Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.3 packages
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2020-7039 CVE-2020-7211 |
| CWE-ID | CWE-122 CWE-22 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
openshift-ansible (Red Hat package) Operating systems & Components / Operating system package or component atomic-openshift-service-idler (Red Hat package) Operating systems & Components / Operating system package or component atomic-enterprise-service-catalog (Red Hat package) Operating systems & Components / Operating system package or component slirp4netns (Red Hat package) Operating systems & Components / Operating system package or component skopeo (Red Hat package) Operating systems & Components / Operating system package or component rhosp-release (Red Hat package) Operating systems & Components / Operating system package or component openstack-ironic-python-agent (Red Hat package) Operating systems & Components / Operating system package or component openshift-kuryr (Red Hat package) Operating systems & Components / Operating system package or component openshift-clients (Red Hat package) Operating systems & Components / Operating system package or component openshift (Red Hat package) Operating systems & Components / Operating system package or component machine-config-daemon (Red Hat package) Operating systems & Components / Operating system package or component ignition (Red Hat package) Operating systems & Components / Operating system package or component cri-o (Red Hat package) Operating systems & Components / Operating system package or component Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU25458
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7039
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows an attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the tcp_emu() function in tcp_subr.c in libslirp. An attacker can issue specially crafted IRC DCC commands in EMU_IRC, trigger heap-based buffer overflow and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.3.1-202001310552.git.174.dcdb91b.el7
atomic-openshift-service-idler (Red Hat package): before 4.3.1-202002031701.git.1.a23cda8.el7
atomic-enterprise-service-catalog (Red Hat package): before 4.3.1-202002031701.git.1.095aaf2.el7
slirp4netns (Red Hat package): before 0.4.2-3.git21fdece.el8
skopeo (Red Hat package): before 0.1.40-3.rhaos.el8
rhosp-release (Red Hat package): before 16.0.0-1.el8ost
openstack-ironic-python-agent (Red Hat package): before 5.0.1-0.20200123140814.025b790.el8ost
openshift-kuryr (Red Hat package): before 4.3.1-202002031701.git.1.cfa4a05.el8
openshift-clients (Red Hat package): before 4.3.1-202001310552.git.1.075d46a.el7
openshift (Red Hat package): before 4.3.1-202001310552.git.0.331f390.el7
machine-config-daemon (Red Hat package): before 4.3.1-202002031701.git.1.0ad9b3b.el8
ignition (Red Hat package): before 0.34.0-2.rhaos4.3.git92f874c.el8
cri-o (Red Hat package): before 1.16.2-13.dev.rhaos4.3.gita83f883.el7
Red Hat OpenShift Container Platform: before
CPE2.3- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-enterprise-service-catalog_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:slirp4netns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:skopeo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:rhosp-release_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:machine-config-daemon_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:*:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHBA-2020:0390
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU25457
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-7211
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within tftp.c in libslirp. A remote attacker can send a specially crafted TFPT request and read arbitrary files on the Windows system.
MitigationInstall updates from vendor's website.
openshift-ansible (Red Hat package): before 4.3.1-202001310552.git.174.dcdb91b.el7
atomic-openshift-service-idler (Red Hat package): before 4.3.1-202002031701.git.1.a23cda8.el7
atomic-enterprise-service-catalog (Red Hat package): before 4.3.1-202002031701.git.1.095aaf2.el7
slirp4netns (Red Hat package): before 0.4.2-3.git21fdece.el8
skopeo (Red Hat package): before 0.1.40-3.rhaos.el8
rhosp-release (Red Hat package): before 16.0.0-1.el8ost
openstack-ironic-python-agent (Red Hat package): before 5.0.1-0.20200123140814.025b790.el8ost
openshift-kuryr (Red Hat package): before 4.3.1-202002031701.git.1.cfa4a05.el8
openshift-clients (Red Hat package): before 4.3.1-202001310552.git.1.075d46a.el7
openshift (Red Hat package): before 4.3.1-202001310552.git.0.331f390.el7
machine-config-daemon (Red Hat package): before 4.3.1-202002031701.git.1.0ad9b3b.el8
ignition (Red Hat package): before 0.34.0-2.rhaos4.3.git92f874c.el8
cri-o (Red Hat package): before 1.16.2-13.dev.rhaos4.3.gita83f883.el7
Red Hat OpenShift Container Platform: before
CPE2.3- cpe:2.3:a:red_hat:openshift-ansible_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-openshift-service-idler_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:atomic-enterprise-service-catalog_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:slirp4netns_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:skopeo_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:rhosp-release_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openstack-ironic-python-agent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-kuryr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift-clients_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:openshift_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:machine-config-daemon_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:ignition_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:cri-o_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:a:red_hat:red_hat_openshift_container_platform:*:*:*:*:*:*:*:*
https://access.redhat.com/errata/RHBA-2020:0390
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
