Log

AVG-1123 created at 01 Apr 2020 08:41:18
Packages
+ chromium
Issues
+ CVE-2020-6450
+ CVE-2020-6451
+ CVE-2020-6452
Status
+ Fixed
Severity
+ Unknown
Affected
+ 80.0.3987.149-1
Fixed
+ 80.0.3987.162-1
Ticket
Advisory qualified
+ Yes
References
+ https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html
Notes
CVE-2020-6451 created at 01 Apr 2020 08:41:18
ASA-202003-16 created at 31 Mar 2020 20:05:15
ASA-202003-15 created at 31 Mar 2020 20:05:08
ASA-202003-14 created at 31 Mar 2020 20:05:00
CVE-2020-10595 edited at 31 Mar 2020 20:02:08
Description
+ pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to a prompt with an answer of a carefully chosen length. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. This code path is not used for normal authentication, but only when the Kerberos library does supplemental prompting, such as with PKINIT or when using the non-standard no_prompt PAM configuration option.
- A heap-based one-byte out-of-bounds write has been found in pam-krb5 before 4.9. During prompting initiated by the Kerberos library, an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library will cause pam-krb5 to write a single nul byte past the end of that buffer. The effect of this buffer overflow will depend on the buffer allocation strategy of the underlying Kerberos library, but could result in heap corruption or a single-byte overwrite of another stack variable, with unknown consequences. Conceivably, remote code execution could be possible, although difficult to achieve.
-
- Under normal usage of this PAM module, it never does prompting initiated by the Kerberos library, and thus most configurations will not be readily vulnerable to this bug. Kerberos-library-initiated prompting generally only happens with the no_prompt PAM configuration option, PKINIT, or other non-password preauth mechanisms.
References
+ https://www.eyrie.org/~eagle/software/pam-krb5/security/2020-03-30.html
https://mailman.mit.edu/pipermail/kerberos/2020-March/022444.html
https://www.openwall.com/lists/oss-security/2020/03/31/1
+ https://github.com/rra/pam-krb5/commit/b57c2ee992ae2309e7866e89caef2a4870722435
AVG-1122 created at 31 Mar 2020 17:49:47
Packages
+ linux
Issues
+ CVE-2020-8835
Status
+ Fixed
Severity
+ High
Affected
+ 5.5.13.arch1-1
Fixed
+ 5.5.13.arch2-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1121 created at 31 Mar 2020 17:49:26
Packages
+ linux-lts
Issues
+ CVE-2020-8835
Status
+ Fixed
Severity
+ High
Affected
+ 5.4.28-1
Fixed
+ 5.4.28-2
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1120 created at 31 Mar 2020 17:48:58
Packages
+ linux-hardened
Issues
+ CVE-2020-8835
Status
+ Fixed
Severity
+ High
Affected
+ 5.5.13.a-1
Fixed
+ 5.5.13.b-1
Ticket
Advisory qualified
+ Yes
References
Notes
+ Unprivileged bpf is disabled in linux-hardened by default therefor this issues only affects users who explicitly turned kernel.unprivileged_bpf_disabled off.
CVE-2020-8835 created at 31 Mar 2020 17:45:18
Severity
+ High
Remote
+ Local
Type
+ Privilege escalation
Description
+ An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs. This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or potentially gaining root privileges on the system.
References
+ https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
+ https://lore.kernel.org/bpf/20200330160324.15259-1-daniel@iogearbox.net/T/
+ https://www.openwall.com/lists/oss-security/2020/03/30/3
Notes
+ Workaround:
+ # sysctl -w kernel.unprivileged_bpf_disabled=1
+
+ Introduced by:
+ 581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=581738a681b6faae5725c2555439189ca81c0f1f
AVG-1119 edited at 31 Mar 2020 16:25:29
Status
- Vulnerable
+ Fixed
Fixed
+ 4.9-1