CVE-2019-11840 CVE-2020-8554 CVE-2020-26137
=====================================================================
1. Summary:
Red Hat OpenShift Container Platform release 3.11.374 is now available with
updates to packages and images that fix several bugs.
This release also includes a security update for Red Hat OpenShift
Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat OpenShift Container Platform 3.11 - noarch, ppc64le, x86_64
3. Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container
Platform 3.11.374. See the following advisory for the container images for
this release:
https://access.redhat.com/errata/RHBA-2021:0080
Security Fix(es):
* golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing
32-bit counter (CVE-2019-11840)
* kubernetes: MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)
* python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
See the following documentation, which will be updated shortly for release
3.11.374, for important instructions on how to upgrade your cluster and
fully
apply this asynchronous errata update:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_r
elease_notes.html
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258.
5. Bugs fixed (https://bugzilla.redhat.com/):
1691529 - CVE-2019-11840 golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter
1866789 - remove use of upstream client plugin pipeline from openshift build e2e
1870050 - Image garbage collection is not cleaning up dangling images
1881319 - [3.11] service cannot be working for a while if the pod is running before the service is created
1883632 - CVE-2020-26137 python-urllib3: CRLF injection via HTTP request method
1891051 - CVE-2020-8554 kubernetes: MITM using LoadBalancer or ExternalIPs
6. Package List:
Red Hat OpenShift Container Platform 3.11:
Source:
atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.src.rpm
atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.src.rpm
atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.src.rpm
atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.src.rpm
atomic-openshift-dockerregistry-3.11.374-1.git.481.e6a880c.el7.src.rpm
atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.src.rpm
atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.src.rpm
atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.src.rpm
atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.src.rpm
golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.src.rpm
golang-github-prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.src.rpm
golang-github-prometheus-node_exporter-3.11.374-1.git.1062.490d6d5.el7.src.rpm
golang-github-prometheus-prometheus-3.11.374-1.git.5026.29379c4.el7.src.rpm
openshift-ansible-3.11.374-1.git.0.92f5956.el7.src.rpm
openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.src.rpm
openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.src.rpm
openshift-kuryr-3.11.374-1.git.1478.ef11824.el7.src.rpm
python-urllib3-1.26.2-1.el7.src.rpm
noarch:
atomic-openshift-docker-excluder-3.11.374-1.git.0.ebd3ee9.el7.noarch.rpm
atomic-openshift-excluder-3.11.374-1.git.0.ebd3ee9.el7.noarch.rpm
openshift-ansible-3.11.374-1.git.0.92f5956.el7.noarch.rpm
openshift-ansible-docs-3.11.374-1.git.0.92f5956.el7.noarch.rpm
openshift-ansible-playbooks-3.11.374-1.git.0.92f5956.el7.noarch.rpm
openshift-ansible-roles-3.11.374-1.git.0.92f5956.el7.noarch.rpm
openshift-ansible-test-3.11.374-1.git.0.92f5956.el7.noarch.rpm
openshift-kuryr-cni-3.11.374-1.git.1478.ef11824.el7.noarch.rpm
openshift-kuryr-common-3.11.374-1.git.1478.ef11824.el7.noarch.rpm
openshift-kuryr-controller-3.11.374-1.git.1478.ef11824.el7.noarch.rpm
python2-kuryr-kubernetes-3.11.374-1.git.1478.ef11824.el7.noarch.rpm
python2-urllib3-1.26.2-1.el7.noarch.rpm
ppc64le:
atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.ppc64le.rpm
atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.ppc64le.rpm
atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-clients-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.ppc64le.rpm
atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.ppc64le.rpm
atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-hypershift-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-master-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.ppc64le.rpm
atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.ppc64le.rpm
atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.ppc64le.rpm
atomic-openshift-template-service-broker-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7.ppc64le.rpm
atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.ppc64le.rpm
golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.ppc64le.rpm
openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.ppc64le.rpm
openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.ppc64le.rpm
prometheus-3.11.374-1.git.5026.29379c4.el7.ppc64le.rpm
prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.ppc64le.rpm
prometheus-node-exporter-3.11.374-1.git.1062.490d6d5.el7.ppc64le.rpm
x86_64:
atomic-enterprise-service-catalog-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm
atomic-enterprise-service-catalog-svcat-3.11.374-1.git.1675.738abcc.el7.x86_64.rpm
atomic-openshift-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-clients-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-clients-redistributable-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-cluster-autoscaler-3.11.374-1.git.0.2996f62.el7.x86_64.rpm
atomic-openshift-descheduler-3.11.374-1.git.299.f128e96.el7.x86_64.rpm
atomic-openshift-dockerregistry-3.11.374-1.git.481.e6a880c.el7.x86_64.rpm
atomic-openshift-hyperkube-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-hypershift-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-master-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-metrics-server-3.11.374-1.git.53.9df25a9.el7.x86_64.rpm
