Multiple vulnerabilities in Dell PowerScale OneFS



Published: 2022-09-23
Risk Low
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2019-18276
CVE-2019-9924
CVE-2016-9401
CVE-2016-7543
CWE-ID CWE-273
CWE-20
CWE-416
CWE-77
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		PowerScale OneFS
Hardware solutions / Firmware

Vendor Dell

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Improper Check for Dropped Privileges

EUVDB-ID: #VU24690

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-18276

CWE-ID: CWE-273 - Improper Check for Dropped Privileges

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in "disable_priv_mode()" function in shell.c due to the affected software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded. A local user with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3

External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Input validation error

EUVDB-ID: #VU21785

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9924

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to "rbash" does not prevent the shell user from modifying BASH_CMDS. A local authenticate user can execute any command with the permissions of the shell.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3

External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU33511

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9401

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3

External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Command injection

EUVDB-ID: #VU13104

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-7543

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary commands on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply specially crafted SHELLOPTS and PS4 environment variables, inject and execute arbitrary commands with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

PowerScale OneFS: 9.1.0.0 - 9.4.0.3

External links

http://www.dell.com/support/kbdoc/nl-nl/000202887/dsa-2022-215-dell-emc-powerscale-onefs-security-update-for-multiple-third-party-component-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###