Log

AVG-1124 edited at 02 Apr 2020 16:22:55
Severity
- Unknown
+ Critical
CVE-2020-11100 edited at 02 Apr 2020 16:22:55
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ An out-of-bounds memory write has been found in HAProxy before 2.1.4, in the HPACK table management code.
References
+ https://git.haproxy.org/?p=haproxy-2.1.git;a=commitdiff;h=f17f86304f187b0f10ca6a8d46346afd9851a543;hp=dd6f0b1a74fb1241d276484f3c4aced513a95b78
Notes
AVG-1124 created at 02 Apr 2020 16:20:58
Packages
+ haproxy
Issues
+ CVE-2020-11100
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 2.1.3-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://git.haproxy.org/?p=haproxy-2.1.git;a=commitdiff;h=f17f86304f187b0f10ca6a8d46346afd9851a543;hp=dd6f0b1a74fb1241d276484f3c4aced513a95b78
Notes
CVE-2020-11100 created at 02 Apr 2020 16:20:58
ASA-202004-5 edited at 01 Apr 2020 20:34:04
ASA-202004-4 edited at 01 Apr 2020 20:34:00
Workaround
- BPF access can be restricted to privileged users by setting kernel.unprivileged_bpf_disabled to 1:
+ BPF access can be restricted to privileged users by setting
+ kernel.unprivileged_bpf_disabled to 1:
# sysctl -w kernel.unprivileged_bpf_disabled=1
ASA-202004-3 edited at 01 Apr 2020 20:33:53
Workaround
- BPF access can be restricted to privileged users by setting kernel.unprivileged_bpf_disabled to 1:
+ BPF access can be restricted to privileged users by setting
+ kernel.unprivileged_bpf_disabled to 1:
# sysctl -w kernel.unprivileged_bpf_disabled=1
ASA-202004-2 edited at 01 Apr 2020 20:33:49
Workaround
- By default linux-hardened is safe as it restricts BPF access to privileged users. In case the kernel.unprivileged_bpf_disabled setting has been explicitly changed, it can be restricted again:
+ By default linux-hardened is safe as it restricts BPF access to
+ privileged users. In case the kernel.unprivileged_bpf_disabled setting
+ has been explicitly changed, it can be restricted again:
# sysctl -w kernel.unprivileged_bpf_disabled=1
ASA-202004-1 edited at 01 Apr 2020 20:33:44
CVE-2020-10595 edited at 01 Apr 2020 20:31:30
Description
- pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.
+ pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution.
+ This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.
ASA-202004-2 edited at 01 Apr 2020 12:04:33
Workaround
- By default linux-hardened is safe as it restricts BPF access to privileged users. In case the kernel.unprivileged_bpf_disabled setting has been explicitly changed, it can be restricted again:
+ By default linux-hardened is safe as it restricts BPF access to privileged users. In case the kernel.unprivileged_bpf_disabled setting has been explicitly changed, it can be restricted again:
# sysctl -w kernel.unprivileged_bpf_disabled=1
ASA-202004-2 edited at 01 Apr 2020 11:48:57
Workaround
+ By default linux-hardened is safe as it restricts BPF access to privileged users. In case the kernel.unprivileged_bpf_disabled setting has been explicitly changed, it can be restricted again:
+
+ # sysctl -w kernel.unprivileged_bpf_disabled=1
Impact
+ An unprivileged local user or process can crash the kernel, resulting in a denial of service, or potentially gain root privileges on the system in case the default BPF access has been changed to allow unprivileged users.