安全公告详情

NS-SA-2020-0085

2020-12-08 09:15:37

简介

important: telnet/tomcat security update

严重级别

important

主题

An update for telnet/tomcat is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

telnet: Telnet is a popular protocol for logging into remote systems over the Internet. The package provides a command line Telnet client
tomcat: Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world.


Security Fix(es):
telnet: A vulnerability was found where incorrect bounds checks in the telnet server’s (telnetd) handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could exploit these bugs by sending specially crafted telnet packets to achieve arbitrary code execution in the telnet server.(CVE-2020-10188)
telnet: bugfix
tomcat: is a file read/inclusion vulnerability in the AJP connector in Apache Tomcat. This is enabled by default with a default configuration port of 8009. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution (RCE).(CVE-2020-1938)
tomcat: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F9B3.

影响组件

  • telnet
  • tomcat

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["telnet-0.17-65.el7_8.x86_64.rpm","telnet-debuginfo-0.17-65.el7_8.x86_64.rpm","telnet-server-0.17-65.el7_8.x86_64.rpm"],"source":"telnet-0.17-65.el7_8.src.rpm"},{"binary":["tomcat-7.0.76-11.el7_7.noarch.rpm","tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm","tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm","tomcat-lib-7.0.76-11.el7_7.noarch.rpm","tomcat-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm"],"source":"tomcat-7.0.76-11.el7_7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["telnet-0.17-65.el7_8.x86_64.rpm","telnet-server-0.17-65.el7_8.x86_64.rpm","telnet-debuginfo-0.17-65.el7_8.x86_64.rpm"],"source":"telnet-0.17-65.el7_8.src.rpm"},{"binary":["tomcat-el-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-7.0.76-11.el7_7.noarch.rpm","tomcat-admin-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-javadoc-7.0.76-11.el7_7.noarch.rpm","tomcat-jsvc-7.0.76-11.el7_7.noarch.rpm","tomcat-lib-7.0.76-11.el7_7.noarch.rpm","tomcat-webapps-7.0.76-11.el7_7.noarch.rpm","tomcat-docs-webapp-7.0.76-11.el7_7.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-11.el7_7.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-11.el7_7.noarch.rpm"],"source":"tomcat-7.0.76-11.el7_7.src.rpm"}]}]}

CVE

参考