CVE-2019-9893: libseccomp incorrectly generate 64-bit syscall argument comparisons
Severity
Critical
Vendor
Pivotal
Description
Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.
Affected VMware Products and Versions
Severity is critical unless otherwise noted.
-
RabbitMQ for PCF
- 1.15 versions prior to 1.15.12
- 1.16 versions prior to 1.16.5
- 1.17 versions prior to 1.17.1
-
Pivotal Application Service (PAS) for Windows
- 2.4 versions prior to 2.4.12
- 2.5 versions prior to 2.5.6
- 2.6 versions prior to 2.6.3
-
Redis for PCF
- 2.0 versions prior to 2.0.5
- 2.1 versions prior to 2.1.4
- 2.2 versions prior to 2.2.1
-
Pivotal Ops Manager
- 2.6 versions prior to 2.6.7
- 2.4 versions prior to 2.4.18
- 2.5 versions prior to 2.5.14
- 2.3 versions prior to 2.3.25
-
Reliability View for PCF
- Beta versions prior to 0.3.1
-
MySQL for PCF
- 2.5 versions prior to 2.5.8
- 2.6 versions prior to 2.6.4
- 2.7 versions prior to 2.7.1
-
Pivotal Isolation Segment
- 2.6 versions prior to 2.6.3
- 2.5 versions prior to 2.5.8
- 2.3 versions prior to 2.3.16
- 2.4 versions prior to 2.4.12
-
Pivotal Container Service (PKS)
- 1.4 versions prior to 1.4.3
-
Pivotal Application Service (PAS)
- 2.6 versions prior to 2.6.4
- 2.5 versions prior to 2.5.9
- 2.3 versions prior to 2.3.17
- 2.4 versions prior to 2.4.13
-
Pivotal Healthwatch
- 1.4 versions prior to 1.4.9
- 1.5 versions prior to 1.5.5
- 1.6 versions prior to 1.6.3
-
Pivotal Cloud Cache
- 1.9 versions prior to 1.9.1
-
Pivotal Cloud Foundry Metrics
- 1.6 versions prior to 1.6.2
Mitigation
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
-
RabbitMQ for PCF
- 1.15.12
- 1.16.5
- 1.17.1
-
Pivotal Application Service (PAS) for Windows
- 2.5.6
- 2.6.3
-
Redis for PCF
- 2.0.5
- 2.1.4
- 2.2.1
-
Pivotal Ops Manager
- 2.6.7
- 2.4.18
- 2.5.14
- 2.3.25
-
Reliability View for PCF
- 0.3.1
-
MySQL for PCF
- 2.5.8
- 2.6.4
- 2.7.1
-
Pivotal Isolation Segment
- 2.6.3
- 2.5.8
- 2.3.16
- 2.4.12
-
Pivotal Container Service (PKS)
- 1.4.3
-
Pivotal Application Service (PAS)
- 2.6.4
- 2.5.9
- 2.3.17
- 2.4.13
-
Pivotal Healthwatch
- 1.4.9
- 1.5.5
- 1.6.3
-
Pivotal Cloud Cache
- 1.9.1
- 1.10.0
-
Pivotal Cloud Foundry Metrics
- 1.6.2
References
History
2019-11-06: Initial vulnerability report published.