atomic-openshift-node-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-node-problem-detector-3.11.374-1.git.263.28335fb.el7.x86_64.rpm
atomic-openshift-pod-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-sdn-ovs-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-service-idler-3.11.374-1.git.15.523a1f7.el7.x86_64.rpm
atomic-openshift-template-service-broker-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-tests-3.11.374-1.git.0.ebd3ee9.el7.x86_64.rpm
atomic-openshift-web-console-3.11.374-1.git.647.9e78d83.el7.x86_64.rpm
golang-github-openshift-oauth-proxy-3.11.374-1.git.439.966c536.el7.x86_64.rpm
openshift-enterprise-autoheal-3.11.374-1.git.218.9cf7939.el7.x86_64.rpm
openshift-enterprise-cluster-capacity-3.11.374-1.git.379.80bd08f.el7.x86_64.rpm
prometheus-3.11.374-1.git.5026.29379c4.el7.x86_64.rpm
prometheus-alertmanager-3.11.374-1.git.0.3abd2a5.el7.x86_64.rpm
prometheus-node-exporter-3.11.374-1.git.1062.490d6d5.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11840
https://access.redhat.com/security/cve/CVE-2020-8554
https://access.redhat.com/security/cve/CVE-2020-26137
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYAhg7tzjgjWX9erEAQhzMw/+OnzXq+T54y5tUQ4ELy0scOlhbJM7G0vR
Sa5H+PeKypLxtj4Tp0Xx06GNIKprdo2wKNJej3h23IOKzCSopecU0wBMIHi4pBh6
NZIbNoWRqWv0VgPkpF1D7unihvPqZOsa3247y4xqhQCf0o0akWiyMUmbe4CKSshS
kORmiAEafiT6UjS+yW+8jVjGK9CDanLgoCM5xV4DHQCookiVS0DObi2SOjzjfCdZ
IEuKAkAX1C3mTeHXDYK6+EB7AGPnGwG5m1q6cdzO/4FCLKPH5LqC4otPbUKPNOga
vzvXuJlOnhjs0K4/amH97K+AVw0hAxTAjb+R87XYX6ZW70yXoVzII4/w05/gxXa9
cRyb3j98pSirpweW5JhDGgyiWt7ZLbKvkNuEPtejca1jhzvOt6f9QLEKmgY210NL
BwzkDLQg4tWMd36sgoeSTDVpnUC/53ZOai7gNFRENS5/8Uwu3BGZ74Mi9FIXT0Rf
NXOgIsghSHpPmsMjvkvDX0kwcs+0MRnY6gycUSlJcH+ONBiG2rp4tMgvRC6TP8/X
Hij4L/VmO3MOwzCa4TbkbJrv5NPa5qWbXJQ4hc5YvU27CE8o37yM0TZ8kU8iTq+K
S7MDNwWcvgCXDH6s1VUqtWJQlWLJJ4wKUOFSEzHha4Ek886yl2NXWWa3FljcBlG+
0HD7KUq3X5Y=
=2CCg
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj3JONLKJtyKPYoAQhKzxAAgOW41hEbI2NHZ3zclhay6iKTzwr0hkL6
ue1ayt57ckpivLa/A+mDSv7bYN2omqdt8WP5pGHkI6iPzMwdEc4GTkwcRj8ThbRH
lX3CPBubyjsqbMnrdJqboDbco0ebU/tWRmh7Z84W4BSJsZY77pZQONgPP0TyJ0kW
h3NC1EHG3VhDIsaMpjRtWHgvQUfuECsX5vbREL484sG3mCc5BVYF2Xjy4528Gbmp
GuZN12BtZyuk8pgyr22sSmbwsxwsf7XZfz4rxbcRzzngEmg6PzViUUOK+NfUpF7S
9kqr92D3VtPvbpFsZvYiCgIGFShugHDPesiOIY9jEJ65AnghH21m1+0Lm/YvVe7/
35nFfbLbA5uhKhROCVlXk+uDH0KoC/MVx1AUg35Xj3EvhlAthK8IAFzRkGk1j/E6
Q+mbpGgzus3HcdLxR0k+5GIM3kQMP/9PS8UZlNx6CZK99AdJeW+XBt3KEqSkUylB
U2ldfYEGG1wIF97kTnNcYV3mkQymjro8mo2GeiXwJ3+T45CvAiGNtrybvywBI/bY
oY3+kjAfse5ab5mx2ZYe9Da0gHUHdwtB3puz4Uo2Wl328Do7C+JMbhYqdG1GAXB0
pNSIHmc4iT1IA3KlhxmvZR9xnkMzaPfKVyjQmcrLoPQn2AvV/bytHVdA7JS/D3CN
dtHfsQf/atQ=
=SPLr
-----END PGP SIGNATURE-----
ESB-2021.0237 - [UNIX/Linux][Debian] mutt: Denial of service - Remote with user interaction
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0237
mutt security update
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mutt
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3181
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/01/msg00017.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running mutt check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2529-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
January 21, 2021 https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------
Package : mutt
Version : 1.7.2-1+deb9u5
CVE ID : CVE-2021-3181
Debian Bug : 980326
rfc822.c in Mutt through 2.0.4 allows remote attackers to
cause a denial of service (mailbox unavailability) by sending
email messages with sequences of semicolon characters in
RFC822 address fields (aka terminators of empty groups).
A small email message from the attacker can cause large
memory consumption, and the victim may then be unable to
see email messages from other persons.
For Debian 9 stretch, this problem has been fixed in version
1.7.2-1+deb9u5.
We recommend that you upgrade your mutt packages.
For the detailed security status of mutt please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mutt
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmAIjx0ACgkQgj6WdgbD
S5bk0A/+JMLuHGnyWqpA+QYC4uNYvZKCUvA8YjV8fp/CJ6Jpekxa7LJ32VsazQcM
D/8tOQibVZ+iHaxuGBgQ3Zd9Ar9b+VUkQYJtkESpho6I0r/Se1G9pfbRb94IjdiT
w3KSL3wycHPH02379fe1Mf7UVZJHmF161F6SRGP8oQwFn44nY9cRwhFzqgIHcbb0
BxCYGkMsxT/jQq9MC7x5TZBZBzOw9racTYstKafUS7UxwTo/k+gzuDZH6nCjzohN
ux+24HPDhdmzx0DtJZ7TsHEyXgHeF/2+rLSTg3Q7FCna+x0EXNes46UHJq89tgUi
UYRD5VuhfKbTSw3vf84kqGQs9VBbfaEwpHoRqqdLgyMwIlG3jbIy+mIZgq/p0DBn
E0sWVQIyr0DCtAlJ1YT2Z0cT7ox6Gn2aIQrE2IIPPxA2xw2mjdfHzK+q4bwocY3U
zLvyxT1us2IU8fOZuSL1WS/rIIKN0sAXtwj2SCAEbN10o6XuXZdVJmdjxKWzCsog
xj5YWAd8aD01Kw7xypuxVsf2FlujHFXGM1zFBMxy4kEYt46EiIl6ZfSNApOiuo/5
RZpqQTdOsbd2EhX4HybPj7iLun9CQlDZUFU7j4xPao9z0JWDUK35csGNrQlH5SDb
cl1H6k7/zQNKfIN4mDQPrKnzroetqzyDmJJyxNMIgs50hX9mOqo=
=lmGl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj3FuNLKJtyKPYoAQgUMRAAsM0ryOX6uC7HuqHQAjePdPp2OdTfSrbO
eACpra73LauKYLp4xGqGe56/3Eti1nEz6G66KwTIp56O2JJBZxHD6lCOXNLAJ6UC
IOIC2IFyOoDZa3Jmol3/dACqwMpvrwIBLTTuYtzAlqDmNw18cZWpNUCGK/ErB0El
ANqlkTsrcnBJ7aSykZqOdnLvD2QLa7zxFxoCzl60e01tQN8ICtWWf8ezDL2IK+/X
9ID0CKS4dKB2yIYCvdTprYbFd2w7z8a/Gs+k/YJuBzZEw/I45hpqhDOr9l7eZeoO
TIuBX4OCiV3vUnwj4c/4Yt++rKzq8jDApJ6XFNlp8HBMm/1jT5kLKl17AU9d8UY7
4KMzHKexPTM82r4cQFMoqYTHwbYr3n7XFCf9ui4ORETL2ivBOb2uMpAoZEz+FxD2
CV1tXRFWPZ2hWkn1Okl206bDPZz5ZT4arQsWWr73Os54zt9ZGPeqGfXZeAl32D5T
QxLkl8phL1tk+TSBBZtBCLBBc8sjMnMBF07MRDg64rxXKIjzJwO/0S8zk1puHc73
Khsuic7kmU5ahUnF1hyQBYkHxc4Cdxi0GCI50Xuh+2HRh9mgVMuykeLUbMTQAru+
6zoOnPNeYrwRPJ6c68+HvvPtr1/1n+LEb+WJbMyEP7RHqZVzp/HGnIM3EEAcKjn4
Kqz18lbi6pQ=
=+ZzW
-----END PGP SIGNATURE-----
ASB-2021.0034 - [Win][UNIX/Linux] Oracle VM VirtualBox: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0033 - [Win][UNIX/Linux] Oracle Utilities Framework: Execute arbitrary code/commands - Remote/unauthenticated
Member only content. Please view on site after logging in.
