Fedora 30 update for python-yara, yara
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-19974 CVE-2018-19975 CVE-2018-19976 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system yara Operating systems & Components / Operating system package or component python-yara Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU16657
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19974
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine (VM). A local attacker can execute a compiled rule file that submits malicious input and read uninitialized data from VM scratch memory in libyara/exec.c.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 30
yara: before 3.9.0-1.fc30
python-yara: before 3.9.0-2.fc30
CPE2.3- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:yara:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:python-yara:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c3627a0e7a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Information disclosure
EUVDB-ID: #VU16656
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19975
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine (VM), which could allow an attacker to use OP_COUNT to read a DWORD value from any arbitrary memory address. A local attacker can execute a compiled rule file that submits malicious input and read data from any arbitrary address in memory, in libyara/exec.c.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 30
yara: before 3.9.0-1.fc30
python-yara: before 3.9.0-2.fc30
CPE2.3- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:yara:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:python-yara:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c3627a0e7a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Information disclosure
EUVDB-ID: #VU16658
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19976
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to the design of the YARA virtual machine. A local attacker can execute a compiled rule file that submits malicious input and read uninitialized data from VM scratch memory in libyara/exec.c.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 30
yara: before 3.9.0-1.fc30
python-yara: before 3.9.0-2.fc30
CPE2.3- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:yara:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:python-yara:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c3627a0e7a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
