IBM886FADBF12E5D255DA0F738559659C57F2FF4189798EA7267513A7ED50B1F227Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C
Summary
AT&T has released versions 1801-s, 1801-t and 1801-u for the Vyatta 5600.
Details of this release can be found at https://console.bluemix.net/docs/infrastructure/virtual-router-appliance/vyatta-5600-security-fixes.html#at-t-vyatta-5600-vrouter-software-patches
Vulnerability Details
CVEID: CVE-2018-10933 DESCRIPTION: libssh could allow a remote attacker to bypass security restrictions, caused by an error in the server code. By sending the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message, an attacker could exploit this vulnerability to bypass the authentication process and gain access to a server with an SSH connection enabled without providing a password.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151331> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-16058 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the Bluetooth AVDTP dissector. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149164> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16056 DESCRIPTION: Wireshark is vulnerable to a denial of service, caused by a flaw in the Bluetooth Attribute Protocol dissector. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149162> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-10873 DESCRIPTION: SPICE is vulnerable to a denial of service, caused by a missing check in python_modules/demarshal.py:write_validate_array_item(). By sending a specially-crafted message, a remote authenticated attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148522> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H)
CVEID: CVE-2018-6554 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the irda_bind function. By repeatedly binding an AF_IRDA socket, a local attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149360> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18065 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by a NULL pointer dereference in _set_key in agent/helpers/table_container.c. By sending a specially-crafted UDP packet, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150994> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-6554 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a memory leak in the irda_bind function. By repeatedly binding an AF_IRDA socket, a local attacker could exploit this vulnerability to consume all available memory resources.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149360> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-18065 DESCRIPTION: Net-SNMP is vulnerable to a denial of service, caused by a NULL pointer dereference in _set_key in agent/helpers/table_container.c. By sending a specially-crafted UDP packet, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150994> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-16842 DESCRIPTION: cURL could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the display function in the command line tool. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152300> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
CVEID: CVE-2018-16839 DESCRIPTION: cURL is vulnerable to a denial of service, caused by the incorrect verification of the passed-in lengths for the name and password fields by the Curl_auth_create_plain_message function. By sending a user name that exceeds 2 GB, an attacker could overflow a buffer and cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152298> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-16396 DESCRIPTION: Ruby could allow a remote attacker to bypass security restrictions, caused by the failure to properly check security controls. By sending a specially crafted Array#pack and String#unpack array, an attacker could exploit this vulnerability to bypass security controls on the target system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153078> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-16395 DESCRIPTION: Ruby could allow a remote attacker to bypass security restrictions, caused by a flaw when comparing two OpenSSL::X509::Name objects using == in the OpenSSL library. By sending specially-crafted arguments, an attacker could exploit this vulnerability to to create an illegitimate certificate that may be accepted as legitimate.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153077> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-16152 DESCRIPTION: strongSwan could provide weaker than expected security, caused by a flaw in the verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin. A remote attacker could exploit this vulnerability to forge signatures.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150575> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-16151 DESCRIPTION: strongSwan could provide weaker than expected security, caused by a flaw in the verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin. A remote attacker could exploit this vulnerability to forge signatures.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150576> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2018-17182 DESCRIPTION: Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the improper handling of sequence number overflows by the vmacache_flush_all function. An attacker could exploit this vulnerability using certain thread creation, map, unmap, invalidation, and dereference operations to trigger a use-after-free error and gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150102> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-16658 DESCRIPTION: Linux Kernel could allow a local attacker to obtain sensitive information, caused by a flaw in the cdrom_ioctl_drive_status function in drivers/cdrom/cdrom.c. By using a specially-crafted ioctl, an attacker could exploit this vulnerability to read kernel memory.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149720> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2018-16276 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking in the yurex_read function in drivers/usb/misc/yurex.cr. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause the system to crash, or gain elevated privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/149198> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-15594 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the improper handling of certain indirect calls. By conducting Spectre-v2 attacks against paravirtual guests, an attacker could exploit this vulnerability to leak memory contents into a CPU cache and read host kernel memory.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148547> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-15572 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by the failure to always fill RSB upon a context switch by the spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c. An attacker could exploit this vulnerability to conduct userspace-userspace spectreRSB attacks and obtain private data.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148546> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID: CVE-2018-14734 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in drivers/infiniband/core/ucma.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147701> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14678 DESCRIPTION: Linux Kernel, as used in Xen, is vulnerable to a denial of service, caused by the failure to properly maintain RBX by the xen_failsafe_callback entry point in arch/x86/entry/entry_64.S. A local authenticated attacker could exploit this vulnerability to cause the kernel to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147407> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14633 DESCRIPTION: Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the chap_server_compute_md5() function. If the iSCSI target to be enabled on the victim host, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash.
CVSS Base Score: 7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150238> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)
CVEID: CVE-2018-14617 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the hfsplus_lookup function in fs/hfsplus/dir.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147627> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-14609 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the __del_reloc_root function in fs/btrfs/relocation.c when mounting a crafted btrfs image. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/147619> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-13099 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds memory access flaw in fs/f2fs/inline.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/145964> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-10938 DESCRIPTION: Linux Kernel is vulnerable to a denial of service, caused by an error in the cipso_v4_optptr() function. By sending a specially crafted packet, a remote attacker could exploit the vulnerability to cause the kernel to enter into an infinite loop.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148874> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2018-10902 DESCRIPTION: Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a double-free in in snd_rawmidi_input_params() and snd_rawmidi_output_status() triggered by the raw midi kernel driver. An attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with elevated privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148627> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-9516 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in hid_debug_events_read of drivers/hid/hid-debug.c. An attacker could exploit this vulnerability to escalate privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152645> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2018-9363 DESCRIPTION: Google Android could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the hidp_process_report in bluetooth. An attacker could exploit this vulnerability to escalate privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152659> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Products and Versions
VRA - Vyatta 5600
Remediation/Fixes
Please contact IBM Cloud Support to request that the ISO for the 1801u be pushed to your Vyatta system, as this version is inclusive of all patches. Users will need to apply the upgraded code according to their defined processes (for example during a defined maintenance window).
| CPE | Name | Operator | Version |
|---|---|---|---|
| vyatta 5600 | eq | any |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:P/I:P/A:C