Merge branch 'release/2018_01_30'

Author: ahouseholder

LICENSE.md

@@ -1,4 +1,4 @@
-Copyright ©2017 Carnegie Mellon University.
+Copyright ©2018 Carnegie Mellon University.
 
 This archive is funded and supported by Department of Homeland Security 
 under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for 

README.md

@@ -1,10 +1,12 @@
 # CERT Coordination Center Vulnerability Data Archive
 
-Release 2017-11-08
+Release 2018-01-31
 
 
 ### Change Log ###
 
+2018-01-31  Updated data.
+
 2017-11-08  Updated data. Sorted JSON keys so future updates should
             diff more cleanly in git commit logs.
 

data/1/vu_888801/vu_888801.json

@@ -12,29 +12,29 @@
   "CAM_WidelyKnown": "16",
   "CERTAdvisory": "",
   "CVEIDs": "CVE-2003-0131",
-  "CVSS_AccessComplexity": "",
-  "CVSS_AccessVector": "",
-  "CVSS_Authenication": "",
-  "CVSS_AvailabilityImpact": "",
-  "CVSS_BaseScore": "",
-  "CVSS_BaseVector": "",
-  "CVSS_CollateralDamagePotential": "",
-  "CVSS_ConfidentialityImpact": "",
-  "CVSS_EnvironmentalScore": "",
-  "CVSS_EnvironmentalVector": "",
-  "CVSS_Exploitability": "",
-  "CVSS_IntegrityImpact": "",
-  "CVSS_RemediationLevel": "",
-  "CVSS_ReportConfidence": "",
-  "CVSS_SecurityRequirementsAR": "",
-  "CVSS_SecurityRequirementsCR": "",
-  "CVSS_SecurityRequirementsIR": "",
-  "CVSS_TargetDistribution": "",
-  "CVSS_TemporalScore": "",
-  "CVSS_TemporalVector": "",
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "ND",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND",
+  "CVSS_Exploitability": "ND",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "ND",
+  "CVSS_ReportConfidence": "ND",
+  "CVSS_SecurityRequirementsAR": "ND",
+  "CVSS_SecurityRequirementsCR": "ND",
+  "CVSS_SecurityRequirementsIR": "ND",
+  "CVSS_TargetDistribution": "ND",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND",
   "DateCreated": "2003-03-20T10:50:53-04:00",
   "DateFirstPublished": "2003-04-22T20:20:53-04:00",
-  "DateLastUpdated": "2005-06-06T18:34:00-04:00",
+  "DateLastUpdated": "2017-11-12T23:58:00-05:00",
   "DatePublic": "2003-03-19T00:00:00",
   "Description": "",
   "ID": "VU#888801",
@@ -72,12 +72,12 @@
     "http://www.ietf.org/rfc/rfc2409.txt"
   ],
   "Resolution": "Upgrade or Patch Upgrade or apply a patch as specified by your vendor. In order to defeat this specific attack, an SSL/TLS server must not respond distinctively when a premaster secret sent by the client contains an incorrect or unexpected SSL/TLS version number. The paper recommends that an SSL/TLS server always replace the client-provided version number with the expected version number as determined from either the Client hello or Server hello messages (section 6.2).",
-  "Revision": 50,
+  "Revision": 51,
   "SystemsAffectedPreamble": "",
   "ThanksAndCredit": "This vulnerability was researched and documented by Vlastimil Kl\u00edma, Ond\u0159ej Pokorn\u00fd, and Tom\u00e1\u0161 Rosa.",
   "Title": "SSL/TLS implementations disclose side channel information via PKCS #1 v1.5 version number extension",
   "US-CERTTechnicalAlert": "",
-  "VRDA_D1_DirectReport": "",
+  "VRDA_D1_DirectReport": "1",
   "VRDA_D1_Impact": "",
   "VRDA_D1_Population": "",
   "VulnerabilityCount": 1,

data/11/vu_240311/vendor_jlad-as9jxe.json

@@ -1,14 +1,14 @@
 {
   "Addendum": "There are no additional comments at this time.",
-  "DateLastUpdated": "2017-10-18T10:26:00-04:00",
+  "DateLastUpdated": "2017-11-08T15:46:00-05:00",
   "DateNotified": "",
   "DateResponded": "2017-10-18T04:09:31-04:00",
   "ID": "VU#240311",
-  "Revision": 2,
-  "Status": "Unknown",
+  "Revision": 3,
+  "Status": "Not Affected",
   "Vendor": "Technicolor",
   "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
   "VendorRecordID": "JLAD-AS9JXE",
   "VendorReferences": "None",
-  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+  "VendorStatement": "Technicolor products are unaffected since most of them do not provide Bluetooth capacity."
 }

