SB2022012208 - openEuler update for sphinx
Published: January 22, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Path traversal (CVE-ID: CVE-2020-29050)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences, because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
Please note, the affected version does not require authentication by default (see vulnerability #VU59363) and therefore the vulnerability can be exploited by a remote non-authenticated attacker in the default configuration.
2) Missing Authentication for Critical Function (CVE-ID: CVE-2019-14511)
The vulnerability allows a remote attacker to gain unauthorized access to the database.
The vulnerability exists due to insecure default configuration in which Sphinx listens on 0.0.0.0 and does not require authentication to be configured. A remote non-authenticated attacker can simply connect to the database and gain full access to information.
Remediation
Install update from vendor's website.