VARIoT IoT vulnerabilities database

An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible. Contiki-NG Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Contiki-NG is an open source cross-platform operating system for the next generation of IoT devices. MQTT Server is one of the message queue transfer servers. Contiki-NG MQTT servers prior to 4.2 have a stack-based buffer overflow vulnerability. An attacker could use this vulnerability to execute code

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Tmux is an open source terminal multiplexer. There is a security hole in the \342\200\230format_cb_pane_tabs\342\200\231 function of the format.c file in tmux 2.7 to 2.8. An attacker could exploit the vulnerability to cause a denial of service (null pointer reverse reference and application crash)

An exploitable remote code execution vulnerability exists in the ping and tracert functionality of the TP-Link TL-R600VPN HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 http server. A specially crafted IP address can cause a stack overflow, resulting in remote code execution. An attacker can send a single authenticated HTTP request to trigger this vulnerability. TP-Link TL-R600VPN Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-R600VPN is an enterprise router of China TP-LINK. HTTPServer is one of the HTTP servers. A buffer overflow vulnerability exists in HTTPServer in TP-LinkTL-R600VPNHWv3FRNv1.3.0 and HWv2FRNv1.2.3

An exploitable information disclosure vulnerability exists in the HTTP server functionality of the TP-Link TL-R600VPN. A specially crafted URL can cause a directory traversal, resulting in the disclosure of sensitive system files. An attacker can send either an unauthenticated or an authenticated web request to trigger this vulnerability. TP-Link TL-R600VPN Contains a path traversal vulnerability.Information may be obtained. TP-LinkTL-R600VPN is an enterprise router of China TP-LINK

An exploitable remote code execution vulnerability exists in the HTTP header-parsing function of the TP-Link TL-R600VPN HTTP Server. A specially crafted HTTP request can cause a buffer overflow, resulting in remote code execution on the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. TP-Link TL-R600VPN HTTP Server Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TP-LinkTL-R600VPN is an enterprise router of China TP-LINK. HTTPServer is one of the HTTP servers. A buffer overflow vulnerability exists in HTTPServer in TP-LinkTL-R600VPNHWv3FRNv1.3.0

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. SAP NetWeaver is prone to open-redirection vulnerability An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. The following products and versions are affected: Dell EMC Avamar Server Version 7.2.0, Version 7.2.1, Version 7.3.0, Version 7.3.1, Version 7.4.0, Version 7.4.1, Version 7.5.0, Version 7.5.1 , Version 18.1; EMC IDPA Version 2.0, Version 2.1, Version 2.2. Credits: Dell EMC would like to thank Jarrod Farncomb of TSS (https://www.dtss.com.au/) for reporting these vulnerabilities. Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0029 Severity: Critical Synopsis: vSphere Data Protection (VDP) updates address multiple security issues. Issue date: 2018-11-20 Updated on: 2018-11-20 (Initial Advisory) CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077 1. Summary vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Critical 6.1.10 None VDP 6.0.x VA Critical 6.0.9 None b. Open redirection vulnerability. VDP contains an open redirection vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11067 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.10 None VDP 6.0.x VA Important 6.0.9 None c. Information exposure vulnerability. VDP contains an information exposure vulnerability. VDP Java management console's SSL/TLS private key may be leaked in the VDP Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11076 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.9 None VDP 6.0.x VA Important 6.0.9 None d. Command injection vulnerability. The 'getlogs' troubleshooting utility in VDP contains an OS command injection vulnerability. A malicious admin user may potentially be able to execute arbitrary commands under root privilege. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11077 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Moderate 6.1.10 None VDP 6.0.x VA Moderate 6.0.9 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vSphere Data Protection 6.1.10 Downloads and Documentation: https://my.vmware.com/group/vmware/details?productId=491 &downloadGroup=VDP6110 https://www.vmware.com/support/pubs/vdr_pubs.html vSphere Data Protection 6.0.9 Downloads and Documentation: https://my.vmware.com/web/vmware/details?productId=491 &downloadGroup=VDP60_9 https://www.vmware.com/support/pubs/vdr_pubs.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077 - - ------------------------------------------------------------------------- 6. Change log 2018-11-20 VMSA-2018-0029 Initial security advisory in conjunction with the release of VMware vSphere Data Protection 6.1.10 on 2018-11-20 - - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78 uNuYj2zthluNsnPjltdQNTQ= =UYUq -----END PGP SIGNATURE-----

Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. VMware vSphere Data Protection is prone to an OS command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0029 Severity: Critical Synopsis: vSphere Data Protection (VDP) updates address multiple security issues. Issue date: 2018-11-20 Updated on: 2018-11-20 (Initial Advisory) CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077 1. Summary vSphere Data Protection (VDP) updates address multiple security issues. 2. Relevant Products vSphere Data Protection (VDP). VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Critical 6.1.10 None VDP 6.0.x VA Critical 6.0.9 None b. Open redirection vulnerability. VDP contains an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11067 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.10 None VDP 6.0.x VA Important 6.0.9 None c. Information exposure vulnerability. VDP contains an information exposure vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11076 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.9 None VDP 6.0.x VA Important 6.0.9 None d. Command injection vulnerability. The 'getlogs' troubleshooting utility in VDP contains an OS command injection vulnerability. A malicious admin user may potentially be able to execute arbitrary commands under root privilege. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11077 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Moderate 6.1.10 None VDP 6.0.x VA Moderate 6.0.9 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vSphere Data Protection 6.1.10 Downloads and Documentation: https://my.vmware.com/group/vmware/details?productId=491 &downloadGroup=VDP6110 https://www.vmware.com/support/pubs/vdr_pubs.html vSphere Data Protection 6.0.9 Downloads and Documentation: https://my.vmware.com/web/vmware/details?productId=491 &downloadGroup=VDP60_9 https://www.vmware.com/support/pubs/vdr_pubs.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077 - - ------------------------------------------------------------------------- 6. Change log 2018-11-20 VMSA-2018-0029 Initial security advisory in conjunction with the release of VMware vSphere Data Protection 6.1.10 on 2018-11-20 - - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78 uNuYj2zthluNsnPjltdQNTQ= =UYUq -----END PGP SIGNATURE----- . For affected IDPA releases, install the appropriate hotfix on the Avamar server directly. Dell EMC recommends all customers apply the hotfix at the earliest opportunity. Refer to KB Article 513978 for instructions on applying the hotfix. Please note that applying the hotfix will restart the Management Console Service, It is recommended to stop backups before applying this hotfix, or install this hotfix during maintenance window. Credits: Dell EMC would like to thank TSS (https://www.dtss.com.au/) for reporting these vulnerabilities. a Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain a Remote Code Execution vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary commands on the server. VMware vSphere Data Protection is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in denial-of-service conditions. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. The following products and versions are affected: Dell EMC Avamar Server Version 7.2.0, Version 7.2.1, Version 7.3.0, Version 7.3.1, Version 7.4.0, Version 7.4.1, Version 7.5.0, Version 7.5.1 , Version 18.1; EMC IDPA Version 2.0, Version 2.1, Version 2.2. Credits: Dell EMC would like to thank Jarrod Farncomb of TSS (https://www.dtss.com.au/) for reporting these vulnerabilities. Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0029 Severity: Critical Synopsis: vSphere Data Protection (VDP) updates address multiple security issues. Issue date: 2018-11-20 Updated on: 2018-11-20 (Initial Advisory) CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077 1. Summary vSphere Data Protection (VDP) updates address multiple security issues. 2. VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Critical 6.1.10 None VDP 6.0.x VA Critical 6.0.9 None b. Open redirection vulnerability. VDP contains an open redirection vulnerability. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11067 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.10 None VDP 6.0.x VA Important 6.0.9 None c. Information exposure vulnerability. VDP contains an information exposure vulnerability. VDP Java management console's SSL/TLS private key may be leaked in the VDP Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11076 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.9 None VDP 6.0.x VA Important 6.0.9 None d. Command injection vulnerability. The 'getlogs' troubleshooting utility in VDP contains an OS command injection vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11077 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Moderate 6.1.10 None VDP 6.0.x VA Moderate 6.0.9 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. vSphere Data Protection 6.1.10 Downloads and Documentation: https://my.vmware.com/group/vmware/details?productId=491 &downloadGroup=VDP6110 https://www.vmware.com/support/pubs/vdr_pubs.html vSphere Data Protection 6.0.9 Downloads and Documentation: https://my.vmware.com/web/vmware/details?productId=491 &downloadGroup=VDP60_9 https://www.vmware.com/support/pubs/vdr_pubs.html 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077 - - ------------------------------------------------------------------------- 6. Change log 2018-11-20 VMSA-2018-0029 Initial security advisory in conjunction with the release of VMware vSphere Data Protection 6.1.10 on 2018-11-20 - - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78 uNuYj2zthluNsnPjltdQNTQ= =UYUq -----END PGP SIGNATURE-----

