SB2023051777 - Ubuntu update for matrix-synapse

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023051777

SB2023051777 - Ubuntu update for matrix-synapse

Published: May 17, 2023

Security Bulletin ID SB2023051777
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 57% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2018-10657)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an input validation error where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federation_base.py and handlers/message.py. A remote attacker can send malicious messages and perform a denial of service attack.

Note: this vulnerability has been exploited in the wild in April 2018.


2) Security restrictions bypass (CVE-ID: CVE-2018-12291)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in the on_get_missing_events function in handlers/federation.py due to event visibility rules were not applied correctly. A remote unauthenticated attacker can bypass security restrictions and conduct further attacks.


3) Input validation error (CVE-ID: CVE-2018-12423)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.


4) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2018-16515)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exist due to improper signature validation. A remote attacker can spoof application events and compromise the application.


5) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2019-11842)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to usage of a weak algorithm to generate a Sydent authentication token or a Synapse random ID. A remote attacker can brute-force the token and gain unauthorized access to the application.



6) Insufficient verification of data authenticity (CVE-ID: CVE-2019-18835)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the affected software mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from expected hosts. A remote attacker can compromise the target system


7) Key management errors (CVE-ID: CVE-2019-5885)

The vulnerability allows a remote attacker to impersonate application users.

The vulnerability exists due to usage of a weak and predictable secret key if the macaroon_secret_key authentication parameter is not set. A remote attacker can impersonate other application users.


Remediation

Install update from vendor's website.

References