SB2020082515 - Multiple vulnerabilities in Microsoft Azure Sphere
Published: August 25, 2020 Updated: October 7, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Improper access control (CVE-ID: N/A)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local attacker can use a specially crafted shellcode that modifies the program at runtime via "/proc/thread-self/mem" and execute arbtrary code on the target system.
2) Improper access control (CVE-ID: N/A)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local attacker can use a specially crafted shellcode that sets the "READ_IMPLIES_EXEC" personality and execute arbtrary code on the target system.
3) Improper access control (CVE-ID: N/A)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Capability access control functionality. A local attacker can use a set of specially crafted ptrace syscalls, bypass implemented security restrictions and gain elevated privileges on the target system.
4) Input validation error (CVE-ID: N/A)
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the "uid_map" functionality. A local attacker can ise a specially crafted uid_map file, cause multiple applications to get the same UID assigned and gain elevated privileges on the target system.
5) Improper access control (CVE-ID: N/A)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local user can send a specially crafted AF_PACKET socket and execute arbitrary code on the target system.
6) Buffer overflow (CVE-ID: N/A)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Pluton SIGN_WITH_TENANT_ATTESTATION_KEY functionality. A local attacker can use specially crafted ioctl calls, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1138
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1128
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1133
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1137
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1134
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1139