News from 2023-08-16
Meinberg Security Advisory: [MBGSA-2023.04] LANTIME-Firmware V7.08.002
Meinberg recommends updating to LANTIME firmware version 7.08.002.
-
LANTIME firmware V7.08.001:
severity level critical(0), high (2), medium (4), low (6), unknown (0) -
LANTIME firmware V7.06.014:
severity level critical(0), high (2), medium (4), low (6), unknown (0)
- LANTIME firmware: V7.08.002
-
Description of the Vulnerabilities
- Third-party software:
- OpenSSL:
-
CVE-2023-2650 - Possible DoS translating ASN.1 object identifiers (low)
https://www.openssl.org/news/secadv/20230530.txt
Fixed in:
V7.08.002 MBGID-14187
-
CVE-2023-2650 - Possible DoS translating ASN.1 object identifiers (low)
- ncurses:
-
CVE-2023-29491 - Memory corruption via malformed data in a terminfo database (high)
https://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
Fixed in:
V7.08.002 MBGID-14155
-
CVE-2023-29491 - Memory corruption via malformed data in a terminfo database (high)
- curl:
-
CVE-2023-28322 - more POST-after-PUT confusion (low)
CVE-2023-28321 - IDN wildcard match (low)
CVE-2023-28320 - siglongjmp race condition (low)
CVE-2023-28319 - UAF in SSH sha256 fingerprint check (medium)https://curl.se/docs/security.html
Fixed in:
V7.08.002 MBGID-14167
-
CVE-2023-28322 - more POST-after-PUT confusion (low)
- libssh:
-
CVE-2023-1667 - Potential NULL dereference during rekeying with algorithm guessing (medium)
https://www.libssh.org/security/advisories/CVE-2023-1667.txt
CVE-2023-2283 - Authorization bypass in pki_verify_data_signaturee (medium)
https://www.libssh.org/security/advisories/CVE-2023-2283.txt
Fixed in:
V7.08.002 MBGID-14310
-
CVE-2023-1667 - Potential NULL dereference during rekeying with algorithm guessing (medium)
- GnuTLS:
-
CVE-2023-0361 - Timing sidechannel in RSA decryption (medium)
https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-07-14
Fixed in:
V7.08.002 MBGID-14364
-
CVE-2023-0361 - Timing sidechannel in RSA decryption (medium)
- OpenSSL:
-
Web-Interface and System:
-
NOCVE - JavaScript Code Injection / XSS in Log File (low)
Super-User were able to include JavaScript code in the Log-file “lantime_messages“ that would be delivered via web interface.
Fixed in:
V7.08.002 MBGID-14449 -
NOCVE - Signatur Bypass (high)
The signature check of uploaded firmware image files could be bypassed because of performing it too late. The check is now performed as early as possible.
Fixed in:
V7.08.002 MBGID-14459 -
NOCVE - Persisted hidden user can be created (low)
User with a name that consisted of parts of a system username were not displayed in the web interface.
Fixed in:
V7.08.002 MBGID-14448
-
NOCVE - JavaScript Code Injection / XSS in Log File (low)
- Third-party software:
-
Systems Affected
All LANTIME firmware versions before V7.08.002 are affected by the corresponding vulnerabilities. The LANTIME firmware is used by all devices of the LANTIME M series (M100, M150, M200, M250, M300, M320, M400, M450, M600, M900) as well as all devices of the LANTIME IMS series (M500, M1000, M1000S, M2000S, M3000, M3000S, M4000) and the SyncFire product family (SF1000, SF1100, SF1200, SF1500).
Whether and to what extent individual clients or LANTIME systems are vulnerable depends on the individual configuration, network infrastructure, and other factors, and it is therefore not possible to provide a general statement on how vulnerable a given system in use actually is.
-
Possible Security Measures
The relevant security updates are included in the LANTIME firmware versions V7.08.002(-light). Updating to these versions eliminates the listed vulnerabilities.
Download the latest LANTIME firmware at:
All updates are now available for Meinberg customers. An update of the LANTIME firmware to the version 7.08.002 respectively 7.08.002-light is recommended. Clients who cannot install version 7.08.002 should install V7.08.002-light instead.
-
Further Information
Further details and information are available from the following websites:
If you have any questions or need assistance, please, do not hesitate to contact Meinberg’s technical support team.
-
Acknowledgments
We would like to express our gratitude to all those who have advised us of vulnerabilities or other bugs, and have also suggested improvements to us.
Thank you!