ID

VAR-201811-0478


CVE

CVE-2018-8416


TITLE

.NET Core Vulnerabilities to be tampered with

Trust: 0.8

sources: JVNDB: JVNDB-2018-013498

DESCRIPTION

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary: An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * .NET Core: Arbitrary file and directory creation (CVE-2018-8416) For more information, please refer to the upstream docs in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.98

sources: NVD: CVE-2018-8416 // JVNDB: JVNDB-2018-013498 // BID: 105798 // PACKETSTORM: 150479

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.1

Trust: 1.6

vendor:microsoftmodel:.net corescope:eqversion:2.1

Trust: 1.1

vendor:microsoftmodel:powershell corescope:eqversion:6.1

Trust: 0.8

vendor:microsoftmodel:powershell corescope:eqversion:6.2

Trust: 0.8

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8416
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-8416
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-363
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-8416
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-8416
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2018-013498 // NVD: CVE-2018-8416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-363

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105798 // CNNVD: CNNVD-201811-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013498

PATCH

title:CVE-2018-8416 | .NET Core Tampering Vulnerabilityurl:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8416

Trust: 0.8

title:CVE-2018-8416 | .NET Core の改ざんの脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8416

Trust: 0.8

title:Microsoft .NET Core Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86772

Trust: 0.6

sources: JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363

EXTERNAL IDS

db:NVDid:CVE-2018-8416

Trust: 2.8

db:BIDid:105798

Trust: 1.9

db:SECTRACKid:1042128

Trust: 1.6

db:JVNDBid:JVNDB-2018-013498

Trust: 0.8

db:CNNVDid:CNNVD-201811-363

Trust: 0.6

db:PACKETSTORMid:150479

Trust: 0.1

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // PACKETSTORM: 150479 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

REFERENCES

url:https://access.redhat.com/errata/rhsa-2018:3676

Trust: 1.7

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416

Trust: 1.7

url:http://www.securitytracker.com/id/1042128

Trust: 1.6

url:http://www.securityfocus.com/bid/105798

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-8416

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2018/at180046.html

Trust: 0.8

url:http://www.microsoft.com

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-8416

Trust: 0.1

url:https://bugzilla.redhat.com/):

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/security/team/contact/

Trust: 0.1

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // PACKETSTORM: 150479 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

CREDITS

Danny Grander of Snyk.

Trust: 0.9

sources: BID: 105798 // CNNVD: CNNVD-201811-363

SOURCES

db:BIDid:105798
db:JVNDBid:JVNDB-2018-013498
db:PACKETSTORMid:150479
db:CNNVDid:CNNVD-201811-363
db:NVDid:CVE-2018-8416

LAST UPDATE DATE

2024-08-14T15:18:14.075000+00:00


SOURCES UPDATE DATE

db:BIDid:105798date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-013498date:2019-02-21T00:00:00
db:CNNVDid:CNNVD-201811-363date:2020-10-22T00:00:00
db:NVDid:CVE-2018-8416date:2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:BIDid:105798date:2018-11-13T00:00:00
db:JVNDBid:JVNDB-2018-013498date:2019-02-21T00:00:00
db:PACKETSTORMid:150479date:2018-11-27T17:23:43
db:CNNVDid:CNNVD-201811-363date:2018-11-14T00:00:00
db:NVDid:CVE-2018-8416date:2018-11-14T01:29:00.427