Malware Devil

Monday, October 26, 2020

ESB-2020.3642.2 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2020.3642.2
Cisco Adaptive Security Appliance Software and Firepower
Threat Defense Software Vulnerabilities
26 October 2020

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: Cisco Adaptive Security Appliance Software
Cisco Firepower Threat Defense Software
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote/Unauthenticated
Cross-site Scripting -- Remote with User Interaction
Unauthorised Access -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3583 CVE-2020-3582 CVE-2020-3581
CVE-2020-3580 CVE-2020-3578 CVE-2020-3572
CVE-2020-3564 CVE-2020-3561 CVE-2020-3555
CVE-2020-3554 CVE-2020-3529 CVE-2020-3528
CVE-2020-3458 CVE-2020-3436 CVE-2020-3373
CVE-2020-3304

Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dos-QFcNEPfx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ftpbypass-HY3UTxYu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-frag-memleak-mCtqdP9n
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ospflls-37Xy2q6r
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sipdos-3DGvdjvg
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-tcp-dos-N3DMnU4T
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webdos-fBzM5Ynw
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-fileup-dos-zvC7wtys
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-crlf-inj-BX9uRwSn
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rule-bypass-P73ABNWQ
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-sbbyp-KqP6NgrE

Revision History: October 26 2020: vendor updated cisco-sa-fxos-sbbyp-KqP6NgrE
October 22 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-dos-QFcNEPfx

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: Yes

Cisco Bug IDs: CSCvt35897

CVE-2020-3554

CWE-400

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the TCP packet processing of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device.

The vulnerability is due to a memory exhaustion condition. An attacker
could exploit this vulnerability by sending a high rate of crafted TCP
traffic through an affected device. A successful exploit could allow the
attacker to exhaust device resources, resulting in a DoS condition for
traffic transiting the affected device.

Cisco has released software updates that address this vulnerability. There
are workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-dos-QFcNEPfx

This advisory is part of the October 2020 Cisco ASA, FMC, and FTD Software
Security Advisory Bundled Publication, which includes 17 Cisco Security
Advisories that describe 17 vulnerabilities. For a complete list of the
advisories and links to them, see Cisco Event Response: October 2020 Cisco
ASA, FMC, and FTD Software Security Advisory Bundled Publication .

Affected Products

o Vulnerable Products

This vulnerability affects vulnerable releases of Cisco ASA Software and
Cisco FTD Software.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o A device may have been exploited by this vulnerability if the show blocks
command indicates a leak of 9344-byte memory blocks. The device may stop
passing traffic or performance could degrade due to this memory leak. In
this example, the memory blocks of 9344 bytes are leaked, resulting in zero
(0) blocks being available.

# show blocks
SIZE MAX LOW CNT
0 1450 1448 1450
4 100 99 99
80 1000 950 984
256 4148 3898 4040
1550 6279 6184 6258
2048 600 598 600
2560 164 164 164
4096 100 100 100
8192 100 100 100
9344 60000 0 0
16384 102 102 102
65536 16 16 16

Contact the Cisco Technical Assistance Center (TAC) if additional
assistance is required to determine whether the device has been impacted by
exploitation of this vulnerability.

Workarounds

o As a workaround, an administrator may implement the fragment reassembly
full [interface-name] command. There may be a performance impact when
implementing this command.

Fixed Software

o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Additionally, customers may only download software for which they have a
valid license, procured from Cisco directly, or through a Cisco authorized
reseller or partner. In most cases this will be a maintenance upgrade to
software that was previously purchased. Free security software updates do
not entitle customers to a new software license, additional software
feature sets, or major revision upgrades.

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service
contract and customers who make purchases through third-party vendors but
are unsuccessful in obtaining fixed software through their point of sale
should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

In the following table(s), the left column lists Cisco software releases.
The center column indicates whether a release is affected by the
vulnerability described in this advisory and the first release that
includes the fix for this vulnerability. The right column indicates whether
a release is affected by any of the vulnerabilities described in this
bundle and which release includes fixes for those vulnerabilities.

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
9.6 ^1
9.6 ^1 Not vulnerable. 9.6.4.45
9.7 ^1 Not vulnerable. Migrate to a fixed release.
9.8 Not vulnerable. 9.8.4.29
9.9 Not vulnerable. 9.9.2.80
9.10 Not vulnerable. 9.10.1.44
9.12 9.12.4.3 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.10 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
6.2.2 ^1
6.2.2 Not vulnerable. Migrate to a fixed release.
6.2.3 Not vulnerable. Migrate to a fixed release.
6.3.0 Not vulnerable. Migrate to a fixed release.
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

1. Cisco FMC and FTD Software releases 6.0.1 and earlier, as well as
releases 6.2.0 and 6.2.1, have reached end of software maintenance.
Customers are advised to migrate to a supported release that includes the
fix for this vulnerability.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

For devices that are managed by using Cisco Firepower Management Center
(FMC), use the FMC interface to install the upgrade. After installation
is complete, reapply the access control policy.
For devices that are managed by using Cisco Firepower Device Manager
(FDM), use the FDM interface to install the upgrade. After installation
is complete, reapply the access control policy.

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.

Related to This Advisory

o Cisco Event Response: October 2020 Cisco ASA, FMC, and FTD Software
Security Advisory Bundled Publication

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-dos-QFcNEPfx

Revision History

o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2020-OCT-21 |
+----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software FTP Inspection Bypass Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-ftpbypass-HY3UTxYu

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt13445

CVE-2020-3564

CWE-284

CVSS Score:
5.8 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in the FTP inspection engine of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to bypass FTP inspection.

The vulnerability is due to ineffective flow tracking of FTP traffic. An
attacker could exploit this vulnerability by sending crafted FTP traffic
through an affected device. A successful exploit could allow the attacker
to bypass FTP inspection and successfully complete FTP connections.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ftpbypass-HY3UTxYu

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected devices if they
were running a vulnerable release of Cisco ASA Software or FTD Software and
had strict FTP inspection enabled.

For information about which Cisco software releases were vulnerable, see
the Fixed Software section of this advisory. See the Details section in the
bug ID(s) at the top of this advisory for the most complete and current
information.

Determine Whether FTP Inspection Is Enabled on an ASA

To determine whether FTP inspection is enabled on an ASA, use the show
running-config policy-map command and then the show running-config
service-policy command.

Use the show running-config policy-map command and check whether the
inspect ftp strict command is present in at least one policy map. In the
following output, the global-policy policy map includes the inspect ftp
strict command:

asa# show running-config policy-map
!
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp strict
inspect h323 h225

Use the show running-config service-policy command and check whether the
policy map is applied, either globally or to a single interface. The
following output shows the global-policy policy map applied globally:

asa# show running-config service-policy
service-policy global_policy global

If the policy map that contains the inspect ftp strict command is applied
globally or to an interface, strict FTP inspection is enabled.

Determine Whether FTP Inspection Is Enabled on FTD

Configuring inspect ftp strict on FTD requires the use of FlexConfig. To
determine if inspect ftp strict is enabled on an FTD device, Secure Shell
(SSH) to the management interface of the device and use the process
previously outlined for the ASA.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.

Fixed Releases

At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.

The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerability described in
this advisory and which release included the fix for this vulnerability.

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
Migrate to a
9.6 ^1 fixed
release.
Migrate to a
9.7 ^1 fixed
release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.44
9.12 9.12.4.2
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco First Fixed
FTD Release for
Software This
Release Vulnerability
Earlier Migrate to a
than fixed
6.2.2 ^1 release.
Migrate to a
6.2.2 fixed
release.
Migrate to a
6.2.3 fixed
release.
6.3.0.6
6.3.0 (future
release)
6.4.0 6.4.0.10
6.5.0.5
6.5.0 (future
release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ftpbypass-HY3UTxYu

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software IP Fragment Memory Leak Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-frag-memleak-mCtqdP9n

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu47925

CVE-2020-3373

CWE-400

Summary

o A vulnerability in the IP fragment-handling implementation of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software could allow an unauthenticated, remote attacker to
cause a memory leak on an affected device. This memory leak could prevent
traffic from being processed through the device, resulting in a denial of
service (DoS) condition.

The vulnerability is due to improper error handling when specific failures
occur during IP fragment reassembly. An attacker could exploit this
vulnerability by sending crafted, fragmented IP traffic to a targeted
device. A successful exploit could allow the attacker to continuously
consume memory on the affected device and eventually impact traffic,
resulting in a DoS condition. The device could require a manual reboot to
recover from the DoS condition.

Note: This vulnerability applies to both IP Version 4 (IPv4) and IP Version
6 (IPv6) traffic.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-frag-memleak-mCtqdP9n

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running Cisco FTD
Software Release 6.6.0.1 or one of the following Cisco ASA Software
releases:

9.8.4.22
9.8.4.25
9.12.4.2
9.12.4.3
9.13.1.12
9.14.1.15

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o A device may have been compromised by this vulnerability if the show blocks
command indicates a leak of larger-size memory blocks (2,048 or above). If
there is a memory leak, the device could stop passing traffic or
performance could degrade. In the following example, the memory blocks of
size 9344 have leaked to the point where there are 0 blocks available:

Contact the Cisco Technical Assistance Center (TAC) if additional
assistance is required to determine whether a device has been compromised
by exploitation of this vulnerability.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release for First Fixed Release for All
Software This Vulnerability Vulnerabilities Described in the
Release Bundle of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
9.6 ^1
9.6 ^1 Not vulnerable. 9.6.4.45
9.7 ^1 Not vulnerable. Migrate to a fixed release.
9.8.4.26 (only 9.8.4.22
9.8 and 9.8.4.25 are 9.8.4.29
vulnerable)
9.9 Not vulnerable 9.9.2.80
9.10 Not vulnerable 9.10.1.44
9.12.4.4 (only 9.12.4.2
9.12 and 9.12.4.3 are 9.12.4.4
vulnerable)
9.13 9.13.1.13 (only 9.13.1.13
9.13.1.12 is vulnerable)
9.14 9.14.1.19 (only 9.14.1.30
9.14.1.15 is vulnerable)

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Not vulnerable. Migrate to a fixed release.
6.2.2 ^1
6.2.2 Not vulnerable. Migrate to a fixed release.
6.2.3 Not vulnerable. Migrate to a fixed release.
6.3.0 Not vulnerable. Migrate to a fixed release.
6.4.0 Not vulnerable. Migrate to a fixed release.
6.5.0 Not vulnerable. Migrate to a fixed release.
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-frag-memleak-mCtqdP9n

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-ospflls-37Xy2q6r

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt83121

CVE-2020-3528

CWE-400

Summary

o A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco
Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat
Defense (FTD) Software could allow an unauthenticated, remote attacker to
cause an affected device to reload, resulting in a denial of service (DoS)
condition.

