Multiple vulnerabilities in Red Hat OpenStack 16.2



Published: 2022-07-21 | Updated: 2022-11-15
Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2022-1621
CVE-2022-29824
CVE-2022-27782
CVE-2022-27776
CVE-2022-27774
CVE-2022-25314
CVE-2022-25313
CVE-2022-22576
CVE-2022-1629
CVE-2022-1271
CVE-2021-41103
CVE-2021-40528
CVE-2021-4189
CVE-2021-3737
CVE-2021-3634
CVE-2022-30323
CVE-2022-30322
CVE-2022-30321
CVE-2022-26945
CVE-2021-43565
CWE-ID CWE-122
CWE-190
CWE-303
CWE-200
CWE-121
CWE-287
CWE-125
CWE-20
CWE-276
CWE-327
CWE-918
CWE-835
CWE-119
CWE-78
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Red Hat OpenStack
Server applications / Other server solutions

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Heap-based buffer overflow

EUVDB-ID: #VU63041

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1621

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Integer overflow

EUVDB-ID: #VU62741

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-29824

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Incorrect Implementation of Authentication Algorithm

EUVDB-ID: #VU63009

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27782

CWE-ID: CWE-303 - Incorrect Implementation of Authentication Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU62644

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-27776

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.

The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU62641

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-27774

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.

By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Integer overflow

EUVDB-ID: #VU60738

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25314

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Stack-based buffer overflow

EUVDB-ID: #VU60737

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-25313

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Improper Authentication

EUVDB-ID: #VU62640

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-22576

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.

A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU63490

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1629

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a boundary condition in find_next_quote() function. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error, perform a denial of service attack, modify memory, and execute arbitrary code.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Input validation error

EUVDB-ID: #VU62002

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-1271

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Incorrect default permissions

EUVDB-ID: #VU57038

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41103

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU56685

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40528

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU61681

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-4189

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in the FTP (File Transfer Protocol) client library when using it in PASV (passive) mode. A remote attacker can set up a malicious FTP server, trick the FTP client in Python into connecting back to a given IP address and port, which can lead to FTP client scanning ports which otherwise would not have been possible.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Infinite loop

EUVDB-ID: #VU59089

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3737

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Buffer overflow

EUVDB-ID: #VU56217

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-3634

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Input validation error

EUVDB-ID: #VU63815

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30323

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Input validation error

EUVDB-ID: #VU63814

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30322

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Input validation error

EUVDB-ID: #VU63811

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-30321

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an unspecified error. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) OS Command Injection

EUVDB-ID: #VU63810

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-26945

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Input validation error

EUVDB-ID: #VU64805

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-43565

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenStack: before 16.2.z


CPE2.3
External links

http://access.redhat.com/errata/RHSA-2022:5673

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###