SB2018103031 - Red Hat update for python
Published: October 30, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2018-10606)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow when handling malicious input. A remote unauthenticated attacker can supply specially crafted project files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2018-10602)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can supply specially crafted project files, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Resource exhaustion (CVE-ID: CVE-2018-10608)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to resource exhaustion when the AcSELerator Architect FTP client connects to a malicious FTP server. A remote attacker can consume memory and cause the service to crash.
4) XXE attack (CVE-ID: CVE-2018-10600)
The vulnerability allows a remote attacker to conduct XXE attack on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the AcSELerator Architect XML parser, conduct XXE attack and retrieve arbitrary data or cause the service to crash.
5) Incorrect default permissions (CVE-ID: CVE-2018-10604)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to incorrect default permissions. A local attacker can gain full access to the SEL Compass directory, modifiy or overwrite files within the Compass installation folder, and gain execute arbitrary code with elevated privileges.
6) Resource exhaustion (CVE-ID: CVE-2018-10607)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to resource exhaustion. A remote attacker can create new connections to one or more IOAs, without closing them properly and cause a denial of service within the industrial process control channel.
7) Authentication bypass (CVE-ID: CVE-2018-10603)
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to the RTU does not perform authentication of IEC-104 control commands. A remote attacker can bypass authentication and which may allow a rogue node a remote control of the industrial process.
Successful exploitation of this vulnerability may result in system compromise.
8) Cross-site scripting (CVE-ID: CVE-2018-10609)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data over a Websocket. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
9) Improper input validation (CVE-ID: CVE-2018-1060)
The vulnerability allows a remote attacker to cause DoS condition on he target system.The weakness exists due to the way catastrophic backtracking was implemented in apop() method in pop3lib. A remote attacker can cause the service to crash.
10) Improper access control (CVE-ID: CVE-2018-10612)
The vulnerability allows a remote attacker to bypass security restrictions the target system.
The vulnerability exists due to user access management and communication encryption is not enabled by default. A remote unauthenticated attacker can gain access to the device and sensitive information, including user credentials.
11) Information disclosure (CVE-ID: CVE-2018-10618)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to the device generates a weak password hash. A remote attacker can crack the password hash and obtain the password for the device.
12) Improper input validation (CVE-ID: CVE-2018-10616)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error when processing malicious input. A local attacker can trick the victim into opening a specially crafted file, insert and run arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
13) Insecure DLL loading (CVE-ID: CVE-2018-10619)
The vulnerability allows a local attacker to gain elevated privileges on vulnerable system.
The weakness exists due to insecure .dll loading mechanism when opening files. A local attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
14) Path traversal (CVE-ID: CVE-2018-10615)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists due to path traversal. A remote attacker perform directory traversal attack and exfiltrate or delete data on the host platform.
15) XXE attack (CVE-ID: CVE-2018-10613)
The vulnerability allows a remote unauthenticated attacker to perform XXE attack on the target system.The weakness exists due to insufficient validation for external entities. A remote attacker can supply data containing an XML external entities, perform multiple variants of XXE attacks and exfiltrate data from the host Windows platform.
16) Improper authentication (CVE-ID: CVE-2018-10611)
The vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to an error in Java Remote Method Invocation (RMI) input port. A remote unauthenticated attacker can bypass authentication and launch applications to support remote code execution through Web Services.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Heap-based buffer overflow (CVE-ID: CVE-2018-10617)
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists due to the application utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer. A remote unauthenticated attacker can trigger heap-based buffer overflow and cause the service to crash or execute arbitrary code with elevated privileges.
18) Improper input validation (CVE-ID: CVE-2018-1061)
The vulnerability allows a remote attacker to cause DoS condition on he target system.The weakness exists due to the way catastrophic backtracking was implemented in python's difflib.IS_LINE_JUNK method difflib. A remote attacker can cause the service to crash.
Remediation
Install update from vendor's website.