ASB-2021.0032 - [Win][UNIX/Linux] Oracle Systems Products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0031 - [Win][UNIX/Linux] Oracle Supply Chain Products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0030 - [Win][UNIX/Linux] Siebel Applications: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0029 - [Win][UNIX/Linux] Oracle Communications Products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0028 - [Win][UNIX/Linux] Oracle PeopleSoft products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0027 - [Win][UNIX/Linux] JD Edwards EnterpriseOne products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ASB-2021.0026 - [Win][UNIX/Linux] MySQL Products: Multiple vulnerabilities
Member only content. Please view on site after logging in.
ESB-2021.0206.2 - UPDATE [UNIX/Linux][Ubuntu] Pillow: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0206.2
USN-4697-1: Pillow vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Pillow
Publisher: Ubuntu
Operating System: Ubuntu
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-35655 CVE-2020-35654 CVE-2020-35653
Original Bulletin:
https://ubuntu.com/security/notices/USN-4697-1
https://ubuntu.com/security/notices/USN-4697-2
Comment: This bulletin contains two (2) Ubuntu security advisories.
This advisory references vulnerabilities in products which run on
platforms other than Ubuntu. It is recommended that administrators
running Pillow check for an updated version of the software for
their operating system.
Revision History: January 21 2021: Vendor released corresponding update for Ubuntu 14.04 ESM USN-4697-2
January 19 2021: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-4697-1: Pillow vulnerabilities
18 January 2021
Pillow could be made to crash or run programs as your login if it opened a
specially crafted file.
Releases
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
o Ubuntu 16.04 LTS
Packages
o pillow - Python Imaging Library
Details
It was discovered that Pillow incorrectly handled certain PCX image files.
If a user or automated system were tricked into opening a specially-crafted
PCX file, a remote attacker could possibly cause Pillow to crash,
resulting in a denial of service. (CVE-2020-35653)
It was discovered that Pillow incorrectly handled certain Tiff image files.
If a user or automated system were tricked into opening a specially-crafted
Tiff file, a remote attacker could cause Pillow to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2020-35654)
It was discovered that Pillow incorrectly handled certain SGI image files.
If a user or automated system were tricked into opening a specially-crafted
SGI file, a remote attacker could possibly cause Pillow to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04
LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. (CVE-2020-35655)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.10
o python3-pil - 7.2.0-1ubuntu0.1
Ubuntu 20.04
o python3-pil - 7.0.0-4ubuntu0.2
Ubuntu 18.04
o python-pil - 5.1.0-1ubuntu0.4
o python3-pil - 5.1.0-1ubuntu0.4
Ubuntu 16.04
o python-pil - 3.1.2-0ubuntu1.5
o python3-pil - 3.1.2-0ubuntu1.5
In general, a standard system update will make all the necessary changes.
References
o CVE-2020-35655
o CVE-2020-35654
o CVE-2020-35653
- -------------------------------------------------------------------------------
USN-4697-2: Pillow vulnerabilities
20 January 2021
Pillow could be made to crash or run programs as your login if it opened a
specially crafted file.
Releases
o Ubuntu 14.04 ESM
Packages
o pillow - Python Imaging Library
Details
USN-4697-1 fixed several vulnerabilities in Pillow. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Pillow incorrectly handled certain PCX image files.
If a user or automated system were tricked into opening a specially-crafted
PCX file, a remote attacker could possibly cause Pillow to crash,
resulting in a denial of service. ( CVE-2020-35653 )
It was discovered that Pillow incorrectly handled certain image files. If
a user or automated system were tricked into opening a specially-crafted
image file, a remote attacker could possibly cause Pillow to crash,
resulting in a denial of service. ( CVE-2020-10177 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 14.04
o python-pil - 2.3.0-1ubuntu3.4+esm2
o python3-pil - 2.3.0-1ubuntu3.4+esm2
In general, a standard system update will make all the necessary changes.
References
o CVE-2020-10177
o CVE-2020-35653
Related notices
o USN-4430-1 : python3-pil, python-pil, pillow
o USN-4697-1 : python3-pil, python-pil, pillow
o USN-4430-2 : python3-pil, pillow
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkFNONLKJtyKPYoAQgHUw/9EjMRgcB8DboTXVS/9PRSEwamUZKwKZHB
pXLvZMCkMo7EUgVHaeS0TDE7DRBQC4uDrkGM0H6jKcGlAzDahhkvo0+L9bsrQoTa
1BteQDyVttCHTCmAPp36x/a+BSD4Whk0ZYLRVJj06ihdMY8pmUkGc8VX+0HM0fxX
OTrjgbJ8xTMhmorFSnHIq5Lz1QzgE9/rpZKufY9lvp2Oa4YKBDXTdOr4Dw+lTmaE
2CdbJihlVqyDbwWE3kHu77i7/In4uaFzeEJh2lQpsA1mIUGUiBDwGhMZyJq8Aj1N
25MPKW0lW27j1mUQgJB1EAjxZyWEskouxYP3hyIP2Q9akNbXiWtP4sFJwMb3LjDd
jrjpLgCl37RCVTdJIyLOxNQYHqzJpsTFOQQLvHqLB9R8r6zIC44+VeeqvlxJF65j
hFARPkQ1QoUxmfuMG5jkVSdcMotPZCP2me65zWjHYsdwUZ2V5dGWELFgzHcRXBHR
bdIHdA5YS84UZCw1NEjf2znmksaoQabcXxW5FCoSIf1o5WRHsAgish3PpMrGx4II
0gLzzWGXULhgsyzYFPiVnuIfDPrYloRDaI/5MXZraPq1jsb7pAMH9wnMUB/B08P3
vUqSqmT24vou+cVnEPq+9Mm9pODs02DwNZAHUkG7pO3DAZxqil5jT40684sup9w6
XXHsqNRvC2I=
=0tnQ
-----END PGP SIGNATURE-----
ESB-2021.0105.3 - UPDATE [Ubuntu] Linux kernel: Multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0105.3
USN-4689-2: Linux kernel vulnerabilities
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux kernel
Publisher: Ubuntu
Operating System: Ubuntu
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-1056 CVE-2021-1053 CVE-2021-1052
Reference: ESB-2021.0097
Original Bulletin:
https://ubuntu.com/security/notices/USN-4689-2
https://ubuntu.com/security/notices/USN-4689-3
https://ubuntu.com/security/notices/USN-4689-4
Comment: This bulletin contains three (3) Ubuntu security advisories.
Revision History: January 21 2021: Vendor released update USN-4689-4
January 21 2021: Vendor minor update (USN-4689-3) details upstream release
January 12 2021: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
USN-4689-2: Linux kernel vulnerabilities
11 January 2021
Several security issues were fixed in the Linux kernel.
