Multiple vulnerabilities in Cesanta Mongoose

Published: 2017-11-02 14:53:07 | Updated: 2017-11-02 14:54:20
Severity High
Patch available YES
Number of vulnerabilities 8
CVSSv2 7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
4.7 (AV:N/AC:L/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 (AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
CVSSv3 8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-2891
CVE-2017-2892
CVE-2017-2893
CVE-2017-2894
CVE-2017-2895
CVE-2017-2909
CVE-2017-2921
CVE-2017-2922
CWE ID CWE-416
CWE-20
CWE-476
CWE-121
CWE-125
CWE-835
CWE-119
Exploitation vector Network
Public exploit Not available
Vulnerable software Mongoose
Vulnerable software versions Mongoose 6.8
Vendor URL Valenok
Advisory type Public

Security Advisory

1) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the HTTP server implementation. A remote attacker can send an ordinary HTTP POST request with a CGI target, cause a reuse of previously freed pointer, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0398

2) Improper input validation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the MQTT packet parsing functionality due to improper input validation. A remote attacker can send a specially crafted MQTT packet over network to cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0399

3) Null pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the MQTT packet parsing functionality due to improper input validation. A remote attacker can send a specially crafted MQTT SUBSCRIBE packet, trigger null pointer dereference and cause the server to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0400

4) Stack-based buffer overflow

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack buffer overflow vulnerability exists in the MQTT packet parsing functionality. A remote attacker can send a specially crafted MQTT SUBSCRIBE packet, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0401

5) Out-of-bounds read

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists in the MQTT packet parsing functionality due to out-of-bounds memory read. A remote attacker can send a specially crafted MQTT packet over network to cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure and denial of service.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0402

6) Infinite loop

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the DNS server functionality due to improper input validation. A remote attacker can send a specially crafted DNS request, trigger an infinite loop programming error, cause an infinite loop resulting in high CPU usage and the server crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416

7) Memory corruption

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the Websocket protocol implementation due to boundary error. A remote attacker can send a specially crafted websocket packet over network to cause an an integer overflow leading to heap buffer overflow resulting in denial of service and potential remote code execution.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0428

8) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the Websocket protocol implementation due to use-after-free error. A remote attacker can send a specially crafted websocket packet, cause a buffer to be allocated while leaving stale pointers, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update to version 6.10.

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0429

Back to List