The vulnerability is due to incomplete input validation when the affected
software processes certain OSPFv2 packets with Link-Local Signaling (LLS)
data. An attacker could exploit this vulnerability by sending a malformed
OSPFv2 packet to an affected device. A successful exploit could allow the
attacker to cause an affected device to reload, resulting in a DoS
condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ospflls-37Xy2q6r

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software and are configured to support
OSPF routing.

Note: Devices that are configured for OSPF Version 3 (OSPFv3) only are not
affected by this vulnerability.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether OSPF Routing Is Configured on a Cisco ASA Device

To determine whether OSPF routing is configured on a Cisco ASA device, use
the show ospf neighbor privileged mode command. If no output is returned,
OSPF routing is not configured. In the following example, the device is
configured for OSPF routing:

asa# show ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
6.1.1.1 1 FULL/DR 0:00:39 10.1.1.2 outside
.
.
.

Determine Whether OSPF Routing Is Configured on a Cisco FTD Device

To determine whether OSPF routing is configured on a Cisco FTD device, do
one of the following:

For devices that are managed by using Cisco Firepower Management Center
(FMC), choose Devices > Device Management , choose a specific device,
and then choose Routing > OSPF . If either Process 1 or Process 2 has a
check mark, OSPF is enabled on the device.
For devices that are managed by using Cisco Firepower Device Manager
(FDM), choose Device > Advanced Configuration > View Configuration >
Smart CLI > Routing . If there is an object with the type of OSPF ,
then OSPF is enabled on the device.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.22 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.2 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.15 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
6.2.2 ^1 release.
6.2.2 Migrate to a fixed Migrate to a fixed release.
release.
6.2.3 Migrate to a fixed Migrate to a fixed release.
release.
6.3.0 6.3.0.6 (future Migrate to a fixed release.
release)
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Santosh Krishnamurthy of Cisco during
internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-ospflls-37Xy2q6r

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SIP Denial of Service Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-sipdos-3DGvdjvg

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu15801

CVE-2020-3555

CWE-404

Summary

o A vulnerability in the SIP inspection process of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a crash and reload
of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to a watchdog timeout and crash during the cleanup
of threads that are associated with a SIP connection that is being deleted
from the connection list. An attacker could exploit this vulnerability by
sending a high rate of crafted SIP traffic through an affected device. A
successful exploit could allow the attacker to cause a watchdog timeout and
crash, resulting in a crash and reload of the affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sipdos-3DGvdjvg

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products if
they were running a vulnerable release of Cisco ASA Software or FTD
Software and were configured to perform inspection of SIP traffic.

For information about which Cisco software releases were vulnerable at the
time of publication, see the Fixed Software section of this advisory. See
the Details section in the bug ID(s) at the top of this advisory for the
most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco ASA Software Release First Fixed Release for This Vulnerability
Earlier than 9.6 ^1 Migrate to a fixed release.
9.6 ^1 9.6.4.43
9.7 ^1 Migrate to a fixed release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.4.2
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD Software Release First Fixed Release for This Vulnerability
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 6.3.0.6 (future release)
6.4.0 6.4.0.10
6.5.0 6.5.0.5 (future release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sipdos-3DGvdjvg

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SSL VPN Direct Memory Access Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu59817

CVE-2020-3529

CWE-400

Summary

o A vulnerability in the SSL VPN negotiation process for Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to cause a reload
of an affected device, resulting in a denial of service (DoS) condition.

The vulnerability is due to inefficient direct memory access (DMA) memory
management during the negotiation phase of an SSL VPN connection. An
attacker could exploit this vulnerability by sending a steady stream of
crafted Datagram TLS (DTLS) traffic to an affected device. A successful
exploit could allow the attacker to exhaust DMA memory on the device and
cause a DoS condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software and have Clientless SSL VPN
or AnyConnect SSL VPN configured.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether an SSL VPN Is Configured

To determine whether Clientless SSL VPN or AnyConnect SSL VPN is enabled on
a device, use the show running-config webvpn command. The following example
shows the output of the command for a device that has Clientless SSL VPN or
AnyConnect SSL VPN enabled:

cisco# show running-config webvpn
webvpn
.
.
.
enable
.
.
.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Indicators of Compromise

o Exploitation of this vulnerability could cause an affected device to run
low on DMA memory. To check whether Free memory is decreasing without
increasing, use the show memory detail | begin MEMPOOL_DMA command and
monitor the output, which is shown in the following example:

device(config)# show memory detail | begin MEMPOOL_DMA
MEMPOOL_DMA POOL STATS:

Non-mmapped bytes allocated = 222298112
Number of free chunks = 162
Number of mmapped regions = 0
Mmapped bytes allocated = 0
Max memory footprint = 222298112
Keepcost = 3264
Max contiguous free mem = 3264
Allocated memory in use = 222259824
Free memory = 38288

If the value of the Free memory counter decreases quickly for a sustained
period of time, administrators are advised to contact the Cisco Technical
Assistance Center (TAC) for further investigation.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.29 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.4 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.30 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-sslvpndma-dos-HRrqB9Yx

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software SSL/TLS Session Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu46685

CVE-2020-3572

CWE-400

Summary

o A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to cause a denial of
service (DoS) condition on an affected device.

The vulnerability is due to a memory leak when closing SSL/TLS connections
in a specific state. An attacker could exploit this vulnerability by
establishing several SSL/TLS sessions and ensuring they are closed under
certain conditions. A successful exploit could allow the attacker to
exhaust memory resources in the affected device, which would prevent it
from processing new SSL/TLS connections, resulting in a DoS. Manual
intervention is required to recover an affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

Affected Products

o Vulnerable Products

This vulnerability affects Cisco devices if they are running a vulnerable
release of Cisco ASA Software or Cisco FTD Software and have a feature
enabled that causes the device to process SSL/TLS messages. These features
include, but are not limited to, the following:

AnyConnect SSL VPN
Clientless SSL VPN
HTTP server used for the management interface

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Determine Whether a Device Could Process SSL or TLS Messages

To verify whether a device that is running Cisco ASA Software or Cisco FTD
Software could process SSL or TLS packets, use the show asp table socket |
include SSL|DTLS command and verify that it returns output. When this
command returns any output, the device is vulnerable. When this command
returns empty output, the device is not affected by the vulnerability
described in this advisory. The following example shows the output of the
show asp table socket | include SSL|DTLS command from a device that is
vulnerable:

device# show asp table socket | include SSL|DTLS
SSL 0005aa68 LISTEN x.x.x.x:443 0.0.0.0:*
SSL 002d9e38 LISTEN x.x.x.x:8443 0.0.0.0:*
DTLS 0018f7a8 LISTEN 10.0.0.250:443 0.0.0.0:*

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.26 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.4 9.12.4.4
9.13 9.13.1.13 9.13.1.13
9.14 9.14.1.1 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco FTD First Fixed Release First Fixed Release for All the
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
6.2.2 ^1 release.
6.2.2 Migrate to a fixed Migrate to a fixed release.
release.
6.2.3 Migrate to a fixed Migrate to a fixed release.
release.
6.3.0 6.3.0.6 (future Migrate to a fixed release.
release)
6.4.0 6.4.0.10 Migrate to a fixed release.
6.5.0 6.5.0.5 (future Migrate to a fixed release.
release)
6.6.0 6.6.1 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Azita Parsamanesh of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-tcp-dos-N3DMnU4T

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-webdos-fBzM5Ynw

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvs10748CSCvt70322

CVE-2020-3304

CWE-400

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the web interface of Cisco Adaptive Security Appliance
(ASA) Software and Firepower Threat Defense (FTD) Software could allow an
unauthenticated, remote attacker to cause an affected device to reload
unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to a lack of proper input validation of HTTP
requests. An attacker could exploit this vulnerability by sending a crafted
HTTP request to an affected device. An exploit could allow the attacker to
cause a DoS condition.

Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6
(IPv6) HTTP traffic.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-webdos-fBzM5Ynw

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or FTD Software with a vulnerable HTTP
configuration.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

Cisco ASA Software

In the following table, the left column lists the vulnerable Cisco ASA
Software feature(s). The right column indicates the basic configuration
from the show running-config CLI command. If the device is running a
vulnerable software release and is configured for a vulnerable feature, it
is affected by this vulnerability.

Cisco ASA Software Feature Vulnerable Configuration
Adaptive Security Device http server enable
Manager (ASDM) ^1 http

http server enable
Cisco Security Manager ^1 http

REST API ^2 rest-api image disk0:/
rest-api agent

1. ASDM and Cisco Security Manager are vulnerable from an IP address in the
configured http command range only.
2. The REST API is first supported in Cisco ASA Software Release 9.3.2.

Cisco FTD Software

In the following table, the left column lists the vulnerable Cisco FTD
Software feature(s). The right column indicates the basic configuration
from the show running-config CLI command. If the device is running a
vulnerable software release and is configured for a vulnerable feature, it
is affected by this vulnerability.

Cisco FTD Software Vulnerable Configuration
Feature
HTTP Service enabled ^ http server enable
1 http

1. The HTTP feature is enabled through Firepower Threat Defense Platform
Settings > HTTP in Cisco Firepower Management Center (FMC).

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.22 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.3.12 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.10 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-webdos-fBzM5Ynw

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services File Upload Denial of Service Vulnerability

Priority: High

Advisory ID: cisco-sa-asaftd-fileup-dos-zvC7wtys

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt60190

CVE-2020-3436

CWE-434

CVSS Score:
8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X

Summary

o A vulnerability in the web services interface of Cisco Adaptive Security
Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could
allow an unauthenticated, remote attacker to upload arbitrary-sized files
to specific folders on an affected device, which could lead to an
unexpected device reload.