Releases
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
Packages
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-aws-5.4 - Linux kernel for Amazon Web Services (AWS) systems
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-azure-4.15 - Linux kernel for Microsoft Azure Cloud systems
o linux-azure-5.4 - Linux kernel for Microsoft Azure cloud systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-gcp-5.4 - Linux kernel for Google Cloud Platform (GCP) systems
o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel
o linux-oem-5.6 - Linux kernel for OEM systems
o linux-oracle - Linux kernel for Oracle Cloud systems
o linux-oracle-5.4 - Linux kernel for Oracle Cloud systems
Details
USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers.
This update provides the corresponding updates for the NVIDIA Linux
DKMS kernel modules.
Original advisory details:
It was discovered that the NVIDIA GPU display driver for the Linux kernel
contained a vulnerability that allowed user-mode clients to access legacy
privileged APIs. A local attacker could use this to cause a denial of
service or escalate privileges. (CVE-2021-1052)
It was discovered that the NVIDIA GPU display driver for the Linux kernel
did not properly validate a pointer received from userspace in some
situations. A local attacker could use this to cause a denial of service.
(CVE-2021-1053)
Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux
kernel did not properly restrict device-level GPU isolation. A local
attacker could use this to cause a denial of service or possibly expose
sensitive information. (CVE-2021-1056)
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.10
o linux-image-5.8.0-1015-oracle - 5.8.0-1015.16
o linux-image-5.8.0-1016-gcp - 5.8.0-1016.17
o linux-image-5.8.0-1017-azure - 5.8.0-1017.19
o linux-image-5.8.0-1018-aws - 5.8.0-1018.20
o linux-image-5.8.0-36-generic - 5.8.0-36.40
o linux-image-5.8.0-36-lowlatency - 5.8.0-36.40
o linux-image-aws - 5.8.0.1018.20
o linux-image-azure - 5.8.0.1017.17
o linux-image-gcp - 5.8.0.1016.16
o linux-image-generic - 5.8.0.36.40
o linux-image-gke - 5.8.0.1016.16
o linux-image-lowlatency - 5.8.0.36.40
o linux-image-oracle - 5.8.0.1015.15
o linux-image-virtual - 5.8.0.36.40
Ubuntu 20.04
o linux-image-5.4.0-1034-gcp - 5.4.0-1034.37
o linux-image-5.4.0-1035-aws - 5.4.0-1035.37
o linux-image-5.4.0-1035-oracle - 5.4.0-1035.38
o linux-image-5.4.0-1036-azure - 5.4.0-1036.38
o linux-image-5.4.0-60-generic - 5.4.0-60.67
o linux-image-5.4.0-60-lowlatency - 5.4.0-60.67
o linux-image-5.6.0-1042-oem - 5.6.0-1042.46
o linux-image-5.8.0-36-generic - 5.8.0-36.40~20.04.1
o linux-image-5.8.0-36-lowlatency - 5.8.0-36.40~20.04.1
o linux-image-aws - 5.4.0.1035.36
o linux-image-azure - 5.4.0.1036.34
o linux-image-gcp - 5.4.0.1034.43
o linux-image-generic - 5.4.0.60.63
o linux-image-generic-hwe-20.04 - 5.8.0.36.40~20.04.21
o linux-image-lowlatency - 5.4.0.60.63
o linux-image-lowlatency-hwe-20.04 - 5.8.0.36.40~20.04.21
o linux-image-oem - 5.4.0.60.63
o linux-image-oem-20.04 - 5.6.0.1042.38
o linux-image-oem-osp1 - 5.4.0.60.63
o linux-image-oracle - 5.4.0.1035.32
o linux-image-virtual - 5.4.0.60.63
o linux-image-virtual-hwe-20.04 - 5.8.0.36.40~20.04.21
Ubuntu 18.04
o linux-image-4.15.0-1063-oracle - 4.15.0-1063.70
o linux-image-4.15.0-1092-aws - 4.15.0-1092.98
o linux-image-4.15.0-1104-azure - 4.15.0-1104.116
o linux-image-4.15.0-130-generic - 4.15.0-130.134
o linux-image-4.15.0-130-lowlatency - 4.15.0-130.134
o linux-image-5.4.0-1034-gcp - 5.4.0-1034.37~18.04.1
o linux-image-5.4.0-1035-aws - 5.4.0-1035.37~18.04.1
o linux-image-5.4.0-1035-oracle - 5.4.0-1035.38~18.04.1
o linux-image-5.4.0-1036-azure - 5.4.0-1036.38~18.04.1
o linux-image-5.4.0-60-generic - 5.4.0-60.67~18.04.1
o linux-image-5.4.0-60-lowlatency - 5.4.0-60.67~18.04.1
o linux-image-aws - 5.4.0.1035.20
o linux-image-aws-lts-18.04 - 4.15.0.1092.94
o linux-image-azure - 5.4.0.1036.18
o linux-image-azure-lts-18.04 - 4.15.0.1104.77
o linux-image-gcp - 5.4.0.1034.22
o linux-image-generic - 4.15.0.130.117
o linux-image-generic-hwe-18.04 - 5.4.0.60.67~18.04.55
o linux-image-lowlatency - 4.15.0.130.117
o linux-image-lowlatency-hwe-18.04 - 5.4.0.60.67~18.04.55
o linux-image-oem - 5.4.0.60.67~18.04.55
o linux-image-oem-osp1 - 5.4.0.60.67~18.04.55
o linux-image-oracle - 5.4.0.1035.38~18.04.19
o linux-image-oracle-lts-18.04 - 4.15.0.1063.73
o linux-image-virtual - 4.15.0.130.117
o linux-image-virtual-hwe-18.04 - 5.4.0.60.67~18.04.55
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References
o CVE-2021-1052
o CVE-2021-1053
o CVE-2021-1056
Related notices
o USN-4689-1 : xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450,
xserver-xorg-video-nvidia-440, nvidia-graphics-drivers-390,
xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450,
nvidia-graphics-drivers-460, xserver-xorg-video-nvidia-455
- -------------------------------------------------------------------------------
USN-4689-3: NVIDIA graphics drivers vulnerabilities
20 January 2021
Several security issues were fixed in NVIDIA graphics drivers.
Releases
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
Packages
o nvidia-graphics-drivers-418-server - NVIDIA Server Driver
o nvidia-graphics-drivers-450-server - NVIDIA Server Driver
Details
It was discovered that the NVIDIA GPU display driver for the Linux kernel
contained a vulnerability that allowed user-mode clients to access legacy
privileged APIs. A local attacker could use this to cause a denial of
service or escalate privileges. ( CVE-2021-1052 )
It was discovered that the NVIDIA GPU display driver for the Linux kernel
did not properly validate a pointer received from userspace in some
situations. A local attacker could use this to cause a denial of service.
