VARIoT IoT vulnerabilities database

An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP. RLE Wi-MGR/FDS-Wi The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. RLE Wi-MGR / FDS-Wi is a wireless monitoring device

An issue was discovered on Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) devices. Remote attackers can obtain potentially sensitive information via a /DbXmlInfo.xml request, as demonstrated by the Latitude/Longitude of the device. Lutron Quantum BACnet Integration is a lighting control system developed by Lutron Electronics in the United States

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform

Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. Datto ALTO and SIRIS The device contains an information disclosure vulnerability.Information may be obtained. Both Datto ALTO and SIRIS are products of Datto Company in the United States. Datto ALTO is a suite of continuity solutions using image-based backup and hybrid cloud models. SIRIS is a suite of solutions that provide data backup, recovery and business continuity for on-premises, virtual and cloud environments within a single platform

An issue was discovered in certain Apple products. iOS before 11.2.6 is affected. macOS before 10.13.3 Supplemental Update is affected. tvOS before 11.2.6 is affected. watchOS before 4.2.3 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a crafted string containing a certain Telugu character. Apple iOS, macOS Sierra, tvOS, and watchOS are all products of the US company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreText is one of the typesetting engine components. The following products and versions are affected: Apple iOS prior to 11.2.6; macOS High Sierra prior to 10.13.3 Supplemental Update; tvOS prior to 11.2.6; watchOS prior to 4.2.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2018-02-19-1 iOS 11.2.6 iOS 11.2.6 is now available and addresses the following: CoreText Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted string may lead to heap corruption Description: A memory corruption issue was addressed through improved input validation. CVE-2018-4124: an anonymous researcher Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "11.2.6". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJaizCFAAoJEIOj74w0bLRGudgP/A21nHvIArfC6P8S52R3m6H9 UqRAb7o9dC4kK7UZiE/mXYQMcPZrxCM9XNs5U1o/cziFibAdHIUMsCcXpPVZEC0/ KLj2XjTCPSAsFEqgkWXbzWi6epnir+yHc3SUgTBsQk78ZA+ArDGgY27lY32wPpC1 nXbqe18I/mnEX+GHzgdnST27bDX8aBENJYeJp3bUugfDXplO8uZusTAzowh6Z+9j lzt5gt3H01RRflVf2J4jCI+MD3FQHOP/CvW2srVofRvtRMRxfOMJDmbFCkqp7Ep5 Np08UjTaWNVBVNrtt0O1nhMS30iFcFSHE50TuHeS0XGnx8yVJOOM4Psik8iRlCGv 9F3lXcIMw4Nh4Ff2u3YrhaFbtt7lS5nKPwAgzzTjuDYQiA1XUBKU4x9KbpY8Vkr2 GX+tLHfkp48jPMhafEi4e2VS7ysvcK7vcgPzs+oy+6Pxze0T0/G/vKfDLTGYzTLS CEqCM0rVlv3tOYZn9eF+Dl8jAJ2NDCxyGAV8AqWFNkMgDSc4UhCQOVqV/iXE8ks3 UGQz3e3sXIGlLD3xBmuQ183PvX6b8rEUDfxwh/ixBXv3hJt7A+mR9EXsj/SXhXXG 3bsZdfW61mEdMUfVllJpt9ctceX7q1BAJbLDnxlMJUNAFVggfcERWLPKTwWbREhX xu7Xlj99gSjM4B0zFq1F =3j+M -----END PGP SIGNATURE----- . Alternatively, on your watch, select "My Watch > General > About"

A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges. Nortek Security&Control is a company that provides wireless security, home automation and personal security systems and devices. The platform provides scalable, browser-based access control capabilities

