Source
ghsa
### Impact CKB process will panic when received malformed p2p message because of snappy, which is used to compress network messages ### References https://github.com/BurntSushi/rust-snappy/issues/29
### Vulnerability type Logging ### Detail etcd users who have no password can authenticate only through a client certificate. When such users try to authenticate into etcd using the Authenticate endpoint, errors are logged with insufficient information regarding why the authentication failed, and may be misleading when auditing etcd logs. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
### Impact Data Validation ### Detail The parseCompactionRetention function in embed/etcd.go allows the retention variable value to be negative and causes the node to execute the history compaction in a loop, taking more CPU than usual and spamming logs. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
### Vulnerability type Cryptography ### Workarounds Refer to the [gateway documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md). The vulnerability was spotted due to unclear documentation of how the gateway handles endpoints validation. ### Detail Secure endpoint validation is performed by the etcd gateway start command when the --discovery-srv flag is enabled. However, as currently implemented, it only validates TCP reachability, effectively allowing connections to an endpoint that doesn't accept TLS connections through the HTTPS URL. The auditors has noted that appropriate documentation of this validation functionality plus deprecation of this misleading functionality is an acceptable path forward. ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Cont...
### Vulnerability type Cryptography ### Detail The TLS ciphers list supported by etcd by default contains weak ciphers. ### Workarounds Provide a desired ciphers using the `--cipher-suites` flag as described with examples in the [security documentation](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/security.md) ### References Find out more on this vulnerability in the [security audit report](https://github.com/etcd-io/etcd/blob/master/security/SECURITY_AUDIT.pdf) ### For more information If you have any questions or comments about this advisory: * Contact the [etcd security committee](https://github.com/etcd-io/etcd/blob/master/security/security-release-process.md#product-security-committee-psc)
### Impact Adversary can initiate DOS attack by broadcasting two consecutive blocks with timestamps in the future. ### Patches Please upgrade to v0.34.1
### Impact Currently, when a node receives a block in future according to its local wall clock, it will mark the block as invalid and ban the peer. If the header's timestamp is more than 15 seconds ahead of our current time. In that case, the header may become valid in the future, and we don't want to disconnect a peer merely for serving us one too-far-ahead block header, to prevent an attacker from splitting the network by mining a block right at the 15 seconds boundary. ### Patches Upgrade to v0.33.1 or above. ### Workarounds Don't ban peer serving too-far-ahead block header.
The p2p discovery protocol assumes that the peer IP must be valid IPv4 address.
The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted `tx_hashes`, it will mark it in memory to avoid duplicated requests. [code → ](https://github.com/nervosnetwork/ckb/blob/26e4837212c392c3c706a0da7a056131fb060433/sync/src/relayer/transactions_process.rs#L67). It is easy to establish a DoS attach by generating random tx hashes. ### Impact It affects all nodes connected to the P2P network. ### Workarounds Apply rate limit on the data sent to CKB P2P port.
# Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability ## Executive Summary A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to t...