( CVE-2021-1053 )
Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux
kernel did not properly restrict device-level GPU isolation. A local
attacker could use this to cause a denial of service or possibly expose
sensitive information. ( CVE-2021-1056 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.10
o nvidia-dkms-418-server - 418.181.07-0ubuntu0.20.10.1
o nvidia-dkms-440-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-dkms-450-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.20.10.1
o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.20.10.1
o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-utils-418-server - 418.181.07-0ubuntu0.20.10.1
o nvidia-utils-440-server - 450.102.04-0ubuntu0.20.10.1
o nvidia-utils-450-server - 450.102.04-0ubuntu0.20.10.1
o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.20.10.1
o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.20.10.1
o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.20.10.1
Ubuntu 20.04
o nvidia-dkms-418-server - 418.181.07-0ubuntu0.20.04.1
o nvidia-dkms-440-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-dkms-450-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.20.04.1
o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.20.04.1
o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-utils-418-server - 418.181.07-0ubuntu0.20.04.1
o nvidia-utils-440-server - 450.102.04-0ubuntu0.20.04.1
o nvidia-utils-450-server - 450.102.04-0ubuntu0.20.04.1
o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.20.04.1
o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.20.04.1
o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.20.04.1
Ubuntu 18.04
o nvidia-dkms-418-server - 418.181.07-0ubuntu0.18.04.1
o nvidia-dkms-440-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-dkms-450-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-kernel-common-418-server - 418.181.07-0ubuntu0.18.04.1
o nvidia-kernel-common-440-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-kernel-common-450-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-kernel-source-418-server - 418.181.07-0ubuntu0.18.04.1
o nvidia-kernel-source-440-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-kernel-source-450-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-utils-418-server - 418.181.07-0ubuntu0.18.04.1
o nvidia-utils-440-server - 450.102.04-0ubuntu0.18.04.1
o nvidia-utils-450-server - 450.102.04-0ubuntu0.18.04.1
o xserver-xorg-video-nvidia-418-server - 418.181.07-0ubuntu0.18.04.1
o xserver-xorg-video-nvidia-440-server - 450.102.04-0ubuntu0.18.04.1
o xserver-xorg-video-nvidia-450-server - 450.102.04-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional
bug fixes. After a standard system update you need to reboot your
computer to make all the necessary changes.
References
o CVE-2021-1053
o CVE-2021-1052
Related notices
o USN-4689-2 : linux-image-gke, linux-image-5.8.0-1017-azure,
linux-image-oracle, linux-oracle, linux-image-5.4.0-1035-oracle, linux-gcp,
linux-image-5.8.0-1018-aws, linux-image-oem,
linux-image-4.15.0-130-generic, linux-image-5.8.0-1016-gcp,
linux-image-4.15.0-1092-aws, linux-image-oem-20.04,
linux-image-4.15.0-130-lowlatency, linux-image-oracle-lts-18.04,
linux-image-5.4.0-1034-gcp, linux-gcp-5.4, linux-image-azure-lts-18.04,
linux-aws-5.4, linux-image-aws, linux, linux-azure-5.4,
linux-image-5.6.0-1042-oem, linux-image-5.8.0-1015-oracle,
linux-image-aws-lts-18.04, linux-image-virtual-hwe-18.04, linux-oem-5.6,
linux-aws, linux-image-lowlatency-hwe-18.04, linux-image-4.15.0-1104-azure,
linux-image-generic, linux-image-5.8.0-36-generic,
linux-image-5.4.0-1036-azure, linux-image-gcp,
linux-image-5.4.0-60-generic, linux-azure, linux-hwe-5.8, linux-hwe-5.4,
linux-image-5.4.0-1035-aws, linux-image-generic-hwe-18.04,
linux-image-virtual, linux-image-oem-osp1, linux-image-azure,
linux-image-generic-hwe-20.04, linux-image-lowlatency-hwe-20.04,
linux-image-4.15.0-1063-oracle, linux-image-5.4.0-60-lowlatency,
linux-image-5.8.0-36-lowlatency, linux-image-virtual-hwe-20.04,
linux-azure-4.15, linux-image-lowlatency, linux-oracle-5.4
o USN-4689-1 : xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450,
xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450,
xserver-xorg-video-nvidia-455, xserver-xorg-video-nvidia-440,
nvidia-graphics-drivers-390, nvidia-graphics-drivers-460
- -------------------------------------------------------------------------------
USN-4689-4: Linux kernel update
21 January 2021
Several security issues were fixed in NVIDIA graphics drivers.
Releases
o Ubuntu 20.10
o Ubuntu 20.04 LTS
o Ubuntu 18.04 LTS
Packages
o linux - Linux kernel
o linux-aws - Linux kernel for Amazon Web Services (AWS) systems
o linux-azure - Linux kernel for Microsoft Azure Cloud systems
o linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
o linux-hwe-5.4 - Linux hardware enablement (HWE) kernel
o linux-hwe-5.8 - Linux hardware enablement (HWE) kernel
o linux-oracle - Linux kernel for Oracle Cloud systems
Details
USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers.
This update provides the corresponding updates for the NVIDIA Linux
DKMS kernel modules.
Original advisory details:
It was discovered that the NVIDIA GPU display driver for the Linux kernel
contained a vulnerability that allowed user-mode clients to access legacy
privileged APIs. A local attacker could use this to cause a denial of
service or escalate privileges. ( CVE-2021-1052 )
It was discovered that the NVIDIA GPU display driver for the Linux kernel
did not properly validate a pointer received from userspace in some
situations. A local attacker could use this to cause a denial of service.
