Outdated components in UniOS
UniOS has outdated components
Some the outdated components in UniOS have inherent security risks. Here is a list of a few potential problems:
- Dropbear is version 2018.76 This version is vulnerable to CVE-2018-15599.
# dropbear -V
Dropbear v2018.76
- Suricata 4.0.0-dev is EOL. This version is vulnerable to CVE-2018-6794 and CVE-2018-14568. It is possibly vulnerable to CVE-2018-10242, CVE-2018-10243, and CVE-2018-10244.
# suricata -V
This is Suricata version 4.0.0-dev
- Dnsmasq is version 2.78. It is vulnerable to CVE-2017-15107 and possibly CVE-2019-14834.
# dnsmasq --version
Dnsmasq version 2.78 Copyright (c) 2000-2017 Simon Kelley
Mitigation steps
-
Report issues to vendor. -
Give vendor 90 days to respond. -
No response or no fix, publish the findings -
Response with fix, implement and close issue -
Update work with this information -
Publish response/mitigation/etc
Edited by Simple Nomad