Red Hat update for golang

1) Command injection

EUVDB-ID: #VU12160

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15041

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to "go get" command execution. Using custom domains, a remote attacker can arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Power: 9

Red Hat Enterprise Linux Server: 7

External links

http://access.redhat.com/errata/RHSA-2018:0878

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Man-in-the-middle attack

EUVDB-ID: #VU12161

Risk: Low

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15042

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the smtp.PlainAuth implementation due to an unintended cleartext issue. A remote attacker can conduct man-in-the-middle attack and gain the username and password.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Power: 9

Red Hat Enterprise Linux Server: 7

External links

http://access.redhat.com/errata/RHSA-2018:0878

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Command injection

EUVDB-ID: #VU12162

Risk: Low

CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-6574

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. A remote attacker can execute arbitrary commands.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Power: 9

Red Hat Enterprise Linux Server: 7

External links

http://access.redhat.com/errata/RHSA-2018:0878

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.