( CVE-2021-1053 )
Xinyuan Lyu discovered that the NVIDIA GPU display driver for the Linux
kernel did not properly restrict device-level GPU isolation. A local
attacker could use this to cause a denial of service or possibly expose
sensitive information. ( CVE-2021-1056 )
Update instructions
The problem can be corrected by updating your system to the following package
versions:
Ubuntu 20.10
o linux-image-5.8.0-1017-oracle - 5.8.0-1017.18
o linux-image-5.8.0-1019-azure - 5.8.0-1019.21
o linux-image-5.8.0-1019-gcp - 5.8.0-1019.20
o linux-image-5.8.0-1020-aws - 5.8.0-1020.22
o linux-image-5.8.0-40-generic - 5.8.0-40.45
o linux-image-5.8.0-40-lowlatency - 5.8.0-40.45
o linux-image-aws - 5.8.0.1020.22
o linux-image-azure - 5.8.0.1019.19
o linux-image-gcp - 5.8.0.1019.19
o linux-image-generic - 5.8.0.40.44
o linux-image-gke - 5.8.0.1019.19
o linux-image-lowlatency - 5.8.0.40.44
o linux-image-oem-20.04 - 5.8.0.40.44
o linux-image-oracle - 5.8.0.1017.17
o linux-image-virtual - 5.8.0.40.44
Ubuntu 20.04
o linux-image-5.4.0-64-generic - 5.4.0-64.72
o linux-image-5.4.0-64-lowlatency - 5.4.0-64.72
o linux-image-5.8.0-40-generic - 5.8.0-40.45~20.04.1
o linux-image-5.8.0-40-lowlatency - 5.8.0-40.45~20.04.1
o linux-image-generic - 5.4.0.64.67
o linux-image-generic-hwe-20.04 - 5.8.0.40.45~20.04.25
o linux-image-generic-lpae-hwe-20.04 - 5.8.0.40.45~20.04.25
o linux-image-lowlatency - 5.4.0.64.67
o linux-image-lowlatency-hwe-20.04 - 5.8.0.40.45~20.04.25
o linux-image-oem - 5.4.0.64.67
o linux-image-oem-osp1 - 5.4.0.64.67
o linux-image-virtual - 5.4.0.64.67
o linux-image-virtual-hwe-20.04 - 5.8.0.40.45~20.04.25
Ubuntu 18.04
o linux-image-4.15.0-134-generic - 4.15.0-134.138
o linux-image-4.15.0-134-lowlatency - 4.15.0-134.138
o linux-image-5.4.0-64-generic - 5.4.0-64.72~18.04.1
o linux-image-5.4.0-64-lowlatency - 5.4.0-64.72~18.04.1
o linux-image-generic - 4.15.0.134.121
o linux-image-generic-hwe-18.04 - 5.4.0.64.72~18.04.59
o linux-image-lowlatency - 4.15.0.134.121
o linux-image-lowlatency-hwe-18.04 - 5.4.0.64.72~18.04.59
o linux-image-oem - 5.4.0.64.72~18.04.59
o linux-image-oem-osp1 - 5.4.0.64.72~18.04.59
o linux-image-virtual - 4.15.0.134.121
o linux-image-virtual-hwe-18.04 - 5.4.0.64.72~18.04.59
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References
o CVE-2021-1053
o CVE-2021-1052
Related notices
o USN-4689-2 : linux-image-gke, linux-image-5.8.0-1017-azure,
linux-image-oracle, linux-oracle, linux-image-5.4.0-1035-oracle, linux-gcp,
linux-image-5.8.0-1018-aws, linux-image-oem,
linux-image-4.15.0-130-generic, linux-image-5.8.0-1016-gcp,
linux-image-4.15.0-1092-aws, linux-image-oem-20.04,
linux-image-4.15.0-130-lowlatency, linux-image-oracle-lts-18.04,
linux-image-5.4.0-1034-gcp, linux-gcp-5.4, linux-image-azure-lts-18.04,
linux-aws-5.4, linux-image-aws, linux, linux-azure-5.4,
linux-image-5.6.0-1042-oem, linux-image-5.8.0-1015-oracle,
linux-image-aws-lts-18.04, linux-image-virtual-hwe-18.04, linux-oem-5.6,
linux-aws, linux-image-lowlatency-hwe-18.04, linux-image-4.15.0-1104-azure,
linux-image-generic, linux-image-5.8.0-36-generic,
linux-image-5.4.0-1036-azure, linux-image-gcp,
linux-image-5.4.0-60-generic, linux-azure, linux-hwe-5.8, linux-hwe-5.4,
linux-image-5.4.0-1035-aws, linux-image-generic-hwe-18.04,
linux-image-virtual, linux-image-oem-osp1, linux-image-azure,
linux-image-generic-hwe-20.04, linux-image-lowlatency-hwe-20.04,
linux-image-4.15.0-1063-oracle, linux-image-5.4.0-60-lowlatency,
linux-image-5.8.0-36-lowlatency, linux-image-virtual-hwe-20.04,
linux-azure-4.15, linux-image-lowlatency, linux-oracle-5.4
o USN-4689-3 : xserver-xorg-video-nvidia-450-server,
nvidia-kernel-source-450-server, nvidia-kernel-source-440-server,
nvidia-kernel-source-418-server, nvidia-kernel-common-440-server,
nvidia-graphics-drivers-418-server, nvidia-utils-440-server,
xserver-xorg-video-nvidia-418-server, nvidia-dkms-450-server,
nvidia-kernel-common-450-server, xserver-xorg-video-nvidia-440-server,
nvidia-dkms-440-server, nvidia-kernel-common-418-server,
nvidia-utils-418-server, nvidia-dkms-418-server,
nvidia-graphics-drivers-450-server, nvidia-utils-450-server
o USN-4689-1 : xserver-xorg-video-nvidia-390, nvidia-graphics-drivers-450,
xserver-xorg-video-nvidia-460, xserver-xorg-video-nvidia-450,
xserver-xorg-video-nvidia-455, xserver-xorg-video-nvidia-440,
nvidia-graphics-drivers-390, nvidia-graphics-drivers-460
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkD6uNLKJtyKPYoAQgmBQ/+OzIcRQ+dKVRgg4N1MIKMPcN01HQBGXZ9
iexwpJKOXlkfzqJAINr32VqxMUA02vtaPG23gBtKu2upVzblYahvJwj8AADmKcpF
pkjagN8BrOMq2DsYGAFj1EkRq8K+iMx4iv/IZvwCi0TMlGDw9Jd9ZRDC0+tawzdO
6ACp4AU42Fa5feE7W4xOL2tUG3XE3fVeVG0JhbpielzTEvycwH+vcuxShJTcTkJ5
SQBJK/67mR+r+GgvRFD2kPwt/zdHntQaB9BHZb8+anJi1AK1Qc4gfeHAGeq8uTYc
oBNjAdEw2V6TY768oJ4NeW6gwDpch/G8drQ9jmT803Imz7AuNvqOxVE9mcSfpWFj
6BV3vtEIwDmThfR1sQA9B0HTf501n6zwaDrX5hfSzJaKCJkDhrs5PzcbqDlVgM7h
1I5IBivsIp5UDwBFmtaEcalKtPP/a0SJGqytgcZFwVoH5ppDk1O2luP8BMoSSqPj
Aa+/hxNrS9OoWkSRR5sB3K3KbdfIYjv1lHfmgLaZriEsa0olzaUWVghU8uyzbLd4
uqdplNnPeL6sUqaRksLPRz8ohaP0mfSwvcyLjZVhd7yXL5AjjWm/lIJ85gXjUJ5+
/v2ReQAplmV6z+N0Re4iXQXZEsTTQWMUSn8COncml8GlAzlU7bWsemz9YQa+PG0d
iXMO+Zh9Tng=
=+NpH
-----END PGP SIGNATURE-----
ESB-2020.4532.2 - UPDATE [Cisco] Cisco IP Phone Products: Denial of service - Remote/unauthenticated
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4532.2
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco IP Phone Products
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3574
Reference: ESB-2020.3834
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv
Revision History: January 21 2021: Vendor updated Fixed Software section
December 23 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
Priority: High
Advisory ID: cisco-sa-voip-phone-flood-dos-YnU9EXOv
First Published: 2020 November 4 16:00 GMT
Last Updated: 2021 January 19 17:34 GMT
Version 1.2: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvs66815 CSCvt83239 CSCvu36012 CSCvu36026
CVE Names: CVE-2020-3574
CWEs: CWE-371
Summary
o A vulnerability in the TCP packet processing functionality of Cisco IP
Phones could allow an unauthenticated, remote attacker to cause the phone
to stop responding to incoming calls, drop connected calls, or unexpectedly
reload.
The vulnerability is due to insufficient TCP ingress packet rate limiting.
