News from 2023-05-23
Meinberg Security Advisory: [MBGSA-2023.03] LANTIME Firmware V7.06.014
Meinberg recommends updating to LANTIME firmware version 7.06.014.
-
LANTIME Firmware V7.06.013:
severity level critical (0), high (4), medium (11), low (1), unknown (0)
- LANTIME Firmware V7.06.014
-
Description of the Vulnerabilities
- Third-party software:
- ntp:
-
CVE-2023-26551 - Missing bounds checks in mstolfp (medium)
CVE-2023-26552 - Missing bounds checks in mstolfp (medium)
CVE-2023-26553 - Missing bounds checks in mstolfp (medium)
CVE-2023-26554 - Missing bounds checks in mstolfp (medium)
CVE-2023-26555 - Missing bounds checks in praecis_parse (medium)https://www.meinbergglobal.com/english/news/statement-on-ntp-vulnerabilities-reported-on-april-12-2023.htm
https://www.ntp.org/support/securitynotice/
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938Fixed in:
V7.06.014 MBGID-13825Workaround:
If users must use ntpq to query servers over an insecure connection, the recommended workaround is to pass -c raw to ntpq.
-
CVE-2023-26551 - Missing bounds checks in mstolfp (medium)
- net-snmp:
-
CVE-2022-44792 - NULL Pointer Exception in handle_ipDefaultTTL (medium)
CVE-2022-44793 - NULL Pointer Exception in handle_ipv6IpForwarding (medium)https://github.com/net-snmp/net-snmp/issues/474
https://github.com/net-snmp/net-snmp/issues/475Fixed in:
V7.06.014 MBGID-12428
-
CVE-2022-44792 - NULL Pointer Exception in handle_ipDefaultTTL (medium)
- tcpdump:
-
CVE-2023-1801 - Missing bounds checks in smb_fdata1 (medium)
https://git.tcpdump.org/tcpdump/blob/HEAD:/CHANGES
Fixed in:
V7.06.014 MBGID-13811Notice:
The programm tcpdump is installed for debug purpose and not automatically used. A user has to manually start tcpdump.
-
CVE-2023-1801 - Missing bounds checks in smb_fdata1 (medium)
- sudo:
-
CVE-2023-28486 - Improper escaping of log message output (medium)
CVE-2023-28487 - Improper escaping of sudoreplay output (medium)
CVE-2023-27320 - Double free vulnerability in sudo’s per-command chroot feature (high)https://www.sudo.ws/security/advisories/
Fixed in:
V7.06.014 MBGID-13811
-
CVE-2023-28486 - Improper escaping of log message output (medium)
- curl:
-
CVE-2023-27537 - double free vulnerability sharing HSTS data (medium)
CVE-2023-27535 - authentication bypass vulnerability in in the FTP connection reuse feature (high)
CVE-2023-27534 - path traversal vulnerability with tilde character (high)
CVE-2023-27533 - input validation vulnerability using the TELNET protocol (high)https://curl.se/docs/security.html
Fixed in:
V7.06.014 MBGID-13713Notices:
The vulnerability CVE-2023-27536 - authentication bypass vulnerability affecting krb5/kerberos/negotiate/GSSAPI transfers (critical) does not affect the LTOS, because of GSS-APISupport is not compiled in.
The vulnerability CVE-2023-27538 - authentication bypass vulnerability affecting ssh connections (medium) does not affect the LTOS, because of SSH-Support is not compiled in.
-
CVE-2023-27537 - double free vulnerability sharing HSTS data (medium)
- OpenSSH:
-
NOCVE - Missing bounds checks in getrrsetbyname (low)
https://www.openssh.com/releasenotes.html
Fixed in:
V7.06.014 MBGID-13471
-
NOCVE - Missing bounds checks in getrrsetbyname (low)
- ntp:
- Third-party software:
-
Systems Affected
All LANTIME firmware versions before V7.06.014 are affected by the corresponding vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000, SF1100, SF1200).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.
-
Possible Security Measures
The relevant security updates are included in the LANTIME firmware versions V7.06.014(-light). Updating to these versions eliminates the listed vulnerabilities. Download the latest LANTIME firmware at:
Download LANTIME-Firmware:
All versions of the update are now available for Meinberg customers. An update of the LANTIME firmware to V7.06.014 or to V7.06.014-light as appropriate is recommended. Clients who cannot install V7.06.014 should install V7.06.014-light instead.
-
Further Information
Further details and information are available from the following websites:
If you have any questions or need assistance, please, do not hesitate to contact Meinberg’s Technical Support team.
-
Acknowledgments
We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.
Thank you!