News from 2024-01-31
Meinberg Security Advisory: [MBGSA-2024.01] LANTIME-Firmware V7.08.007
Meinberg recommends updating to LANTIME firmware version 7.08.007.
-
LANTIME-Firmware V7.08.006:
severity level critical(0), high (3), medium (6), low (7), info (2), unknown (0)
- LANTIME firmware: V7.08.007
-
Description of the Vulnerabilities
- Third-Party-Software:
- OpenSSL:
-
CVE-2023-5363 - Incorrect cipher key and IV length processing (medium)
https://www.openssl.org/news/secadv/20231024.txt
Fixed in:
V7.08.007 MBGID-15789
-
CVE-2023-5363 - Incorrect cipher key and IV length processing (medium)
- glib:
CVE-2023-32636 - uzz_variant_text: Timeout in fuzz_variant_text (info)
https://access.redhat.com/security/cve/CVE-2023-32636CVE-2023-32665 - GVariant deserialisation does not match spec for non-normal data (low)
https://access.redhat.com/security/cve/CVE-2023-32665CVE-2023-29499 - GVariant offset table entry size is not checked in is_normal (low)
https://access.redhat.com/security/cve/CVE-2023-29499CVE-2023-32611 - glib: g_variant_byteswap() can take a long time with some non-normal inputs (low)
https://access.redhat.com/security/cve/CVE-2023-32611CVE-2023-32643 - Heap-buffer-overflow in g_variant_serialised_get_child (info)
https://access.redhat.com/security/cve/CVE-2023-32643Fixed in:
V7.08.007 MBGID-15519
- OpenSSL:
- bash:
-
CVE-2022-3715 - a heap-buffer-overflow in valid_parameter_transform (high)
https://bugzilla.redhat.com/show_bug.cgi?id=2126720Fixed in:
V7.08.007 MBGID-16262
-
- d-bus:
-
CVE-2023-34969 - dbus-daemon crashes when a monitor is active and a message from the driver cannot be delivered (medium)
https://gitlab.freedesktop.org/dbus/dbus/-/issues/457Fixed in:
V7.08.007 MBGID-16264
-
- proftpd:
-
CVE-2021-46854 - mod_radius: memory disclosure to radius server (high)
https://github.com/proftpd/proftpd/issues/1284CVE-2023-48795 - mod_sftp is affected by "Terrapin" Prefix Truncation Attacks in SSH Specification (medium)
https://github.com/proftpd/proftpd/issues/1760Fixed in:
V7.08.007 MBGID-16270
-
- curl:
-
CVE-2023-46219 - HSTS long file name clears contents (low)
https://curl.se/docs/CVE-2023-46219.htmlCVE-2023-46218 - cookie mixed case PSL bypass (medium)
https://curl.se/docs/CVE-2023-46218.htmlFixed in:
V7.08.007 MBGID-16311
-
- tar:
-
CVE-2023-39804 - tar: Incorrectly handled extension attributes in PAX archives can lead to a crash (low)
https://access.redhat.com/security/cve/cve-2023-39804Fixed in:
V7.08.007 MBGID-16312
-
- OpenSSH:
-
CVE-2023-48795 - Weakness in initial key exchange ("Terrapin Attack") (medium)
https://www.openssh.com/txt/release-9.6Fixed in:
V7.08.007 MBGID-16451
-
- libssh:
-
CVE-2023-6004 - ProxyCommand/ProxyJump features allow injection of malicious code through hostname (low)
https://access.redhat.com/security/cve/cve-2023-6004CVE-2023-48795 - Prefix truncation attack on Binary Packet Protocol (BPP) (medium)
https://bugzilla.redhat.com/show_bug.cgi?id=2254210CVE-2023-6918 - Missing checks for return values for digests (low)
https://access.redhat.com/security/cve/CVE-2023-6918Fixed in:
V7.08.007 MBGID-16462
-
- sudo:
-
CVE-2023-42465 - Sudo might allow row hammer attacks (high)
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15Fixed in:
V7.08.007 MBGID-16521
-
- Third-Party-Software:
-
Systems Affected
All LANTIME firmware versions before 7.08.007 are affected by the corresponding vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000), the SyncFire product family (SF1000, SF1100, SF1200, SF1500) and LANTIME CPU Expansions (LCES).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.
-
Possible Security Measures
The relevant security updates are included in the LANTIME firmware versions 7.08.007(-light). Updating to these versions eliminates the listed vulnerabilities.
Download the latest LANTIME firmware at:
All updates are now available for Meinberg customers. An update of the LANTIME firmware to the version 7.08.007 respectively 7.08.007-light is recommended. Clients who cannot install version 7.08.007 should install version 7.08.007-light instead.
-
Further Information
If you have any questions or need assistance, please, do not hesitate to contact Meinberg’s technical support team.
-
Acknowledgments
We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.
Thank you!