CVE-2018-18446 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).

This issue results in the painting of untrusted data, which allows a malicious person to gain access to the system and possibly escalate privileges to root. To be vulnerable, the server must be configured to accept Paint.NET images and not have any restrictions on the size or format of the image. Fixed in 4.1.2. There is no mitigation other than not accepting untrusted data. Servers must be patched against this issue. There is no workaround available. How to identify affected servers: - Server logs indicate the server is accepting untrusted data. - The server produces invalid images. - The server produces valid images of different size. How to fix: - Update to 4.1.2 or later. - Restrict the size and format of images accepted. - Restrict the size and format of files uploaded to the server. - Restrict the size and format of the CGI directory. - Restrict the size and format of the server’s filesystem. - Restrict the size and format of CGI directories on the server. - Restrict the size and format of the server’s filesystem. - Restrict the size and format of CGI directories on the server.

CVE-2018-18447

This issue is caused by a logic error in the way that Wireshark parses certain SIP messages. The vulnerability can be exploited to cause a denial-of-service (DoS) condition. Fixed in 5.0.2. There is no mitigation available for this issue other than upgrading to the latest version of Wireshark. How to identify affected servers: - Server logs indicate a high number of SIP packets are received from a given source IP address and destination IP address on port 5060. - Packets from an unknown source IP address (outside of those allowed for use with the application) or destination IP address are received on port 5060. - Packets from an unknown source IP address are received with a low TTL value, which indicates spoofing or some other type of attack. - Packets with invalid length values are sent back by the server, such as 255 bytes instead of 4 bytes in total length or other similar errors detected by packet analysis tools like Wireshark or tcpdump that signify invalid data being sent by the server. How to fix: Upgrade to 5.0.2 or later, or restrict the size and format of accepted images and files so they do not exceed 4KB in size, which would prevent them from causing this issue when parsed incorrectly by Wireshark

Timeline

Published on: 10/12/2022 21:15:00 UTC
Last modified on: 10/13/2022 17:39:00 UTC

References

• https://blog.getpaint.net/2018/10/22/paint-net-4-1-2-is-now-available/
• https://www.getpaint.net
• https://www.dotpdn.com
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18446