Multiple vulnerabilities in Red Hat OpenShift Container Platform



Published: 2020-11-24 | Updated: 2021-07-01
Risk Critical
Patch available YES
Number of vulnerabilities 13
CVE-ID CVE-2020-15586
CVE-2020-16845
CVE-2019-20811
CVE-2019-20907
CVE-2020-8177
CVE-2020-8622
CVE-2020-8623
CVE-2020-8624
CVE-2020-14331
CVE-2020-14363
CVE-2020-14422
CVE-2020-15999
CVE-2020-25637
CWE-ID CWE-362
CWE-835
CWE-20
CWE-644
CWE-617
CWE-264
CWE-787
CWE-415
CWE-400
CWE-122
Exploitation vector Network
Public exploit Vulnerability #12 is being exploited in the wild.
Public exploit code for vulnerability #13 is available.
Vulnerable software
Subscribe
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 13 vulnerabilities.

1) Race condition

EUVDB-ID: #VU31891

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-15586

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler. A remote attacker can exploit the race and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Infinite loop

EUVDB-ID: #VU45699

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-16845

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in "ReadUvarint" and "ReadVarint" in "encoding/binary". A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU34374

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-20811

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to manipulate data.

An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Infinite loop

EUVDB-ID: #VU32881

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20907

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop In Lib/tarfile.py in Python. A remote attacker can create a specially crafted TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU29290

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8177

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite files on the victim's system.

The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Reachable Assertion

EUVDB-ID: #VU45819

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8622

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling TSIG-signed request. An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Reachable Assertion

EUVDB-ID: #VU45818

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8623

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when processing DNS query for a zone signed with RSA. A remote attacker can send a specially crafted query and crash the DNS server.

Successful exploitation of the vulnerability requires that BIND is built with "--enable-native-pkcs11".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU45817

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-8624

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote user to perform unauthorized actions.

The vulnerability exists due to change 4885 in BIND inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain. A remote user with privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds write

EUVDB-ID: #VU48590

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14331

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Linux kernel’s implementation of the invert video code on VGA consoles. A local user with can run a specially crafted program to call VT_RESIZE IOCTL, trigger an out-of-bounds write and execute arbitrary code on the target system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Double Free

EUVDB-ID: #VU46027

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14363

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling locales in LibX11. A local user can run a specially crafted program to trigger integer overflow and double free and execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Resource exhaustion

EUVDB-ID: #VU29544

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-14422

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application improperly computes hash values in the IPv4Interface and IPv6Interface classes within the Lib/ipaddress.py in Python. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Heap-based buffer overflow

EUVDB-ID: #VU47741

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2020-15999

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in freetype library when processing TTF files. A remote attacker can pass specially crafted TTF file with PNG sbit glyphs to the application, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, this vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Double Free

EUVDB-ID: #VU48591

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25637

CWE-ID: CWE-415 - Double Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the libvirt API, responsible for requesting information about network interfaces of a running QEMU domain. A local client connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: before 4.5.20


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:5118

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###