All Vulnerability Reports

CVE-2019-9893: libseccomp incorrectly generate 64-bit syscall argument comparisons


Severity

Critical

Vendor

Pivotal

Description

Jann Horn discovered that libseccomp did not correctly generate 64-bit syscall argument comparisons with arithmetic operators (LT, GT, LE, GE). An attacker could use this to bypass intended access restrictions for argument-filtered system calls.

Affected VMware Products and Versions

Severity is critical unless otherwise noted.

  • RabbitMQ for PCF
    • 1.15 versions prior to 1.15.12
    • 1.16 versions prior to 1.16.5
    • 1.17 versions prior to 1.17.1
  • Pivotal Application Service (PAS) for Windows
    • 2.4 versions prior to 2.4.12
    • 2.5 versions prior to 2.5.6
    • 2.6 versions prior to 2.6.3
  • Redis for PCF
    • 2.0 versions prior to 2.0.5
    • 2.1 versions prior to 2.1.4
    • 2.2 versions prior to 2.2.1
  • Pivotal Ops Manager
    • 2.6 versions prior to 2.6.7
    • 2.4 versions prior to 2.4.18
    • 2.5 versions prior to 2.5.14
    • 2.3 versions prior to 2.3.25
  • Reliability View for PCF
    • Beta versions prior to 0.3.1
  • MySQL for PCF
    • 2.5 versions prior to 2.5.8
    • 2.6 versions prior to 2.6.4
    • 2.7 versions prior to 2.7.1
  • Pivotal Isolation Segment
    • 2.6 versions prior to 2.6.3
    • 2.5 versions prior to 2.5.8
    • 2.3 versions prior to 2.3.16
    • 2.4 versions prior to 2.4.12
  • Pivotal Container Service (PKS)
    • 1.4 versions prior to 1.4.3
  • Pivotal Application Service (PAS)
    • 2.6 versions prior to 2.6.4
    • 2.5 versions prior to 2.5.9
    • 2.3 versions prior to 2.3.17
    • 2.4 versions prior to 2.4.13
  • Pivotal Healthwatch
    • 1.4 versions prior to 1.4.9
    • 1.5 versions prior to 1.5.5
    • 1.6 versions prior to 1.6.3
  • Pivotal Cloud Cache
    • 1.9 versions prior to 1.9.1
  • Pivotal Cloud Foundry Metrics
    • 1.6 versions prior to 1.6.2

Mitigation

Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:

  • RabbitMQ for PCF
    • 1.15.12
    • 1.16.5
    • 1.17.1
  • Pivotal Application Service (PAS) for Windows
    • 2.5.6
    • 2.6.3
  • Redis for PCF
    • 2.0.5
    • 2.1.4
    • 2.2.1
  • Pivotal Ops Manager
    • 2.6.7
    • 2.4.18
    • 2.5.14
    • 2.3.25
  • Reliability View for PCF
    • 0.3.1
  • MySQL for PCF
    • 2.5.8
    • 2.6.4
    • 2.7.1
  • Pivotal Isolation Segment
    • 2.6.3
    • 2.5.8
    • 2.3.16
    • 2.4.12
  • Pivotal Container Service (PKS)
    • 1.4.3
  • Pivotal Application Service (PAS)
    • 2.6.4
    • 2.5.9
    • 2.3.17
    • 2.4.13
  • Pivotal Healthwatch
    • 1.4.9
    • 1.5.5
    • 1.6.3
  • Pivotal Cloud Cache
    • 1.9.1
    • 1.10.0
  • Pivotal Cloud Foundry Metrics
    • 1.6.2

References

History

2019-11-06: Initial vulnerability report published.