CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
CVE-2020-15707 (GCVE-0-2020-15707)
Vulnerability from cvelistv5 – Published: 2020-07-29 17:45 – Updated: 2024-09-17 03:07
VLAI
Title
GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.
Summary
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Severity
5.7 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ubuntu | grub2 in Ubuntu |
Affected:
20.04 LTS , < 2.04-1ubuntu26.1
(custom)
Affected: 18.04 LTS , < 2.02-2ubuntu8.16 (custom) Affected: 16.04 LTS , < 2.02~beta2-36ubuntu3.26 (custom) Affected: 14.04 ESM , < 2.02~beta2-9ubuntu1.20 (custom) |
Date Public
2020-07-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:22:30.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "grub2 in Ubuntu",
"vendor": "Ubuntu",
"versions": [
{
"lessThan": "2.04-1ubuntu26.1",
"status": "affected",
"version": "20.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02-2ubuntu8.16",
"status": "affected",
"version": "18.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-36ubuntu3.26",
"status": "affected",
"version": "16.04 LTS",
"versionType": "custom"
},
{
"lessThan": "2.02~beta2-9ubuntu1.20",
"status": "affected",
"version": "14.04 ESM",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Colin Watson"
},
{
"lang": "en",
"value": "Chris Coulson"
}
],
"datePublic": "2020-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-01T01:08:05.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202104-05"
}
],
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
},
"title": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-07-29T17:00:00.000Z",
"ID": "CVE-2020-15707",
"STATE": "PUBLIC",
"TITLE": "GRUB2 contained integer overflows when handling the initrd command, leading to a heap-based buffer overflow."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "grub2 in Ubuntu",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "20.04 LTS",
"version_value": "2.04-1ubuntu26.1"
},
{
"version_affected": "\u003c",
"version_name": "18.04 LTS",
"version_value": "2.02-2ubuntu8.16"
},
{
"version_affected": "\u003c",
"version_name": "16.04 LTS",
"version_value": "2.02~beta2-36ubuntu3.26"
},
{
"version_affected": "\u003c",
"version_name": "14.04 ESM",
"version_value": "2.02~beta2-9ubuntu1.20"
}
]
}
}
]
},
"vendor_name": "Ubuntu"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Colin Watson"
},
{
"lang": "eng",
"value": "Chris Coulson"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2 upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. This issue affects GRUB2 version 2.04 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/",
"refsource": "CONFIRM",
"url": "https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/"
},
{
"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass",
"refsource": "UBUNTU",
"url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass"
},
{
"name": "http://ubuntu.com/security/notices/USN-4432-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/security/notices/USN-4432-1"
},
{
"name": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200011"
},
{
"name": "https://access.redhat.com/security/vulnerabilities/grub2bootloader",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/vulnerabilities/grub2bootloader"
},
{
"name": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/",
"refsource": "SUSE",
"url": "https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/"
},
{
"name": "https://www.suse.com/support/kb/doc/?id=000019673",
"refsource": "SUSE",
"url": "https://www.suse.com/support/kb/doc/?id=000019673"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/07/29/3",
"refsource": "CONFIRM",
"url": "https://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html",
"refsource": "CONFIRM",
"url": "https://lists.gnu.org/archive/html/grub-devel/2020-07/msg00034.html"
},
{
"name": "DSA-4735",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4735"
},
{
"name": "[oss-security] 20200729 multiple secure boot grub2 and linux kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/07/29/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200731-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200731-0008/"
},
{
"name": "USN-4432-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4432-1/"
},
{
"name": "openSUSE-SU-2020:1169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00017.html"
},
{
"name": "openSUSE-SU-2020:1168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00016.html"
},
{
"name": "GLSA-202104-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},
"source": {
"advisory": "USN 4432-1",
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-15707",
"datePublished": "2020-07-29T17:45:34.577Z",
"dateReserved": "2020-07-14T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:49.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16123 (GCVE-0-2020-16123)
Vulnerability from cvelistv5 – Published: 2020-12-03 23:15 – Updated: 2024-09-16 19:20
VLAI
Title
Bypass of snapd pulseaudio restrictions
Summary
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15.
