Security Bulletin
Summary
AT&T has released versions 1801-w and 1801-y for the Vyatta 5600.
Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
DESCRIPTION: OpenSSH could allow a remote attacker to overwrite arbitrary files on the system, caused by missing received object name validation by the scp client. The scp implementation accepts arbitrary files sent by the server and a man-in-the-middle attacker could exploit this vulnerability to overwrite unrelated files.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155486 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-6109
DESCRIPTION: OpenSSH could allow a remote attacker to conduct spoofing attacks, caused by missing character encoding in the progress display. A man-in-the-middle attacker could exploit this vulnerability to spoof scp client output.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155488 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2018-20685
DESCRIPTION: OpenSSH could allow a remote attacker to bypass security restrictions, caused by directory name validation by scp.c in the scp client. A man-in-the-middle attacker could exploit this vulnerability using the filename of . or an empty filename to bypass access restrictions and modify permissions of the target directory.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3824
DESCRIPTION: Samba is vulnerable to a denial of service. By using a LDAP search expression, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158326 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-1559
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. An attacker could exploit this vulnerability using a 0-byte record padding-oracle attack to decrypt traffic.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVEID: CVE-2019-9214
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a NULL pointer dereference in the RPCAP dissector in epan/dissectors/packet-rpcap.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157670 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-9209
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a buffer overflow in the ASN.1 BER and related dissectors in epan/dissectors/packet-ber.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157669 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-9208
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a NULL pointer dereference in the TCAP dissector in epan/dissectors/asn1/tcap/tcap.cnf. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157668 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-5719
DESCRIPTION: Wireshark iis vulnerable to a denial of service, caused by a flaw in epan/dissectors/packet-isakmp.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the ISAKMP dissector to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155305 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-5718
DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a heap out-of-bounds read in the RTSE dissector and other ASN.1 dissectors. By persuading a victim to open a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155280 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-5717
DESCRIPTION: Wireshark iis vulnerable to a denial of service, caused by a flaw in epan/dissectors/packet-p_mul.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the P_MUL dissector to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155304 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-5716
DESCRIPTION: Wireshark iis vulnerable to a denial of service, caused by a flaw in epan/dissectors/packet-6lowpan.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the 6LoWPAN dissector to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155303 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-5953
DESCRIPTION: GNU Wget is vulnerable to a buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159154 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-3842
DESCRIPTION: systemd could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly sanitize the environment before using the XDG_SEAT variable by pam_systemd. By spoofing an active session to PolicyKit, an authenticated attacker could exploit this vulnerability to gain additional PolicyKit privileges.
CVSS Base Score: 4.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159257 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-17540
DESCRIPTION: strongSwan is vulnerable to a buffer overflow, caused by improper bounds checking by the gmp plugin. By using a specially-crafted certificate, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/150937 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-0737
DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/141679 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0734
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. An attacker could exploit this vulnerability using variations in the signing algorithm to recover the private key.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152085 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-0732
DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/144658 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2019-3813
DESCRIPTION: Spice is vulnerable to a denial of service, caused by an off-by-one error in array access in spice/server/memslot.c. A local attacker could exploit this vulnerability to cause the host to crash or possibly execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/156290 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H)
CVEID: CVE-2018-5407
DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to obtain sensitive information, caused by execution engine sharing on Simultaneous Multithreading (SMT) architecture. By using the PortSmash new side-channel attack, an attacker could run a malicious process next to legitimate processes using the architectures parallel thread running capabilities to leak encrypted data from the CPU's internal processes. Note: This vulnerability is known as PortSmash.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152484 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Remediation/Fixes
Monitor IBM Cloud Status for Future Security Bulletins
Monitor the security notifications on the IBM Cloud Status page to be advised of future security bulletins.
References
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
01 May 2019
UID
ibm10882554