Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3
HistoryJul 24, 2020 - 9:16 p.m.

Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze

2020-07-2421:16:35
www.ibm.com
29

EPSS

0.166

Percentile

96.1%

JSON

Summary

AT&T has released versions 1801-ze for the Vyatta 5600. Details of these releases can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches

Vulnerability Details

CVEID:CVE-2019-1551
**DESCRIPTION:**OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. By performing a man-in-the-middle attack, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172752 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2019-19906
**DESCRIPTION:**cyrus-sasl is vulnerable to a denial of service, caused by an off-by-one error in _sasl_add_string in common.c. By sending a malformed LDAP packet, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173382 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-15845
**DESCRIPTION:**Ruby could allow a local attacker to gain unauthorized access to the system, caused by a NUL injection vulnerability in the built-in methods (File.fnmatch and File.fnmatch). An attacker could exploit this vulnerability to make path matching pass despite the intention of the program author.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169463 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2019-16254
**DESCRIPTION:**Ruby is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input in the WEBrick module. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:CVE-2019-16255
**DESCRIPTION:**Ruby could allow a local attacker to execute arbitrary commands on the system, caused by a code injection vulnerability in the (lib/shell.rb standard library. By passing untrusted data to methods of Shell, an attacker could exploit this vulnerability to inject code and call an arbitrary Ruby method.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169465 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-18218
**DESCRIPTION:**File is vulnerable to a heap-based buffer overflow, caused by improper improper bounds checking by the cdf_read_property_info function in cdf.c. By sending an overly large amount of CDF_VECTOR elements, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169693 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-16866
**DESCRIPTION:**Unbound is vulnerable to a denial of service, caused by accessing uninitialized memory. By using a specially crafted NOTIFY query, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168591 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-13164
**DESCRIPTION:**Quick Emulator(Qemu) could allow a local attacker to bypass security restrictions, caused by a flaw in the qemu-bridge-helper function. By creating a tap device and attaching it to a denied bridge interface, an attacker could exploit this vulnerability to gain access to confidential data transmitted on the bridge.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163295 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-14378
**DESCRIPTION:**libslirp is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by p_reass in ip_input.c. By sending a large packet, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:CVE-2019-9511
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request by the HTTP/2 protocol stack (HTTP.sys) for an overly large amount of data from a specified resource over multiple streams, a remote attacker could consume excessive CPU resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164638 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-9513
**DESCRIPTION:**Multiple vendors are vulnerable to a denial of service, caused by a Resource Loop attack. By creating multiple request streams and continually shuffling the priority of the streams, a remote attacker could consume excessive CPU resources.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164639 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2018-20836
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c. A local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161631 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-1125
**DESCRIPTION:**Multiple Intel CPU’s could allow a local attacker to obtain sensitive information, caused by an error when certain central processing units (CPU) speculatively access memory. By conducting a Spectre side-channel attack, an attacker could exploit this vulnerability to secretly monitor and steal private data. Note: This vulnerability is called SWAPGSAttack, and is a variant of Spectre Variant 1.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162990 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2019-1999
**DESCRIPTION:**Google Android could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free between the direct reclaim path and munmap() syscall in the Blinder driver. By executing a specially-crafted application, an authenticated attacker could exploit this vulnerability to execute arbitrary code within the context of a privileged process.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/156830 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-10207
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the hci_uart_set_flow_control function. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164305 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-10638
**DESCRIPTION:**Linux Kernel could allow a remote attacker to obtain sensitive information, caused by the use of IP ID values for connection-less protocols. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain the hash collisions then enumerate the hashing key.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163731 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

CVEID:CVE-2019-12817
**DESCRIPTION:**Linux Kernel for PowerPC is vulnerable to a denial of service, caused by an issue where unrelated processes may be able to read/write to each other’s virtual memory. By sending a specially-crafted request, a local attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162843 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-12984
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the nfc_genl_deactivate_target function in net/nfc/netlink.c. By persuading a victim to execute a specially-crafted program, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163079 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-13233
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when a race between modify_ldt() and #BR Exception occurs. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162780 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-13648
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by a flaw in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c when hardware transactional memory is disabled. By using a sigreturn() system call with crafted signal frame, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164506 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-13631
**DESCRIPTION:**Linux Kernel could allow a physical attacker to execute arbitrary code on the system, caused by an an out-of-bounds write flaw in the parse_hid_report_descriptor function in drivers/input/tablet/gtco.c. By using a specially-crafted USB device to send an HID report, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163955 for the current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-14283
**DESCRIPTION:**Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds read in the drivers/block/floppy.c. By using a specially-crafted floppy disk, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165352 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-14284
**DESCRIPTION:**Linux Kernel is vulnerable to a denial of service, caused by setup_format_params division-by-zero in drivers/block/floppy.c. By sending specially-crafted ioctls, a local attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165351 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Vyatta 5600 All

Remediation/Fixes

Please contact IBM Cloud Support to request that the ISO for the 1801-ze be pushed to your Vyatta system. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).

