IT Security Vulnerability Roundup: November 2018

With a flood of new security flaws disclosed every month, it can be a challenge to keep up. What follows is a look at a dozen vulnerabilities that were disclosed in the past few weeks.

1. Integer Overflow Vulnerability in VMware Workstation, Fusion

CVE identifier: CVE-2018-6983

CVSS Base Score: 9.8

The vulnerability: VMware Workstation and Fusion could allow a remote attacker to execute arbitrary code on the system, due to an integer overflow in the virtual network devices.

The fix: VMware has released patches for the flaw.

More info: The vulnerability was discovered by Tianwen Tang of Qihoo 360 Vulcan Team.IBM X-Force Exchange has more information on the flaw here, and VMware has details here.

2. Arbitrary Code Execution Vulnerability in Red Hat JBoss RichFaces

CVE identifier: CVE-2018-14667

CVSS Base Score: 9.8

The vulnerability: An unauthenticated remote attacker could inject arbitrary code on a targeted system. The flaw exists because the software allows injection of arbitrary Expression Language (EL) expressions. 

The fix: Red Hat has released updates to patch the flaw.

More info: The vulnerability was reported by Joao Filho Matos Figueiredo. Cisco has more information here, and Red Hat has details here.

3. SQL Injection, Command Execution Flaws in RICOH Interactive Whiteboard

CVE identifiers: CVE-2018-16184, CVE-2018-16188

CVSS Base Score: 9.8

The vulnerability: A remote attacker could send specially-crafted SQL statements that could allow the attacker to view, add, modify or delete information in the back-end database. A separate command injection flaw could allow a remote attacker to execute arbitrary commands with administrative privileges. 

The fix: Users are advised to upgrade to the latest version of Interactive Whiteboard.

More info: IBM has details on the flaws here and here.

4. Security Bypass Vulnerability in Node.js

CVE identifier: CVE-2018-12120

CVSS Base Score: 9.8

The vulnerability: When debugger mode is enabled with ‘node –debug’ or ‘node debug,’ an attacker could send a specially crafted request to port 5858 to execute arbitrary JavaScript on the system.

The fix: Node.js has released updates to patch the flaw.

More info: IBM X-Force Exchange has more information on the vulnerability here, and Node.js has details here.

5. SQL Injection Vulnerability in Cisco Prime License Manager

CVE identifier: CVE-2018-15441

CVSS Base Score: 9.4

The vulnerability: A vulnerability in the framework of Cisco Prime License Manager (PLM), due to a lack of proper validation of user-supplied input in SQL queries, could allow an unauthenticated remote attacker to execute arbitrary SQL queries.

The fix: Cisco has released software updates to address the vulnerability.

More info: The vulnerability was reported by security researcher Suhail Alaskar of Saudi Information Technology company.Cisco has more details on the flaw here.

6. Authentication Bypass Vulnerability in libssh

CVE identifier: CVE-2018-10933

CVSS Base Score: 9.1

The vulnerability: Version 0.6 and above of libssh have an authentication bypass vulnerability in the server code. By presenting the server with a specially crafted message, an attacker could authenticate without any credentials.

The fix: Patches have been released to address the flaw.

More info: The vulnerability was discovered by Peter Winter-Smith of NCC Group. NIST has more information on the flaw here, and libssh has details here.

7. Privilege Escalation Vulnerability in Apache Hadoop

CVE identifier: CVE-2018-11766

CVSS Base Score: 8.4

The vulnerability: In Apache Hadoop 2.7.4 to 2.7.6, by escalating to yarn user, a user may be able to run arbitrary commands as root user.

The fix: Users should upgrade to version 2.7.7 or later.

More info: The vulnerability was uncovered by Wilfred Spiegelenburg. Apache has more information on the flaw here, and IBM has more information here.

8. Privilege Escalation Vulnerability in IBM Db2

CVE identifier: CVE-2018-1897

CVSS Base Score: 8.4

The vulnerability: IBM Db2 db2pdcfg is vulnerable to a stack based buffer overflow caused by improper bounds checking which could allow an attacker to execute arbitrary code.

The fix: IBM has released fixes for the flaw.

More info: The vulnerability was reported by Eddie Zhu of Beijing DBSEC Technology Co., Ltd. IBM has details here.

9. Security Bypass Vulnerability in openSUSE

CVE identifier: CVE-2018-17953

CVSS Base Score: 7.5

The vulnerability: An incorrect variable in a SUSE specific patch could lead to pam_access rules not being applied (fail open).

The fix: SUSE has released a fix for the flaw.

More info: SUSE has details here and here.

10. Denial of Service Vulnerability in PowerDNS

CVE identifier: CVE-2018-16855

CVSS Base Score: 7.5

The vulnerability: A remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the  query for a packet cache lookup, possibly leading to a crash. 

The fix: Upgrades are available that patch the vulnerability.

More info: PowerDNS has details here, and IBM has more information here.

11. Cross-Site Scripting Vulnerability in SAP BusinessObjects

CVE identifier: CVE-2018-2479

CVSS Base Score: 6.1

The vulnerability: Versions 4.1 and 4.2 of SAP BusinessObjects Business Intelligence Platform (BIWorkspace) don’t sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. 

The fix: SAP has released patches to address the flaw.

More info:NIST has details here, and SAP has more information here.

12. Denial of Service Vulnerability in FreeBSD

CVE identifier: CVE-2018-17156

CVSS Base Score: 5.3

The vulnerability: Due to a failure to account for padding on 64-bit platforms, FreeBSD is vulnerable to a denial of service – a remote attacker could exploit the flaw to trigger a buffer underwrite and cause the system to crash. 

The fix: FreeBSD has released patches for the flaw.

More info: FreeBSD has details here, and IBM has more information here.

Looking for more? Last month’s vulnerability roundup can be found here.

Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Top Cybersecurity Companies

Related articles