Severity
4.4 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.net/bugs/1895928 | vendor-advisoryx_refsource_UBUNTU |
| https://ubuntu.com/USN-4640-1 | vendor-advisoryx_refsource_UBUNTU |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | pulseaudio |
Affected:
1:13.99.3-1 , < 1:13.99.3-1ubuntu2
(custom)
Affected: 1:13.99.2-1 , < 1:13.99.2-1ubuntu2.1 (custom) Affected: 1:13.99.1-1 , < 1:13.99.1-1ubuntu3.8 (custom) Affected: 1:11.1-1 , < 1:11.1-1ubuntu7.11 (custom) Affected: 1:8.0-0 , < 1:8.0-0ubuntu3.15 (custom) |
Date Public
2020-11-23 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1895928"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://ubuntu.com/USN-4640-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pulseaudio",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1:13.99.3-1ubuntu2",
"status": "affected",
"version": "1:13.99.3-1",
"versionType": "custom"
},
{
"lessThan": "1:13.99.2-1ubuntu2.1",
"status": "affected",
"version": "1:13.99.2-1",
"versionType": "custom"
},
{
"lessThan": "1:13.99.1-1ubuntu3.8",
"status": "affected",
"version": "1:13.99.1-1",
"versionType": "custom"
},
{
"lessThan": "1:11.1-1ubuntu7.11",
"status": "affected",
"version": "1:11.1-1",
"versionType": "custom"
},
{
"lessThan": "1:8.0-0ubuntu3.15",
"status": "affected",
"version": "1:8.0-0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "James Henstridge"
}
],
"datePublic": "2020-11-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-03T23:15:20.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://launchpad.net/bugs/1895928"
},
{
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://ubuntu.com/USN-4640-1"
}
],
"source": {
"advisory": "https://ubuntu.com/USN-4640-1",
"defect": [
"https://launchpad.net/bugs/1895928"
],
"discovery": "INTERNAL"
},
"title": "Bypass of snapd pulseaudio restrictions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-11-23T15:43:00.000Z",
"ID": "CVE-2020-16123",
"STATE": "PUBLIC",
"TITLE": "Bypass of snapd pulseaudio restrictions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pulseaudio",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1:13.99.3-1",
"version_value": "1:13.99.3-1ubuntu2"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1:13.99.2-1",
"version_value": "1:13.99.2-1ubuntu2.1"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1:13.99.1-1",
"version_value": "1:13.99.1-1ubuntu3.8"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1:11.1-1",
"version_value": "1:11.1-1ubuntu7.11"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1:8.0-0",
"version_value": "1:8.0-0ubuntu3.15"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "James Henstridge"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1895928",
"refsource": "UBUNTU",
"url": "https://launchpad.net/bugs/1895928"
},
{
"name": "https://ubuntu.com/USN-4640-1",
"refsource": "UBUNTU",
"url": "https://ubuntu.com/USN-4640-1"
}
]
},
"solution": [],
"source": {
"advisory": "https://ubuntu.com/USN-4640-1",
"defect": [
"https://launchpad.net/bugs/1895928"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-16123",
"datePublished": "2020-12-03T23:15:20.305Z",
"dateReserved": "2020-07-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:12.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1641 (GCVE-0-2020-1641)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 19:25
VLAI
Title
Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash.
Summary
A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is " /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: " with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2.
