ID

VAR-202001-0123


CVE

CVE-2020-0603


TITLE

ASP.NET Core Remote code execution vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-001109

DESCRIPTION

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program's inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2020:0134-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134 Issue date: 2020-01-16 CVE Names: CVE-2020-0602 CVE-2020-0603 ==================================================================== 1. Summary: An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102, .NET Core Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1. Security Fixes: * dotnet: Memory Corruption in SignalR (CVE-2020-0603) * dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602) Users must rebuild their applications to pick up the fixes. Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102 1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101 1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue 1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm x86_64: rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-0602 https://access.redhat.com/security/cve/CVE-2020-0603 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6 KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3 FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ 2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+ XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1 2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw 8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK EuYGFNW4Ux4\xadZz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.88

sources: NVD: CVE-2020-0603 // JVNDB: JVNDB-2020-001109 // CNVD: CNVD-2020-16653 // CNNVD: CNNVD-202001-470 // PACKETSTORM: 155977 // PACKETSTORM: 155981

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-16653

AFFECTED PRODUCTS

vendor:microsoftmodel:asp.net corescope:eqversion:2.1

Trust: 3.0

vendor:microsoftmodel:asp.net corescope:eqversion:3.0

Trust: 3.0

vendor:microsoftmodel:asp.net corescope:eqversion:3.1

Trust: 3.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.6

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.1

Trust: 1.6

vendor:red hatmodel:enterprise linuxscope:eqversion:none

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:eus

Trust: 0.8

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-0603
value: HIGH

Trust: 1.0

NVD: CVE-2020-0603
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-16653
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202001-470
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-0603
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-16653
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-0603
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-0603
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2020-001109 // NVD: CVE-2020-0603

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-470

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202001-470

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-001109

PATCH

title:RHSA-2020:0130url:https://access.redhat.com/errata/RHSA-2020:0130

Trust: 0.8

title:RHSA-2020:0134url:https://access.redhat.com/errata/RHSA-2020:0134

Trust: 0.8

title:CVE-2020-0603 | ASP.NET Core Remote Code Execution Vulnerabilityurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603

Trust: 0.8

title:CVE-2020-0603 | ASP.NET Core のリモートでコードが実行される脆弱性url:https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2020-0603

Trust: 0.8

title:Patch for Microsoft ASP.NET Core remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/208309

Trust: 0.6

title:Microsoft ASP.NET Core Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108468

Trust: 0.6

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // CNNVD: CNNVD-202001-470

EXTERNAL IDS

db:NVDid:CVE-2020-0603

Trust: 3.2

db:JVNDBid:JVNDB-2020-001109

Trust: 0.8

db:PACKETSTORMid:155981

Trust: 0.7

db:CNVDid:CNVD-2020-16653

Trust: 0.6

db:AUSCERTid:ESB-2020.0186

Trust: 0.6

db:CNNVDid:CNNVD-202001-470

Trust: 0.6

db:PACKETSTORMid:155977

Trust: 0.1

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

REFERENCES

url:https://access.redhat.com/errata/rhsa-2020:0130

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2020:0134

Trust: 2.3

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0603

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0603

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-0603

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20200115-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2020/at200001.html

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2020-0603

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.0186/

Trust: 0.6

url:https://packetstormsecurity.com/files/155981/red-hat-security-advisory-2020-0134-01.html

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-0602

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-0602

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://access.redhat.com/security/updates/classification/#critical

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

sources: CNVD: CNVD-2020-16653 // JVNDB: JVNDB-2020-001109 // PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470 // NVD: CVE-2020-0603

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 155977 // PACKETSTORM: 155981 // CNNVD: CNNVD-202001-470

SOURCES

db:CNVDid:CNVD-2020-16653
db:JVNDBid:JVNDB-2020-001109
db:PACKETSTORMid:155977
db:PACKETSTORMid:155981
db:CNNVDid:CNNVD-202001-470
db:NVDid:CVE-2020-0603

LAST UPDATE DATE

2024-08-14T14:32:24.422000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-16653date:2020-03-11T00:00:00
db:JVNDBid:JVNDB-2020-001109date:2020-01-28T00:00:00
db:CNNVDid:CNNVD-202001-470date:2020-01-19T00:00:00
db:NVDid:CVE-2020-0603date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-16653date:2020-03-10T00:00:00
db:JVNDBid:JVNDB-2020-001109date:2020-01-28T00:00:00
db:PACKETSTORMid:155977date:2020-01-16T16:43:31
db:PACKETSTORMid:155981date:2020-01-16T16:45:15
db:CNNVDid:CNNVD-202001-470date:2020-01-14T00:00:00
db:NVDid:CVE-2020-0603date:2020-01-14T23:15:30.347