The vulnerability exists because the affected software does not efficiently
handle the writing of large files to specific folders on the local file
system. An attacker could exploit this vulnerability by uploading files to
those specific folders. A successful exploit could allow the attacker to
write a file that triggers a watchdog timeout, which would cause the device
to unexpectedly reload, causing a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-fileup-dos-zvC7wtys

Affected Products

o Vulnerable Products

This vulnerability affects Cisco products if they are running a vulnerable
release of Cisco ASA Software or Cisco FTD Software with a vulnerable
AnyConnect or WebVPN configuration.

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

ASA Software

In the following table, the left column lists the Cisco ASA features that
are vulnerable. The right column indicates the basic configuration for the
feature from the show running-config CLI command. If the device is
configured for one of these features, it is vulnerable.

Cisco ASA Vulnerable Configuration
Feature
AnyConnect
IKEv2
Remote crypto ikev2 enable client-services port
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

Clientless webvpn
SSL VPN enable

FTD Software

In the following table, the left column lists the Cisco FTD features that
are vulnerable. The right column indicates the basic configuration for the
feature from the show running-config CLI command. If the device is
configured for one of these features, it is vulnerable.

On devices running Cisco FTD Software, the show running-config command is
available from Diagnostic CLI mode only. To enter Diagnostic CLI mode, use
the system support diagnostic-cli command in the regular Firepower Threat
Defense CLI.

Cisco FTD Vulnerable Configuration
Feature
AnyConnect
IKEv2
Remote
Access crypto ikev2 enable client-services port
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are enabled through Devices > VPN > Remote
Access in the Cisco Firepower Management Center (FMC) or through Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
2. Remote Access VPN features were first supported as of Cisco FTD Software
Release 6.2.2.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

o Cisco has released free software updates that address the vulnerability
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license: https://www.cisco.com/c/en/us/products/
end-user-license-agreement.html

When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories and Alerts page , to determine exposure and a
complete upgrade solution.

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

Cisco ASA Software

Cisco ASA First Fixed Release First Fixed Release for All
Software for This Vulnerabilities Described in the Bundle
Release Vulnerability of Advisories
Earlier than Migrate to a fixed Migrate to a fixed release.
9.6 ^1 release.
9.6 ^1 9.6.4.45 9.6.4.45
9.7 ^1 Migrate to a fixed Migrate to a fixed release.
release.
9.8 9.8.4.25 9.8.4.29
9.9 9.9.2.80 9.9.2.80
9.10 9.10.1.44 9.10.1.44
9.12 9.12.4.2 9.12.4.4
9.13 9.13.1.12 9.13.1.13
9.14 9.14.1.15 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found by Ilkin Gasimov of Cisco during internal
security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-fileup-dos-zvC7wtys

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software Web Services Interface Cross-Site Scripting Vulnerabilities

Priority: Medium

Advisory ID: cisco-sa-asaftd-xss-multiple-FCB3vPZe

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu44910CSCvu75581CSCvu83309CSCvv13835

CVE-2020-3580
CVE-2020-3581
CVE-2020-3582
CVE-2020-3583

CWE-79

Summary

o Multiple vulnerabilities in the web services interface of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to conduct
cross-site scripting (XSS) attacks against a user of the web services
interface of an affected device.

The vulnerabilities are due to insufficient validation of user-supplied
input by the web services interface of an affected device. An attacker
could exploit these vulnerabilities by persuading a user of the interface
to click a crafted link. A successful exploit could allow the attacker to
execute arbitrary script code in the context of the interface or allow the
attacker to access sensitive, browser-based information.

Note: These vulnerabilities affect only specific AnyConnect and WebVPN
configurations. For more information, see the Vulnerable Products section.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-xss-multiple-FCB3vPZe

Affected Products

o Vulnerable Products

At the time of publication, these vulnerabilities affected Cisco products
if they were running a vulnerable release of Cisco ASA Software or FTD
Software with a vulnerable AnyConnect or WebVPN configuration.

Cisco ASA Software

In the following table, the left column lists the Cisco ASA Software
features that were vulnerable at the time of publication. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device was running a vulnerable release
and was configured for one of these features, it was affected by these
vulnerabilities.

Cisco ASA Vulnerable Configuration
Software
Feature
AnyConnect
Internet
Key
Exchange
Version 2 crypto ikev2 enable client-services port
(IKEv2)
Remote
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

Clientless webvpn
SSL VPN enable

Cisco FTD Software

In the following table, the left column lists the Cisco FTD Software
features that were vulnerable at the time of publication. The right column
indicates the basic configuration for each feature from the show
running-config CLI command. If a device was running a vulnerable release
and was configured for one of these features, it was affected by these
vulnerabilities.

Cisco FTD Vulnerable Configuration
Software
Feature
AnyConnect
Internet
Key
Exchange
Version 2
(IKEv2) crypto ikev2 enable client-services port
Remote
Access
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are first supported in Cisco FTD Software
Release 6.2.2.
2. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that these vulnerabilities do not affect Cisco
Firepower Management Center (FMC) Software.

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

Fixed Releases

The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerabilities described
in this advisory and which release included the fix for these
vulnerabilities.

Cisco ASA Software

Cisco ASA Software Release First Fixed Release for These Vulnerabilities
Earlier than 9.6 ^1 Migrate to a fixed release.
9.6 ^1 Migrate to a fixed release.
9.7 ^1 Migrate to a fixed release.
9.8 9.8.4.29
9.9 9.9.2.80
9.10 9.10.1.44
9.12 9.12.4.4
9.13 9.13.1.13
9.14 9.14.1.30

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for these vulnerabilities.

Cisco FTD Software

Cisco FTD Software Release First Fixed Release for These Vulnerabilities
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 6.3.0.6 (future release)
6.4.0 6.4.0.10
6.5.0 6.5.0.5 (future release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o Cisco would like to thank the following security researchers:

Abdulrahman Nour and Ahmed Aboul-Ela of RedForce, Mikhail Klyuchnikov
of Positive Technologies, and Phil Purviance for independently
reporting CVE-2020-3580
Maxim Suslov and Phil Purviance for independently reporting
CVE-2020-3581
Phil Purviance for reporting CVE-2020-3582
Maxim Suslov and Phil Purviance for independently reporting
CVE-2020-3583

Cisco Security Vulnerability Policy

Related to This Advisory

o Cross-Site Scripting

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-xss-multiple-FCB3vPZe

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software WebVPN CRLF Injection Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvt18028

CVE-2020-3561

CWE-93

CVSS Score:
4.7 AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:X/RL:X/RC:X

Summary

o A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive
Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)
Software could allow an unauthenticated, remote attacker to inject
arbitrary HTTP headers in the responses of the affected system.

The vulnerability is due to improper input sanitization. An attacker could
exploit this vulnerability by persuading a user of the interface to click a
crafted link. A successful exploit could allow the attacker to conduct a
CRLF injection attack, adding arbitrary HTTP headers in the responses of
the system and redirecting the user to arbitrary websites.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products
running Cisco ASA Software or FTD Software when configured for AnyConnect/
WebVPN and the Load Balancing service was enabled.

For information about which Cisco ASA Software and FTD Software releases
were vulnerable, see the Fixed Software section of this advisory. See the
Details section in the bug ID(s) at the top of this advisory for the most
complete and current information.

Determine If WebVPN Is Enabled

To determine if the WebVPN service is enabled on a device, use the show
running-config webvpn privileged EXEC command and refer to the output of
the command. The following example shows the output of the command for a
device that has the WebVPN service enabled:

ciscoasa# show running-config webvpn
.
.
.
webvpn
enable interface_name
.
.
.

To view AnyConnect-related configuration, use the show webvpn anyconnect
command.

Determine If Load Balancing Is Enabled

To determine if the Load Balancing service is enabled on a device, see
Viewing VPN Load Balancing Information .

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
9.6 ^1 9.6.4.35
9.7 ^1 9.8.4.20
9.8 9.8.4.20
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.3.9
9.13 9.13.1.10
9.14 9.14.1.10

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

Cisco First Fixed
FTD Release for
Software This
Release Vulnerability
Earlier Migrate to a
than fixed
6.3.0 ^1 release.
6.3.0.6
6.3.0 (future
release)
6.4.0 6.4.0.10
6.5.0.5
6.5.0 (future
release)
6.6.0 6.6.1

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asa-ftd-crlf-inj-BX9uRwSn

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software WebVPN Portal Access Rule Bypass Vulnerability

Priority: Medium

Advisory ID: cisco-sa-asaftd-rule-bypass-P73ABNWQ

First Published: 2020 October 21 16:00 GMT

Version 1.0: Final

Workarounds: No workarounds available

Cisco Bug IDs: CSCvu75615

CVE-2020-3578

CWE-863

Summary

o A vulnerability in the web services interface of Cisco Adaptive Security
Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
could allow an unauthenticated, remote attacker to bypass a configured
access rule and access parts of the WebVPN portal that are supposed to be
blocked.

The vulnerability is due to insufficient validation of URLs when portal
access rules are configured. An attacker could exploit this vulnerability
by accessing certain URLs on the affected device.

Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-rule-bypass-P73ABNWQ

Affected Products

o Vulnerable Products

At the time of publication, this vulnerability affected Cisco products if
they were running a vulnerable release of Cisco ASA Software or FTD
Software with a vulnerable AnyConnect or WebVPN configuration and had a
portal access rule configured.

Determine Whether a Portal Access Rule Is Configured

To verify whether a portal access rule is configured, use the show
running-config webvpn | include portal-access-rule command. If that command
returns output, the device is vulnerable. Empty output indicates that the
device is not vulnerable.

Determine Whether a Vulnerable AnyConnect or WebVPN Configuration Is
Present

Cisco ASA Software

In the following table, the left column lists the Cisco ASA Software
features that are vulnerable. The right column indicates the basic
configuration for the feature from the show running-config CLI command. If
the device is running a vulnerable release and is configured for one of
these features, it is vulnerable.

