OpenSUSE Linux update for MozillaThunderbird



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2019-11703
CVE-2019-11704
CVE-2019-11705
CVE-2019-11706
CVE-2019-11707
CVE-2019-11708
CWE-ID CWE-122
CWE-121
CWE-843
CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Vulnerability #5 is being exploited in the wild.
Vulnerability #6 is being exploited in the wild.
Vulnerable software
Subscribe
Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU18797

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11703

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the iCal implementation in parser_get_next_char function in icalparser.c. A remote attacker can send a specially crafted email, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Heap-based buffer overflow

EUVDB-ID: #VU18798

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11704

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the iCal implementation in icalmemory_strdup_and_dequote function in icalvalue.c. A remote attacker can create a specially crafted email, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Stack-based buffer overflow

EUVDB-ID: #VU18799

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11705

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within iCal implementation in icalrecur_add_bydayrules function in icalrecur.c. A remote unauthenticated attacker can create a specially crafted email, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Type Confusion

EUVDB-ID: #VU18800

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11706

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to a type confusion error within the iCal implementation in icaltimezone_get_vtimezone_properties function in icalproperty.c. A remote attacker can create a specially crafted email with malformed timezone data, trigger a type confusion error and crash the application.


Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Type Confusion

EUVDB-ID: #VU18824

Risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-11707

CWE-ID: CWE-843 - Type confusion

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when manipulating JavaScript objects due to issues in Array.pop. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a type confusion error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild along with SB2019062002 (CVE-2019-11708).

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU18860

Risk: High

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2019-11708

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass sandbox restrictions.

The vulnerability exists due to insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes. A remote attacker can create a specially crafted web page that can make the non-sandboxed parent process open web content chosen by a compromised child process.

An attacker can combine this behavior along with another vulnerability to execute arbitrary code on the system with privileges on the current user. 

Note, this vulnerability is being exploited in the wild along with SB2019061805 (CVE-2019-11707)

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.0 - 15.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00060.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###