VARIoT IoT vulnerabilities database

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in Crestron AM-100 with firmware version 1.6.0.2 and AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start, stop, and disconnect active slideshows. Crestron AM-100 and AM-101 Authentication firmware contains an authentication vulnerability.Information may be tampered with. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An authorization issue vulnerability exists in the Crestron Electronics AM-100 with firmware version 1.6.0.2 and the Crestron Electronics AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code. Crestron AM-100 and AM-101 Firmware Contains an access control vulnerability.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code. Crestron AM-100 and AM-101 There is an access control vulnerability in the firmware.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An access control error vulnerability exists in the Crestron AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 use default credentials admin/admin and moderator/moderator for the web interface. An unauthenticated, remote attacker can use these credentials to gain privileged access to the device. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in the Crestron Electronics AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, and other configuration options in the file generated via the "export configuration" feature. The configuration file is encrypted using the awenc binary. The same binary can be used to decrypt any configuration file since all the encryption logic is hard coded. A local attacker can use this vulnerability to gain access to devices username and passwords. Crestron AM-100 and AM-101 Firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in Crestron AM-100 with firmware version 1.6.0.2 and AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 stores usernames, passwords, slideshow passcode, and other configuration options in cleartext in the file /tmp/scfgdndf. A local attacker can use this vulnerability to recover sensitive data. Crestron AM-100 and AM-101 Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in Crestron AM-100 with firmware version 1.6.0.2 and AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Crestron AM-100 There is a command injection vulnerability in products such as firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A command injection vulnerability exists in several routers. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Crestron AM-100 and AM-101 Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are smart home gateway products from Crestron Electronics, USA

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. Crestron AM-100 and AM-101 Has a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are all american Crestron Electronics A smart home gateway product of the company. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow. Crestron AM-100 and AM-101 Contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An input validation error vulnerability exists in Crestron AM-100 with firmware version 1.6.0.2 and AM-101 with firmware version 2.7.0.2. The vulnerability stems from the failure of the network system or product to properly validate the input data

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter. Crestron AM-100 and AM-101 Contains an information disclosure vulnerability.Information may be obtained. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. An information disclosure vulnerability exists in the Crestron AM-100 with firmware version 1.6.0.2 and the AM-101 with firmware version 2.7.0.2. This vulnerability stems from configuration errors in network systems or products during operation

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to argumention injection to the curl binary via crafted HTTP requests to return.cgi. A remote, authenticated attacker can use this vulnerability to upload files to the device and ultimately execute code as root. Crestron AM-100 and AM-101 Has a vulnerability related to injection.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to a stack buffer overflow in libAwgCgi.so's PARSERtoCHAR function. A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.cgi endpoint. Crestron AM-100 Firmware and other products have a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A buffer error vulnerability exists in the 'PARSERtoCHAR' function of the libAwgCgi.so file in several routers. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface. Crestron AM-100 and AM-101 Vulnerabilities related to certificate and password management exist in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Crestron Electronics AM-100 and Crestron Electronics AM-101 are both smart home gateway products of Crestron Electronics in the United States. A trust management issue vulnerability exists in Crestron AM-100 with firmware version 1.6.0.2 and AM-101 with firmware version 2.7.0.2. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

Xiaoai MINI Smart Speaker is an artificial intelligence-based speaker that can be networked. There is a command execution vulnerability in the Xiaoai MINI smart speaker messagingagent module. An attacker can use this vulnerability to remotely execute arbitrary commands to the device from the background.

