Multiple vulnerabilities in Oracle Communications Diameter Signaling Router (DSR)



Published: 2020-01-22 | Updated: 2022-06-24
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-3862
CVE-2019-1559
CWE-ID CWE-125
CWE-327
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Oracle Communications Diameter Signaling Router (DSR)
Server applications / Other server solutions

Vendor Oracle

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU18253

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3862

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker can trick the victim to connect to a malicious SSH server, trigger out of bounds read and gain access to sensitive information or perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Communications Diameter Signaling Router (DSR): 8.0.0.0 - 8.4.0.0

External links

http://www.oracle.com/security-alerts/cpujan2020.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU17860

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1559

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to decrypt sensitive information.

The vulnerability exists due to the way an application behaves, when it receives a 0-byte record with invalid padding compared to the record with an invalid MAC, which results in padding oracle. A remote attacker can decrypt data.

Successful exploitation of the vulnerability requires that the application is using "non-stitched" ciphersuites and calls SSL_shutdown() twice (first, via a BAD_RECORD_MAC and again via a CLOSE_NOTIFY). 


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Communications Diameter Signaling Router (DSR): 8.0.0.0 - 8.4.0.0

External links

http://www.oracle.com/security-alerts/cpujan2020.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###