data/11/vu_240311/vu_240311.json

@@ -43,7 +43,7 @@
   "CVSS_TemporalVector": "E:POC/RL:OF/RC:C",
   "DateCreated": "2017-09-12T14:04:26-04:00",
   "DateFirstPublished": "2017-09-12T16:13:54-04:00",
-  "DateLastUpdated": "2017-10-18T12:57:00-04:00",
+  "DateLastUpdated": "2017-11-08T15:46:00-05:00",
   "DatePublic": "2017-09-12T00:00:00",
   "Description": "The following vulnerabilities have been identified in various Bluetooth implementations: 1. CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2017-1000251 Linux kernel versions from 3.3-rc1 to present contain a vulnerable implementation of L2CAP EFS within the BlueZ module. The l2cap_parse_conf_rsp function does not properly check then length of the rsp argument prior to unpacking, allowing an attacker to overflow a 64 byte buffer on the kernel stack with an unlimited amount of data crafted to conform to a valid L2CAP response. 2. CWE-125: Out-of-bounds Read - CVE-2017-1000250 All versions of BlueZ for Linux contains a vulnerable implementation of SDP. An attacker may be able to control the continuation state within SDP request packets and cause the SDP server to return an out of bounds read from the response buffer. 3. CWE-125: Out-of-bounds Read - CVE-2017-0785 All versions of Android prior to September 9, 2017 Security Patch level contain a vulnerable implementation of SDP within the Android Bluetooth software stack. An attacker may be able to control the continuation state within SDP request packets and cause the SDP server to return an out of bounds read from the response buffer. While a similar flaw to CVE-2017-1000250, this is a distinct vulnerability in a different software stack. 4. CWE-122: Heap-based Buffer Overflow - CVE-2017-0781 In all versions of Android prior to September 9, 2017 Security Patch level, an incorrect buffer size passed to a memcpy call within the BNEP implementation for Android may allow an attacker to send crafted packets to the device that overflow the heap. 5. CWE-191: Integer Underflow (Wrap or Wraparound) - CVE-2017-0782 In all versions of Android prior to September 9, 2017 Security Patch level, the bnep_process_control_packet function of the BNEP implementation for Android does not properly check the size of rem_len before decrementing, allowing integer underflow and further unsafe processing of attacker-controlled packets. 6. CWE-122: Heap-based Buffer Overflow- CVE-2017-14315 Apple's Bluetooth Low-Energy Audio Protocol (LEAP) implementation in iOS version 9.3.5 and lower, and AppleTV tvOS version 7.2.2 and lower, does not properly validate the CID for incoming Bluetooth LEAP audio data, which may result in a heap overflow by not properly validating packet size before calling memcpy. An attacker sending \"classic\" (non-low-energy) Bluetooth packets may be able to cause multiple heap overflows resulting in code execution with the Bluetooth stack context. 7 and 8. CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - CVE-2017-0783 and CVE-2017-8628 Incorrect \"Security Level\" requirements in the PAN profile of the Bluetooth implementation may allow an attacker to gain permissions to perform man in the middle attacks on the user. CVE-2017-0783 applies to all versions of Android prior to the September 9, 2017, Security Patch Level, while CVE-2017-8628 applies to a similar flaw in all versions of Windows from Windows Vista to Windows 10. For more details, please read Armis's BlueBorne disclosure website and Technical White Paper.",
   "ID": "VU#240311",
@@ -69,7 +69,7 @@
     "http://cwe.mitre.org/data/definitions/300.html"
   ],
   "Resolution": "Apply an update Patches are available in the latest releases of Windows (see Microsoft bulletin), iOS, the Linux kernel, and Android (see September 2017 security bulletin). Check with your device manufacturer to determine if firmware updates will be available. Phones and other mobile devices in the US running Android are likely to see delayed updates, or possibly never receive updates, due to the complexity of the US mobile ecosystem which typically requires manufacturer and carrier support to push updates. If an update is not available, affected users should consider the following workaround",
-  "Revision": 55,
+  "Revision": 56,
   "SystemsAffectedPreamble": "",
   "ThanksAndCredit": "These vulnerabilities were publicly disclosed by Ben Seri and Gregory Vishnepolsky of Armis. Armis acknowledges Alon Livne for the Linux RCE (CVE-2017-1000251) exploit.",
   "Title": "Multiple Bluetooth implementation vulnerabilities affect many devices",