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). CUPS Contains vulnerabilities related to security features.Information may be tampered with. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. This vulnerability can be used to execute arbitrary IPP commands. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Bug Fix(es): * Gather image registry config (backport to 4.3) (BZ#1836815) * Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176) * Login with OpenShift not working after cluster upgrade (BZ#1852429) * Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018) * [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110) * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64 The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc 3. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:3864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3864 Issue date: 2020-09-29 CVE Names: CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190) * cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675) * cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1546395 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue 1738455 - CVE-2019-8675 cups: stack-buffer-overflow in libcups's asn1_get_type function 1738497 - CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm ppc64: cups-1.6.3-51.el7.ppc64.rpm cups-client-1.6.3-51.el7.ppc64.rpm cups-debuginfo-1.6.3-51.el7.ppc.rpm cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-devel-1.6.3-51.el7.ppc.rpm cups-devel-1.6.3-51.el7.ppc64.rpm cups-libs-1.6.3-51.el7.ppc.rpm cups-libs-1.6.3-51.el7.ppc64.rpm cups-lpd-1.6.3-51.el7.ppc64.rpm ppc64le: cups-1.6.3-51.el7.ppc64le.rpm cups-client-1.6.3-51.el7.ppc64le.rpm cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-devel-1.6.3-51.el7.ppc64le.rpm cups-libs-1.6.3-51.el7.ppc64le.rpm cups-lpd-1.6.3-51.el7.ppc64le.rpm s390x: cups-1.6.3-51.el7.s390x.rpm cups-client-1.6.3-51.el7.s390x.rpm cups-debuginfo-1.6.3-51.el7.s390.rpm cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-devel-1.6.3-51.el7.s390.rpm cups-devel-1.6.3-51.el7.s390x.rpm cups-libs-1.6.3-51.el7.s390.rpm cups-libs-1.6.3-51.el7.s390x.rpm cups-lpd-1.6.3-51.el7.s390x.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-ipptool-1.6.3-51.el7.ppc64.rpm ppc64le: cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-ipptool-1.6.3-51.el7.ppc64le.rpm s390x: cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-ipptool-1.6.3-51.el7.s390x.rpm x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OfSNzjgjWX9erEAQip1g//fGQ6FQsoJ/QpnHB9KiGT507Wl0HwxQYz FaaarvC/P+E78cXLDikMs/eIY9dIXeyOZyPja/u4sNSwl/ZwPxqrm7ikV0va3UrE +NciXotVICT59ONqmFwNoBsAkxHG84hDxuhRKe8MDgJQWrOruXsbzxzznQam6s4v etRS7p8TPKDyYCGqQui8WRvFWQtVbtFHGR7Gnz5AMkTFanUqU9dxQu070UbUtkNl 6TpB++/AU9X48a/RkLlt7rgtEAT0eG0VJkPUxhollegIWxTq6ICuKwLcnH7jnphD nY5DEUE7NdP8rPkw9XKnKSlkIR68M3SMDhu/cfvwfj0QzsjzERRNdOIbKiFiV3/w Ayp2r2r9XxWAUXp7Rgm6meRlmNv+lTAyTXLVo3VrtGpU6221vszaiLhlQikqExsu 9DwvLWMyabQrdv+eWCYCRYyz/oiv+j7LjB6sN83baF9nF7WBSTIeTVq3ZgMo/orX vWmaRdN0ozVtKKsVGtns7Cb9UUIpU2h903i3VNa6SJKS1TyiqvkfG7Yq+h63BDyw CB3c0K/3W/KX9GhbqVLM/q45xBPkqCCliSoeibSL+LgbgAXokIXd4Pen9C76h6g2 FsI6JQ/SQ8iPaXDyWd8P7BVANKBIL/tXknRCQSUjC7mGJA372/euzQw98+FYCUzq RML7ea/mqjI=bzrd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3577-1 February 21, 2018 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: CUPS could be made to provide access to printers over the network. Software Description: - cups: Common UNIX Printing System(tm) Details: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9 In general, a standard system update will make all the necessary changes

A Remote Code Execution vulnerability in all versions of HPE LoadRunner and Performance Center was found. HPE LoadRunner and Performance Center Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A remote, unauthenticated attacker can gain remote code execution on the device with a crafted password parameter for the COOKIE header. Tenda AC15 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TendaAC15 is a wireless router product from Tenda. ** Advisory Information Title: [CVE-2018-5767] Remote Code Execution Walkthrough on Tenda AC15 Router Blog URL: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ Vendor: Tenda Date Published: 14/02/2018 CVE: CVE-2018-5767 ** Vulnerability Summary The vulnerability in question is caused by a buffer overflow due to unsanitised user input being passed directly to a call to sscanf. ** Vendor Response Numerous attempts were made to contact the vendor with no success. Due to the nature of the vulnerability, offset's have been redacted from the post to prevent point and click exploitation. ** Report Timeline Vulnerability discovered and first reported - 14/1/2018 Second attempt to make contact, further informing the vendor of the severity of the vulnerability - 18/1/2018 CVE's assigned by Mitre.org - 19/1/2018 Livechat attempt to contact vendor - 19/1/2018 Another attempt to contact vendor 23/1/2018 Further attempt to contact vendor, confirming 5 CVE's had been assigned to their product - 31/1/2018 Final contact attempted & warning of public disclosure - 8/2/2018 Public disclosure - 14/2/2018 ** Credit This vulnerability was discovered by Tim Carrington @__invictus_, part of the Fidus Information Security research team. ** References https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ ** Disclaimer This advisory is licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 License: http://creativecommons.org/licenses/by-nc-sa/3.0/ [https://api.salesflare.com/img/90542021a59e43879370651ba637dd97]

