An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it tries to store the notified serial in the PostgreSQL database, if this serial cannot be represented in 31 bits.
Month: July 2019
ASA-2019-00477 – OpenSSL: Windows builds with insecure path defaults
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc.
ASA-2019-00476 – GLPI: Stored Cross-Site Scripting (XSS) in the profile picture name
It has been discovered that GLPI does not sanitize the profile picture name which can be used to inject malicious HTML and JavaScript code inside the page. If an administrator access the profile, it can be used to interact with the GLPI instance with the administrator profile and perform sensitive actions such as add the low privileges account to the Super-Admin group.
ASA-2019-00475 – GLPI: Unsafe password reset
It has been discovered that the password reset feature is not safe. Indeed, after a successful password reset by a user, it is possible to change again his password during 24 hours without any knowledge except his email address.
ASA-2019-00474 – Mikrotik RouterOS: Stack exhaustion via recuring parsing of JSON
This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.
ASA-2019-00473 – Mikrotik RouterOS: Memory exhaustion via a crafted POST request
This vulnerability is similar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.
ASA-2019-00472 – FreeBSD: File descriptor reference count leak
If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.
ASA-2019-00471 – FreeBSD: Bhyve out-of-bounds read in XHCI device
The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.