CVE-2017-7512

La plataforma de administración de API (AMP) de 3scale (aka RH-3scale) anterior a la versión 2.0.0 de Red Hat, permitiría la creación de un token de acceso sin un secreto de cliente. Un atacante podría utilizar este fallo para omitir los controles de autenticación y conseguir acceso a las API restringidas. NOTA: algunas fuentes tienen un error tipográfico en que el CVE-2017-7512 se relaciona con una vulnerabilidad de OpenVPN. El ID de CVE adecuado para esa vulnerabilidad de OpenVPN es CVE-2017-7521. Específicamente, CVE-2017-7521 es el ID de CVE correcto para DOS hallazgos estrechamente relacionados en OpenVPN. Cualquier fuente que enumere AMBOS CVE-2017-7512 y CVE-2017-7521 para OpenVPN debe haber enumerado SOLAMENTE CVE-2017-7521.

It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs.

Karthikeyan Bhargavan and Gaetan Leurent discovered that 64-bit block ciphers are vulnerable to a birthday attack. A remote attacker could possibly use this issue to recover cleartext data. Fixing this issue requires a configuration change to switch to a different cipher. This update adds a warning to the log file when a 64-bit block cipher is in use. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that OpenVPN incorrectly handled rollover of packet ids. An authenticated remote attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.