'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. VMware vSphere Data Protection is prone to an information-disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks to obtain sensitive information, and perform unauthorized actions. Successful exploits will lead to other attacks. Dell EMC Avamar Server is a suite of fully virtualized backup and recovery software for servers. The following products and versions are affected: Dell EMC Avamar Server Version 7.2.0, Version 7.2.1, Version 7.3.0, Version 7.3.1, Version 7.4.0, Version 7.4.1, Version 7.5.0, Version 7.5.1 , Version 18.1; EMC IDPA Version 2.0, Version 2.1, Version 2.2. For affected IDPA releases, install the appropriate hotfix on the Avamar server directly. Dell EMC recommends all customers apply the hotfix at the earliest opportunity. Refer to KB Article 526331 for instructions on applying the hotfix. Please note that applying the hotfix does not require a system reboot or shutdown. Credits: Dell EMC would like to thank TSS (https://www.dtss.com.au/) for reporting these vulnerabilities. a Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2018-0029 Severity: Critical Synopsis: vSphere Data Protection (VDP) updates address multiple security issues. Issue date: 2018-11-20 Updated on: 2018-11-20 (Initial Advisory) CVE number: CVE-2018-11066, CVE-2018-11067, CVE-2018-11076, CVE-2018-11077 1. Summary vSphere Data Protection (VDP) updates address multiple security issues. 2. VDP is based on Dell EMC Avamar Virtual Edition. 3. Problem Description a. Remote code execution vulnerability. VDP contains a remote code execution vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11066 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Critical 6.1.10 None VDP 6.0.x VA Critical 6.0.9 None b. Open redirection vulnerability. VDP contains an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11067 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.10 None VDP 6.0.x VA Important 6.0.9 None c. Information exposure vulnerability. VDP contains an information exposure vulnerability. VDP Java management console's SSL/TLS private key may be leaked in the VDP Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11076 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Important 6.1.9 None VDP 6.0.x VA Important 6.0.9 None d. Command injection vulnerability. The 'getlogs' troubleshooting utility in VDP contains an OS command injection vulnerability. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-11077 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround ========== ========= ======= ======== ================ ========== VDP 6.1.x VA Moderate 6.1.10 None VDP 6.0.x VA Moderate 6.0.9 None 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11066 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11067 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11076 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11077 - - ------------------------------------------------------------------------- 6. Change log 2018-11-20 VMSA-2018-0029 Initial security advisory in conjunction with the release of VMware vSphere Data Protection 6.1.10 on 2018-11-20 - - ------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce at lists.vmware.com bugtraq at securityfocus.com fulldisclosure at seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 490) Charset: utf-8 wj8DBQFb9EH6DEcm8Vbi9kMRAm01AJ95gjr0/RR7uEkqUOpgt0tJadv8LgCfVk78 uNuYj2zthluNsnPjltdQNTQ= =UYUq -----END PGP SIGNATURE-----

Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. Zyxel VMG1312-B10D The device contains a path traversal vulnerability.Information may be obtained. ZyxelVMG1312-B10D is a wireless gateway device from ZyXEL Technology. A directory traversal vulnerability exists in versions of ZyxelVMG1312-B10D5.13 (AAXA.8) prior to C0. An attacker can exploit this vulnerability to access arbitrary files with the \342\200\230../\342\200\231 directory traversal sequence

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008. Local Server Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. LocalServer is a web server based on the Windows platform. A buffer overflow vulnerability exists in the LocalServer version 1.0.9. An attacker could exploit the vulnerability with specially crafted data to cause a denial of service

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper authorization vulnerability. Since appviahttp service has no authorization delay, an attacker can be allowed to brute force account credentials. ZTE ZXHN F670 The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHNF670 is an ITU-TG.984 and ITU-Tg.988 compatible Optical Network Terminal (ONT) designed for high-end home users

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by improper access control vulnerability, which may allows an unauthorized user to perform unauthorized operations on the router. ZTE ZXHN F670 The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ZTE ZXHNF670 is an ITU-TG.984 and ITU-Tg.988 compatible Optical Network Terminal (ONT) designed for high-end home users

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by information exposure vulnerability, which may allow an unauthenticated attacker to get the GPON SN information via appviahttp service. ZTE ZXHN F670 Contains an information disclosure vulnerability.Information may be obtained. ZTEZXHNF670 is a modem from China ZTE Corporation (ZTE)

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets. The LenovoChassisManagementModule (CMM) is a hot-swappable LenovoFlexSystem module that can be used to configure and manage all installed LenovoFlexSystem components

Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration. The LenovoChassisManagementModule (CMM) is a hot-swappable LenovoFlexSystem module that can be used to configure and manage all installed LenovoFlexSystem components

Kewei text display screen configuration software KEC330 is an intelligent small human-machine interface that replaces traditional panel controllers. There is a denial of service vulnerability in the Kewei text display screen configuration software KEC330. An attacker can cause a program to crash by constructing a malformed configuration file (KECX file), and if successfully exploited, can cause arbitrary code execution

Kewei text display integrated screen configuration software IOCS is a programming software. There is a denial of service vulnerability in the IOCS, the screen configuration software of the Kuwait text display integrated machine. An attacker can cause a program to crash by constructing a malformed ICOS format, and if successfully exploited, can cause arbitrary code execution

Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow. Modbus Slave Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Modbus Slave is a device simulator for PLCs, mainly used for PLC programming. An attacker could exploit the vulnerability to cause a denial of service

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors. plural Lenovo and IBM System x Server products contain vulnerabilities related to access control.Information may be tampered with. Lenovo System x is a server of China Lenovo (Lenovo). IBM System x is a server of IBM Corporation in the United States. Security flaws exist in Lenovo and IBM System x servers. Attackers can exploit this vulnerability to crash the system