Security Bulletin 1859972
Security Bulletin 1859972
(CVE-2018-16518) 09/05/2018
SUMMARY
Opening a compromised encrypted Zed! container can create arbitrary files on host.
This anomaly is not related to a cryptographical vulnerability: data confidentiality in encrypted containers is not affected.
Upgrade is highly recommended.
CVSS SCORE: BASE 8.3 (HIGH)
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): Required (R)
- Scope (S): Changed (C)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
DETAILS
CVEID: 2018-16518 (created on 09/05/2018)
CERT-FR: CERTFR-2018-AVI-440
AFFECTED PRODUCTS AND VERSIONS
- Zed! Enterprise for Windows version prior to 6.1.2226
- Zed! Enterprise for Linux version prior to 1.0.198
- Zed! Enterprise for MacOSX version prior to 1.0.198
- Zed! features in ZoneCentral for Windows version prior to 6.1.2226
- Zed! features in ZedMail for Windows version prior to 6.1.2226
- Zed! Pro for Windows version prior to 1.0.194
- Zed! Pro for Linux version prior to 1.0.198
- Zed! Pro for MacOSX version prior to 1.0.198
- Zed! Free for Windows version prior to 1.0.194
- Zed! Free for Linux version prior to 1.0.198
- Zed! Free for MacOSX version prior to 1.0.198
SOLUTIONS AND RECOMMENDATIONS
Depending on your solution, upgrade to one of the following versions:
- Zed! Enterprise for Windows minimal version 6.1.2226
- Zed! Enterprise for Linux minimal version 1.0.198
- Zed! Enterprise for MacOSX minimal version 1.0.198
- Zed! features in ZoneCentral for Windows minimal version 6.1.2226
- Zed! features in ZedMail for Windows minimal version 6.1.2226
- Zed! Pro for Windows minimal version 1.0.194
- Zed! Pro for Linux minimal version 1.0.198
- Zed! Pro for MacOSX minimal version 1.0.198
- Zed! Free for Windows minimal version 1.0.194
- Zed! Free for Linux minimal version 1.0.198
- Zed! Free for MacOSX minimal version 1.0.198
For more information, contact support[@]primx[.]eu.
Acknowledgements
Joran HERVE