Security Bulletin
Summary
Summary
AT&T has released version 1801r for the Vyatta 5600.
Advisory CVEs:
CVE-2018-10860 CVE-2018-16741 CVE-2018-14618 CVE-2018-15473 CVE-2018-5391 CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
Details of this release can be found at https://console.bluemix.net/docs/infrastructure/virtual-router-appliance/vyatta-5600-security-fixes.html#at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
CVEID: CVE-2018-10860
DESCRIPTION: perl-archive-zip could allow a remote attacker to traverse directories on the system, caused by improper sanitization of paths in the Archive::Zip module. An attacker could using a specially-crafted archive to write or overwrite arbitrary files on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/145690 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-16741
DESCRIPTION: Mgetty could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation in the faxrunq and faxq binaries. By inserting commands using shell metacharacters in jobs id, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149790 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-14618
DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curl_ntlm_core_mk_nt_hash internal function in the NTLM authentication code. By sending an overly long password, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/149359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-15473
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148397 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-5391
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the reassembly of fragmented IPv4 and IPv6 packets by the IP implementation. By sending specially crafted IP fragments with random offsets, a remote attacker could exploit this vulnerability to exhaust all available CPU resources and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/148388 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14679
DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one error in the CHM PMGI/PMGL chunk number validity checks in mspack/chmd.c. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147667 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-14680
DESCRIPTION: An unspecified error in libmspack related to the failure to reject blank CHM filenames has an unknown impact and attack vector.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-14681
DESCRIPTION: libmspack could allow a remote attacker to overwrite arbitrary files, caused by an error in the kwajd_read_headers function in mspack/kwajd.c in libmspack. An attacker could exploit this vulnerability using bad KWAJ file header extensions to cause a one or two byte overwrite.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-14682
DESCRIPTION: libmspack is vulnerable to a denial of service, caused by an off-by-one in mspack/chmd.c in the TOLOWER() macro for CHM decompression. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147666 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
VRA - Vyatta 5600
Remediation/Fixes
Please contact IBM Cloud Support to request that the ISO for the 1801r be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Product Synonym
VRA; Virtual Router Appliance; Vyatta, AT&T Vyatta vRouter
Was this topic helpful?
Document Information
Modified date:
26 October 2018
UID
ibm10737409