An attacker could exploit this vulnerability by sending a high and
sustained rate of crafted TCP traffic to the targeted device. A successful
exploit could allow the attacker to impact operations of the phone or cause
the phone to reload, leading to a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv
Affected Products
o Vulnerable Products
This vulnerability affects the following Cisco IP Phones if they are
running a vulnerable firmware release:
IP DECT 210 Multi-Cell Base Station with Multiplatform Firmware
IP DECT 6825 with Multiplatform Firmware
IP Phone 8811 Series with Multiplatform Firmware
IP Phone 8841 Series with Multiplatform Firmware
IP Phone 8851 Series with Multiplatform Firmware
IP Phone 8861 Series with Multiplatform Firmware
Unified IP Conference Phone 8831 for Third-Party Call Control
Webex Room Phone
Note: The default configurations of these devices are vulnerable.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
ATA 190 Analog Telephone Adapter
ATA 191 Analog Telephone Adapter
IP Conference Phone 7832
IP Conference Phone 7832 with Multiplatform Firmware
IP Conference Phone 8832
IP Conference Phone 8832 with Multiplatform Firmware
IP Phone 6800 Series with Multiplatform Firmware
IP Phone 6821 with Multiplatform Firmware
IP Phone 7800 Series
IP Phone 7800 Series with Multiplatform Firmware
IP Phone 8800 Series
IP Phone 8845
IP Phone 8865
IP Phone 8865 with Multiplatform Firmware
SPA112 2-Port Phone Adapter
SPA122 Analog Telephone Adapter (ATA) with Router
SPA232D Multi-Line DECT Analog Telephone Adapter (ATA)
SPA525G 5-Line IP Phone
Unified IP Phone 3905
Unified IP Phone 6901
Unified IP Phone 6911
Unified IP Phone 7900 Series
Unified IP Conference Phone 8831
Wireless IP Phone 8821
Note : The devices listed may see a performance impact from the same attack
traffic, but will recover without user intervention once the attack traffic
is stopped.
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html
Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.
When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Customers Without Service Contracts
Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.
Fixed Releases
Customers are advised to upgrade to an appropriate fixed firmware release
as indicated in the following table:
Cisco IP Phone Model Cisco Bug First Fixed Release
ID
IP DECT 210 Multi-Cell Base Station
with Multiplatform Firmware CSCvt83239 4.8.1
IP DECT 6825 with Multiplatform
Firmware
IP Phone 8811 Series with
Multiplatform Firmware
IP Phone 8841 Series with
Multiplatform Firmware CSCvs66815 11.3.2
IP Phone 8851 Series with
Multiplatform Firmware
IP Phone 8861 Series with
Multiplatform Firmware
Unified IP Conference Phone 8831 CSCvu36012 There is no fixed firmware
for Third-Party Call Control available at this time.
Webex Room Phone CSCvu36026 1.2.0
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.
Source
o This vulnerability was found during the resolution of a Cisco TAC support
case.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv
Revision History
o +---------+-----------------------------+----------+--------+-------------+
| Version | Description | Section | Status | Date |
+---------+-----------------------------+----------+--------+-------------+
| | Updated the Fixed Software | | | |
| 1.2 | section to indicate fix | Fixed | Final | 2021-JAN-19 |
| | released for Webex Room | Software | | |
| | Phone. | | | |
+---------+-----------------------------+----------+--------+-------------+
| | Updated the Fixed Software | Fixed | | |
| 1.1 | section for the Webex Room | Software | Final | 2020-DEC-22 |
| | Phone. | | | |
+---------+-----------------------------+----------+--------+-------------+
| 1.0 | Initial public release. | - | Final | 2020-NOV-04 |
+---------+-----------------------------+----------+--------+-------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAj59+NLKJtyKPYoAQj8QA//dWgUZaRSaeYNdkBsWoh4on2XJ3S+aIy2
fCnQK1YST8utxaSfMsGEiDQHRC4A3D0fP6YEXo46up6+oKSBAkUEHMyb7vzauvxj
PrVHeKSr5IwHADSbRxDnL1JbJCPvs9NAFFGTnpUvK8DHssd9W9ypFvcqKuo4dsz5
0ur57yKEATT1qA5ReBRGHaI+SPP3Sp3OcdT8gu8Km7tpizuQfp8bK1M8KYv3d8tm
CxbE1uSrEX3RYk/a6/kwcel7Crpsj4sRuEB7LqVFwLzsF1CgmA1rh8S0EXJOtpUM
gL5YgAuCJqZbTQ7g9BIISBuT4gH0G9mV9iQwGfOU5SFWuNluDU9fJ3OOeVgjyIeL
qemMGIXngijRLzP/nsUVK4bveJmPE3oE4/uoHjfIYSnNRtxmDuQOJAXrI9pmtdUi
REFOu/L74Y85FK/Rxm6eqatno5ca01zH1nMVvVBE1j7Uy/d1XjYXXQ9bNnGbrwko
QHgo37yJ6UnSaH7YAtek0S/TPsKtT3aPObpmKtLYUgkPQ8If3DNYEmbg1Z12mtVy
jNkMgyw90GYUFvWTsm92YFPewwXtgGOVNLsXEdom0dFOqho2rKGV4meNtVurSx8L
7HVueUKQ4qiY0BwVnCviCy3/XL/9kHrkJQp0Ec/xs/iWkxxLh3tJzYKf/lHh3eEI
y/pNayDx5Tw=
=X6bv
-----END PGP SIGNATURE-----
ESB-2020.4174.2 - UPDATE [Appliance] Citrix Hypervisor & XenServer: Execute arbitrary code/commands - Existing account
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4174.2
Citrix Hypervisor Security Update
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Citrix Hypervisor
XenServer
Publisher: Citrix
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-29040
Original Bulletin:
https://support.citrix.com/article/CTX286511
Revision History: January 21 2021: Vendor updated with CVE ID
November 25 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Citrix Hypervisor Security Update
Reference: CTX286511
Category : Medium
Created : 24 November 2020
Modified : 20 January 2021
Applicable Products
o Citrix Hypervisor
o XenServer
Description of Problem
A security issue has been identified that may allow privileged code running in
a guest VM to compromise the host. This issue is limited to only those guest
VMs where the host administrator has explicitly assigned a PCI passthrough
device to the guest VM.
The issue has the following identifier:
CVE ID Description Vulnerability Pre-conditions
Type
CVE-2020-29040 Bounding error CWE-121 A PCI passthrough device
updating physmap must be assigned
This issue affects all currently supported versions of Citrix Hypervisor up to
and including Citrix Hypervisor 8.2 LTSR.
Mitigating Factors
Customers who are not using the PCI passthrough feature of Citrix Hypervisor
are not at risk from this issue
What Customers Should Do
Citrix has released hotfixes to address this issue. Citrix recommends that
affected customers install these hotfixes as their patching schedule allows.
