Recent SAS Vulnerabilities Notes Categorized as High

The SAS® High-Performance Computing console contains a version of Webmin that contains known vulnerabilities

Webmin version 1.540 in SAS High Performance Computing Console has the following vulnerabilities:

CVE-2018-8712 Detail

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of “Can view any file as a log file” is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the ‘/etc/shadow’ file via a “GET /syslog/save_log.cgi?view=1&file=/etc/shadow” request.

CVE-2019-15642 Detail

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states “RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.”

Solution

Apply Hot Fix: https://tshf.sas.com/techsup/download/hotfix/HF2/K6Q.html#68220

The SAS® Web Server is affected by the vulnerability

This vulnerability may allow a denial of service attack

CVE-2020-13950 Detail

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

Solution

Apply Hot Fix: https://tshf.sas.com/techsup/download/hotfix/HF2/J8M.html#68158