Log

AVG-1247 edited at 14 Oct 2020 15:55:20
Severity
- Unknown
+ High
CVE-2020-16119 edited at 14 Oct 2020 15:55:20
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Hadar Manor reported that by reusing a DCCP socket with an attached dccps_hc_tx_ccid as a listener, in Linux <= 5.9, it will be used after being released, leading to a denial of service or possibly code execution.
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
+ It was introduced by:
+
+ 2677d20677314101293e6da0094ede7b5526d2b1 "dccp: don't free
+ ccid2_hc_tx_sock struct in dccp_disconnect()"
+
+ Proposed fixes have been posted to:
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
+
+ To mitigate this on systems that have DCCP enabled but do not use it, block module autoloading via adding the following to /etc/modprobe.d/blacklist-dccp.conf:
+
+ alias net-pf-2-proto-0-type-6 off
+ alias net-pf-2-proto-33-type-6 off
+ alias net-pf-10-proto-0-type-6 off
+ alias net-pf-10-proto-33-type-6 off
+
+ Alternatively, to prevent the dccp module from being loaded entirely, add:
+
+ blacklist dccp
+ install dccp /bin/false
AVG-1247 created at 14 Oct 2020 15:52:14
Packages
+ linux-lts
Issues
+ CVE-2020-16119
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.4.70-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
AVG-1246 created at 14 Oct 2020 15:52:13
Packages
+ linux-zen
Issues
+ CVE-2020-16119
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.8.14.zen1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
AVG-1245 created at 14 Oct 2020 15:51:26
Packages
+ linux-hardened
Issues
+ CVE-2020-16119
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.8.14.a-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
AVG-1244 created at 14 Oct 2020 15:48:59
Packages
+ linux
Issues
+ CVE-2020-16119
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.8.14.arch1-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/7
+ https://lore.kernel.org/netdev/20201013171849.236025-1-kleber.souza@canonical.com/T/
Notes
CVE-2020-16119 created at 14 Oct 2020 15:48:59
AVG-1243 edited at 14 Oct 2020 15:47:52
Severity
- Unknown
+ High
CVE-2020-25829 edited at 14 Oct 2020 15:47:52
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ An issue has been found in PowerDNS Recursor before 4.3.5 where a remote attacker can cause the cached records for a given name to be updated to the ‘Bogus’ DNSSEC validation state, instead of their actual DNSSEC ‘Secure’ state, via a DNS ANY query. This results in a denial of service for installations that always validate (dnssec=validate) and for clients requesting validation when on-demand validation is enabled (dnssec=process).
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/3
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
+ https://downloads.powerdns.com/patches/2020-07/any-cache-update-4.3.4.diff
+ https://github.com/PowerDNS/pdns/commit/ae33c53e68a32189e0a2fd3df24821d3edce4503
Notes
AVG-1243 created at 14 Oct 2020 15:45:31
Packages
+ powerdns-recursor
Issues
+ CVE-2020-25829
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 4.3.4-1
Fixed
Ticket
Advisory qualified
+ Yes
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/3
+ https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
+ https://downloads.powerdns.com/patches/2020-07/any-cache-update-4.3.4.diff
Notes
CVE-2020-25829 created at 14 Oct 2020 15:45:31
AVG-1242 edited at 14 Oct 2020 15:44:03
Severity
- Unknown
+ Medium
CVE-2020-16120 edited at 14 Oct 2020 15:44:03
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ Giuseppe Scrivano discovered that overlayfs did not properly perform permission checking when copying up files in an overlayfs, and can be exploited from within a user namespace, if, for example, unprivileged user namespaces are allowed.
+ An attacker can abuse this to get read access to files on the system that they would not normally be permitted to access.
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/6
Notes
+ Mitigation on systems where unprivileged user namespaces are enabled
+ but not needed is to set the kernel.unprivileged_userns_clone sysctl
+ to 0. e.g.:
+
+ $ sudo sysctl kernel.unprivileged_userns_clone=0
+
+ and across reboots by adding a file in /etc/sysctl.d/ that contains:
+
+ kernel.unprivileged_userns_clone=0
AVG-1242 created at 14 Oct 2020 15:43:15
Packages
+ linux
Issues
+ CVE-2020-16120
Status
+ Fixed
Severity
+ Unknown
Affected
+ 5.7.12.arch1-1
Fixed
+ 5.8.arch1-1
Ticket
Advisory qualified
+ No
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/6
Notes
CVE-2020-16120 created at 14 Oct 2020 15:43:15
AVG-1241 edited at 14 Oct 2020 15:37:09
Severity
- Unknown
+ High
CVE-2020-26164 edited at 14 Oct 2020 15:37:09
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/4
+ https://kde.org/info/security/advisory-20201002-1.txt
Notes
+ Workaround
+ ==========
+
+ We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.
+
+ Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
+ force approach is to uninstall the kdeconnect package from your system and then run
+ kquitapp5 kdeconnectd
+ Just install the package again once you're back in a trusted network.