The hotfixes can be downloaded from the following locations:
Citrix Hypervisor 8.2 LTSR: CTX286459 - https://support.citrix.com/article/
CTX286459
Citrix Hypervisor 8.1: CTX286458 - https://support.citrix.com/article/CTX286458
Citrix XenServer 7.1 LTSR CU2: CTX286457 - https://support.citrix.com/article/
CTX286457
Citrix XenServer 7.0: CTX286456 - https://support.citrix.com/article/CTX286456
Changelog
Date Change
2020-11-24 Initial Publication
2021-01-20 CVE ID Added
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkAA+NLKJtyKPYoAQgbtQ//Tkd8n0YuT04275YEo13INk/eoJUK7OQk
UQl31PsBFz8PC47SiFu47ciHOASRFp4Q/o2Sqmt+H6r+WmgTkLzj2EdrEGXQAVGl
barj0yK6H52oLtorbSn4UTLAr+eKZBS/l1v3/wd70kBro9T1M1wEstVzQcYX6xMq
IhQSNnZT3loAnm+H3RlOUI3yMfuoBF1wj2RUP2gcQ1A2VS7SiygszIPb8gp+PV/Q
0Tx6yby9tityMeAWJH8dtFUCb70QFKye6yvfMrSgeCsXJtudNWDb9yDbictbUTy5
dGT1NViYIRNLEJ75GQOfjH8hjYVYl9ZszTcYOqTxXmJwUij65GUdyJ/okWuPEF/H
j939qVRH1FHoYXfCQZjqcIewSfWWCEQ4obq7nzBVF3uBwbP7c69iebwz9FaVKB5o
EucRWrSLl796hEFYXTPXTCdITix8hsXXH6qNne/merfAoAA94oBFanGJE7wfUnMw
3QwtYDCCD/gudHsy0P3XCGboVJHjE3ZosvPWmdQP8+OJwc0C3tB8EQ1j3aPUZ2nX
CroSDYZN31wWtxRq1D3/bQnTW8g4E3wQt25qvWdZVS1e9MsJWxxM+9SuRgdZOSMd
8snTs0olUczRLyte7Kkz/OWVrcrtt2rDopZZsv8SEpSsf0Uk4r6rZAQw969GHRkB
NQDeW7hH4pQ=
=3m4i
-----END PGP SIGNATURE-----
ESB-2020.4104.2 - UPDATE [Cisco] Cisco Expressway Software: Unauthorised access - Remote/unauthenticated
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.4104.2
Cisco Expressway Software Unauthorized Access Information
Disclosure Vulnerability
21 January 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco Expressway Software
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Unauthorised Access -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3482
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV
Revision History: January 21 2021: Vendor downgraded rating from medium to informationation
November 19 2020: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco Expressway Software TURN Server Configuration Issue
Priority: Informational
Advisory ID: cisco-sa-Expressway-8J3yZ7hV
First Published: 2020 November 18 16:00 GMT
Last Updated: 2021 January 20 20:41 GMT
Version 2.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvt83751
CVE Names: CVE-2020-3482
CWEs: CWE-284
Summary
o The Traversal Using Relays around NAT (TURN) server component of Cisco
Expressway software supports the relay of media connections through a
firewall using proxy services. As a result of this feature, interfaces such
as the Cisco Expressway web administrative interface may become accessible
from external networks.
At the time of publication, documentation of the feature did not properly
explain that users are able to bypass firewall protections that are
designed to restrict access to the Cisco Expressway web administrative
interface. However, an attacker must have credentials sufficient to use
TURN services to be able to send network requests to the web administrative
interface.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV
Affected Products
o Vulnerable Products
This issue impacts Cisco Expressway Series and Cisco TelePresence Video
Communication Server (VCS) with the TURN server feature enabled.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected.
Cisco has confirmed that Cisco Expressway Series and Cisco TelePresence VCS
systems that do not have the TURN server feature enabled are not affected.
Details
o The Cisco Expressway IP Port Usage Configuration Guide recommends firewall
configuration to prevent access to administrative ports from external
networks. However, when TURN services are enabled, administrative ports are
accessible through the TURN server from external networks. Customers should
be aware that enabling the TURN services exposes administrative ports on
the Cisco Expressway Series or Cisco TelePresence VCS host.
Workarounds
o There are no workarounds that address this issue.
Exploitation and Public Announcements
o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the issue that is described in
this advisory.
Source
o Cisco would like to thank Christian Mehlmauer of WienCERT-IT-Security in
the City of Vienna for reporting this issue.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-Expressway-8J3yZ7hV
Revision History
o +---------+--------------------------+-------------+--------+-------------+
| Version | Description | Section | Status | Date |
+---------+--------------------------+-------------+--------+-------------+
| | Changed the advisory SIR | | | |
| | from Medium to | Summary, | | |
| | Informational. Updated | Vulnerable | | |
| 2.0 | throughout to explain | Products, | Final | 2021-JAN-20 |
| | that this not a | Details, | | |
| | vulnerability. Removed | and Fixed | | |
| | the Fixed Software | Software | | |
| | section. | | | |
+---------+--------------------------+-------------+--------+-------------+
| | Included additional | | | |
| 1.1 | information about the | Affected | Final | 2020-NOV-25 |
| | vulnerable | Products | | |
| | configuration. | | | |
+---------+--------------------------+-------------+--------+-------------+
| 1.0 | Initial public release. | - | Final | 2020-NOV-18 |
+---------+--------------------------+-------------+--------+-------------+
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYAkAmuNLKJtyKPYoAQgTChAAryj3DGqup8i1UFqJUcbPe0vTLrDxuKBW
n1v/vAfSVHk+STKgzIcSZhHfo4AaxVwAKyEk3bODXHkSXS+qjGnjJ6Jtx30v6NzV
VFTdA4rj2vfuHK6nTceai5jP+AVKNuBBNFAFP60gwXIiLvppJWxZKsqB6cBGgIGG
AIBnIXF1jrZxs5AqlF01yAZk9qR50gat2ItKWfCPkpPq1E4GYduWK6l7MGvtA9Fi
4BXKk/Ku90u+U54P7RKSPzRt82tcS7PjAP53L1J6IM8b0Qxbyl21/gXtnSF5Xxyw
gkJfrOVLTJgDmBMX//W8KUPiujs37uSh+LN3K3FY9y8J2QSSadJcA4snYdJW/G/6
CDupk8RHHEEkDVhL5kOgQWEZy6euCpc2zt8IQC1SAh/PqdetFk1qW+Y2tSRSmakr
5KmG+SgGyAwgutcpzdSJVmmHtcYI26iZ8aUEd7MJK/CzOCfnyGZhmmkj7sJRKVP3
a5TtbP1GiPwjaVy/lZuj67k3McUfshLWo8XxhB/1Xs7/94qlxLBXKfbGnOciqZsQ
dmiNE0OtsPYXBPSeAbXPvXOOskn4bWNi5kk2KnKVzmTS2KfEDG8nzMhXB5Q71xXI
1viwDNKJ7fCRl8pWbYSsQREiNOHkB0RxhtztB63khvm4AHNlww4yfmm70YyNFV1v
1cf5LKiJv4A=
=kXek
-----END PGP SIGNATURE-----