SB2020010631 - RSA Authentication Manager update for third-party components
Published: January 6, 2020 Updated: May 17, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 20 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-15291)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "flexcop_usb_probe" function in the "drivers/media/usb/b2c2/flexcop-usb.c" driver. A local attacker with physical access can use a malicious USB device and perform a denial of service (DoS) attack.
2) Path traversal (CVE-ID: CVE-2019-10220)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Linux kernel CIFS implementation, version 4.9.0 is vulnerable to a relative paths injection in directory entry lists.
3) Null pointer dereference (CVE-ID: CVE-2019-16233)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.
4) NULL pointer dereference (CVE-ID: CVE-2019-15221)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in sound/usb/line6/pcm.c driver. A local user can perform a denial of service (DoS) attack using a malicious USB device.
5) Use-after-free (CVE-ID: CVE-2019-15220)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the drivers/net/wireless/intersil/p54/p54usb.c driver. A local user can use a malicious USB device to trigger use-after-free error and execute arbitrary code on the system with elevated privileges.
6) NULL pointer dereference (CVE-ID: CVE-2019-15219)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in drivers/usb/misc/sisusbvga/sisusb.c driver. A remote attacker can perform a denial of service (DoS) attack.
7) NULL pointer dereference (CVE-ID: CVE-2019-15216)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/usb/misc/yurex.c driver. A local user can use a malicious USB device to perform denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2019-15505)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the drivers/media/usb/dvb-usb/technisat-usb2.c USB driver in Linux kernel. A local user can use a specially crafted USB device to trigger out-of-bounds read error during data transfer and read contents of memory on the system.
9) Memory leak (CVE-ID: CVE-2019-15807)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. A remote attacker can perform a denial of service attack.
10) Use-after-free (CVE-ID: CVE-2018-20976)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists in "fs/xfs/xfs_super.c" due to a use-after-free error when the "xfs_fs_fill_super" fails. A local authenticated user can execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Integer overflow (CVE-ID: CVE-2019-17498)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or access sensitive information.
The vulnerability exists due to integer overflow in the "SSH_MSG_DISCONNECT" logic in "packet.c" in a bounds check. A remote attacker can specify an arbitrary (out-of-bounds) offset for a subsequent memory read, trigger out-of-bounds read, disclose sensitive information or cause a denial of service condition on the target system when a user connects to the malicious SSH server.
12) Use-after-free (CVE-ID: CVE-2019-15215)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the CPiA2 video4linux device driver in the "drivers/media/usb/cpia2/cpia2_usb.c" driver. A local authenticated user with physical access to the system can use a malicious USB device and cause a denial of service (system crash) or possibly execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
13) NULL pointer dereference (CVE-ID: CVE-2019-15218)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the "drivers/media/usb/siano/smsusb.c" file. A local attacker with physical access can insert a USB device that submits malicious input to the targeted system and cause a denial of service (DoS) condition.
14) NULL pointer dereference (CVE-ID: CVE-2019-15217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dreference error in drivers/media/usb/zr364xx/zr364xx.c driver. A remote attacker can perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2019-15211)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists in the Raremono AM/FM/SW radio device driver in "drivers/media/v4l2-core/v4l2-dev.c" driver due to a use-after-free error when the "drivers/media/radio/radio-raremono.c" does not properly allocate memory. An authenticated local user with physical access to the system can use a malicious USB device to cause a denial of service or possibly execute arbitrary code.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Double Free (CVE-ID: CVE-2019-15212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the USB Rio 500 device driver due to a boundary error in the "drivers/usb/misc/rio500.c" driver. A local authenticated user with physical access can use a malicious USB device, trigger double free error and cause a denial of service condition on the target system.
17) Use-after-free (CVE-ID: CVE-2019-15239)
The vulnerability allows a local user to cause a denial of service (DoS) condition on a target system.
The vulnerability exists due to multiple use-after-free conditions that exists because of a change to the "net/ipv4/tcp_output.c" file, which was incorrectly backported to earlier long-term versions. A local authenticated user can access the system, execute an application that submits malicious input and crash the software, resulting in a DoS condition.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-3689)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insecure permissions on the " /var/lib/nfs" directory owned by statd:nogroup in the nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
Successful exploitation of the vulnerability may allow a local user to escalate privileges on the system.
19) Path traversal (CVE-ID: CVE-2019-10218)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in filenames within Samba client code (libsmbclient). A malicious SMB server can return a filename to the client containing directory traversal characters and force the client to read or write data to local files.
Successful exploitation of the vulnerability may allow an attacker to overwrite arbitrary files on the client.
20) Protection mechanism failure (CVE-ID: CVE-2019-10086)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exist due to Beanutils is not using by default the a special BeanIntrospector class in PropertyUtilsBean that was supposed to suppress the ability for an attacker to access the classloader via the class property available on all Java objects. A remote attacker can abuse such application behavior against applications that were developed to rely on this security feature.
Remediation
Install update from vendor's website.