A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications

Bluetooth module in some Huawei mobile phones with software LON-AL00BC00B229 and earlier versions has a buffer overflow vulnerability. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth AVDTP/AVCTP messages after successful paring, causing buffer overflow. Successful exploit may cause code execution. Huawei Smartphone software contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei LON-AL00B is a smart phone product of China Huawei (Huawei). Bluetooth module is one of the Bluetooth modules. The vulnerability is caused by insufficient verification of input in the program. Attackers can exploit this vulnerability to execute code by forging or tampering with Bluetooth AVDTP/AVCTP packets after successful Bluetooth pairing

Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R005C32, V200R007C00, V200R008C20, V200R008C30, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30,AR2200 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, NetEngine16EX V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, V200R008C30 have an out-of-bound read vulnerability in some Huawei products. Due to insufficient input validation, a remote, unauthenticated attacker may send crafted signature to the affected products. Successful exploit may cause buffer overflow, services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei AR120-S is a router product of China Huawei. The following products and versions are affected: Huawei AR120-S V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR1200 V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR1200- S V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR150 V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR150-S V200R005C32 Version, V200R007C00 Version, V200R008C20 Version, V200R008C30 Version; AR160 V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R007C02 Version, V200R008C20 Version, V200R008C30 Version; AR200 V200R005C32 Version, V200R006C10 Version, V200R007C00 Version, V200R007C01 Version, V200R008C20 Version, V200R008C30 Version; AR200-S V200R005C32 Version, V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR2200

An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. The SSH functions of the device are vulnerable to buffer overflow conditions that may allow a remote attacker to execute arbitrary code on the device. GeneralElectricCompany is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) D60 Line Distance Relay is prone to multiple buffer-overflow vulnerabilities because the application fails to handle exceptions properly. Failed exploits will result in denial-of-service condition. D60 devices running firmware Version 7.11 and prior are vulnerable. The product is used to protect transmission lines and cables, supports double circuit breaker applications, and can be used in single-pole or three-pole tripping applications. The vulnerability is caused by the program not properly restricting operations within the boundaries of the memory buffer

The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its parsing of "Capabilities" in BGP OPEN messages, in the bgp_packet.c:bgp_capability_msg_parse function. The parser can enter an infinite loop on invalid capabilities if a Multi-Protocol capability does not have a recognized AFI/SAFI, causing a denial of service. The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is <a href="https://savannah.nongnu.org/forum/forum.php?forum_id=9095"target="blank"> Information provided by the developer </a> Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface). https://www.quagga.net/security/Quagga-2018-1975.txt For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2. We recommend that you upgrade your quagga packages. For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4" References ========== [ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Quagga. Software Description: - quagga: BGP/OSPF/RIP routing daemon Details: It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. (CVE-2018-5378) It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5381) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2 Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4 Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5 After a standard system update you need to restart Quagga to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3573-1 CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381 Package Information: https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun internal BGP code-to-string conversion tables used for debug by 1 pointer value, based on input. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is <a href="https://savannah.nongnu.org/forum/forum.php?forum_id=9095"target="blank"> Information provided by the developer </a> Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to multiple denial of service vulnerabilities. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface). https://www.quagga.net/security/Quagga-2018-1975.txt For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2. We recommend that you upgrade your quagga packages. For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4" References ========== [ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Quagga. Software Description: - quagga: BGP/OSPF/RIP routing daemon Details: It was discovered that a double-free vulnerability existed in the Quagga BGP daemon when processing certain forms of UPDATE message. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. An attacker could use this to expose sensitive information or possibly cause a denial of service. This issue only affected Ubuntu 17.10. An attacker in control of a configured peer could use this to possibly expose sensitive information or possibly cause a denial of service. (CVE-2018-5380) It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. An attacker in control of a configured peer could use this to cause a denial of service (infinite loop). (CVE-2018-5381) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2 Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4 Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5 After a standard system update you need to restart Quagga to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3573-1 CVE-2018-5378, CVE-2018-5379, CVE-2018-5380, CVE-2018-5381 Package Information: https://launchpad.net/ubuntu/+source/quagga/1.1.1-3ubuntu0.2 https://launchpad.net/ubuntu/+source/quagga/0.99.24.1-2ubuntu1.4 https://launchpad.net/ubuntu/+source/quagga/0.99.22.4-3ubuntu1.5

