Log

AVG-1119 edited at 31 Mar 2020 08:26:18
Severity
- Unknown
+ Medium
CVE-2020-10595 edited at 31 Mar 2020 08:26:18
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A heap-based one-byte out-of-bounds write has been found in pam-krb5 before 4.9. During prompting initiated by the Kerberos library, an attacker who enters a response exactly as long as the length of the buffer provided by the underlying Kerberos library will cause pam-krb5 to write a single nul byte past the end of that buffer. The effect of this buffer overflow will depend on the buffer allocation strategy of the underlying Kerberos library, but could result in heap corruption or a single-byte overwrite of another stack variable, with unknown consequences. Conceivably, remote code execution could be possible, although difficult to achieve.
+
+ Under normal usage of this PAM module, it never does prompting initiated by the Kerberos library, and thus most configurations will not be readily vulnerable to this bug. Kerberos-library-initiated prompting generally only happens with the no_prompt PAM configuration option, PKINIT, or other non-password preauth mechanisms.
References
+ https://mailman.mit.edu/pipermail/kerberos/2020-March/022444.html
+ https://www.openwall.com/lists/oss-security/2020/03/31/1
Notes
AVG-1119 created at 31 Mar 2020 08:23:38
Packages
+ pam-krb5
Issues
+ CVE-2020-10595
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 4.8-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://mailman.mit.edu/pipermail/kerberos/2020-March/022444.html
+ https://www.openwall.com/lists/oss-security/2020/03/31/1
Notes
CVE-2020-10595 created at 31 Mar 2020 08:23:38
ASA-202003-13 edited at 20 Mar 2020 11:30:07
ASA-202003-12 edited at 20 Mar 2020 11:28:47
CVE-2020-0556 edited at 19 Mar 2020 15:22:21
Description
It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source.
- This potentially enables escalation of privilege and denial of service via adjacent access.
+ This potentially enables an unauthenticated attacker with adjacent access to impersonate an existing HID device, cause a denial of service or escalate privileges.
ASA-202003-13 edited at 19 Mar 2020 09:59:02
Impact
+ An unauthenticated attacker with adjacent access can impersonate an existing HID device, or cause a denial of service.
ASA-202003-13 created at 19 Mar 2020 09:56:30
CVE-2020-0556 edited at 19 Mar 2020 09:55:44
Description
- It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem froma non-bonded source.
+ It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem from a non-bonded source.
This potentially enables escalation of privilege and denial of service via adjacent access.
ASA-202003-12 edited at 19 Mar 2020 09:55:05
Impact
+ A remote attacker can access sensitive information, bypass security measures and possibly execute arbitrary code on the affected host.
ASA-202003-12 created at 19 Mar 2020 09:54:42