data/15/vu_307015/vu_307015.json

@@ -34,9 +34,9 @@
   "CVSS_TemporalVector": "E:POC/RL:OF/RC:C",
   "DateCreated": "2017-10-16T14:13:13-04:00",
   "DateFirstPublished": "2017-10-16T17:22:29-04:00",
-  "DateLastUpdated": "2017-11-08T09:58:00-05:00",
+  "DateLastUpdated": "2017-11-20T19:05:00-05:00",
   "DatePublic": "2017-10-16T00:00:00",
-  "Description": "CWE-310: Cryptographic Issues - CVE-2017-15361 The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key. Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library. Trusted Platform Modules (TPM) or smartcards may use this RSA library in their products. Infineon has provided a partial list of impacted vendors in a security advisory. Please see our list of impacted vendors below. The researcher has released a summary of the work. Full details are expected at the ACM CCS conference in November 2017.",
+  "Description": "CWE-310: Cryptographic Issues - CVE-2017-15361 The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs. As a result, the keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key. Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library. Trusted Platform Modules (TPM) or smartcards may use this RSA library in their products. Infineon has provided a partial list of impacted vendors in a security advisory. Please see our list of impacted vendors below. A research paper with more detail was presented at the ACM CCS conference in November 2017. Also in early November 2017, an independent research team produced a more successful attack against this flaw based on summary details from the original paper.",
   "ID": "VU#307015",
   "IDNumber": "307015",
   "IPProtocol": "",
@@ -46,16 +46,18 @@
     "prng",
     "primes"
   ],
-  "Overview": "The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library.",
+  "Overview": "The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as \"ROCA\" in the media.",
   "References": [
     "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
+    "https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf",
     "https://github.com/crocs-muni/roca",
     "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
     "https://blog.cr.yp.to/20171105-infineon.html",
+    "https://www.xataka.com/seguridad/los-problemas-crecen-para-un-dni-electronico-que-es-un-fracaso-como-metodo-de-autenticacion",
     "http://cwe.mitre.org/data/definitions/310.html"
   ],
   "Resolution": "Apply an update Check with your device manufacturer for information on firmware updates. A partial list of affected vendors is below. Alternatively, affected users may use the following workarounds:",
-  "Revision": 53,
+  "Revision": 61,
   "SystemsAffectedPreamble": "",
   "ThanksAndCredit": "This vulnerability was disclosed by Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.",
   "Title": "Infineon RSA library does not properly generate RSA key pairs",

data/16/vu_319816/vu_319816.json

@@ -34,7 +34,7 @@
   "CVSS_TemporalVector": "E:POC/RL:W/RC:C",
   "DateCreated": "2016-02-09T12:24:20-05:00",
   "DateFirstPublished": "2016-03-25T23:37:50-04:00",
-  "DateLastUpdated": "2016-03-26T17:46:00-04:00",
+  "DateLastUpdated": "2017-12-04T09:17:00-05:00",
   "DatePublic": "2016-03-25T00:00:00",
   "Description": "npm is the default package manager for Node.js, which is a runtime environment for developing server-side web applications. There are several factors in the npm system that could allow for a worm to compromise the majority of the npm ecosystem: npm encourages the use of semver, or semantic versioning. With semver, dependencies are not locked to a certain version by default. For any dependency of a package, the dependency author can push a new version of the package. npm utilizes persistent authentication to the npm server. Once a user is logged in to npm, they are not logged out until they manually do so. Any user who is currently logged in and types npm install may allow any module to execute arbitrary publish commands. npm utilizes a centralized registry, which is utilized by the majority of the Node.js ecosystem. Typing npm publish ships your code to this registry server, where it can be installed by anyone. When these three aspects of npm are combined, it provides the capability for a self-replicating worm. The following steps are an example worm workflow outlined in the report provided by Sam Saccone: Socially engineer a npm module owner to npm install an infected module on their system. Worm creates a new npm module\nWorm sets a lifecycle hook on the new npm module to execute the worm on any install\nWorm publishes the new module to the user's npm account\nWorm walks all of the user\u2019s owned npm modules (with publish permissions) and adds the new module as a dependency in each's package.json. Worm publishes new versions to each of the owned modules with a \u201cbugfix\u201d level semver bump. This ensures the majority of dependent modules using the  ^ or  ~ signifier will include the self\u00adreplicating module during the next install. The full report from Sam Saccone is available here in PDF form: The timeline provided in the above document is as follows: Jan 1 2016 \u00ad\u00ad Initial discovery of exploit\nJan 4 2016 \u00ad\u00ad Initial disclosure + proof of concept to npm\nJan 5 2016 \u00ad \u00ad Private disclosure to Facebook\nJan 7 2016 \u00ad\u00ad Response from npm\nJan 8 2016 \u00ad\u00ad Confirmation of works as intended no intention to fix at the moment from npm. Feb 5 2016 \u00ad\u00ad Shared the disclosure doc",
   "ID": "VU#319816",
@@ -60,7 +60,7 @@
     "https://github.com/contolini/pizza-party"
   ],
   "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem. Please see the npm Blog for details and also consider the following workarounds:",
-  "Revision": 45,
+  "Revision": 46,
   "SystemsAffectedPreamble": "",
   "ThanksAndCredit": "Thanks to David Ross and Sam Saccone for reporting this vulnerability.",
   "Title": "npm fails to restrict the actions of malicious npm packages",