Severity
6.5 (Medium)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
- Denial of Service (DoS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11027 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
12.3 , < 12.3R12-S15
(custom)
Affected: 12.3X48 , < 12.3X48-D95 (custom) Affected: 15.1 , < 15.1R7-S6 (custom) Affected: 15.1X49 , < 15.1X49-D200 (custom) Affected: 15.1X53 , < 15.1X53-D593 (custom) Affected: 16.1 , < 16.1R7-S7 (custom) Affected: 17.1 , < 17.1R2-S11, 17.1R3-S2 (custom) Affected: 17.2 , < 17.2R1-S9, 17.2R3-S3 (custom) Affected: 17.3 , < 17.3R2-S5, 17.3R3-S6 (custom) Affected: 17.4 , < 17.4R2-S4, 17.4R3 (custom) Affected: 18.1 , < 18.1R3-S5 (custom) Affected: 18.2 , < 18.2R2-S7, 18.2R3 (custom) Affected: 18.2X75 , < 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420 (custom) Affected: 18.3 , < 18.3R1-S7, 18.3R2-S3, 18.3R3 (custom) Affected: 18.4 , < 18.4R1-S5, 18.4R2 (custom) Affected: 19.1 , < 19.1R1-S4, 19.1R2 (custom) |
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11027"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "12.3R12-S15",
"status": "affected",
"version": "12.3",
"versionType": "custom"
},
{
"lessThan": "12.3X48-D95",
"status": "affected",
"version": "12.3X48",
"versionType": "custom"
},
{
"lessThan": "15.1R7-S6",
"status": "affected",
"version": "15.1",
"versionType": "custom"
},
{
"lessThan": "15.1X49-D200",
"status": "affected",
"version": "15.1X49",
"versionType": "custom"
},
{
"lessThan": "15.1X53-D593",
"status": "affected",
"version": "15.1X53",
"versionType": "custom"
},
{
"lessThan": "16.1R7-S7",
"status": "affected",
"version": "16.1",
"versionType": "custom"
},
{
"lessThan": "17.1R2-S11, 17.1R3-S2",
"status": "affected",
"version": "17.1",
"versionType": "custom"
},
{
"lessThan": "17.2R1-S9, 17.2R3-S3",
"status": "affected",
"version": "17.2",
"versionType": "custom"
},
{
"lessThan": "17.3R2-S5, 17.3R3-S6",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "17.4R2-S4, 17.4R3",
"status": "affected",
"version": "17.4",
"versionType": "custom"
},
{
"lessThan": "18.1R3-S5",
"status": "affected",
"version": "18.1",
"versionType": "custom"
},
{
"lessThan": "18.2R2-S7, 18.2R3",
"status": "affected",
"version": "18.2",
"versionType": "custom"
},
{
"lessThan": "18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420",
"status": "affected",
"version": "18.2X75",
"versionType": "custom"
},
{
"lessThan": "18.3R1-S7, 18.3R2-S3, 18.3R3",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R1-S5, 18.4R2",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R1-S4, 19.1R2",
"status": "affected",
"version": "19.1",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required:\n [protocols lldp]"
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is \" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: \" with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"description": "Denial of Service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:39.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/JSA11027"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.1R7-S7, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R2-S7, 18.2R3, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11027",
"defect": [
"1410239"
],
"discovery": "USER"
},
"title": "Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash.",
"workarounds": [
{
"lang": "en",
"value": "Customers may disable LLDP \"protocol lldp\" or apply firewall filters to block LLDP traffic on ingress interfaces. \n\nThere are no other known workarounds."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T15:00:00.000Z",
"ID": "CVE-2020-1641",
"STATE": "PUBLIC",
"TITLE": "Junos OS: A race condition on receipt of crafted LLDP packets leads to a memory leak and an LLDP crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "12.3",
"version_value": "12.3R12-S15"
},
{
"version_affected": "\u003c",
"version_name": "12.3X48",
"version_value": "12.3X48-D95"
},
{
"version_affected": "\u003c",
"version_name": "15.1",
"version_value": "15.1R7-S6"
},
{
"version_affected": "\u003c",
"version_name": "15.1X49",
"version_value": "15.1X49-D200"
},
{
"version_affected": "\u003c",
"version_name": "15.1X53",
"version_value": "15.1X53-D593"
},
{
"version_affected": "\u003c",
"version_name": "16.1",
"version_value": "16.1R7-S7"
},
{
"version_affected": "\u003c",
"version_name": "17.1",
"version_value": "17.1R2-S11, 17.1R3-S2"
},
{
"version_affected": "\u003c",
"version_name": "17.2",
"version_value": "17.2R1-S9, 17.2R3-S3"
},
{
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R2-S5, 17.3R3-S6"
},
{
"version_affected": "\u003c",
"version_name": "17.4",
"version_value": "17.4R2-S4, 17.4R3"
},
{
"version_affected": "\u003c",
"version_name": "18.1",
