

Rewterz Threat Advisory – CVE-2018-15465 – Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability
December 24, 2018
Rewterz Threat Alert – WannaCry still Lurks on Infected Computers, 18 months after the initial outburst
December 27, 2018
Rewterz Threat Advisory – CVE-2018-15465 – Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability
December 24, 2018
Rewterz Threat Alert – WannaCry still Lurks on Infected Computers, 18 months after the initial outburst
December 27, 2018SEVERITY: MEDIUM
CATEGORY: VULNERABILITY
ANALYSIS SUMMARY:
IBM Lotus Protector for mail security has now released updates for a previously disclosed vulnerability identified as CVE-2018-12882. The flaw is that the exif_read_from_impl function in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data function. Successful exploitation of the flaw causes Denial of Service condition.
Vendor has released fixes for the vulnerability.
AFFECTED PRODUCTS
- IBM Lotus for Mail Protector 2.8.3.0
- IBM Lotus for Mail Protector 2.8.1.0
IMPACT
Denial of service with application crash.
REMEDIATION
Vendor has released fixes for this vulnerability.
A php-upgrade-7_2_7 will solve the problem.
For IBM Lotus Protector for mail security, follow the vendor’s link below:
https://www-01.ibm.com/support/docview.wss?uid=ibm10787455