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface. Dell EMC iDRAC9 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743. ISC BIND 9 Contains the following multiple vulnerabilities: *TCP The number of client connections is not limited as configured - CVE-2018-5743 *nxdomain-redirect Due to lack of functions query.c In Assertion Failure Occurs - CVE-2019-6467 *nxdomain-redirect Due to lack of functions Assertion Failure Occurs - CVE-2019-6468The expected impact depends on each vulnerability, but can be affected as follows: * By attacker named File descriptors will be depleted, adversely affecting network connectivity and log and zone journal file management - CVE-2018-5743 *nxdomain-redirect If the function is enabled, an attacker may interfere with service operation (DoS) Attacked - CVE-2019-6467, CVE-2019-6468. ISC BIND is a set of open source software developed by ISC Corporation in the United States that implements the DNS protocol. An attacker could exploit this vulnerability to run out of file descriptors, affecting network connections and file management. ISC.org has confirmed the vulnerability and released software updates. ========================================================================== Ubuntu Security Notice USN-3956-1 April 25, 2019 bind9 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Bind could be made to consume resources if it received specially crafted network traffic. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: bind9 1:9.11.5.P1+dfsg-1ubuntu2.3 Ubuntu 18.10: bind9 1:9.11.4+dfsg-3ubuntu5.3 Ubuntu 18.04 LTS: bind9 1:9.11.3+dfsg-1ubuntu1.7 Ubuntu 16.04 LTS: bind9 1:9.10.3.dfsg.P4-8ubuntu1.14 In general, a standard system update will make all the necessary changes. CVE-2018-5745 The "managed-keys" feature was susceptible to denial of service by triggering an assert. CVE-2019-6465 ACLs for zone transfers were incorrectly enforced for dynamically loadable zones (DLZs). For the stable distribution (stretch), these problems have been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u5. We recommend that you upgrade your bind9 packages. For the detailed security status of bind9 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bind9 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzUio4ACgkQEMKTtsN8 Tjb1uw/+MdjOu171QHxImVOxln3m0yQUVlBq1LLq5JuiFgPffYu0lVUTujBGINia T6DUFWnO5Ct7I+B4LIEXTpAY7UYTaBnt8cWxkGqacDxwG21wanJ+EWgo9NtfNmfw s6Zh1rfBDkvDT1OsOcmw8nuisyvZsWvZrNP+2mzfCTSm7jaqVLp1MfJZDBmXPlAF VoPvAwDO/XjDxQDUcxwCxRu590pbHrS5Fdi+9IN81Vd/MaKwebsQ4MFtLE5J1miU nnzWDT7V8JbLFj4KzFn7ugLTVw4e/lLXK3h+Qsssxa5o0emNPRz21q6HqTeFB8sg pT4F7krQq1lbEI1viTqXChK4Slj6uEnagt0WOzoJ+SLpcY9pojoVabivFf3UNXg7 ceflAcb9jdm1M7KCYy34XCMMwrFiwr078NTj5+158qrXX/I7ydFTkJLCmDrqcKfP sF738m0XuhnPunycZk6SFZpoRi+bZlbs6oEXyBU3QgFKjz/qkgCdXUC0TO6wxAed QkeSksPO5/Hwegr/UYDnB77htWmOaXUllDlGicGseFWe0GoeYr0p8AWIUnb1cCa4 YwtNJzEqK0TrN73IWFQd6YJxMxNajRXItnuijxon6vtjCTu+/8ROujqfNz9EYJZ2 85aJ/noHLePNV4MBka0kSBapZRocrcNKjKX8QMDb8N1nEvjSl8k= =VAvv -----END PGP SIGNATURE----- . Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: The TCP client quota set using the tcp-clients option could be exceeded in some cases. This could lead to exhaustion of file descriptors. For more information, see: https://kb.isc.org/docs/cve-2018-5743 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bind-9.11.6_P1-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/bind-9.11.6_P1-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/bind-9.11.6_P1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/bind-9.11.6_P1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bind-9.14.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/bind-9.14.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.0 package: d6835a3a22d339df9ca0afd5ab8561bc bind-9.11.6_P1-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 892265f47674a12362bf821dab2cc9fa bind-9.11.6_P1-x86_64-1_slack14.0.txz Slackware 14.1 package: 4c55681ae3fb61df7d1af3c92fc53db5 bind-9.11.6_P1-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 932435bf42a652149c5d7a68267696f1 bind-9.11.6_P1-x86_64-1_slack14.1.txz Slackware 14.2 package: 65779b9f25e221aa3bb1726e331218d4 bind-9.11.6_P1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: a6b8c6ea2b4abd53b9cb21a77ffc93b7 bind-9.11.6_P1-x86_64-1_slack14.2.txz Slackware -current package: c1f720dd751a405a60b8e6b59dcb3279 n/bind-9.14.1-i586-1.txz Slackware x86_64 -current package: 65a617602a5e83d626d1a7045f346cf4 n/bind-9.14.