Cisco ASA Vulnerable Configuration
Software
Feature
AnyConnect
IKEv2
Remote crypto ikev2 enable client-services port
Access
(with
client
services)
AnyConnect webvpn
SSL VPN enable

webvpn
Clientless
SSL VPN webvpn
enable

Cisco FTD Software

In the following table, the left column lists the Cisco FTD Software
features that are vulnerable. The right column indicates the basic
configuration for the feature from the show running-config CLI command. If
the device is running a vulnerable release and is configured for one of
these features, it is vulnerable.

Cisco FTD Vulnerable Configuration
Software
Feature
AnyConnect
IKEv2
Remote
Access crypto ikev2 enable client-services port
(with
client
services)
^1,2
AnyConnect webvpn
SSL VPN ^ enable
1,2

1. Remote Access VPN features are enabled by using Devices > VPN > Remote
Access in Cisco Firepower Management Center (FMC) or by using Device >
Remote Access VPN in Cisco Firepower Device Manager (FDM).
2. Remote Access VPN features are first supported in Cisco FTD Software
Release 6.2.2.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address this vulnerability.

Fixed Software

Fixed Releases

Cisco ASA Software

Cisco First Fixed
ASA Release for
Software This
Release Vulnerability
Earlier Migrate to a
than 9.6 fixed
^1 release.
9.6 ^1 9.6.4.45
Migrate to a
9.7 ^1 fixed
release.
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.44
9.12 9.12.4.4
9.13 9.13.1.13
9.14 9.14.1.19

1. Cisco ASA Software releases 9.7 and earlier have reached end of software
maintenance. Customers are advised to migrate to a supported release that
includes the fix for this vulnerability.

Cisco FTD Software

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerability that is
described in this advisory.

Source

o This vulnerability was found during the resolution of a Cisco TAC support
case.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-asaftd-rule-bypass-P73ABNWQ

Revision History

- --------------------------------------------------------------------------------

Cisco Adaptive Security Appliance Software and Firepower Threat Defense
Software for Firepower 1000/2100 Series Appliances Secure Boot Bypass
Vulnerabilities

Priority: High

Advisory ID: cisco-sa-fxos-sbbyp-KqP6NgrE

First Published: 2020 October 21 16:00 GMT

Last Updated: 2020 October 23 13:31 GMT

Version 1.1: Final

Workarounds: No workarounds availableCisco Bug IDs: CSCvt31177CSCvt31178

CVE-2020-3458

CWE-693

CVSS Score:
6.7 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

o Update from October 23, 2020: Cisco has become aware of a new Cisco
Adaptive Security Appliance vulnerability that could affect the fixed
releases recommended for code trains 9.13 and 9.14 in the Fixed Software
section of this advisory. See the Cisco Adaptive Security Appliance
Software SSL/TLS Denial of Service Vulnerability for additional
information.

Multiple vulnerabilities in the secure boot process of Cisco Adaptive
Security Appliance (ASA) Software and Firepower Threat Defense (FTD)
Software for the Firepower 1000 Series and Firepower 2100 Series Appliances
could allow an authenticated, local attacker to bypass the secure boot
mechanism.

The vulnerabilities are due to insufficient protections of the secure boot
process. An attacker could exploit these vulnerabilities by injecting code
into specific files that are then referenced during the device boot
process. A successful exploit could allow the attacker to break the chain
of trust and inject code into the boot process of the device, which would
be executed at each boot and maintain persistence across reboots.

Cisco has released software updates that address these vulnerabilities.
There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbyp-KqP6NgrE

Affected Products

o Vulnerable Products

These vulnerabilities affect Cisco ASA Software and FTD Software when
running on the following products:

Firepower 1000 Series Appliances
Firepower 2100 Series Appliances

For information about which Cisco software releases are vulnerable, see the
Fixed Software section of this advisory.

For the Firepower 4100 Series Appliances and Firepower 9300 Series
Appliances running FXOS, see the following advisory:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbp-XTuPkYTn

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory
are known to be affected by these vulnerabilities.

Cisco has confirmed that this vulnerability does not affect Cisco Firepower
Management Center (FMC) Software.

Workarounds

o There are no workarounds that address these vulnerabilities.

Fixed Software

o Cisco has released free software updates that address the vulnerabilities
described in this advisory. Customers may only install and expect support
for software versions and feature sets for which they have purchased a
license. By installing, downloading, accessing, or otherwise using such
software upgrades, customers agree to follow the terms of the Cisco
software license:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

Customers Without Service Contracts

Customers should have the product serial number available and be prepared
to provide the URL of this advisory as evidence of entitlement to a free
upgrade.

Fixed Releases

In the following table(s), the left column lists Cisco software releases
and the right column indicates whether a release is affected by the
vulnerabilities described in this advisory and the first release that
includes the fix for these vulnerabilities.

ASA Software for Firepower 1000 Series and Firepower 2100 Series

Cisco ASA Software Release First Fixed Release for these Vulnerabilities
9.8 9.8.4.26
9.9 9.9.2.80
9.10 9.10.1.43
9.12 9.12.4.3
9.13 9.13.1.13
9.14 9.14.1.15

Note : Firepower 1000 Series Appliances were first supported in ASA
Software Release 9.13 and Firepower 2100 Series Appliances were first
supported in ASA Software Release 9.8.

FTD Software for Firepower 1000 Series and Firepower 2100 Series

Cisco FTD Software Release First Fixed Release for these Vulnerabilities
Earlier than 6.2.2 ^1 Migrate to a fixed release.
6.2.2 Migrate to a fixed release.
6.2.3 Migrate to a fixed release.
6.3.0 6.3.0.6 (future release)
6.4.0 6.4.0.10
6.5.0 6.5.0.5 (future release)
6.6.0 6.6.1

Note : Firepower 1000 Series Appliances were first supported on FTD
Software Release 6.4.0 and Firepower 2100 Series appliances were first
supported on FTD Software Release 6.2.1.

To upgrade to a fixed release of Cisco FTD Software, do one of the
following:

Exploitation and Public Announcements

o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
any public announcements or malicious use of the vulnerabilities that are
described in this advisory.

Source

o These vulnerabilities were found during internal security testing.

Cisco Security Vulnerability Policy

URL

o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
cisco-sa-fxos-sbbyp-KqP6NgrE

Revision History

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5ZCUONLKJtyKPYoAQjCzg//dpF4H/xyPfsTxCXPauuuVboWFuQgjHxy
iexMjtdHA0eH3pKJZ6IjT3misGPbVeMfDhaPZdXRZ3cEUbOluWXAbmL8BqfZ39Wp
OJMRAVxV+CWgNO/dmSqWSO5IYa4aGfDCKuqu3p1A8RXiXLQ6MRuNHeCxuoF9tEZP
Vr+O0APWCjYm9I7XHg+ZZ+8ClGqAnQ+0HMVp7PR8D385nlDB5njWKfURNIcZFB1x
9xYWVH7zBkbwr/aUwShTkCEVZWPSdB7LVn+YWEL9tsOFej3oV2OOZEIBhfnnP5Y+
vntzxr1yoRj+ZcrilPTO87yEPCj/6tjW5PlLObKt7oJtH1Ne9GHxw2f+EwW7Cmji
VVjhBCuFwvM9dq7zz9NmWkZJpY691QsfyBXV+PwNw4eCdlrf4aIwQOb7tebUR8Rn
A15ZCcQjzz7KrMS3j/GCLcSE0pBjsFIYmxuLe3sqkvGwf4rC40TZ4YMiwV8m1Jau
9aVvc9845scHFDHTp3oBbYGgPCUhviQWA0qNBQG8tgss6mabYsO6NHYvrzg+OJNN
VnXZIWXv5KVAzYsbIu/bXFiKJddsutdqDP1AVPvELIjdeIVMs0ELSkmtBandWLS2
PAXhrFV49YYQPfHkG4gzic5lVsVfm+HqWlaTQGRgWDBK93h9tWnZ4qLymUP/Ve3v
oEaXlaPY+7Y=
=ZKgg
-----END PGP SIGNATURE-----

The post ESB-2020.3642.2 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3642-2-update-cisco-cisco-adaptive-security-appliance-software-cisco-firepower-threat-defense-software-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3642-2-update-cisco-cisco-adaptive-security-appliance-software-cisco-firepower-threat-defense-software-multiple-vulnerabilities

ESB-2019.4708.9 – UPDATED ALERT [Appliance] Citrix Application Delivery Controller & Gateway: Execute arbitrary code/commands – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2019.4708.9
Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Citrix Application Delivery Controller
                   Citrix Gateway
Publisher:         Citrix
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-19781  

Original Bulletin: 
   https://support.citrix.com/article/CTX267027

Revision History:  October  26 2020: vendor issued minor clarification
                   January  28 2020: Fixed releases are available for all listed versions.
                   January  23 2020: Announced fixes for SD-WAN WANOP appliances
                   January  20 2020: Announced release of 12.0 and 11.1 builds. Announced earlier release dates for other versions.
                   January  17 2020: SD-WAN WANOP added, Citrix ADC 12.1 responder bug added and CVE verification tool added
                   January  13 2020: Fix timelines updated
                   December 24 2019: This bulletin incorrectly advised that a patch was available. Note that only mitigation steps are available at present.
                   December 24 2019: Upgraded priority to "Alert". No known exploitation in the wild but significant potential.
                   December 18 2019: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance

Reference: CTX267027

Category : Critical

Created  : 17 Dec 2019

Modified : 23 Oct 2020

Applicable Products

  o NetScaler
  o NetScaler Gateway
  o Citrix ADC
  o Citrix Gateway
  o Citrix SD-WAN WANOP

Description of Problem

A vulnerability has been identified in Citrix Application Delivery Controller
(ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as
NetScaler Gateway that, if exploited, could allow an unauthenticated attacker
to perform arbitrary code execution.

The scope of this vulnerability includes Citrix ADC and Citrix Gateway Virtual
Appliances (VPX)hosted on any of Citrix Hypervisor (formerly XenServer), ESX,
Hyper-V, KVM, Azure, AWS, GCP, Citrix ADCMPX or Citrix ADC SDX.

Further investigation by Citrix has shown that this issue also affects certain
deployments of Citrix SD-WAN, specifically Citrix SD-WAN WANOP edition.Citrix
SD-WAN WANOP edition packages Citrix ADC as a load balancer thus resulting in
the affected status.

