SB2018052104 - Multiple vulnerabilities in OpenBSD
Published: May 21, 2018
Security Bulletin ID
SB2018052104
Severity
Medium
Patch available
YES
Number of vulnerabilities
8
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted packet and cause a kernel crash when using IPsec over IPv6.
2) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to incorrect checks in libcrypto. A remote attacker can submit a specially crafted input and prevent Diffie-Hellman Exchange operations from working.
3) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to incorrect handling of fragmented IPsec packets. A remote attacker can submit a specially crafted input and cause the system to crash.
4) Security restrictions bypass (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists in the gif(4) interface due to insufficient validation of user-supplied input. A remote attacker can use the specified protocol for IPv6, plug a mbuf leak and avoid a use after free.
5) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to insufficient validation of user-supplied input. A remote attacker can leak file descriptors when servicing range requests.
6) Security restrictions bypass (CVE-ID: N/A)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to insufficient permissions and access controls. A remote attacker can bypass security restrictions and send ARP replies on the wrong member of a bridge(4) interface.
7) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to additional data is inadvertently removed when private keys are cleared from TLS configuration. A remote attacker can submit specially crafted input and prevent OCSP from functioning correctly.
8) Heap-based buffer overflow (CVE-ID: N/A)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.The weakness exists due to multiple heap-based buffer overflows in in perl. A remote attacker can trigger memory corruption and cause segmentation faults, crashes, and reading memory past the buffer.
Remediation
Install update from vendor's website.
References
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/008_ipsecout.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/007_libcrypto.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/006_ipseclen.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/004_gif.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/005_httpd.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/003_arp.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/002_libtls.patch.sig
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.3/common/001_perl.patch.sig