Vulnerabilities > CVE-2019-0757

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
microsoft
mono-project
redhat
nessus
NVD
Published: 2019-04-09
Updated: 2022-04-11

Summary

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Vulnerable Configurations

Part Description Count
Application
Microsoft
15
Application
Mono-Project
2
OS
Apple
1
OS
Redhat
8

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1259.NASL
    descriptionAn update for dotnet is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Security Fix(es) : * dotnet: NuGet Tampering Vulnerability (CVE-2019-0757) * dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820) * dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980) * dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
    last seen2020-06-01
    modified2020-06-02
    plugin id125347
    published2019-05-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125347
    titleRHEL 8 : dotnet (RHSA-2019:1259)
  • NASL familyWindows
    NASL idSMB_NT_MS19_MAR_DOTNET_CORE_SDK.NASL
    descriptionThe remote Windows host has an installation of .NET Core SDK with a version of 1.x < 1.1.13 or 2.1.x < 2.1.505. Therefore, the host is affected by a tampering vulnerability with in the NuGet Package Manager. An authenticated, attacker can exploit this, via manipulating the folder contents prior to building or installing a application, to modify files and folders after unpacking.
    last seen2020-06-01
    modified2020-06-02
    plugin id122778
    published2019-03-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122778
    titleSecurity Update for .NET Core SDK (March 2019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1259.NASL
    descriptionFrom Red Hat Security Advisory 2019:1259 : An update for dotnet is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Security Fix(es) : * dotnet: NuGet Tampering Vulnerability (CVE-2019-0757) * dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820) * dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980) * dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
    last seen2020-06-01
    modified2020-06-02
    plugin id127585
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127585
    titleOracle Linux 8 : dotnet (ELSA-2019-1259)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-0544.NASL
    descriptionUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. .NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. Security Fix(es) : * A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. (CVE-2019-0757) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For more information, please refer to the upstream doc in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id122886
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122886
    titleRHEL 7 : dotNET (RHSA-2019:0544)

Redhat

advisories
rhsa
idRHSA-2019:1259
rpms
  • rh-dotnet21-0:2.1-8.el7
  • rh-dotnet21-dotnet-0:2.1.505-1.el7
  • rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7
  • rh-dotnet21-dotnet-host-0:2.1.9-1.el7
  • rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7
  • rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7
  • rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7
  • rh-dotnet21-runtime-0:2.1-8.el7
  • rh-dotnet22-0:2.2-4.el7
  • rh-dotnet22-dotnet-0:2.2.105-1.el7
  • rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7
  • rh-dotnet22-dotnet-host-0:2.2.3-1.el7
  • rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7
  • rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7
  • rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7
  • rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7
  • rh-dotnet22-runtime-0:2.2-4.el7
  • rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7
  • rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7
  • rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7
  • rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7
  • dotnet-0:2.1.507-2.el8_0
  • dotnet-debuginfo-0:2.1.507-2.el8_0
  • dotnet-debugsource-0:2.1.507-2.el8_0
  • dotnet-host-0:2.1.11-2.el8_0
  • dotnet-host-debuginfo-0:2.1.11-2.el8_0
  • dotnet-host-fxr-2.1-0:2.1.11-2.el8_0
  • dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0
  • dotnet-runtime-2.1-0:2.1.11-2.el8_0
  • dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0
  • dotnet-sdk-2.1-0:2.1.507-2.el8_0
  • dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0
  • dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0

References