The vulnerability has been assigned the following CVE number:

o CVE-2019-19781 : Vulnerability in Citrix Application Delivery Controller,
Citrix Gateway and Citrix SD-WAN WANOP appliance leading to arbitrary code
execution

The vulnerability affects the following supported product versions on all
supported platforms:

o Citrix ADC and Citrix Gateway version 13.0 all supported builds before
13.0.47.24

o NetScaler ADC and NetScaler Gateway version 12.1 all supported builds before
12.1.55.18

o NetScaler ADC and NetScaler Gateway version 12.0 all supported builds before
12.0.63.13

o NetScaler ADC and NetScaler Gateway version 11.1 all supported builds before
11.1.63.15

o NetScaler ADC and NetScaler Gateway version 10.5 all supported builds before
10.5.70.12

o Citrix SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO
all supported software release builds before 10.2.6b and 11.0.3b

What Customers Should Do

Exploits of this issue on unmitigated appliances have been observed in the
wild. Citrix strongly urges affected customers to immediately upgrade to a
fixed build OR apply the provided mitigation which applies equally to Citrix
ADC, Citrix Gateway and Citrix SD-WAN WANOP deployments. Customers who have
chosen to immediately apply the mitigation should then upgrade all of their
vulnerable appliances to a fixed build of the appliance at their earliest
schedule. Subscribe to bulletin alerts at https://support.citrix.com/user/
alerts to be notified when the new fixes are available.

The following knowledge base article contains the steps to deploy a responder
policy to mitigate the issue in the interim until the system has been updated
to a fixed build: CTX267679 - Mitigation steps for CVE-2019-19781

The following knowledge base article contains the steps to deploy a responder
policy to mitigate the issue in the interim until a permanent fix is available:
CTX267679-Mitigation steps for CVE-2019-19781

Upon application of the mitigation steps, customers may then verify correctness
using the tool published here: CTX269180 - CVE-2019-19781 - Verification Tool

In Citrix ADC and Citrix Gateway Release "12.1 build 50.28", an issue exists
that affects responder and rewrite policies causing them not to process the
packets that matched policy rules. This issue was resolved in "12.1 build 50.28
/31" after which the mitigation steps, if applied, will be effective. However,
Citrix recommends that customers using these builds now update to "12.1 build
55.18", or later, where CVE-2019-19781 issue is already addressed.

Customers on "12.1 build 50.28" who wish to defer updating to "12.1 build
55.18" or later shouldchoose one from the following two options for the
mitigation steps to function as intended:

1. Update to the refreshed "12.1 build 50.28/50.31" or later and apply the
mitigation steps, OR

2. Apply the mitigation steps towards protecting the management interface as
published in CTX267679. This will mitigate attacks, not just on the management
interface but on ALL interfaces including Gateway and AAA virtual IPs

Fixed builds have been released across all supported versions of Citrix ADC and
Citrix Gateway. Fixed builds have also been released for Citrix SD-WAN WANOP
for the applicable appliance models. Citrix strongly recommends that customers
install these updates at their earliest schedule. The fixed builds can be
downloaded from https://www.citrix.com/downloads/citrix-adc/ and https://
www.citrix.com/downloads/citrix-gateway/ and https://www.citrix.com/downloads/
citrix-sd-wan/

 
Customers who have upgraded to fixed builds do not need to retain the
mitigation described in CTX267679.

Fix Timelines

Citrix has released fixes in the form of refresh builds across all supported
versions of Citrix ADC, Citrix Gateway, and applicable appliance models of
Citrix SD-WAN WANOP. Please refer to the table below for the release dates.

+-----------------------------------------------------------------------------+
|                        Citrix ADC and Citrix Gateway                        |
+----------+-------------------------+----------------------------------------+
|Version   |Refresh Build            |Release Date                            |
+----------+-------------------------+----------------------------------------+
|10.5      |10.5.70.12               |24th January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|11.1      |11.1.63.15               |19th January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|12.0      |12.0.63.13               |19th January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|12.1      |12.1.55.18               |23rd January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|13.0      |13.0.47.24               |23rd January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|                             Citrix SD-WAN WANOP                             |
+----------+-------------------------+----------------------------------------+
|Release   |Citrix ADC Release       |Release Date                            |
+----------+-------------------------+----------------------------------------+
|10.2.6b   |11.1.51.615              |22nd January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+
|11.0.3b   |11.1.51.615              |22nd January 2020 (Released)            |
+----------+-------------------------+----------------------------------------+


Acknowledgements

Citrix thanks Mikhail Klyuchnikov of Positive Technologies, and Gianlorenzo
Cipparrone and Miguel Gonzalez of Paddy Power Betfair plc for working with us
to protect Citrix customers.

Changelog

+------------+----------------------------------------------------------------+
|Date        |Change                                                          |
+------------+----------------------------------------------------------------+
|17th        |                                                                |
|December    |Initial Publication                                             |
|2019        |                                                                |
+------------+----------------------------------------------------------------+
|11th January|Fix Timelines Updated                                           |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|16th January|SD-WAN WANOP added/Citrix ADC 12.1 responder bug detail added   |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|16th January|CVE verification tool                                           |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|17th January|Update to Citrix ADC and Citrix Gateway 12.1 responder policy   |
|2020        |issue                                                           |
+------------+----------------------------------------------------------------+
|19th January|Announced release of 12.0 and 11.1 builds. Announced earlier    |
|2020        |release dates for other versions.                               |
+------------+----------------------------------------------------------------+
|22nd January|Announced fixes for SD-WAN WANOP appliances                     |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|23rd January|Announced (accelerated) release of 13.0 and 12.1 builds.        |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|24th January|Announced release of 10.5 build                                 |
|2020        |                                                                |
+------------+----------------------------------------------------------------+
|23rd October|Added explicit statement clarifying that MPX is affected        |
|2020        |                                                                |
+------------+----------------------------------------------------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5ZEE+NLKJtyKPYoAQjwQQ/+NYAoLLXXHf6nhCRjCXLPL9xvnwyOT0dA
WuEimVVC2Vw5vqJoj5bCIww+Ctg4FFXzQkXHVB7GbbonUnJwKMZMTgMs+QfOX11A
UxGxPArInvm/PsZFMYbTRIb1eHQwWfB98rWSWlASTHfXh05Uod27KvVvBoppbHIK
PWlSoDS2aqyxHQFNfl2AXEJtPJmtFGuizBY43SEAvvlMqAqCdKPPV7wwaBw4WkY+
frBj9juK2r5Ug5hqoB6lL7+bSxdauM08C4ScGfUo2oIADMSSZXlIgipFeCbuLaHy
3zodhbqcvtMGJhD7B1cG/OJnVe36tNRs0DeLsbpCkKHQ9BrDJ4sVabHXbkno3K25
MP+A/xhKYfQW+qjK4QjZa18uj9YwObZlTN/SjOOqa0P1FhHptlaBV/0ow3S64Knh
HaVF9BLdO5iFti31HWuXIXjIwPV+0YOkGFjOWAXQE0GfZFZ/XBTlCNjhZyQ/xa73
deYWaHQHHfMuGMMzCdvqZYD6MEVn1oeb1UQxzgD2lWv9zNvUTtZDOwkyDiRXw+zO
HispEc6jsRGuJ2scDS0Ifw5L0l4wn9IcHveI2ledJ7dk7aEJ7jWVIW+vB9wXrQoL
nIgKmpL6sdMvjh7VupzXIq/NuRE0ivdsGT6oBmgyyCZr2xgalsrgrmXOlkPQeFAu
T7sQlkV7BOw=
=YbIa
-----END PGP SIGNATURE-----

The post ESB-2019.4708.9 – UPDATED ALERT [Appliance] Citrix Application Delivery Controller & Gateway: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2019-4708-9-updated-alert-appliance-citrix-application-delivery-controller-gateway-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2019-4708-9-updated-alert-appliance-citrix-application-delivery-controller-gateway-execute-arbitrary-code-commands-remote-unauthenticated

ESB-2020.3679 – [Win][UNIX/Linux][Virtual] VMWare: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3679
              VMSA-0020-0024 - VMWare Horizon vulnerabilities
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           VMware Horizon Server
                   VMware Horizon Client for Windows
Publisher:         VMWare
Operating System:  VMware ESX Server
                   Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Existing Account            
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-3998 CVE-2020-3997 

Original Bulletin: 
   https://www.vmware.com/security/advisories/VMSA-2020-0024.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Advisory ID: VMSA-0020-0024

CVSSv3 Range: 3.3 - 4.1

Issue Date: 2020-10-22
Updated On: 2020-10-22 (Initial Advisory)

CVE(s): CVE-2020-3997, CVE-2020-3998

Synopsis:
VMware Horizon Server and VMware Horizon Client updates address multiple
security vulnerabilities (CVE-2020-3997, CVE-2020-3998)

1. Impacted Products
VMware Horizon Server
VMware Horizon Client for Windows

2. Introduction
Multiple vulnerabilities in VMware Horizon Server and Horizon Client for
Windows were privately reported to VMware. Updates are available to remediate
these vulnerabilities in affected VMware products.

3a. VMware Horizon Server Cross Site Scripting (XSS) vulnerability (CVE-2020-3997)
Description

VMware Horizon Server does not correctly validate user input. VMware has 
evaluated the severity of this issue to be in the Moderate severity range with
a maximum CVSSv3 base score of 4.1.

Known Attack Vectors
Successful exploitation of this issue may allow an attacker to inject malicious
script which will be executed.

Resolution
To remediate CVE-2020-3997 apply the patches listed in the 'Fixed Version' 
column of the 'Response Matrix' below.

Workarounds
None.

Additional Documentation
None.

Notes
None.

Acknowledgements
None.


Response Matrix

Product: Horizon Server
Version: 7.x
Running On: Any
CVE Identifier: CVE-2020-3997
CVSSv3: 4.1
Severity: Moderate
Fixed Version: 7.10.3 or 7.13.0
Workarounds: None
Additional Documentation: None

Product: Horizon Server
Version: 8.x
Running On: N/A
CVE Identifier: N/A
CVSSv3: N/A
Severity: N/A
Fixed Version: Unaffected
Workarounds: N/A
Additional Documentation: N/A


3b. VMware Horizon Client for Windows information disclosure vulnerability
(CVE-2020-3998)

Description

VMware Horizon Server does not correctly validate user input. VMware has
evaluated the severity of this issue to be in the Low severity range with a
maximum CVSSv3 base score of 3.3.