data/16/vu_992316/vu_992316.json

@@ -12,26 +12,26 @@
   "CAM_WidelyKnown": "0",
   "CERTAdvisory": "",
   "CVEIDs": "",
-  "CVSS_AccessComplexity": "",
-  "CVSS_AccessVector": "",
-  "CVSS_Authenication": "",
-  "CVSS_AvailabilityImpact": "",
-  "CVSS_BaseScore": "",
-  "CVSS_BaseVector": "",
-  "CVSS_CollateralDamagePotential": "",
-  "CVSS_ConfidentialityImpact": "",
-  "CVSS_EnvironmentalScore": "",
-  "CVSS_EnvironmentalVector": "",
-  "CVSS_Exploitability": "",
-  "CVSS_IntegrityImpact": "",
-  "CVSS_RemediationLevel": "",
-  "CVSS_ReportConfidence": "",
-  "CVSS_SecurityRequirementsAR": "",
-  "CVSS_SecurityRequirementsCR": "",
-  "CVSS_SecurityRequirementsIR": "",
-  "CVSS_TargetDistribution": "",
-  "CVSS_TemporalScore": "",
-  "CVSS_TemporalVector": "",
+  "CVSS_AccessComplexity": "--",
+  "CVSS_AccessVector": "--",
+  "CVSS_Authenication": "--",
+  "CVSS_AvailabilityImpact": "--",
+  "CVSS_BaseScore": 0,
+  "CVSS_BaseVector": "AV:--/AC:--/Au:--/C:--/I:--/A:--",
+  "CVSS_CollateralDamagePotential": "Not Defined (ND)",
+  "CVSS_ConfidentialityImpact": "--",
+  "CVSS_EnvironmentalScore": 0,
+  "CVSS_EnvironmentalVector": "CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)",
+  "CVSS_Exploitability": "Not Defined (ND)",
+  "CVSS_IntegrityImpact": "--",
+  "CVSS_RemediationLevel": "Not Defined (ND)",
+  "CVSS_ReportConfidence": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsAR": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsCR": "Not Defined (ND)",
+  "CVSS_SecurityRequirementsIR": "Not Defined (ND)",
+  "CVSS_TargetDistribution": "Not Defined (ND)",
+  "CVSS_TemporalScore": 0,
+  "CVSS_TemporalVector": "E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)",
   "DateCreated": "2005-04-26T11:43:45-04:00",
   "DateFirstPublished": "",
   "DateLastUpdated": "2005-04-26T13:13:00-04:00",

data/17/vu_136117/vu_136117.json

@@ -34,7 +34,7 @@
   "CVSS_TemporalVector": "E:ND/RL:ND/RC:ND",
   "DateCreated": "2017-10-25T07:33:05-04:00",
   "DateFirstPublished": "",
-  "DateLastUpdated": "2017-11-07T17:41:00-05:00",
+  "DateLastUpdated": "2017-11-09T14:14:00-05:00",
   "DatePublic": "1981-09-15T00:00:00",
   "Description": "",
   "ID": "VU#136117",
@@ -45,7 +45,7 @@
   "Overview": "",
   "References": "",
   "Resolution": "The CERT/CC is currently unaware of a practical solution to this problem.",
-  "Revision": 5,
+  "Revision": 13,
   "SystemsAffectedPreamble": "",
   "ThanksAndCredit": "",
   "Title": "RFC793 does not specify TCP RST packet behavior",

data/19/vu_228519/vendor_jlad-as8jd2.json

@@ -1,14 +1,14 @@
 {
   "Addendum": "There are no additional comments at this time.",
-  "DateLastUpdated": "2017-10-17T10:04:00-04:00",
+  "DateLastUpdated": "2017-11-16T11:36:00-05:00",
   "DateNotified": "",
-  "DateResponded": "2017-10-16T00:00:00",
+  "DateResponded": "",
   "ID": "VU#228519",
-  "Revision": 1,
+  "Revision": 2,
   "Status": "Affected",
   "Vendor": "Digi International",
   "VendorInformation": "We are not aware of further vendor information regarding this vulnerability.",
   "VendorRecordID": "JLAD-AS8JD2",
-  "VendorReferences": "None",
-  "VendorStatement": "No statement is currently available from the vendor regarding this vulnerability."
+  "VendorReferences": "https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520",
+  "VendorStatement": "https://forms.na1.netsuite.com/app/site/hosting/scriptlet.nl?script=457&deploy=2&compid=818164&h=5928a16f2b6f9582b799&articleid=2520"
 }