"version_value": "18.1R3-S5"
},
{
"version_affected": "\u003c",
"version_name": "18.2",
"version_value": "18.2R2-S7, 18.2R3"
},
{
"version_affected": "\u003c",
"version_name": "18.2X75",
"version_value": "18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420"
},
{
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R1-S7, 18.3R2-S3, 18.3R3"
},
{
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R1-S5, 18.4R2"
},
{
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R1-S4, 19.1R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is required:\n [protocols lldp]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). This issue occurs when crafted LLDP packets are received by the device from an adjacent device. Multiple LACP flaps will occur after LLDP crashes. An indicator of compromise is to evaluate log file details for lldp with RLIMIT. Intervention should occur before 85% threshold of used KB versus maximum available KB memory is reached. show log messages | match RLIMIT | match lldp | last 20 Matching statement is \" /kernel: %KERNEL-[number]: Process ([pid #],lldpd) has exceeded 85% of RLIMIT_DATA: \" with [] as variable data to evaluate for. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R3-S3; 17.3 versions prior to 17.3R2-S5, 17.3R3-S6; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R2-S7, 18.2R3; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11027",
"refsource": "MISC",
"url": "https://kb.juniper.net/JSA11027"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D95, 15.1R7-S6, 15.1X49-D200, 15.1X53-D593, 16.1R7-S7, 16.1R7-S7, 17.1R2-S11, 17.1R3-S2, 17.2R1-S9, 17.2R3-S3, 17.3R2-S5, 17.3R3-S6, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R2-S7, 18.2R3, 18.2X75-D33, 18.2X75-D50, 18.2X75-D420, 18.3R1-S7, 18.3R2-S3, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11027",
"defect": [
"1410239"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Customers may disable LLDP \"protocol lldp\" or apply firewall filters to block LLDP traffic on ingress interfaces. \n\nThere are no other known workarounds."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1641",
"datePublished": "2020-07-17T18:40:39.523Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:25:36.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1645 (GCVE-0-2020-1645)
Vulnerability from cvelistv5 – Published: 2020-07-17 18:40 – Updated: 2024-09-16 20:16
VLAI
Title
Junos OS: MX Series: Services card might restart when DNS filtering is enabled
Summary
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device> show system core-dumps -rw-rw---- 1 nobody wheel 575685123 <Date> /var/tmp/pics/mspmand.core.<*>.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2.
Severity
8.3 (High)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11028 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Unaffected:
unspecified , < 17.3R2
(custom)
Unaffected: 17.4 Unaffected: 18.1 Unaffected: 18.2 Affected: 17.3 , < 17.3R3-S8 (custom) Affected: 18.3 , < 18.3R2-S4, 18.3R3-S1 (custom) Affected: 18.4 , < 18.4R2-S5, 18.4R3 (custom) Affected: 19.1 , < 19.1R2-S2, 19.1R3 (custom) Affected: 19.2 , < 19.2R1-S5, 19.2R2 (custom) Affected: 19.3 , < 19.3R2-S3, 19.3R3 (custom) Affected: 19.4 , < 19.4R1-S3, 19.4R2 (custom) |
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R2",
"status": "unaffected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "17.4"
},
{
"status": "unaffected",
"version": "18.1"
},
{
"status": "unaffected",
"version": "18.2"
},
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "18.3R2-S4, 18.3R3-S1",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R2-S5, 18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R2-S2, 19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R1-S5, 19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R2-S3, 19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
},
{
"lessThan": "19.4R1-S3, 19.4R2",
"status": "affected",
"version": "19.4",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set \u003cSERVICE-SET-NAME\u003e]\n user@host# set web-filter-profile \u003cPROFILE_NAME\u003e\n\nused in combination with: \n [services web-filter profile \u003cPROFILE_NAME\u003e]\n user@host# set dns-filter-template \u003cTEMPLATE_NAME\u003e"
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device\u003e show system core-dumps -rw-rw---- 1 nobody wheel 575685123 \u003cDate\u003e /var/tmp/pics/mspmand.core.\u003c*\u003e.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-17T18:40:40.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11028"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11028",
"defect": [
"1474056"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: Services card might restart when DNS filtering is enabled",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-07-08T07:00:00.000Z",