Known Attack Vectors
A malicious attacker with local privileges on the machine where Horizon Client
for Windows is installed may be able to retrieve hashed credentials if the 
client crashes.

Resolution

To remediate CVE-2020-3998 apply the patches listed in the 'Fixed Version' 
column of the 'Response Matrix' below.

Workarounds
None.

Additional Documentation
None.

Notes
None.

Acknowledgements
VMware would like to thank Yann Souchon and Quentin for reporting this issue 
to us.

Response Matrix

Product: Horizon Client for Windows
Version: 5.x and prior
Running On: Windows
CVE Identifier: CVE-2020-3998
CVSSv3: 3.3
Severity: Low
Fixed Version: 5.5.0
Workarounds: None
Additional Documentation: None


4. References
Fixed Version(s) and Release Notes:

Horizon Server
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon/7_10
https://docs.vmware.com/en/VMware-Horizon-7/index.html

Horizon Client for Windows 5.5.0
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=CART21FQ3_WIN_550&productId=863&rPId=53321
https://docs.vmware.com/en/VMware-Horizon-Client/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3998 

FIRST CVSSv3 Calculator:

CVE-2020-3997 
- - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

CVE-2020-3998 
- - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N


5. Change Log
2020-10-22 VMSA-2020-0024
Initial security advisory.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5YureNLKJtyKPYoAQiqZw/8CAKY7JSyR0UtgdccN7s0yisEK+pFnR9Y
9fkeYdeMeZxFNGYwaj8s3Fqzw7TbVhqzzfe7H6bp906TzdBrF8+ZcsD7FxeMHEHE
Kk4vDq/rS8MuirVHeixtepUzRoZu0MfAWwCW9kO0X33b+gtoyZJkdnVygD6FZH2s
8bk412onV+56LmLCteK802fsRXO880nPad6yo/3tpNndF4APcBu0fpDQDmDuePgJ
2OlnxYvqE72F+HW1LHntwRb85xIosY29OxG8YjnQgjHY2icAZc+y+FhD3MoiZijr
74XJSyz91fymdfOORA9Xu03ACmHk6DpxTcmDooWR/H+Au/kdtJChdyrVGfng+RhX
LNZjuyRNGgxXbUC0YT9O0rcRJfRxShvN5dmPrQ2I+GCSZWQfqlkooDO3KPestPbX
8jC+6G4KU1O6OTtvH1p1OjtIIcfZx5PuE+HSy43W92C2AWbVeSg4doVYX8AJJl4I
I4/PQtdX0ovd6GG1RYp0WO5MyjmOQniVp6OnolcwstQUjUQGxjTinAxj2UJmcuN/
W1pNtHedLHqu6nBhI5B7m4OeEqikII+MEGKAzQ0e0PRsfvGnHKBuqOIo56Sno12O
H3tlTJT54C1K5Gu4KBr//yRpkgXV2vrKYvqs0MB7M2HYnAbZU/t/moYS1BFDGR0J
30xSr0tucCw=
=/wat
-----END PGP SIGNATURE-----

The post ESB-2020.3679 – [Win][UNIX/Linux][Virtual] VMWare: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3679-winunix-linuxvirtual-vmware-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3679-winunix-linuxvirtual-vmware-multiple-vulnerabilities

ESB-2020.3678 – [SUSE] xen: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3678
                          Security update for xen
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           xen
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Denial of Service               -- Existing Account
                   Access Confidential Data        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25604 CVE-2020-25603 CVE-2020-25601
                   CVE-2020-25600 CVE-2020-25597 CVE-2020-25596
                   CVE-2020-25595 CVE-2020-15567 CVE-2020-15565
                   CVE-2020-14364 CVE-2020-0543 

Reference:         ESB-2020.3437
                   ESB-2020.3259.2
                   ESB-2020.3251

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-202014521-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for xen

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:14521-1
Rating:            important
References:        #1172205 #1173378 #1173380 #1175534 #1176343 #1176344
                   #1176345 #1176346 #1176347 #1176348 #1176350
Cross-References:  CVE-2020-0543 CVE-2020-14364 CVE-2020-15565 CVE-2020-15567
                   CVE-2020-25595 CVE-2020-25596 CVE-2020-25597 CVE-2020-25600
                   CVE-2020-25601 CVE-2020-25603 CVE-2020-25604
Affected Products:
                   SUSE Linux Enterprise Server 11-SP4-LTSS
                   SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

An update that fixes 11 vulnerabilities is now available.

Description:

This update for xen fixes the following issues:

  o CVE-2020-0543: Fixed a leak of Special Register Buffer Data Sampling
    (SRBDS) aka "CrossTalk" (bsc#1172205,XSA-320)
  o CVE-2020-14364: Fixed an out-of-bounds read/write access while processing
    usb packets (bsc#1175534).
  o CVE-2020-15565: Fixed an issue cache write (bsc#1173378,XSA-321).
  o CVE-2020-15567: Fixed an issue with non-atomic modification of live EPT PTE
    (bsc#1173380,XSA-328)
  o CVE-2020-25595: Fixed an issue where PCI passthrough code was reading back
    hardware registers (bsc#1176344,XSA-337)
  o CVE-2020-25596: Fixed a potential denial of service in x86 pv guest kernel
    via SYSENTER (bsc#1176345,XSA-339)
  o CVE-2020-25597: Fixed an issue where a valid event channels may not turn
    invalid (bsc#1176346,XSA-338)
  o CVE-2020-25600: Fixed out of bounds event channels available to 32-bit x86
    domains (bsc#1176348,XSA-342)
  o CVE-2020-25601: Fixed an issue due to lack of preemption in evtchn_reset()
    / evtchn_destroy() (bsc#1176350,XSA-344)
  o CVE-2020-25603: Fixed an issue due to missing barriers when accessing/
    allocating an event channel (bsc#1176347,XSA-340)
  o CVE-2020-25604: Fixed a race condition when migrating timers between x86
    HVM vCPU-s (bsc#1176343,XSA-336)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-xen-14521=1
  o SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-xen-14521=1

Package List:

  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64):
       xen-kmp-default-4.4.4_44_3.0.101_108.117-61.55.1
       xen-libs-4.4.4_44-61.55.1
       xen-tools-domU-4.4.4_44-61.55.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
       xen-4.4.4_44-61.55.1
       xen-doc-html-4.4.4_44-61.55.1
       xen-libs-32bit-4.4.4_44-61.55.1
       xen-tools-4.4.4_44-61.55.1
  o SUSE Linux Enterprise Server 11-SP4-LTSS (i586):
       xen-kmp-pae-4.4.4_44_3.0.101_108.117-61.55.1
  o SUSE Linux Enterprise Debuginfo 11-SP4 (i586 x86_64):
       xen-debuginfo-4.4.4_44-61.55.1
       xen-debugsource-4.4.4_44-61.55.1


References:

  o https://www.suse.com/security/cve/CVE-2020-0543.html
  o https://www.suse.com/security/cve/CVE-2020-14364.html
  o https://www.suse.com/security/cve/CVE-2020-15565.html
  o https://www.suse.com/security/cve/CVE-2020-15567.html
  o https://www.suse.com/security/cve/CVE-2020-25595.html
  o https://www.suse.com/security/cve/CVE-2020-25596.html
  o https://www.suse.com/security/cve/CVE-2020-25597.html
  o https://www.suse.com/security/cve/CVE-2020-25600.html
  o https://www.suse.com/security/cve/CVE-2020-25601.html
  o https://www.suse.com/security/cve/CVE-2020-25603.html
  o https://www.suse.com/security/cve/CVE-2020-25604.html
  o https://bugzilla.suse.com/1172205
  o https://bugzilla.suse.com/1173378
  o https://bugzilla.suse.com/1173380
  o https://bugzilla.suse.com/1175534
  o https://bugzilla.suse.com/1176343
  o https://bugzilla.suse.com/1176344
  o https://bugzilla.suse.com/1176345
  o https://bugzilla.suse.com/1176346
  o https://bugzilla.suse.com/1176347
  o https://bugzilla.suse.com/1176348
  o https://bugzilla.suse.com/1176350

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5Ytd+NLKJtyKPYoAQiZPg/9HMSE2ARcEM3tmq+kg6kKhzlUI/0lj7xN
YDxUkgt4qezt8r/Z0Y0OlN00Zj4z0jmNNfv/j5CgITvTLELByxC8GrDbrZAgPEyI
fJNwD7hmDWFBQEh2AzyX0Tvkyemt/D1L5cHV29LSixlKSTKGNLL+gb5SM669nu4j
Co7HGLS+7Y+8qhFJTAOUKJGIAcZ90WQCYd6Qk846OTqzbKIR6FK4Ry5VlRTcBfSN
K2h/gILfVe/YC/YA7X+qGGexvnyhhcOe/v6dfqUGQebkrcXj+hrLnPOAdCgSsCCY
BvkoRGy0L56dMTmjFVlB1pTAxSbPywYFZm7G3oklnj2H92XWK5wltp24oMMbNPCI
0v11ewIaqpG3nhBN4HXmFhWctyUZedFS+6fks73udEVp5ixhgN5Cu9PPB1KOITm9
ALOOzMfMwiwETMXZp51a9DfKYDptZ+/wQrKYm9nBpZ2ItuwS8JE413vC6KNp1MIz
qWYoT4gp4OFoWTngcU3e6N44/N/WdSGCB8rMBN4+FG0qkO+uvmCcd5sndPEt5brg
SdsQ/RuZW+82G592UZ03wXEGccDpWZfiEfGohM8Cc8r44fuxYKlz78N9BF7NVST/
0C7FlJ9oFYAC+rhKbAjLWLkB7HBpI9dGLNwSOGWCQQmLICGkIlJds5ROlbQXe4ar
Z3MpyJ6pPD0=
=/n17
-----END PGP SIGNATURE-----

The post ESB-2020.3678 – [SUSE] xen: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3678-suse-xen-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3678-suse-xen-multiple-vulnerabilities

ESB-2020.3677 – [SUSE] tomcat: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3677
                        Security update for tomcat
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tomcat
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13943  

Reference:         ESB-2020.3538
                   ESB-2020.3506

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202996-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for tomcat

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2996-1
Rating:            moderate
References:        #1172562 #1177582
Cross-References:  CVE-2020-13943
Affected Products:
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that solves one vulnerability and has one errata is now available.

