Multiple vulnerabilities in IBM Cloud Object Storage Systems



Published: 2022-09-23
Risk High
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2021-4197
CVE-2022-2503
CVE-2022-1462
CVE-2022-1353
CVE-2021-33655
CVE-2022-29581
CVE-2022-1012
CVE-2022-0854
CVE-2021-4209
CVE-2022-2509
CWE-ID CWE-264
CWE-125
CWE-200
CWE-787
CWE-911
CWE-401
CWE-476
CWE-415
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
IBM Cloud Object Storage Systems
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Security restrictions bypass

EUVDB-ID: #VU61258

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-4197

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to missing permissions checks within the cgroups (control groups) functionality of Linux Kernel when writing into a file descriptor. A local low privileged process can trick a higher privileged parent process into writing arbitrary data into files, which can result in denial of service or privileges escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU66810

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2503

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way dm-verity is used to restrict module/firmware loads to trusted root filesystem in LoadPin builds. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU66591

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1462

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the the Linux kernel’s TeleTYpe subsystem caused by a race condition when using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory file. A local user can trigger an out-of-bounds read error and crash the system or read random kernel memory.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Information disclosure

EUVDB-ID: #VU63388

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1353

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds write

EUVDB-ID: #VU65833

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-33655

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in FBIOPUT_VSCREENINFO IOCTL. A local user can trigger an out-of-bounds write error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper update of reference count

EUVDB-ID: #VU63496

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-29581

CWE-ID: CWE-911 - Improper Update of Reference Count

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper update of reference count in net/sched in Linux kernel. A local user can execute arbitrary code with root privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Memory leak

EUVDB-ID: #VU64079

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-1012

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Memory leak

EUVDB-ID: #VU63427

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-0854

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) NULL pointer dereference

EUVDB-ID: #VU66124

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-4209

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in MD_UPDATE. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Double Free

EUVDB-ID: #VU65915

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2509

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

IBM Cloud Object Storage Systems: 3.16.7.0 - 3.16.7.62


CPE2.3 External links

http://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-with-kernel-gnutls-affect-ibm-cloud-object-storage-systems-august-2022v1/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###