ID

VAR-202005-0588


CVE

CVE-2019-20795


TITLE

iproute2 Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005088

DESCRIPTION

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. iproute2 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. in the Linux kernel by American Stephen Hemminger software developer. A resource management error vulnerability exists in the 'get_netnsid_from_name' function of the ip/ipnetns.c file in iproute2 versions prior to 5.1.0. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: iproute2: Denial of service Date: August 08, 2020 Bugs: #722144 ID: 202008-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A use-after-free was found in iproute2, possibly allowing a Denial of Service condition. Background ========= iproute2 is a set of tools for managing Linux network routing and advanced features. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/iproute2 < 5.1.0 >= 5.1.0 Description ========== iproute2 was found to contain a use-after-free in get_netnsid_from_name in ip/ipnetns.c. Impact ===== A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All iproute2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/iproute2-5.1.0" References ========= [ 1 ] CVE-2019-20795 https://nvd.nist.gov/vuln/detail/CVE-2019-20795 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202008-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4357-1 May 13, 2020 iproute2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: IPRoute could be made to execute arbitrary code if it received a specially crafted input. Software Description: - iproute2: networking and traffic control tools Details: It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: iproute2 4.15.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4357-1 CVE-2019-20795 Package Information: https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1

Trust: 1.98

sources: NVD: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // PACKETSTORM: 158802 // PACKETSTORM: 157693

AFFECTED PRODUCTS

vendor:iproute2model:iproute2scope:ltversion:5.1.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:stephen hemmingermodel:iproute2scope:eqversion:5.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-005088 // NVD: CVE-2019-20795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20795
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005088
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-398
value: MEDIUM

Trust: 0.6

VULHUB: VHN-153377
value: LOW

Trust: 0.1

VULMON: CVE-2019-20795
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-20795
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005088
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-153377
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-20795
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005088
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // CNNVD: CNNVD-202005-398 // NVD: CVE-2019-20795

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-153377 // JVNDB: JVNDB-2020-005088 // NVD: CVE-2019-20795

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-398

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-398

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005088

PATCH

title:ipnetns: use-after-free problem in get_netnsid_from_name funcurl:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10

Trust: 0.8

title:USN-4357-1url:https://usn.ubuntu.com/4357-1/

Trust: 0.8

title:iproute2 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119186

Trust: 0.6

title:Ubuntu Security Notice: iproute2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4357-1

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d

Trust: 0.1

sources: VULMON: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // CNNVD: CNNVD-202005-398

EXTERNAL IDS

db:NVDid:CVE-2019-20795

Trust: 2.8

db:PACKETSTORMid:157693

Trust: 0.8

db:PACKETSTORMid:158802

Trust: 0.8

db:JVNDBid:JVNDB-2020-005088

Trust: 0.8

db:CNNVDid:CNNVD-202005-398

Trust: 0.7

db:NSFOCUSid:48174

Trust: 0.6

db:AUSCERTid:ESB-2020.1682

Trust: 0.6

db:AUSCERTid:ESB-2021.3460

Trust: 0.6

db:VULHUBid:VHN-153377

Trust: 0.1

db:VULMONid:CVE-2019-20795

Trust: 0.1

sources: VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // PACKETSTORM: 158802 // PACKETSTORM: 157693 // CNNVD: CNNVD-202005-398 // NVD: CVE-2019-20795

REFERENCES

url:https://security.gentoo.org/glsa/202008-06

Trust: 1.9

url:https://usn.ubuntu.com/4357-1/

Trust: 1.9

url:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10

Trust: 1.8

url:https://bugzilla.suse.com/show_bug.cgi?id=1171452

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-20795

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20795

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.1682/

Trust: 0.6

url:https://vigilance.fr/vulnerability/iproute2-buffer-overflow-32271

Trust: 0.6

url:https://packetstormsecurity.com/files/158802/gentoo-linux-security-advisory-202008-06.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157693/ubuntu-security-notice-usn-4357-1.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/48174

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3460

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/416.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://usn.ubuntu.com/4357-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1

Trust: 0.1

sources: VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // PACKETSTORM: 158802 // PACKETSTORM: 157693 // CNNVD: CNNVD-202005-398 // NVD: CVE-2019-20795

CREDITS

Gentoo

Trust: 0.7

sources: PACKETSTORM: 158802 // CNNVD: CNNVD-202005-398

SOURCES

db:VULHUBid:VHN-153377
db:VULMONid:CVE-2019-20795
db:JVNDBid:JVNDB-2020-005088
db:PACKETSTORMid:158802
db:PACKETSTORMid:157693
db:CNNVDid:CNNVD-202005-398
db:NVDid:CVE-2019-20795

LAST UPDATE DATE

2024-08-14T13:24:34.073000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-153377date:2020-09-10T00:00:00
db:VULMONid:CVE-2019-20795date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-005088date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202005-398date:2021-10-19T00:00:00
db:NVDid:CVE-2019-20795date:2020-09-10T17:50:15.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-153377date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-20795date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2020-005088date:2020-06-05T00:00:00
db:PACKETSTORMid:158802date:2020-08-10T14:25:57
db:PACKETSTORMid:157693date:2020-05-13T14:26:22
db:CNNVDid:CNNVD-202005-398date:2020-05-09T00:00:00
db:NVDid:CVE-2019-20795date:2020-05-09T21:15:10.913