The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free memory when processing certain forms of UPDATE message, containing cluster-list and/or unknown attributes. A successful attack could cause a denial of service or potentially allow an attacker to execute arbitrary code. Quagga bgpd Contains several vulnerabilities: * Buffer overflow (CWE-119) - CVE-2018-5378 (Quagga-2018-0543) * Double memory release (CWE-415) - CVE-2018-5379 (Quagga-2018-1114) * Out of bounds read (CWE-125) - CVE-2018-5380 (Quagga-2018-1550) * Improper handling of incorrect syntactic constructs (CWE-228) - CVE-2018-5381 (Quagga-2018-1975) Detail is <a href="https://savannah.nongnu.org/forum/forum.php?forum_id=9095"target="blank"> Information provided by the developer </a> Please refer to.The expected impact depends on each vulnerability, but remote code execution, information leakage, service operation interruption by a remote third party (DoS) An attack could be made. Quagga is prone to a remote code-execution vulnerability. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to Quagga 1.2.3 are vulnerable. A configured peer can take advantage of this flaw to cause a denial of service (bgpd daemon not responding to any other events; BGP sessions will drop and not be reestablished; unresponsive CLI interface). https://www.quagga.net/security/Quagga-2018-1975.txt For the oldstable distribution (jessie), these problems have been fixed in version 0.99.23.1-1+deb8u5. For the stable distribution (stretch), these problems have been fixed in version 1.1.1-3+deb9u2. We recommend that you upgrade your quagga packages. For the detailed security status of quagga please refer to its security tracker page at: https://security-tracker.debian.org/tracker/quagga Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqGBaVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RpyRAAhVpntFw+LSUUzL2/cx7m+s4fHijhOkU/AjKKmW4a9rAi0iJYW4HNv5BU cKfz6yhngFUzCa+Glhmiwzt77eAoeksJSvxkKio5CTqjV3OxCWbDPPz/iRRHcKvK MGhnqyShMCF8boQU0plmqNbfhnSWNAObbaI2fPmjLOU4A4jPY1T/fbzu4Sd3k5qY ETeHq9+HlVdGnyNEoYnoO0XQH56ueNHy3VlChJ0S2OPtFtoKXkjM/er+yG6413+G 3e90tcbm2xlitmrTyZm9K/Q08UWLJx510n1rxehaO1DTEz+bqSNezySOhyNb8sTA fuadDpgs2ozwgSmxyuWFj0RL3fKvgycw1ZeNiS5nUmRJTobrPlnjyX+A8FEJhPuI 9xyVa8j6wUeBVZdgd9b/EWLQ1Z9oDRiXmHRJeVOtz4JRNPP1KLtBcsPxFW9eCp83 9gFMqk/vMYQSpRqtQdnl5OawEpeurMtusBsnlEV5y9afiHU9jKB8N7RPwxCJgtjP /jmhS4lOvn3F5lNILahaL3lrk/b0EsECajBltbN9YVU0yabWWRWSMrJ3ujamhaXE aUQKmVj1alwDyg90vToiUftdr3R0hPPFuzA0BAK55SJVzjwJ2XInzItr+2y1tMPn dSpd32tzrxpDm86rvmRIiAJbj28n7QnX9I9BlKZqWq2fUUhTkNg= =Gy8j -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: quagga security update Advisory ID: RHSA-2018:0377-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0377 Issue date: 2018-02-28 CVE Names: CVE-2018-5379 ===================================================================== 1. Summary: An update for quagga is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le 3. Description: The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix(es): * quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Quagga project for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. 5. Package List: Red Hat Enterprise Linux Server (v. 7): Source: quagga-0.99.22.4-5.el7_4.src.rpm ppc64: quagga-0.99.22.4-5.el7_4.ppc.rpm quagga-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm s390x: quagga-0.99.22.4-5.el7_4.s390.rpm quagga-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: quagga-0.99.22.4-5.el7_4.src.rpm aarch64: quagga-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm ppc64le: quagga-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: quagga-contrib-0.99.22.4-5.el7_4.ppc64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64.rpm quagga-devel-0.99.22.4-5.el7_4.ppc.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64.rpm ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm s390x: quagga-contrib-0.99.22.4-5.el7_4.s390x.