Red Hat update for pyOpenSSL

1) Use-after-free error

EUVDB-ID: #VU15784

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2018-1000807

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error during improper handling of X509 objects. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack Director Deployment Tools: 13.0

Red Hat OpenStack for IBM Power: 13.0

Red Hat OpenStack: 13.0

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openstack_director_deployment_tools:13.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:red_hat_openstack_for_ibm_power:13.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:red_hat_openstack:13.0:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0085

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU15783

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-1000808

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper release of memory before removing the last reference in a Public Key Cryptography Standards (PKCS) #12 store. A remote unauthenticated attacker can send a specially crafted request that submits malicious input, exhaust memory resources and to cause the application to reload certificates from a PKCS #12 store.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack Director Deployment Tools: 13.0

Red Hat OpenStack for IBM Power: 13.0

Red Hat OpenStack: 13.0

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

CPE2.3

• cpe:2.3:a:red_hat:red_hat_openstack_director_deployment_tools:13.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:red_hat_openstack_for_ibm_power:13.0:*:*:*:*:*:*:*
• cpe:2.3:a:red_hat:red_hat_openstack:13.0:*:*:*:*:*:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_desktop:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_workstation:7:*:*:*:*:red_hat_enterprise_linux:*:*
• cpe:2.3:o:red_hat:red_hat_enterprise_linux_server:7:*:*:*:*:red_hat_enterprise_linux:*:*

External links

https://access.redhat.com/errata/RHSA-2019:0085

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.