Description:

This update for tomcat fixes the following issues:

  o CVE-2020-13943: Fixed HTTP/2 Request mix-up (bsc#1177582)
  o Don't give write permissions for the tomcat group on files and directories
    where it's not needed (bsc#1172562)
  o Use %tmpfiles_create macro in %post instead of calling systemd-tmpfiles
    directly

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2996=1

Package List:

  o SUSE Linux Enterprise Server 12-SP5 (noarch):
       tomcat-9.0.36-3.50.1
       tomcat-admin-webapps-9.0.36-3.50.1
       tomcat-docs-webapp-9.0.36-3.50.1
       tomcat-el-3_0-api-9.0.36-3.50.1
       tomcat-javadoc-9.0.36-3.50.1
       tomcat-jsp-2_3-api-9.0.36-3.50.1
       tomcat-lib-9.0.36-3.50.1
       tomcat-servlet-4_0-api-9.0.36-3.50.1
       tomcat-webapps-9.0.36-3.50.1


References:

  o https://www.suse.com/security/cve/CVE-2020-13943.html
  o https://bugzilla.suse.com/1172562
  o https://bugzilla.suse.com/1177582

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5YtaeNLKJtyKPYoAQg8yhAAh5tfJekRrpD0hpeRfIpZNlBAl5whm97p
dzDkRqADfDdvEuwm0vILPvoCgzVN96S28N84tD4ll4newZwFp7E7B5jT6/Ilj9yC
9AVZ9nt28x5fUZwFdCdUry9XaCaZtSnh2sFDMHPUucml9HUqpXFaJuzJh3WscJ98
Lpsm/WqE7/JeKrr35oasgLJIXBJNZJYC10TwWnMa0OLwYeSuJE/qwgDdca0QSwWC
peY0IF+9GADk+Mug9Yn+AwQqX+H/eGGFH3sVAa6jXz8lSrvJlDw6VmG1QBHVJ9+K
/9MDpV8iCeTFFhWAm6bAyrykWDF4As5gn9HoXVkthP8R2I4zBEsdX6k+ZZuBHZvs
nzOhjhz38lXQuWA57rDk6TtrMtG5HHTdt4vCAXog7WnoRhcwDEg8J9yWYSsLtlfB
Nh3Ajfnk834ahZfbxOoC9OR0f6RWRXicmZRiz7vEqG963iAWn3JNzx2QJNwGrwWf
c8tkBdnR9nKlQVuQ2NMJ0F0LMJFp8VuAqS+hSKPleuSNwIMqKb/PQ3YZoMyDsPTp
hdZ6RVl0bdM4LW0zeNghDauPNnTEjoE4cZ9XMfGbiy50saRxeD9v7N+Z4FCpq5is
u0w5tSiea6RKPRdfz3hbKqNRuiDiyUaQ90W9Be2iC3drkoZ1N1ucKEsAN4W5hkdd
o+FX1J8ts9A=
=toLm
-----END PGP SIGNATURE-----

The post ESB-2020.3677 – [SUSE] tomcat: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3677-suse-tomcat-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3677-suse-tomcat-multiple-vulnerabilities

ESB-2020.3676 – [Debian] freetype: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3676
                         freetype security update
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           freetype
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15999  

Reference:         ESB-2020.3639
                   ESB-2020.3616.2
                   ESB-2020.3668

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/10/msg00026.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2415-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 25, 2020                              https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : freetype
Version        : 2.6.3-3.2+deb9u2
CVE ID         : CVE-2020-15999


Sergei Glazunov discovered a heap-based buffer overflow vulnerability in 
the handling of embedded PNG bitmaps in FreeType. Opening malformed fonts 
may result in denial of service or the execution of arbitrary code.


For Debian 9 stretch, this problem has been fixed in version 
2.6.3-3.2+deb9u2.

We recommend that you upgrade your freetype packages.

For the detailed security status of freetype please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/freetype

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl+V9VxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcXBw//VzNtGQMKlSy7AHBMGpVLJ5u5Jb9qzbC7H9kwCusWwyXbVwN0bQ22MmwI
Jv4ZtpBUjBqg8H+BZRcObQsuomIOVSlvEiw46DA4HDP/wvNOC592pQDKNWHiaRiy
WwK+QshLZj9+V9iJKzzbFCTOn3BSjewH+BJgCRq0HMW8EW3Vy7Hiq5fYSYaKxZ2z
guhTL4BSIF4tzHK91DaE2it2j9t8cKWPR8MM6yo2ONq2E/bi/BEtO0YpKe9qiM0N
jNgpP8aMBci6walQk9bxee5et1LyOb7HOoQ4p4IOh4tUQq+zBTRAGXjKS7GcGRxh
rPQBVbv4F4DGbngjqMt82U+l4HI745RJf4wZYWBf4X2sJE8osxiUK3crP7zp/i5o
rRjdcS87c+bPE0swJPluMujLzrC+NoGwI8TYpBvbs6smqG1O70U5j9zyMlzsNpnn
Ksl8O51Y9wYZ1TcAIHUT1rkdHomsRAuXwsu5sBn8jd60VC42zXuwSvRJQNspZRM3
zzQAgH0OhNLv+Mg2WkCWO/OeJlzrmspLHkaHzNTKGFybAppQjWx98ViAw11bdbQv
gdf3KF3zZK4XNalBTpSbLsLQMbtXOvVyYPUzfY5Xfs2+Vxmdj4neHjQ1i84/0u7b
wt4PnlcvvFqWvL0/B+sYsuOxPPTvXqSpPpZWpu4FHyQlt8HFT6I=
=h1UY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5YfiONLKJtyKPYoAQiwOg//TBr7xmM8UEAXxgWoxGe8jK+HpPVoSMWf
h++t8q8BFSQI3cZ/tzdMgQGY6KIiKOVWsWMitPE5Rm2w/9r3tNAAFFCDyuHsC1tZ
821lf/fH/K6TYoMBd+LRYJ+HhMEhTApQg28reNu2OdwxNndmhnyKYds80V9BLwfM
Uv8g4HctulAvIejP+tiEBL9v5Jf6LrPFCIXNQcFsCB71mYHdGZUyZvdNXpYatQZs
xqGH9F/z/7jf3BvyKAvNkTgNboPtwuAhsqT/QGmJhHnK9/b90sjQPp7QOUkjSfK5
+/7hUikoqTNR8g3rCYGUL6LC6kGmY144ROpXsN7V+JM5o0ehwyZpKbIYtqEnUycp
/RnS/uEWrdi3NFXcIdAkD/GRT48r1KzHsHf7BAH/c6KjUyK7VDeqrD/uhayc+ot1
668SE2D8gNusotwBKUaXT4oE1DKa6Mv/wDbv40wBd1KYm0+dq/zh3xdobgAqJHcV
fvBPrhzFEwEvXFSgQado6XxzJnCTNN3YaO0sfnXGqk50ZCMee4f4nkUp+9MgCwgM
gw5PMxfwn79ubLmfVVWLAh6LVjBlMmBVU2hJfKP1Bae2TKxMXTFo5A63PXYThjBb
wTFL3/GIL+s8T7QAufekO/ZGlu03phIS5zNO7d5q4djxkzqOZEhMidIrY+AFjxWp
k060/CLYz5g=
=S/PK
-----END PGP SIGNATURE-----

The post ESB-2020.3676 – [Debian] freetype: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3676-debian-freetype-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3676-debian-freetype-multiple-vulnerabilities

ESB-2020.3675 – [SUSE] glibc: Denial of service – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3675
                         Security update for glibc
                              26 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           glibc
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-10029  

Reference:         ESB-2020.1109
                   ESB-2020.0921

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20203024-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for glibc

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:3024-1
Rating:            moderate
References:        #1149332 #1165784 #1171878 #1172085 #1176013
Cross-References:  CVE-2020-10029
Affected Products:
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 8
                   SUSE OpenStack Cloud 7
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server for SAP 12-SP2
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Linux Enterprise Server 12-SP2-LTSS
                   SUSE Linux Enterprise Server 12-SP2-BCL
                   SUSE Enterprise Storage 5
                   HPE Helion Openstack 8
______________________________________________________________________________

An update that solves one vulnerability and has four fixes is now available.

Description:

This update for glibc fixes the following issues:

  o CVE-2020-10029: Fixed a stack corruption from range reduction of
    pseudo-zero (bsc#1165784)
  o Use posix_spawn on popen (bsc#1149332, bsc#1176013)
  o Correct locking and cancellation cleanup in syslog functions (bsc#1172085)
  o Fixed concurrent changes on nscd aware files (bsc#1171878)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 8:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3024=1
  o SUSE OpenStack Cloud 8:
    zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3024=1
  o SUSE OpenStack Cloud 7:
    zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3024=1
  o SUSE Linux Enterprise Server for SAP 12-SP3:
    zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-3024=1
  o SUSE Linux Enterprise Server for SAP 12-SP2:
    zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-3024=1
  o SUSE Linux Enterprise Server 12-SP3-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-3024=1
  o SUSE Linux Enterprise Server 12-SP3-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-3024=1
  o SUSE Linux Enterprise Server 12-SP2-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-3024=1
  o SUSE Linux Enterprise Server 12-SP2-BCL:
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-3024=1
  o SUSE Enterprise Storage 5:
    zypper in -t patch SUSE-Storage-5-2020-3024=1
  o HPE Helion Openstack 8:
    zypper in -t patch HPE-Helion-OpenStack-8-2020-3024=1

