Vulnerabilities > CVE-2018-0875 - Unspecified vulnerability in Microsoft Asp.Net Core and Powershell Core
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 allow a denial of Service vulnerability due to how specially crafted requests are handled, aka ".NET Core Denial of Service Vulnerability".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
NASL family Windows NASL id SMB_NT_MS18_MAR_DOTNET_CORE.NASL description The remote Windows host has an installation of .NET Core with a version less than 2.0.6. Therefore, the host is affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 108408 published 2018-03-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108408 title Security Update for .NET Core (March 2018) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Microsoft Security Updates API. The text # itself is copyright (C) Microsoft Corporation. # include("compat.inc"); if (description) { script_id(108408); script_version("1.4"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2018-0875"); script_bugtraq_id(103225); script_name(english:"Security Update for .NET Core (March 2018)"); script_summary(english:"Checks for Windows Install of .NET Core."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host is affected by a .NET Core runtime vulnerability."); script_set_attribute(attribute:"description", value: "The remote Windows host has an installation of .NET Core with a version less than 2.0.6. Therefore, the host is affected by multiple vulnerabilities."); # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0875 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0fc5e53"); # https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.6.md script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0803131"); # https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.7.md script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc72caf1"); # https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.10.md script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5f659e90"); script_set_attribute(attribute:"solution", value: "Update to .NET Core Runtime version 1.10 / 1.1.6 / 2.0.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-0875"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:.net_core"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("microsoft_dotnet_core_win.nbin"); script_require_keys("installed_sw/.NET Core Windows"); script_require_ports(139, 445); exit(0); } include("global_settings.inc"); include("audit.inc"); include("install_func.inc"); include("misc_func.inc"); include("smb_func.inc"); appname = '.NET Core Windows'; port = kb_smb_transport(); installs = get_installs(app_name:appname, exit_if_not_found:TRUE); report = ''; foreach install (installs[1]) { version = install['version']; path = install['path']; fix = ''; # Affected: 1.0.x < 1.0.10 / 1.1.x < 1.1.7 / 2.0.x < 2.0.6 if (version =~ '^2\\.0\\.') fix = '2.0.6.26212'; else if (version =~ '^1\\.1\\.') fix = '1.1.7.1667'; else if (version =~ '^1\\.0\\.') fix = '1.0.10.5023'; if (fix != '' && ver_compare(ver:version, fix:fix) < 0) { report += '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; } } if (report != '') security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); else audit(AUDIT_INST_VER_NOT_VULN, appname);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-0522.NASL description Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.10, 1.1.7, and 2.0.6. These correspond to the March 2018 security release by .NET Core upstream projects. Security Fix(es) : * .NET Core: Hash Collision Denial of Service (CVE-2018-0875) Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 108395 published 2018-03-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108395 title RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:0522) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:0522. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(108395); script_version("1.10"); script_cvs_date("Date: 2019/10/24 15:35:44"); script_cve_id("CVE-2018-0875"); script_xref(name:"RHSA", value:"2018:0522"); script_name(english:"RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:0522)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updates for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation. New versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.10, 1.1.7, and 2.0.6. These correspond to the March 2018 security release by .NET Core upstream projects. Security Fix(es) : * .NET Core: Hash Collision Denial of Service (CVE-2018-0875) Red Hat would like to thank Ben Adams (Illyriad Games) for reporting this issue. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:0522" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-0875" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-host"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-runtime-2.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-sdk-2.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/14"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:0522"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnet20-dotnet-2.0.6-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnet20-dotnet-debuginfo-2.0.6-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnet20-dotnet-host-2.0.6-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnet20-dotnet-runtime-2.0-2.0.6-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnet20-dotnet-sdk-2.1-2.1.101-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnetcore10-dotnetcore-1.0.10-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnetcore10-dotnetcore-debuginfo-1.0.10-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnetcore11-dotnetcore-1.1.7-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rh-dotnetcore11-dotnetcore-debuginfo-1.1.7-1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rh-dotnet20-dotnet / rh-dotnet20-dotnet-debuginfo / etc"); } }
Redhat
| advisories |
| ||||
| rpms |
|