Remediation of CVEs associated with CENTOS Kernel, Libssh2, and Python libs shipped with TiCore 5.7
Introduction
Recently a series of vulnerabilities have been reported by the security community which impact common system libraries shipped on ReversingLabs appliances. Specifically, these libraries and vulnerabilities have been recently reported as having existing CVEs:
A1000, N1000, C1000 and TiScale
Library
CVE
CENTOS Kernel
CVE-2018-1792, CVE-2018-18445, CVE-2018-9568
Libssh2
CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2018-3863
Python
CVE-2019-9637
Details
Kernel - CVE-2018-17972, CVE-2018-18445, CVE-2018-9568
Security Advisory: Moderate/Important
RL: Kernel vulnerabilities are rated to have moderate/important impact according to RedHat. Based on the way these vulnerabilities can be used we can conclude that the attack vector is local and that the vulnerabilities can be used for local escalation of privileges. In case of ReversingLabs products, only a limited number of users have local accounts on appliances so the risk of exploitation is minimal.
Libssh2 - CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863
Security Advisory: Important
RL: Libssh2 vulnerabilities have important impact according to RedHat. Vulnerability on them can be used only in case user connects to malicious or compromised server, so in the case of ReversingLabs appliances the risk of using or exploiting is not high because appliances are used from limited number of users and to compromise ssh server on appliances attacker needs root privilege.
Python CVE-2019-9636
Security Advisory: Important
An improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization could lead to an Information Disclosure (credentials, cookies, etc. that are cached against a given hostname) in the urllib.parse.urlsplit, urllib.parse.urlparse components. A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly.
C1000 - Ansible CVE-2019-3828
Security Advisory: Moderate
RL: To use the Ansible vulnerability, the attacker must have user-level access to the targeted system. C1000 appliances has a limited number of local users, so the risk of exploitation is minimal.
Risk and Recommendation
The ReversingLabs Security Practitioner Group analysed the CVEs, and based on a threat assessment on our platform architecture, we deem the risk of exploit to be low. Currently there are not any known working exploits for the CVEs and components mentioned.
Several of these CVEs require user logins as part of the attack vector, we recommend taking periodic audits of user access and internal policies regarding who has access to ReversingLabs appliances.
Remediation
The upcoming release of ReversingLabs appliances will provide updated libraries to address the CVEs. The current release timeline is for early June 2019, which include new images for all ReversingLabs components. If you are using an image on-prem, patch installs will be available for download in early June and the availability of the new release will be accompanied by both an announcement on our Customer Portal and email. If you have any questions or concerns please reach out to customersuccess@reversinglabs.com for more information.