Details of VAR-201811-0478

ID

VAR-201811-0478

CVE

CVE-2018-8416

TITLE

.NET Core Vulnerabilities to be tampered with

Trust: 0.8

sources: JVNDB: JVNDB-2018-013498

DESCRIPTION

A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka ".NET Core Tampering Vulnerability." This affects .NET Core 2.1. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:3676-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3676 Issue date: 2018-11-27 CVE Names: CVE-2018-8416 ==================================================================== 1. Summary: An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Security Fix(es): * .NET Core: Arbitrary file and directory creation (CVE-2018-8416) For more information, please refer to the upstream docs in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-dotnet-2.1.500-5.el7.src.rpm x86_64: rh-dotnet21-dotnet-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.6-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.500-5.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.500-5.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-8416 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW/zJC9zjgjWX9erEAQi0Pw//WnLvaExr0r/rVkOTSxMDwGEqCu4K7nU6 8FnknCX3hpTmIqwIb5VIGOUwRneeg3DnGxg8vIBm8dwrAGqkgpfpGJLt1H7MNAMK p3idNKfoZgG3gVfiO55aaKkftoimA4rUx915ssPzLtBADWdqPfSG0jHkWJgynpDA gAU2FZOhmIJ2Z2+COCi7i1hf2CKDeRRu7mvFDkyKYb4yoVsGXPsm4dB1piw/2VCh ezp4sWeGq0r1dReejy+O2IU8bx/8LsaPqz2ZaARXjFHCEEg4y2CFxLzv2nsokQfy gmpcNtY7F2+ysHP9YL9xV7/pQF3FR1cHDP8lZ6usNIrgrPO/e7WAszsTEg6u3+9l t4gRjeE1SJHa7JkC6seEpZXsxCdR0/9GeOBm+b2RF9qgSEgQgtD/N/AKNQWt4Qo3 rRQN79cy4sRznmwzP0MBE57RAu7GzmmueLeJK7uAuQikfqxGPn5Q2yOah74I2WR9 lzbwqVLuUBHZZhHautHQA3i4bqz8CEfQRHTGmiagkHYWn2m2yNJsWnDMt5YpLzn2 GpTg+9TU0GmwqSquG/5r/rD9YLJwM2m8KV9Yt0PArzw1ey+z542i0Dwv4GlHpIR4 W9D33bMeOY1o4IhLmT+Qlm5ZbGEWleQ4U59YUaCvnZDzsfg0AcJSSpg42ws2+FkC uuianWdqhaI=i2VD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 1.98

sources: NVD: CVE-2018-8416 // JVNDB: JVNDB-2018-013498 // BID: 105798 // PACKETSTORM: 150479

AFFECTED PRODUCTS

vendor:	microsoft	model:	asp.net core	scope:	eq	version:	2.1	Trust: 1.6
vendor:	microsoft	model:	.net core	scope:	eq	version:	2.1	Trust: 1.1
vendor:	microsoft	model:	powershell core	scope:	eq	version:	6.1	Trust: 0.8
vendor:	microsoft	model:	powershell core	scope:	eq	version:	6.2	Trust: 0.8

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8416
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-8416
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201811-363
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-8416
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-8416
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2018-013498 // NVD: CVE-2018-8416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-363

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 105798 // CNNVD: CNNVD-201811-363

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013498

PATCH

title:	CVE-2018-8416 \| .NET Core Tampering Vulnerability	url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8416	Trust: 0.8
title:	CVE-2018-8416 \| .NET Core の改ざんの脆弱性	url:	https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2018-8416	Trust: 0.8
title:	Microsoft .NET Core Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86772	Trust: 0.6

sources: JVNDB: JVNDB-2018-013498 // CNNVD: CNNVD-201811-363

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8416	Trust: 2.8
db:	BID	id:	105798	Trust: 1.9
db:	SECTRACK	id:	1042128	Trust: 1.6
db:	JVNDB	id:	JVNDB-2018-013498	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-363	Trust: 0.6
db:	PACKETSTORM	id:	150479	Trust: 0.1

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // PACKETSTORM: 150479 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2018:3676	Trust: 1.7
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2018-8416	Trust: 1.7
url:	http://www.securitytracker.com/id/1042128	Trust: 1.6
url:	http://www.securityfocus.com/bid/105798	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8416	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8416	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20181114-ms.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2018/at180046.html	Trust: 0.8
url:	http://www.microsoft.com	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-8416	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1

sources: BID: 105798 // JVNDB: JVNDB-2018-013498 // PACKETSTORM: 150479 // CNNVD: CNNVD-201811-363 // NVD: CVE-2018-8416

CREDITS

Danny Grander of Snyk.

Trust: 0.9

sources: BID: 105798 // CNNVD: CNNVD-201811-363

SOURCES

db:	BID	id:	105798
db:	JVNDB	id:	JVNDB-2018-013498
db:	PACKETSTORM	id:	150479
db:	CNNVD	id:	CNNVD-201811-363
db:	NVD	id:	CVE-2018-8416

LAST UPDATE DATE

2024-08-14T15:18:14.075000+00:00

SOURCES UPDATE DATE

db:	BID	id:	105798	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-013498	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201811-363	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-8416	date:	2020-08-24T17:37:01.140

SOURCES RELEASE DATE

db:	BID	id:	105798	date:	2018-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2018-013498	date:	2019-02-21T00:00:00
db:	PACKETSTORM	id:	150479	date:	2018-11-27T17:23:43
db:	CNNVD	id:	CNNVD-201811-363	date:	2018-11-14T00:00:00
db:	NVD	id:	CVE-2018-8416	date:	2018-11-14T01:29:00.427