"ID": "CVE-2020-1645",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Services card might restart when DNS filtering is enabled"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "!\u003c",
"version_value": "17.3R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"platform": "MX Series",
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R2-S4, 18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R2-S5, 18.4R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R2-S2, 19.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R1-S5, 19.2R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R2-S3, 19.3R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.4",
"version_value": "19.4R1-S3, 19.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set \u003cSERVICE-SET-NAME\u003e]\n user@host# set web-filter-profile \u003cPROFILE_NAME\u003e\n\nused in combination with: \n [services web-filter profile \u003cPROFILE_NAME\u003e]\n user@host# set dns-filter-template \u003cTEMPLATE_NAME\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. If the issue occurs, system core-dumps output will show a crash of mspmand process: root@device\u003e show system core-dumps -rw-rw---- 1 nobody wheel 575685123 \u003cDate\u003e /var/tmp/pics/mspmand.core.\u003c*\u003e.gz This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS releases prior to 17.3R2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11028",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11028"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: 18.3R2-S4, 18.3R3-S1, 18.4R2-S5, 18.4R3, 19.1R2-S2, 19.1R3, 19.2R1-S5, 19.2R2, 19.3R2-S3, 19.3R3, 19.4R1-S3, 19.4R2, 20.1R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11028",
"defect": [
"1474056"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1645",
"datePublished": "2020-07-17T18:40:40.891Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:16:31.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1660 (GCVE-0-2020-1660)
Vulnerability from cvelistv5 – Published: 2020-10-16 20:31 – Updated: 2024-09-16 19:36
VLAI
Title
Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured.
Summary
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.
Severity
8.3 (High)
CWE
- Denial of Service
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/JSA11054 | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3 , < 17.3R3-S8
(custom)
Affected: 18.3 , < 18.3R3-S1 (custom) Affected: 18.4 , < 18.4R3 (custom) Affected: 19.1 , < 19.1R3 (custom) Affected: 19.2 , < 19.2R2 (custom) Affected: 19.3 , < 19.3R3 (custom) |
|
| Juniper Networks | Junos OS |
Unaffected:
17.4
Unaffected: 18.1 Unaffected: 18.2 |
Date Public
2020-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.juniper.net/JSA11054"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S1",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "17.4"
},
{
"status": "unaffected",
"version": "18.1"
},
{
"status": "unaffected",
"version": "18.2"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The following minimal configuration is required:\n [services web-filter profile profile-name dns-filter-template \u003ctemplate-name\u003e dns-filter]"
}
],
"datePublic": "2020-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:25.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.juniper.net/JSA11054"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11054",
"defect": [
"1469188"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T16:00:00.000Z",
"ID": "CVE-2020-1660",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Receipt of specific packets can cause services card to restart when DNS filtering is configured."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The following minimal configuration is required:\n [services web-filter profile profile-name dns-filter-template \u003ctemplate-name\u003e dns-filter]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing \"URL Filtering service\", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA11054",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA11054"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1 and all subsequent releases."
}
],
"source": {
"advisory": "JSA11054",
"defect": [
"1469188"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1660",
"datePublished": "2020-10-16T20:31:26.000Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:36:19.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1667 (GCVE-0-2020-1667)
Vulnerability from cvelistv5 – Published: 2020-10-16 20:31 – Updated: 2024-09-17 02:31
VLAI
Title
Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled.
Summary
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.