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390.rpm quagga-debuginfo-0.99.22.4-5.el7_4.s390x.rpm quagga-devel-0.99.22.4-5.el7_4.s390.rpm quagga-devel-0.99.22.4-5.el7_4.s390x.rpm x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: quagga-contrib-0.99.22.4-5.el7_4.aarch64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.aarch64.rpm quagga-devel-0.99.22.4-5.el7_4.aarch64.rpm ppc64le: quagga-contrib-0.99.22.4-5.el7_4.ppc64le.rpm quagga-debuginfo-0.99.22.4-5.el7_4.ppc64le.rpm quagga-devel-0.99.22.4-5.el7_4.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: quagga-0.99.22.4-5.el7_4.src.rpm x86_64: quagga-0.99.22.4-5.el7_4.i686.rpm quagga-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: quagga-contrib-0.99.22.4-5.el7_4.x86_64.rpm quagga-debuginfo-0.99.22.4-5.el7_4.i686.rpm quagga-debuginfo-0.99.22.4-5.el7_4.x86_64.rpm quagga-devel-0.99.22.4-5.el7_4.i686.rpm quagga-devel-0.99.22.4-5.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5379 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFalvS5XlSAg2UNWIIRAt2VAJoDHq+b03wv2cXdpBivxT/zOAniAQCgkE2/ WD9+DkKEg1eZpmyT0FyyN8s= =NOHT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Quagga: Multiple vulnerabilities Date: April 22, 2018 Bugs: #647788 ID: 201804-17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Quagga, the worst of which could allow remote attackers to execute arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/quagga < 1.2.4 >= 1.2.4 Description =========== Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Quagga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/quagga-1.2.4" References ========== [ 1 ] CVE-2018-5378 https://nvd.nist.gov/vuln/detail/CVE-2018-5378 [ 2 ] CVE-2018-5379 https://nvd.nist.gov/vuln/detail/CVE-2018-5379 [ 3 ] CVE-2018-5380 https://nvd.nist.gov/vuln/detail/CVE-2018-5380 [ 4 ] CVE-2018-5381 https://nvd.nist.gov/vuln/detail/CVE-2018-5381 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201804-17 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3573-1 February 16, 2018 quagga vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Quagga. (CVE-2018-5379) It was discovered that the Quagga BGP daemon did not properly bounds check the data sent with a NOTIFY to a peer. This issue only affected Ubuntu 17.10. (CVE-2018-5378) It was discovered that a table overrun vulnerability existed in the Quagga BGP daemon. (CVE-2018-5380) It was discovered that the Quagga BGP daemon in some configurations did not properly handle invalid OPEN messages. (CVE-2018-5381) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: quagga 1.1.1-3ubuntu0.2 quagga-bgpd 1.1.1-3ubuntu0.2 Ubuntu 16.04 LTS: quagga 0.99.24.1-2ubuntu1.4 Ubuntu 14.04 LTS: quagga 0.99.22.4-3ubuntu1.5 After a standard system update you need to restart Quagga to make all the necessary changes

LFW800E is a gigabit intelligent firewall developed by Lenovo Tiangong Networks for network security applications of medium-sized enterprises. Lenovo Firewall has weak passwords and remote command execution vulnerabilities. Attackers can use this vulnerability to successfully log in to the system, obtain sensitive information, upload webshells, and obtain server permissions.

ANYSEC-M6100 is a standard 1U rackmount VPN secure access gateway. There are default passwords and remote command execution vulnerabilities in the China Netcom ANYSEC security gateway, allowing attackers to log in to the background, construct specific code, execute commands remotely, write to a webshell, and obtain server permissions.

A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks

A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking Module (UMH) could allow an attacker to run arbitrary code on a vulnerable system. Multiple products provided by Trend Micro Incorporated contain an insecure DLL loading issue (CWE-427). When invoking the installers of other applications while the concerned products are installed to the PC, the DLL placed in the same directory as the the installers (of the other applications) may be insecurely loaded. Hidenori Ohta of Mitsubishi Electric Information Systems Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed with the privilege of the user invoking the installer of other applications. A remote attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service condition