Details of VAR-202001-0123

ID

VAR-202001-0123

CVE

CVE-2020-0603

TITLE

ASP.NET Core Remote code execution vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-001109

DESCRIPTION

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program's inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary: An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. Security Fixes: * dotnet: Memory Corruption in SignalR (CVE-2020-0603) * dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602) Users must rebuild their applications to pick up the fixes. Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.88

sources: NVD: CVE-2020-0603 // JVNDB: JVNDB-2020-001109 // CNVD: CNVD-2020-16653 // CNNVD: CNNVD-202001-470 // PACKETSTORM: 155977 // PACKETSTORM: 155981

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-16653

AFFECTED PRODUCTS

vendor:	microsoft	model:	asp.net core	scope:	eq	version:	2.1	Trust: 3.0
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	3.0	Trust: 3.0
vendor:	microsoft	model:	asp.net core	scope:	eq	version:	3.1	Trust: 3.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.1	Trust: 1.6
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	none	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	eus	Trust: 0.8

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-0603
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-0603
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-16653
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202001-470
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-0603
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-16653
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-0603
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-0603
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-119	Trust: 0.8

sources: JVNDB: JVNDB-2020-001109 // NVD: CVE-2020-0603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-470

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-470

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001109

PATCH

title:	RHSA-2020:0130	url:	https://access.redhat.com/errata/RHSA-2020:0130	Trust: 0.8
title:	RHSA-2020:0134	url:	https://access.redhat.com/errata/RHSA-2020:0134	Trust: 0.8
title:	CVE-2020-0603 \| ASP.NET Core Remote Code Execution Vulnerability	url:	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603	Trust: 0.8
title:	CVE-2020-0603 \| ASP.NET Core のリモートでコードが実行される脆弱性	url:	https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0603	Trust: 0.8
title:	Patch for Microsoft ASP.NET Core remote code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/208309	Trust: 0.6
title:	Microsoft ASP.NET Core Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108468	Trust: 0.6

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470

EXTERNAL IDS

db:	NVD	id:	CVE-2020-0603	Trust: 3.2
db:	JVNDB	id:	JVNDB-2020-001109	Trust: 0.8
db:	PACKETSTORM	id:	155981	Trust: 0.7
db:	CNVD	id:	CNVD-2020-16653	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.0186	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-470	Trust: 0.6
db:	PACKETSTORM	id:	155977	Trust: 0.1

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

REFERENCES

url:	https://access.redhat.com/errata/rhsa-2020:0130	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2020:0134	Trust: 2.3
url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0603	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0603	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0603	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2020/at200001.html	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2020-0603	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.0186/	Trust: 0.6
url:	https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html	Trust: 0.6
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-0602	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-0602	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470

SOURCES

db:	CNVD	id:	CNVD-2020-16653
db:	JVNDB	id:	JVNDB-2020-001109
db:	PACKETSTORM	id:	155977
db:	PACKETSTORM	id:	155981
db:	CNNVD	id:	CNNVD-202001-470
db:	NVD	id:	CVE-2020-0603

LAST UPDATE DATE

2024-08-14T14:32:24.422000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-16653	date:	2020-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2020-001109	date:	2020-01-28T00:00:00
db:	CNNVD	id:	CNNVD-202001-470	date:	2020-01-19T00:00:00
db:	NVD	id:	CVE-2020-0603	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-16653	date:	2020-03-10T00:00:00
db:	JVNDB	id:	JVNDB-2020-001109	date:	2020-01-28T00:00:00
db:	PACKETSTORM	id:	155977	date:	2020-01-16T16:43:31
db:	PACKETSTORM	id:	155981	date:	2020-01-16T16:45:15
db:	CNNVD	id:	CNNVD-202001-470	date:	2020-01-14T00:00:00
db:	NVD	id:	CVE-2020-0603	date:	2020-01-14T23:15:30.347