Severity
8.3 (High)
CWE
- CWE-362 - Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://kb.juniper.net/ | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
17.3 , < 17.3R3-S8
(custom)
Affected: 18.3 , < 18.3R3-S1 (custom) Affected: 18.4 , < 18.4R3 (custom) Affected: 19.1 , < 19.1R3 (custom) Affected: 19.2 , < 19.2R2 (custom) Affected: 19.3 , < 19.3R3 (custom) |
|
| Juniper Networks | Junos OS |
Unaffected:
17.4
Unaffected: 18.1 Unaffected: 18.2 |
Date Public
2020-10-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:29.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://kb.juniper.net/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "17.3R3-S8",
"status": "affected",
"version": "17.3",
"versionType": "custom"
},
{
"lessThan": "18.3R3-S1",
"status": "affected",
"version": "18.3",
"versionType": "custom"
},
{
"lessThan": "18.4R3",
"status": "affected",
"version": "18.4",
"versionType": "custom"
},
{
"lessThan": "19.1R3",
"status": "affected",
"version": "19.1",
"versionType": "custom"
},
{
"lessThan": "19.2R2",
"status": "affected",
"version": "19.2",
"versionType": "custom"
},
{
"lessThan": "19.3R3",
"status": "affected",
"version": "19.3",
"versionType": "custom"
}
]
},
{
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"status": "unaffected",
"version": "17.4"
},
{
"status": "unaffected",
"version": "18.1"
},
{
"status": "unaffected",
"version": "18.2"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set \u003cSERVICE-SET-NAME\u003e]\n user@host# set web-filter-profile \u003cPROFILE_NAME\u003e\n\nused in combination with:\n [services web-filter profile \u003cPROFILE_NAME\u003e]\n user@host# set dns-filter-template \u003cTEMPLATE_NAME\u003e"
}
],
"datePublic": "2020-10-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing \"URL Filtering service\", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
],
"exploits": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T20:31:28.000Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://kb.juniper.net/"
}
],
"solutions": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11064",
"defect": [
"1466567"
],
"discovery": "USER"
},
"title": "Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled.",
"workarounds": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2020-10-14T07:00:00.000Z",
"ID": "CVE-2020-1667",
"STATE": "PUBLIC",
"TITLE": "Junos OS: MX Series: Services card might restart due to a race condition when DNS filtering is enabled."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "17.3",
"version_value": "17.3R3-S8"
},
{
"version_affected": "!",
"version_name": "17.4",
"version_value": "17.4"
},
{
"version_affected": "!",
"version_name": "18.1",
"version_value": "18.1"
},
{
"version_affected": "!",
"version_name": "18.2",
"version_value": "18.2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.3",
"version_value": "18.3R3-S1"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "18.4",
"version_value": "18.4R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.1",
"version_value": "19.1R3"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.2",
"version_value": "19.2R2"
},
{
"platform": "MX Series",
"version_affected": "\u003c",
"version_name": "19.3",
"version_value": "19.3R3"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "en",
"value": "The example of the configuration stanza affected by this issue is as follows:\n [services service-set \u003cSERVICE-SET-NAME\u003e]\n user@host# set web-filter-profile \u003cPROFILE_NAME\u003e\n\nused in combination with:\n [services web-filter profile \u003cPROFILE_NAME\u003e]\n user@host# set dns-filter-template \u003cTEMPLATE_NAME\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing \"URL Filtering service\", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2."
}
]
},
"exploit": [
{
"lang": "en",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/",
"refsource": "MISC",
"url": "https://kb.juniper.net/"
}
]
},
"solution": [
{
"lang": "en",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S8, 18.3R3-S1, 18.4R3, 19.1R3, 19.2R2, 19.3R3, 19.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA11064",
"defect": [
"1466567"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "There are no viable workarounds for this issue."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2020-1667",
"datePublished": "2020-10-16T20:31:28.699Z",
"dateReserved": "2019-11-04T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:51.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25651 (GCVE-0-2020-25651)
Vulnerability from cvelistv5 – Published: 2020-11-26 01:18 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Severity
No CVSS data available.
