Multiple vulnerabilities in Red Hat OpenShift Container Platform
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2020-15586 CVE-2020-16845 CVE-2019-20811 CVE-2019-20907 CVE-2020-8177 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624 CVE-2020-14331 CVE-2020-14363 CVE-2020-14422 CVE-2020-15999 CVE-2020-25637 |
| CWE-ID | CWE-362 CWE-835 CWE-20 CWE-644 CWE-617 CWE-264 CWE-787 CWE-415 CWE-400 CWE-122 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #12 is being exploited in the wild. Public exploit code for vulnerability #13 is available. |
| Vulnerable software Subscribe |
Red Hat OpenShift Container Platform Client/Desktop applications / Software for system administration |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Race condition
EUVDB-ID: #VU31891
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-15586
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler. A remote attacker can exploit the race and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Infinite loop
EUVDB-ID: #VU45699
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-16845
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU34374
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20811
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU32881
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-20907
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper Neutralization of HTTP Headers for Scripting Syntax
EUVDB-ID: #VU29290
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8177
CWE-ID:
CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite files on the victim's system.
The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Reachable Assertion
EUVDB-ID: #VU45819
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8622
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling TSIG-signed request. An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Reachable Assertion
EUVDB-ID: #VU45818
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8623
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when processing DNS query for a zone signed with RSA. A remote attacker can send a specially crafted query and crash the DNS server.
Successful exploitation of the vulnerability requires that BIND is built with "--enable-native-pkcs11".
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU45817
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8624
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform unauthorized actions.
The vulnerability exists due to change 4885 in BIND inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain. A remote user with privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds write
EUVDB-ID: #VU48590
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14331
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Linux kernel’s implementation of the invert video code on VGA consoles. A local user with can run a specially crafted program to call VT_RESIZE IOCTL, trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Double Free
EUVDB-ID: #VU46027
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14363
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when handling locales in LibX11. A local user can run a specially crafted program to trigger integer overflow and double free and execute arbitrary code on the system with elevated privileges.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU29544
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-14422
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Heap-based buffer overflow
EUVDB-ID: #VU47741
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2020-15999
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with PNG sbit glyphs to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, this vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
13) Double Free
EUVDB-ID: #VU48591
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25637
CWE-ID:
CWE-415 - Double Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the libvirt API, responsible for requesting information about network interfaces of a running QEMU domain. A local client connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system.
MitigationInstall updates from vendor's website.
Red Hat OpenShift Container Platform: before 4.5.20
External linkshttp://access.redhat.com/errata/RHSA-2020:5118
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
