Skip to content
  • Home
  • About
  • Services
    • Vulnerability and Threat Intelligence
    • Threat Modeling and Risk Assessment
    • Penetration Testing
    • Source Code Review
    • Security Research
    • Security Consulting
  • Training
    • Kernel exploitation
      • Training – November 2019
    • Kernel development
    • Userland exploitation
  • Labs
    • Exploits
    • Publications
    • Security Alerts
    • Search Security Alert
  • Blog
  • Contact
  • Language
    • English
    • Português

Allele Security Intelligence

Another form to serve

ASA-2019-00348 – Intel Open Cloud Integrity Technology (Open CIT) and Intel OpenAttestation: Relative path traversal in the login routine

Posted on June 13, 2019June 13, 2019 by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00348

Identifier(s)

ASA-2019-00348, CVE-2019-0182, INTEL-SA-00248

Title

Relative path traversal in the login routine

Vendor(s)

Intel

Product(s)

Intel Open Cloud Integrity Technology (Open CIT)
Intel OpenAttestation

Affected version(s)

All versions of Intel Open Cloud Integrity Technology (Open CIT) and OpenAttestation

Fixed version(s)

Intel recommends users of Intel Open Cloud Integrity Technology (Open CIT) and OpenAttestation discontinue use and move to Intel® Security Libraries for Data Center (Intel® SecL-DC).

Proof of concept

Unknown

Description

Relative path traversal in the login routine for Open Cloud Integrity Technology (Open CIT) and OpenAttestation may allow an authenticated user to potentially enable escalation of privilege via local access.

Technical details

Unknown

Credits

Unknown

Reference(s)

Open Cloud Integrity Technology and OpenAttestation Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00248.html

Intel® Security Libraries for Data Center (Intel® SecL-DC)
https://01.org/intel-secl

CVE-2019-0182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0182

CVE-2019-0182
https://nvd.nist.gov/vuln/detail/CVE-2019-0182

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: June 13, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.

Share this:

  • Click to print (Opens in new window)
  • Click to email this to a friend (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Like this:

Like Loading...

Related

Tagged ASA-2019-00348, Authenticated User, CVE-2019-0182, Intel, Intel Open CIT, Intel Open Cloud Integrity Technology, Intel OpenAttestation, INTEL-SA-00248, Local Access, Login Routine, Privilege Escalation, relative path traversal

Post navigation

Previous Post ASA-2019-00347 – Intel Open Cloud Integrity Technology (Open CIT) and Intel OpenAttestation: Improper input validation in the database
Next Post ASA-2019-00349 – Intel Open Cloud Integrity Technology (Open CIT): Insufficient password handling in the login routine

Archives

  • September 2019 (15)
  • August 2019 (46)
  • July 2019 (77)
  • June 2019 (95)
  • May 2019 (68)
  • April 2019 (77)
  • March 2019 (49)
  • February 2019 (78)
  • January 2019 (36)
  • December 2018 (38)
  • November 2018 (44)
  • October 2018 (20)
  • September 2018 (1)
  • August 2018 (1)

Tags

Arbitrary Code Execution (41) Authenticated User (13) Buffer Overflow (20) Code Execution (11) Cross-Site Scripting (41) CSRF (12) curl (11) Das U-Boot (13) Denial of Service (81) FreeBSD (24) GitLab (14) Gitlab Community Edition (12) Gitlab Enterprise Edition (13) Heap Buffer Overflow (22) IBM (13) Information Disclosure (42) Integer Overflow (16) Intel (36) Jenkins (28) Linux (32) Linux Kernel (12) Local Access (23) Magento (40) Memory Corruption (21) mfsa2019-21 (21) Mozilla (20) Mozilla Firefox (22) Mozilla Thunderbird (11) OpenSSL (12) Out-Of-Bounds Read (39) Out-Of-Bounds Write (20) Privilege Escalation (77) Race Condition (11) rdesktop (19) Remote Code Execution (54) Samba (12) Stored Cross-Site Scripting (14) TYPO3 (28) Use-After-Free (18) VMware (19) WebKit (20) WebKitGTK (20) WPE Webkit (20) WSA-2019-0003 (20) XSS (46)
  • Twitter
  • Facebook
  • Github
  • Linkedin
  • RSS

Services

Vulnerability and Threat Intelligence

Threat Modeling and Risk Assessment

Penetration Testing

Source Code Review

Security Research

Security Consulting

Training

Kernel exploitation

Kernel development

Userland exploitation

Publications

Redução da superfície de ataque ao kernel do Linux – SEMCOMP 2019

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – EnSI 2018

Introdução à pesquisa em vulnerabilidades no núcleo do Linux – RoadSec Salvador 2018

Rootkits em kernel space – Redshift, um rootkit para o kernel do FreeBSD

Public proofs of concept

CVE-2012-0217

CVE-2012-4576

latest security alerts

  • ASA-2019-00539 – curl: TFTP small blocksize heap buffer overflow September 11, 2019
  • ASA-2019-00538 – curl: FTP-KRB double-free September 11, 2019
  • ASA-2019-00537 – OpenSSL: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey September 10, 2019

Subscribe to our Blog

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

© 2019 Allele Security Intelligence.
All rights reserved. Privacy Policy.

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.
%d bloggers like this: