IBM Support

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-za

Security Bulletin


Summary

AT&T has released versions 1801-za for the Vyatta 5600.

Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches

Vulnerability Details

CVEID: CVE-2019-12749
DESCRIPTION: D-Bus could allow a remote attacker to bypass security restrictions, caused by symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. By manipulating a ~/.dbus-keyrings symlink, an attacker could exploit this vulnerability to bypass DBUS_COOKIE_SHA1 authentication to allow a DBusServer with a different uid to read and write in arbitrary locations.
CVSS Base Score: 9.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162386 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID: CVE-2016-10228
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124078 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-6323
DESCRIPTION: GNU C Library (glibc or libc6) is vulnerable to a denial of service, caused by an incompatible error related to backtrace generation by the makecontext function within sysdeps/posix/getaddrinfo.c. By using gccgo to compile applications and persuading a victim to install the applications, a remote attacker could exploit this vulnerability to cause the device to hang.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118247 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2015-5180
DESCRIPTION: glibc is vulnerable to a denial of service, caused by a NULL pointer dereference in the res_query function in libresolv. By using a malformed pattern, a remote attacker could cause the process to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130620 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-1000366
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack. By using specially-crafted crafted LD_LIBRARY_PATH values, an attacker could exploit this vulnerability to trigger a stack memory allocation flaw and execute arbitrary code on the system.
CVSS Base Score: 7.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-16887
DESCRIPTION: FiberHome MIFI LM53Q1 could allow a remote attacker to bypass security restrictions, caused by improper validation of user-supplied request. By sending a specially-crafted request, an attacker could exploit this vulnerability to change the Administrator account password.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137394 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2017-12133
DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/131622 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-15804
DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a buffer overflow, caused by improper bounds checking by glob function in glob.c. By using a specially-crafted file, a local attacker could overflow a buffer.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133996 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-15671
DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by a memory leak in the glob function in glob.c. A remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133909 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-15670
DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133915 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-6485
DESCRIPTION: GNU C Library is vulnerable to a denial of service, caused by an integer overflow in the implementation of the posix_memalign in memalign functions. A local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138627 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-1000001
DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib/canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/137516 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-12132
DESCRIPTION: GNU C Library (aka glibc or libc6) could allow a remote attacker to conduct spoofing attacks, caused by a flaw in the DNS stub resolver. An attacker could exploit this vulnerability to perform off-path DNS spoofing attacks.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129949 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-10228
DESCRIPTION: GNU C Library (glibc) is vulnerable to a denial of service, caused by an error in the iconv program. By processing invalid multi-byte input sequences, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124078 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-12735
DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-10161
DESCRIPTION: libvirt could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper access control by the virDomainSaveImageGetXMLDesc API. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to obtain arbitrary file information, cause a denial of service or execute arbitrary programs with root privileges.
CVSS Base Score: 8.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162805 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

CVEID: CVE-2019-12735
DESCRIPTION: Vim and and Neovim could allow a remote attacker to execute arbitrary commands on the system, caused by improper input validation by the :source! command in a modeline. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-20843
DESCRIPTION: libexpat is vulnerable to a denial of service, caused by an error in the XML parser. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID: CVE-2019-11884
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c. By using a HIDPCONNADD command, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161261 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2019-11833
DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to zero out the unused memory region in the extent tree block in extents.c. By reading uninitialized data in the filesystem, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2019-11815
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in the rds_tcp_kill_sock function in net/rds/tcp.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160729 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-11599
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the coredump implementation. By using a specially-crafted system call, a local attacker could exploit this vulnerability to cause the application to crash or obtain sensitive information.
CVSS Base Score: 7.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160262 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID: CVE-2019-11486
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Siemens R3964 line discipline code in drivers/tty/n_r3964.c. A local attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/160016 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-11479
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162665 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-11478
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162664 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-11477
DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2019-10126
DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the marvell wifi chip driver. By using a specially-crafted call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 8.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-9503
DESCRIPTION: The Broadcom brcmfmac driver could allow a remote attacker to bypass security restrictions. By receiving firmware event frames from a remote source, a remote attacker could exploit this vulnerability to bypass the frame validation.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159643 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID: CVE-2019-9500
DESCRIPTION: The Broadcom brcmfmac driver is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the brcmf_wowl_nd_results function if the Wake-up on Wireless LAN functionality is configured. By sending specially crafted WiFi packets, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159642 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-5489
DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a new side channel attack on the mincore() implementation in mm/mincore.c. An attacker could exploit this vulnerability to bypass sandbox protections, conduct keystroke timing attacks and gain access to secret data from other applications.
CVSS Base Score: 5.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155197 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2019-3846
DESCRIPTION: Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mwifiex_update_bss_desc_with_ie function in drivers/net/wireless/marvell/mwifiex/scan.c. By sending specially-crafted beacon packets, a remote attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/161814 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2019-1543
DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the ChaCha20-Poly1305 AEAD cipher. By sending a message encrypted using a reused overly long nonce, an attacker could exploit this vulnerability to conduct serious confidentiality and integrity attacks.
CVSS Base Score: 4.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/157841 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID: CVE-2019-13132
DESCRIPTION: zeromq/libzmq is vulnerable to a denial of service, caused by a stack-based buffer overflow. A remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

 

Affected Products and Versions

VRA - Vyatta 5600

Remediation/Fixes

Please contact IBM Cloud Support to request that the ISO for the 1801-za be pushed to your Vyatta system.   Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).

Get Notified about Future Security Bulletins

References

Off

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU007","label":"Public Cloud"},"Product":{"code":"SSH5QD","label":"Vyatta 5600"},"Component":"","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All Versions","Edition":""}]

Document Information

Modified date:
25 July 2019

UID

ibm10960426