Package List:

  o SUSE OpenStack Cloud Crowbar 8 (x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE OpenStack Cloud Crowbar 8 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE OpenStack Cloud 8 (x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE OpenStack Cloud 8 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE OpenStack Cloud 7 (s390x x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE OpenStack Cloud 7 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64):
       glibc-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-profile-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64):
       glibc-32bit-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-32bit-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP3 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64):
       glibc-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-profile-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP2 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server for SAP 12-SP2 (x86_64):
       glibc-32bit-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-32bit-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64):
       glibc-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-profile-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64):
       glibc-32bit-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-32bit-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP3-LTSS (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64):
       glibc-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-profile-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP2-LTSS (s390x x86_64):
       glibc-32bit-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-32bit-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP2-LTSS (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Enterprise Storage 5 (aarch64 x86_64):
       glibc-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-profile-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4
  o SUSE Enterprise Storage 5 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o SUSE Enterprise Storage 5 (x86_64):
       glibc-32bit-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-32bit-2.22-113.4
  o HPE Helion Openstack 8 (noarch):
       glibc-html-2.22-113.4
       glibc-i18ndata-2.22-113.4
       glibc-info-2.22-113.4
  o HPE Helion Openstack 8 (x86_64):
       glibc-2.22-113.4
       glibc-32bit-2.22-113.4
       glibc-debuginfo-2.22-113.4
       glibc-debuginfo-32bit-2.22-113.4
       glibc-debugsource-2.22-113.4
       glibc-devel-2.22-113.4
       glibc-devel-32bit-2.22-113.4
       glibc-devel-debuginfo-2.22-113.4
       glibc-devel-debuginfo-32bit-2.22-113.4
       glibc-locale-2.22-113.4
       glibc-locale-32bit-2.22-113.4
       glibc-locale-debuginfo-2.22-113.4
       glibc-locale-debuginfo-32bit-2.22-113.4
       glibc-profile-2.22-113.4
       glibc-profile-32bit-2.22-113.4
       nscd-2.22-113.4
       nscd-debuginfo-2.22-113.4


References:

  o https://www.suse.com/security/cve/CVE-2020-10029.html
  o https://bugzilla.suse.com/1149332
  o https://bugzilla.suse.com/1165784
  o https://bugzilla.suse.com/1171878
  o https://bugzilla.suse.com/1172085
  o https://bugzilla.suse.com/1176013

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX5YffONLKJtyKPYoAQgakBAAgutQBzAdQKh+FqcZrSgTpNi9VNYrRAF5
Rkfd50OqbQoN4LzvIx2Ny3rDwJr0aMFVpuCkBj8VhkG13quC98VT/MJd0lSX2QuI
fYidnYGeP4Eug5VjAzGqcYz6NCIFb9QwdBmp5X4keYNEjroCcCsrSDsl8zEIeaxH
EMi8s86aIKnULyWKmyUqjTSgqU6LDZXx089TvgKmz4KK3c99/T55/c+Keuf1uy53
QmkoruwLWqiYV6HFajbATxMULgn64CZSUu+Nii40yQZqm4NjCFcSDCXUi2zbv4HR
MqAKPSkE+jP3m9kCHVfEvyxxq5brX90DYpjcnbJWQYTy6D6yh0rStf6wj3kQUjNi
qP9DxbpQW2SzEqEI1ob72Lxb5mc+kBWLonenK4LLWDsUMkY5WB+C1Whn2eKLVYC3
OYqP+Dj8HlC1czMb4jigtkrg81eVN2etQBUXHpSR/oGHKT1+GugTp4ZBa+Y27G2Z
w3O1tTOvOzRWUjHkuztoxniF+K0cPaJz3JhDsBpP9Bn2IlpmII9gJdOuOEnEYWba
uDnnhpqCENv9kArycF2AeaeJKNnpgc/6PlSjBUsfbz3HSLGr/vLgXFye7RIz5chU
JsBykPjwsZwdyW9u6kfT8uIi0k+1YF6KLc08Fb0AhpFhCfeZTUHKLCkL9U1hFnR2
hNtKBtWAsfk=
=gW0E
-----END PGP SIGNATURE-----

The post ESB-2020.3675 – [SUSE] glibc: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/esb-2020-3675-suse-glibc-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3675-suse-glibc-denial-of-service-existing-account

Why Biden: Principle over Party

There exist many #NeverTrump Republicans who agree that while Trump would best achieve their Party’s policies, that he must nonetheless be opposed on Principle. The Principle at question isn’t that Trump is a liar, a misogynist, a racist, or of low character (though all these are true). Instead, the Principle is that he’s a populist autocrat who is eroding our liberal institutions (“liberal” as in the classic sense).

Countries don’t fail when there’s a leftward shift in government policies. Many prosperous, peaceful European countries are to the left of Biden. What makes prosperous countries fail is when civic institutions break down, when a party or dear leader starts ruling by decree, such as in the European countries of Russia or Hungary.

Our system of government is like football. While the teams (parties) compete vigorously against each other, they largely respect the rules of the game, both written and unwritten traditions. They respect each other — while doing their best to win (according to the rules), they nonetheless shake hands at the end of the match, and agree that their opponents are legitimate.

The rules of the sport we are playing is described in the Wikipedia page on “liberal democracy“.

Sport matches can be enjoyable even if you don’t understand the rules. The same is true of liberal democracy: there’s little civic education in the country so most don’t know the rules game. Most are unaware even that there are rules.

You see that in action with this concern over Trump conceding the election, his unwillingness to commit to a “peaceful transfer of power”. His supporters widely believed this is a made-up controversy, a “principle” created on the spot as just another way to criticize Trump.

But it’s not a new principle. A “peaceful transfer of power” is the #1 bedrock principles from which everything else derives. It’s the first way we measure whether a country is actually the “liberal democracy” that they claim. For example, the fact that Putin has been in power for 20 years makes us doubt that they are really the “liberal democracy” that they claim. The reason you haven’t heard of it, the reason it isn’t discussed much, is that it’s so unthinkable that a politician would reject it the way Trump has.

The historic importance of this principle can be seen when you go back and read the concession speeches of Hillary, McCain, Gore, and Bush Sr., and Carter, you see that all of them stressed the legitimacy of their opponent’s win, and a commitment to a peaceful transfer of power. (It goes back further than that, to the founding of our country, but I can’t link every speech). The following quote from Hillary’s concession to Trump demonstrates this principle:

But I still believe in America and I always will. And if you do, then we must accept this result and then look to the future. Donald Trump is going to be our president. We owe him an open mind and the chance to lead.

Our constitutional democracy enshrines the peaceful transfer of power and we don’t just respect that, we cherish it. It also enshrines other things; the rule of law, the principle that we are all equal in rights and dignity, freedom of worship and expression. We respect and cherish these values too and we must defend them.

If this were Trump’s only failure, then we could excuse it and work around it. As long as he defended all the other liberal institutions, then we could accept one aberration.

The problem is that he’s attacking every institution. He’s doing his best to act like a populist autocrat we see in non-democratic nations. Our commitment to liberal institutions is keeping him in check — but less and less well as time goes on. For example, when Jeff Sessions refused to politicize the DoJ, Trump replaced him with Barr, who notoriously has corrupted the DoJ to serve Trump’s political interests. I mean this only as yet another example — a complete enumeration of his long train of abuses and usurpations would take many more pages than I intend for this blogpost.

Four more years of Trump means four more years of erosion of our liberal democratic institutions.

The problem isn’t just what Trump can get away with, but the precedent he sets for his successor.

The strength of our liberal institutions to hold the opposing Party in check comes only from our defense of those institutions when our own Party is in power. When we cross the line, it means the opposing party will feel justified in likewise crossing the line when they get power.

We see that with the continual erosion of the Supreme Court over the last several decades. It’s easy to blame the other Party for this, but the reality is that both parties have been been going back and forth corrupting this institution. The Republicans refusal to confirm Garland and their eagerness to confirm Barrett is egregious, but justified by the Democrats use of the nuclear option when they were in power. When Biden gets power, he’s going to try to pack the court, which historically has been taught to school children as a breakdown of liberal democratic institutions, but which will be justified by the Republican’s bad behavior in eroding those institutions.

It’s not just the politicization of the Supreme Court, it’s the destruction of all our institutions. Somebody is going to have to stand for Principle over Party and put a stop to this. That is the commitment of the #NeverTrump. The Democrats are going to be bad when they get into power, but stopping them means putting our own house in order first.

This post makes it look like I’m trying to convince fellow Republicans why they should vote against Trump, and I suppose it is. However, my real purpose is to communicate with Democrats. My Twitter feed is full of leftists who oppose liberal democratic institutions even more than Trump. I want evidence to prove that I actually stand for Principle, and not just Party.

The post Why Biden: Principle over Party appeared first on Security Boulevard.

The post Why Biden: Principle over Party appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/why-biden-principle-over-party/?utm_source=rss&utm_medium=rss&utm_campaign=why-biden-principle-over-party

Network Security News Summary for Monday October 26 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday October 26 2020 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/26/network-security-news-summary-for-monday-october-26-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-october-26-2020

Sunday, October 25, 2020

State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19

Read Coveware’s prepared testimony on defending state and local
organizations from ransomware.

The post State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19 appeared first on Security Boulevard.

The post State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19 appeared first on Malware Devil.

https://malwaredevil.com/2020/10/25/state-and-local-cybersecurity-defending-our-communities-from-cyber-threats-amid-covid-19/?utm_source=rss&utm_medium=rss&utm_campaign=state-and-local-cybersecurity-defending-our-communities-from-cyber-threats-amid-covid-19

Malware Devil

Malware Devil

Monday, October 26, 2020

ESB-2020.3642.2 – UPDATE [Cisco] Cisco Adaptive Security Appliance Software & Cisco Firepower Threat Defense Software: Multiple vulnerabilities

ESB-2019.4708.9 – UPDATED ALERT [Appliance] Citrix Application Delivery Controller & Gateway: Execute arbitrary code/commands – Remote/unauthenticated

ESB-2020.3679 – [Win][UNIX/Linux][Virtual] VMWare: Multiple vulnerabilities

ESB-2020.3678 – [SUSE] xen: Multiple vulnerabilities

ESB-2020.3677 – [SUSE] tomcat: Multiple vulnerabilities

ESB-2020.3676 – [Debian] freetype: Multiple vulnerabilities

ESB-2020.3675 – [SUSE] glibc: Denial of service – Existing account

Why Biden: Principle over Party

Network Security News Summary for Monday October 26 2020

Sunday, October 25, 2020

State and Local Cybersecurity: Defending Our Communities from Cyber Threats Amid COVID-19

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me