CWE
- CWE-362 - >CWE-200
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1886359 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | spice-vdagent |
Affected:
spice-vdagent versions 0.20 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "spice-vdagent versions 0.20 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T06:06:17.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-vdagent",
"version": {
"version_data": [
{
"version_value": "spice-vdagent versions 0.20 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362-\u003eCWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/11/04/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886359"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25651",
"datePublished": "2020-11-26T01:18:45.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25653 (GCVE-0-2020-25653)
Vulnerability from cvelistv5 – Published: 2020-11-26 01:23 – Updated: 2024-08-04 15:40
VLAI
Summary
A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior.
Severity
No CVSS data available.
CWE
- CWE-362 - >CWE-200
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1886372 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | spice-vdagent |
Affected:
spice-vdagent versions 0.20 and prior
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spice-vdagent",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "spice-vdagent versions 0.20 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-17T06:06:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-vdagent",
"version": {
"version_data": [
{
"version_value": "spice-vdagent versions 0.20 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability. This flaw affects spice-vdagent versions 0.20 and prior."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362-\u003eCWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2020/11/04/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886372"
},
{
"name": "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html"
},
{
"name": "FEDORA-2021-09ce0cdfac",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIWJ2EIQXWEA2VDBODEATHAT37X4CREP/"
},
{
"name": "FEDORA-2021-510977db25",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQT56LATVTB2DJOVVJOKQVMVUXYCT2VB/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25653",
"datePublished": "2020-11-26T01:23:16.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-25668 (GCVE-0-2020-25668)
Vulnerability from cvelistv5 – Published: 2021-05-26 11:11 – Updated: 2024-08-04 15:40
VLAI
Summary
A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.
Severity
No CVSS data available.
CWE
- CWE-362 - -> CWE-416
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2020/10/30/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2020/11/04/3 | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://www.openwall.com/lists/oss-security/2020/… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C | x_refsource_MISC |
| https://git.kernel.org/pub/scm/linux/kernel/git/t… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021070… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Linux Kernel |
Affected:
5.9.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:40:36.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
},
{
"name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Linux Kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 -\u003e CWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-02T11:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
},
{
"name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/3%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2020/10/30/1%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "5.9.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362 -\u003e CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20201030 CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/30/1"
},
{
"name": "[oss-security] 20201104 Re: CVE-2020-25668: Linux kernel concurrency use-after-free in vt",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/11/04/3"
},
{
"name": "[debian-lts-announce] 20201210 [SECURITY] [DLA 2483-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00015.html"
},
{
"name": "[debian-lts-announce] 20201218 [SECURITY] [DLA 2494-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00027.html"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/11/04/3,",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/11/04/3,"
},
{
"name": "https://www.openwall.com/lists/oss-security/2020/10/30/1,",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2020/10/30/1,"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1893287,"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=90bfdeef83f1d6c696039b6a917190dcbbad3220"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210702-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210702-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25668",
"datePublished": "2021-05-26T11:11:04.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:40:36.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27825 (GCVE-0-2020-27825)
Vulnerability from cvelistv5 – Published: 2020-12-11 17:13 – Updated: 2024-08-04 16:25
VLAI
Summary
A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat.
Severity
No CVSS data available.
CWE
- CWE-362 - >CWE-416
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1905155 | x_refsource_MISC |
| https://www.debian.org/security/2021/dsa-4843 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://security.netapp.com/advisory/ntap-2021052… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before kernel 5.10-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362-\u003eCWE-416",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T08:06:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-27825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "before kernel 5.10-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-362-\u003eCWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905155"
},
{
"name": "DSA-4843",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4843"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2557-1] linux-4.19 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00018.html"
},
{
"name": "[debian-lts-announce] 20210309 [SECURITY] [DLA 2586-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-27825",
"datePublished": "2020-12-11T17:13:31.000Z",
"dateReserved": "2020-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:25:43.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Phase: Architecture and Design
Description:
- Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
Phase: Architecture and Design
Description:
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
Phase: Implementation
Description:
- When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Phase: Implementation
Description:
- Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Phase: Implementation
Description:
- Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Phase: Implementation
Description:
- Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Phase: Implementation
Description:
- Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Phase: Implementation
Description:
- Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.