An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to a denial of service.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1800 advisory.

    An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding,     malformed DER signatures could raise unexpected exceptions (or no exceptions at all), which could lead to     a denial of service. (CVE-2019-14853)

    A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether     signatures used DER encoding. Without this verification, a malformed signature could be accepted, making     the signature malleable. Without proper verification, an attacker could use a malleable signature to     create false transactions. (CVE-2019-14859)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4702 advisory.

    Red Hat Satellite is a systems management tool for Linux-based     infrastructure. It allows for provisioning, remote management, and     monitoring of multiple Linux deployments with a single centralized tool.

    Security Fix(es):
    * python-ecdsa: Unexpected and undocumented exceptions during signature decoding (CVE-2019-14853)
    * python-ecdsa: DER encoding is not being verified in signatures (CVE-2019-14859)
    * rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id     (CVE-2019-25025)
    * rake: OS Command Injection via egrep in Rake::FileList (CVE-2020-8130)
    * candlepin: guava - local information disclosure via temporary directory created with unsafe permissions     (CVE-2020-8908)
    * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343)
    * tfm-rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)
    * tfm-rubygem-foreman_azure_rm: Azure compute resource secret_key leak to authenticated users     (CVE-2021-3413)
    * foreman: possible man-in-the-middle in smart_proxy realm_freeipa (CVE-2021-3494)
    * foreman: BMC controller credential leak via API (CVE-2021-20256)
    * python-aiohttp: Open redirect in aiohttp.web_middlewares.normalize_path_middleware (CVE-2021-21330)
    * rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack     (CVE-2021-22885)
    * tfm-rubygem-actionpack: rails: Possible Denial of Service vulnerability in Action Dispatch     (CVE-2021-22902)
    * tfm-rubygem-actionpack: Possible DoS Vulnerability in Action Controller Token Authentication     (CVE-2021-22904)
    * python-django: potential directory-traversal via uploaded files (CVE-2021-28658)
    * tfm-rubygem-puma: incomplete fix for CVE-2019-16770 allows Denial of Service (DoS) (CVE-2021-29509)
    * python-django: Potential directory-traversal via uploaded files (CVE-2021-31542)
    * tfm-rubygem-addressable: ReDoS in templates (CVE-2021-32740)
    * python-django: Potential directory traversal via ``admindocs`` (CVE-2021-33203)
    * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503)
    * python-django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros     in IPv4 addresses (CVE-2021-33571)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s) listed in the References section.

    Additional Changes:

    * Updated Content Management backend with Pulp 3 for increased performance, scale and reliability. MongoDB     is also removed from Satellite
    * Adds support for Azure GovCloud
    * Provides Satellite 6.10 Server support for Satellite 6.9 Capsules
    * Improves support for Satellite Air Gapped and Disconnected environments
    * Adds Ansible Collections content type to support disconnected environments
    * Foreman_webhooks introduced to replace foreman_hooks
    * Introduces UI to manage Personal Access Tokens
    * Adds ability to configure Pulp repository synchronization timeouts
    * Support for Convert2RHEL
    * Provides advanced options when registering a host
    * Supports remediation playbook signatures from console.redhat.com
    * Red Hat Insights Plugin replaced through new integration within Satellite
    * Ability to visually represent systems registered and in sync with Insights
    * Ability to verify if required packages are installed as part of pre-upgrade check
    * Ability to unset environment variables when installer is running
    * Ability to turn backups on and off when cleaning up tasks from database

    The items above are not a complete list of changes. This update also fixes     several bugs and adds various enhancements. Documentation for these changes     is available from the Release Notes document linked to in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

py-ecdsa developers report :

Fix CVE-2019-14853 - possible DoS caused by malformed signature decoding.

Fix CVE-2019-14859 - signature malleability caused by insufficient checks of DER encoding

It was discovered that python-ecdsa, a cryptographic signature library for Python, incorrectly handled certain signatures. A remote attacker could use this issue to cause python-ecdsa to either not warn about incorrect signatures, or generate exceptions resulting in a denial-of-service.

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4196-1 advisory.

    It was discovered that python-ecdsa incorrectly handled certain signatures. A remote attacker could     possibly use this issue to cause python-ecdsa to generate unexpected exceptions, resulting in a denial of     service. (CVE-2019-14853)

    It was discovered that python-ecdsa incorrectly verified DER encoding in signatures. A remote attacker     could use this issue to perform certain malleability attacks. (CVE-2019-14859)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This update for python-ecdsa to version 0.13.3 fixes the following issues :

Security issues fixed :

  - CVE-2019-14853: Fixed unexpected exceptions during     signature decoding (bsc#1153165).

  - CVE-2019-14859: Fixed a signature malleability caused by     insufficient checks of DER encoding (bsc#1154217).

This update was imported from the SUSE:SLE-15:Update update project.

It was discovered that python-ecdsa, a cryptographic signature library for Python, did not correctly verify DER encoded signatures. Malformed signatures could lead to unexpected exceptions and in some cases did not raise any exception.

For Debian 8 'Jessie', these problems have been fixed in version 0.11-1+deb8u1.

We recommend that you upgrade your python-ecdsa packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to 0.13.3 - CVE-2019-14853

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
179799	Amazon Linux AMI : python-ecdsa (ALAS-2023-1800)	Nessus	Amazon Linux Local Security Checks	critical
155377	RHEL 7 : Satellite 6.10 Release (Moderate) (RHSA-2021:4702)	Nessus	Red Hat Local Security Checks	high
139641	FreeBSD : security/py-ecdsa -- multiple issues (a23ebf36-e8b6-4665-b0f3-4c977f9a145c)	Nessus	FreeBSD Local Security Checks	critical
132110	Debian DSA-4588-1 : python-ecdsa - security update	Nessus	Debian Local Security Checks	critical
131162	Ubuntu 16.04 LTS / 18.04 LTS : python-ecdsa vulnerabilities (USN-4196-1)	Nessus	Ubuntu Local Security Checks	critical
130893	openSUSE Security Update : python-ecdsa (openSUSE-2019-2474)	Nessus	SuSE Local Security Checks	critical
130892	openSUSE Security Update : python-ecdsa (openSUSE-2019-2472)	Nessus	SuSE Local Security Checks	critical
130407	Debian DLA-1978-1 : python-ecdsa security update	Nessus	Debian Local Security Checks	critical
130301	Fedora 31 : python-ecdsa (2019-55e04129ac)	Nessus	Fedora Local Security Checks	high
130035	Fedora 29 : python-ecdsa (2019-8fcf21a816)	Nessus	Fedora Local Security Checks	high
130034	Fedora 30 : python-ecdsa (2019-5297458c78)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2019-14853

high

Tenable Plugins

critical

high

critical

critical

critical

critical

critical

critical

high

high

high