logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

Description

## Summary AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ## Vulnerability Details ** CVEID: **[CVE-2019-1551](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551>) ** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. By performing a man-in-the-middle attack, a remote attacker could exploit this vulnerability to obtain sensitive information. CVSS Base score: 6.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172752](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172752>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) ** CVEID: **[CVE-2019-19906](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906>) ** DESCRIPTION: **cyrus-sasl is vulnerable to a denial of service, caused by an off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP packet, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173382](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173382>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-15845](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15845>) ** DESCRIPTION: **Ruby could allow a local attacker to gain unauthorized access to the system, caused by a NUL injection vulnerability in the built-in methods (File.fnmatch and File.fnmatch). An attacker could exploit this vulnerability to make path matching pass despite the intention of the program author. CVSS Base score: 5.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169463>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) ** CVEID: **[CVE-2019-16254](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16254>) ** DESCRIPTION: **Ruby is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input in the WEBrick module. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information. CVSS Base score: 6.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169464](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169464>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N) ** CVEID: **[CVE-2019-16255](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16255>) ** DESCRIPTION: **Ruby could allow a local attacker to execute arbitrary commands on the system, caused by a code injection vulnerability in the (lib/shell.rb standard library. By passing untrusted data to methods of Shell, an attacker could exploit this vulnerability to inject code and call an arbitrary Ruby method. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169465>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-18218](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18218>) ** DESCRIPTION: **File is vulnerable to a heap-based buffer overflow, caused by improper improper bounds checking by the cdf_read_property_info function in cdf.c. By sending an overly large amount of CDF_VECTOR elements, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 9.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169693](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169693>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-16866](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16866>) ** DESCRIPTION: **Unbound is vulnerable to a denial of service, caused by accessing uninitialized memory. By using a specially crafted NOTIFY query, a remote attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 5.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168591>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-13164](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13164>) ** DESCRIPTION: **Quick Emulator(Qemu) could allow a local attacker to bypass security restrictions, caused by a flaw in the qemu-bridge-helper function. By creating a tap device and attaching it to a denied bridge interface, an attacker could exploit this vulnerability to gain access to confidential data transmitted on the bridge. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163295>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2019-14378](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14378>) ** DESCRIPTION: **libslirp is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by p_reass in ip_input.c. By sending a large packet, a remote attacker could overflow a buffer and execute arbitrary code on the system. CVSS Base score: 7.3 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164416](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164416>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ** CVEID: **[CVE-2019-9511](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511>) ** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164638](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164638>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-9513](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513>) ** DESCRIPTION: **Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources. CVSS Base score: 7.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164639](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164639>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2018-20836](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20836>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. A local attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161631](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161631>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ** CVEID: **[CVE-2019-1125](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125>) ** DESCRIPTION: **Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by an error when certain central processing units (CPU) speculatively access memory. By conducting a Spectre side-channel attack, an attacker could exploit this vulnerability to secretly monitor and steal private data. Note: This vulnerability is called SWAPGSAttack, and is a variant of Spectre Variant 1. CVSS Base score: 5.9 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162990>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) ** CVEID: **[CVE-2019-1999](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1999>) ** DESCRIPTION: **Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free between the direct reclaim path and munmap() syscall in the Blinder driver. By executing a specially-crafted application, an authenticated attacker could exploit this vulnerability to execute arbitrary code within the context of a privileged process. CVSS Base score: 7.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/156830](<https://exchange.xforce.ibmcloud.com/vulnerabilities/156830>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-10207](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the hci_uart_set_flow_control function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164305](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164305>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-10638](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638>) ** DESCRIPTION: **Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of IP ID values for connection-less protocols. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain the hash collisions then enumerate the hashing key. CVSS Base score: 6.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163731](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163731>) for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) ** CVEID: **[CVE-2019-12817](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12817>) ** DESCRIPTION: **Linux Kernel for PowerPC is vulnerable to a denial of service, caused by an issue where unrelated processes may be able to read/write to each other's virtual memory. By sending a specially-crafted request, a local attacker could exploit this vulnerability to corrupt memory and cause a denial of service. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162843](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162843>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-12984](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12984>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the nfc_genl_deactivate_target function in net/nfc/netlink.c. By persuading a victim to execute a specially-crafted program, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.5 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163079](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163079>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-13233](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13233>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when a race between modify_ldt() and #BR Exception occurs. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. CVSS Base score: 5.1 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162780>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-13648](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c when hardware transactional memory is disabled. By using a sigreturn() system call with crafted signal frame, a local attacker could exploit this vulnerability to cause the system to crash. CVSS Base score: 6.2 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164506](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164506>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: **[CVE-2019-13631](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13631>) ** DESCRIPTION: **Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by an an out-of-bounds write flaw in the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c. By using a specially-crafted USB device to send an HID report, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. CVSS Base score: 6.8 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163955>) for the current score. CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-14283](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14283>) ** DESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds read in the drivers/block/floppy.c. By using a specially-crafted floppy disk, an attacker could exploit this vulnerability to execute arbitrary code on the system. CVSS Base score: 8.4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165352](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165352>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ** CVEID: **[CVE-2019-14284](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14284>) ** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by setup_format_params division-by-zero in drivers/block/floppy.c. By sending specially-crafted ioctls, a local attacker could exploit this vulnerability to cause the application to crash. CVSS Base score: 4 CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165351](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165351>) for the current score. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) ## Affected Products and Versions Affected Product(s)| Version(s) ---|--- Vyatta 5600| All ## Remediation/Fixes Please contact IBM Cloud Support to request that the ISO for the 1801-ze be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window). ## Workarounds and Mitigations None ## Get Notified about Future Security Bulletins Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this. ### References [Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> "Link resides outside of ibm.com" ) [On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> "Link resides outside of ibm.com" ) Off ## Related Information [IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) [IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>) ## Change History 20 May 2020: Initial Publication *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. ## Disclaimer Review the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment. ## Document Location Worldwide [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSH5QD","label":"Vyatta 5600"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Vyatta 5600","Edition":"","Line of Business":{"code":"","label":""}}]


Affected Software


CPE Name Name Version
vyatta 5600 5600

Related