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg bind-9.11.6_P1-i586-1_slack14.2.txz Then, restart the name server: # /etc/rc.d/rc.bind restart +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: bind security update Advisory ID: RHSA-2019:1492-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1492 Issue date: 2019-06-17 CVE Names: CVE-2018-5743 ===================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: bind-9.8.2-0.68.rc1.el6_10.3.src.rpm i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpm x86_64: bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: bind-9.8.2-0.68.rc1.el6_10.3.src.rpm x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: bind-9.8.2-0.68.rc1.el6_10.3.src.rpm i386: bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm ppc64: bind-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.ppc.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm s390x: bind-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.s390.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.s390x.rpm x86_64: bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpm ppc64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.ppc.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.ppc64.rpm s390x: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.s390.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.s390x.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.s390x.rpm x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: bind-9.8.2-0.68.rc1.el6_10.3.src.rpm i386: bind-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.i686.rpm x86_64: bind-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-chroot-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-libs-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-utils-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.i686.rpm x86_64: bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-debuginfo-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.i686.rpm bind-devel-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm bind-sdb-9.8.2-0.68.rc1.el6_10.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5743 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXQeMRNzjgjWX9erEAQisPg//eldRl/IQMiih6PH05Hwn+4lIqnuqlYiD x7Cz8zj55QZd6UyzXI10dU9SkLNVAIHgl+56nutcLU0Q6H3Uv2OrC9aySTPIkJJF p/VXV/AlziJoKsHJKukd6+sPAAzWmzHLNxBQkYQ1dy2b2apVtphUBvjFVE3xlRbB +P2QtSYlb/iSPzIb3Ib1j8xcZOB2YPoZN9ss98fqqIq1+7svw6kJ6hugU2pk1t/d mtRlXToV6Sefw0sc3yD6Oj3rAjR/d1udhMKj5fpD+JJTIlBvXBCa95wBlc2VBNzp c/11d8pwkgbHyz4eLyoWCHjWqpdBdD9RMSo48YfsX9juuACsiVawZ3Ui8W1cmLq6 dyGeIk4i/PsRJwO2PNBuAMNF871rcjI7ngAUbKbT4r9qGCxz1rzC/rW47hHuDsM4 /SM7S6SHWBLT90AFhxH2kgbBt9sKIYxGdBgKSIzfkNyEJwc75Evc9oEAy1UtLMFN EytT3crdPbC0xIxmUiqUhlWnU2l/gpBETpxb1djIBHi6H7XwuUfJqmC6sKVARrDO F/to4y5KvzFZ1zJImN0c+RaW3/368BWJwI9XvDB1II78TMsoAdrvk57+nuSz/jtR +/3TwX+CeWX7dLyYZs9hjrd1oNbILwPFxpIlTJ2igxybngAw1fXkCjkJYdpqWGbY dv6b3SGk4E8= =p9yK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with a broadcast receiver app component named com.suntek.mway.rcs.app.test.TestReceiver and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a broadcast receiver app component named com.rcs.gsma.na.test.TestReceiver allow any app co-located on the device to programmatically send text messages where the number and body of the text message is controlled by the attacker due to an exported broadcast receiver app component. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. A separate vulnerability in the app allows a zero-permission app to programmatically delete text messages, so the sent text messages can be removed to not alert the user. Coolpad Defiant , T-Mobile Revvl Plus , ZTE ZMAX Pro The device contains an input validation vulnerability.Information may be tampered with

The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with an exported content provider named com.suntek.mway.rcs.app.service.provider.message.MessageProvider and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a content provider named com.rcs.gsma.na.provider.message.MessageProvider allow any app co-located on the device to read, write, insert, and modify the user's text messages. This is enabled by an exported content provider app component that serves as a wrapper to the official content provider that contains the user's text messages. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. Coolpad Defiant , T-Mobile Revvl Plus , ZTE ZMAX Pro The device contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. There is a security vulnerability in the app.service package. Attackers can exploit this vulnerability to read, edit, insert and modify user text messages