Workarounds and Mitigations

None

Related

openvas 57
nessus 77
osv 11
debian 14
slackware 1
suse 6
ubuntu 4
cloudfoundry 1
freebsd 2
gentoo 1
symantec 1
mageia 4
fedora 4
archlinux 2
ibm 3
redhat 4
amazon 3
oraclelinux 2
photon 1
rocky 1
openvas
openvas
Debian: Security Advisory (DSA-4495-1)
2019-08-12 00:00:00
Slackware: Security Advisory (SSA:2019-226-01)
2022-04-21 00:00:00
openSUSE: Security Advisory for the Linux Kernel (openSUSE-SU-2019:1924-1)
2019-08-17 00:00:00
nessus
nessus
Debian DSA-4495-1 : linux - security update
2019-08-12 00:00:00
Debian DLA-1884-1 : linux security update
2019-08-14 00:00:00
openSUSE Security Update : the Linux Kernel (openSUSE-2019-1923)
2019-08-20 00:00:00
osv
osv
linux - security update
2019-08-10 00:00:00
linux - security update
2019-08-13 00:00:00
linux-4.9 - security update
2019-08-13 00:00:00
debian
debian
[SECURITY] [DSA 4495-1] linux security update
2019-08-10 21:15:57
[SECURITY] [DSA 4495-1] linux security update
2019-08-10 21:15:57
[SECURITY] [DLA 1884-1] linux security update
2019-08-14 00:16:24
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2019-08-14 06:12:49
suse
suse
Security update for the Linux Kernel (important)
2019-08-16 00:00:00
Security update for the Linux Kernel (important)
2019-08-16 00:00:00
Security update for nghttp2 (moderate)
2019-10-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-09-02 00:00:00
Linux kernel vulnerabilities
2019-09-02 00:00:00
Linux kernel (AWS) vulnerabilities
2019-09-02 00:00:00
cloudfoundry
cloudfoundry
USN-4201-1: Ruby vulnerabilities | Cloud Foundry
2019-12-05 00:00:00
freebsd
freebsd
ruby -- multiple vulnerabilities
2019-10-01 00:00:00
nghttp2 -- multiple vulnerabilities
2019-08-13 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2020-03-13 00:00:00
symantec
symantec
Ruby Multiple Security Vulnerabilities
2019-10-01 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2019-12-25 22:08:41
Updated nghttp2 packages fix security vulnerabilities
2019-09-28 04:05:09
Updated kernel packages fix security vulnerabilities
2019-08-13 00:08:18
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-tools-5.2.5-200.fc30
2019-08-06 01:20:15
[SECURITY] Fedora 30 Update: kernel-headers-5.2.5-200.fc30
2019-08-06 01:20:15
[SECURITY] Fedora 29 Update: nghttp2-1.39.2-1.fc29
2019-08-27 18:38:08
archlinux
archlinux
[ASA-201910-2] ruby: multiple issues
2019-10-02 00:00:00
[ASA-201908-17] libnghttp2: denial of service
2019-08-27 00:00:00
ibm
ibm
Security Bulletin: IBM MQ Appliance affected by HTTP/2 vulnerabilities (CVE-2019-9511 and CVE-2019-9513)
2020-01-27 10:37:46
Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities
2021-06-08 21:47:38
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-ze
2020-07-24 21:16:35
redhat
redhat
(RHSA-2019:2692) Important: nghttp2 security update
2019-09-09 18:39:39
(RHSA-2019:3041) Important: Red Hat OpenShift Service Mesh 1.0.1 RPMs
2019-10-14 16:45:27
(RHSA-2019:2799) Important: nginx:1.14 security update
2019-09-17 08:45:10
amazon
amazon
Important: nghttp2
2019-10-08 21:43:00
Important: nghttp2
2019-09-30 21:03:00
Important: ruby
2024-02-29 10:03:00
oraclelinux
oraclelinux
nghttp2 security update
2019-09-10 00:00:00
nginx:1.14 security update
2019-09-19 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0342
2023-02-28 00:00:00
rocky
rocky
nginx:1.14 security update
2019-09-17 08:45:10

EPSS

0.166

Percentile

96.1%

JSON
Related for 6CB4EF3A076E2190B30084083521AA008A1E2F799850D429F0737446D33988B3
openvas57nessus77osv11debian14slackware1suse6ubuntu4cloudfoundry1freebsd2gentoo1symantec1mageia4fedora4archlinux2ibm3redhat4amazon3oraclelinux2photon1rocky1