Sign-up

ID

VAR-202005-0588


CVE

CVE-2019-20795


TITLE

iproute2 Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005088

DESCRIPTION

iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. iproute2 Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. in the Linux kernel by American Stephen Hemminger software developer. A resource management error vulnerability exists in the 'get_netnsid_from_name' function of the ip/ipnetns.c file in iproute2 versions prior to 5.1.0. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202008-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: iproute2: Denial of service Date: August 08, 2020 Bugs: #722144 ID: 202008-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A use-after-free was found in iproute2, possibly allowing a Denial of Service condition. Background ========= iproute2 is a set of tools for managing Linux network routing and advanced features. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/iproute2 < 5.1.0 >= 5.1.0 Description ========== iproute2 was found to contain a use-after-free in get_netnsid_from_name in ip/ipnetns.c. Impact ===== A remote attacker, able to feed iproute2 crafted data, may be able to cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All iproute2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/iproute2-5.1.0" References ========= [ 1 ] CVE-2019-20795 https://nvd.nist.gov/vuln/detail/CVE-2019-20795 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202008-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================= Ubuntu Security Notice USN-4357-1 May 13, 2020 iproute2 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: IPRoute could be made to execute arbitrary code if it received a specially crafted input. Software Description: - iproute2: networking and traffic control tools Details: It was discovered that IPRoute incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: iproute2 4.15.0-2ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4357-1 CVE-2019-20795 Package Information: https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1

Trust: 1.98

sources: NVD: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // PACKETSTORM: 158802 // PACKETSTORM: 157693

AFFECTED PRODUCTS

vendor:iproute2model:iproute2scope:ltversion:5.1.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:stephen hemmingermodel:iproute2scope:eqversion:5.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-005088 // NVD: CVE-2019-20795

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-20795
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005088
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-398
value: MEDIUM

Trust: 0.6

VULHUB: VHN-153377
value: LOW

Trust: 0.1

VULMON: CVE-2019-20795
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-20795
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005088
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-153377
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-20795
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005088
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-153377 // VULMON: CVE-2019-20795 // JVNDB: JVNDB-2020-005088 // CNNVD: CNNVD-202005-398 // NVD: CVE-2019-20795

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.9

sources: VULHUB: VHN-153377 // JVNDB: JVNDB-2020-005088 // NVD: CVE-2019-20795

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202005-398

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202005-398

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005088

PATCH
title:ipnetns: use-after-free problem in get_netnsid_from_name funcurl:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
Trust: 0.8
title:USN-4357-1url:https://usn.ubuntu.com/4357-1/
Trust: 0.8
title:iproute2 Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=119186
Trust: 0.6
title:Ubuntu Security Notice: iproute2 vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4357-1
Trust: 0.1
title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-20795 // 
            
            
            
            JVNDB: JVNDB-2020-005088 // 
            
            
            
            CNNVD: CNNVD-202005-398

EXTERNAL IDS
db:NVDid:CVE-2019-20795
Trust: 2.8
db:PACKETSTORMid:157693
Trust: 0.8
db:PACKETSTORMid:158802
Trust: 0.8
db:JVNDBid:JVNDB-2020-005088
Trust: 0.8
db:CNNVDid:CNNVD-202005-398
Trust: 0.7
db:NSFOCUSid:48174
Trust: 0.6
db:AUSCERTid:ESB-2020.1682
Trust: 0.6
db:AUSCERTid:ESB-2021.3460
Trust: 0.6
db:VULHUBid:VHN-153377
Trust: 0.1
db:VULMONid:CVE-2019-20795
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153377 // 
            
            
            
            VULMON: CVE-2019-20795 // 
            
            
            
            JVNDB: JVNDB-2020-005088 // 
            
            
            
            PACKETSTORM: 158802 // 
            
            
            
            PACKETSTORM: 157693 // 
            
            
            
            CNNVD: CNNVD-202005-398 // 
            
            
            
            NVD: CVE-2019-20795

REFERENCES
url:https://security.gentoo.org/glsa/202008-06
Trust: 1.9
url:https://usn.ubuntu.com/4357-1/
Trust: 1.9
url:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
Trust: 1.8
url:https://bugzilla.suse.com/show_bug.cgi?id=1171452
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-20795
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-20795
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1682/
Trust: 0.6
url:https://vigilance.fr/vulnerability/iproute2-buffer-overflow-32271
Trust: 0.6
url:https://packetstormsecurity.com/files/158802/gentoo-linux-security-advisory-202008-06.html
Trust: 0.6
url:https://packetstormsecurity.com/files/157693/ubuntu-security-notice-usn-4357-1.html
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48174
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.3460
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/416.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://usn.ubuntu.com/4357-1
Trust: 0.1
url:https://launchpad.net/ubuntu/+source/iproute2/4.15.0-2ubuntu1.1
Trust: 0.1
sources:
            
            
            VULHUB: VHN-153377 // 
            
            
            
            VULMON: CVE-2019-20795 // 
            
            
            
            JVNDB: JVNDB-2020-005088 // 
            
            
            
            PACKETSTORM: 158802 // 
            
            
            
            PACKETSTORM: 157693 // 
            
            
            
            CNNVD: CNNVD-202005-398 // 
            
            
            
            NVD: CVE-2019-20795

CREDITS
Gentoo
Trust: 0.7
sources:
            
            
            PACKETSTORM: 158802 // 
            
            
            
            CNNVD: CNNVD-202005-398

SOURCES
db:VULHUBid:VHN-153377
db:VULMONid:CVE-2019-20795
db:JVNDBid:JVNDB-2020-005088
db:PACKETSTORMid:158802
db:PACKETSTORMid:157693
db:CNNVDid:CNNVD-202005-398
db:NVDid:CVE-2019-20795

LAST UPDATE DATE
2024-08-14T13:24:34.073000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-153377date:2020-09-10T00:00:00
db:VULMONid:CVE-2019-20795date:2020-09-10T00:00:00
db:JVNDBid:JVNDB-2020-005088date:2020-06-05T00:00:00
db:CNNVDid:CNNVD-202005-398date:2021-10-19T00:00:00
db:NVDid:CVE-2019-20795date:2020-09-10T17:50:15.410

SOURCES RELEASE DATE
db:VULHUBid:VHN-153377date:2020-05-09T00:00:00
db:VULMONid:CVE-2019-20795date:2020-05-09T00:00:00
db:JVNDBid:JVNDB-2020-005088date:2020-06-05T00:00:00
db:PACKETSTORMid:158802date:2020-08-10T14:25:57
db:PACKETSTORMid:157693date:2020-05-13T14:26:22
db:CNNVDid:CNNVD-202005-398date:2020-05-09T00:00:00
db:NVDid:CVE-2019-20795date:2020-05-09T21:15:10.913