TB085 libpam Can Cause Buffer Overflow (CVE-2020-27678)

Impact

FIPS 199 Severity Level: Critical

CVSS Score: 10

Attack Vector (AV): N

Attack Complexity (AC): L

Privileges Required (PR): N

User Interaction (UI): N

Scope (S): C

Confidentiality (C): H

Integrity (I): H

Availability (A): H

The operating system in all versions of the Delphix Engine prior to 6.0.0.0 is susceptible to the illumos vulnerability CVE-2020-27678. This vulnerability is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c that can theoretically allow an attacker to gain root access to the Delphix Engine’s underlying operating system and access all data stored on the Delphix Engine.

Contributing Factors

The issue may occur when using any version of the Delphix Engine prior to 6.0.x.x.

Click here to view the versions of the Delphix engine to which this article applies

Major Release	All Sub Releases
5.3	5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0
5.2	5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.3.1, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1, 5.2.6.2
5.1	5.1.3.1, 5.1.4.0, 5.1.5.0, 5.1.5.1, 5.1.6.0, 5.1.7.0, 5.1.8.0, 5.1.8.1, 5.1.9.0, 5.1.10.0

In order to exploit this vulnerability, an attacker would need to build a custom exploit based on the version of libpam that is included in the software appliance and have access to port 22 (ssh) on the Delphix Engine.

Symptoms

An attacker with network access to the engine could potentially take control of the engine and access all data stored on the engine.

Relief/Workaround

Customers in need of a short-term workaround until they can upgrade their engine can disable non-GUI access to the engine by blocking SSH access (port 22) via a firewall. This will disable both CLI and Delphix Support access.

Related Documents

Upgrading the Delphix Engine