SB2022101999 - Multiple vulnerabilities in Red Hat OpenShift distributed tracing (RHOSDT)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022101999

SB2022101999 - Multiple vulnerabilities in Red Hat OpenShift distributed tracing (RHOSDT)

Published: October 19, 2022 Updated: February 22, 2023

Security Bulletin ID SB2022101999
Severity
High
Patch available
YES
Number of vulnerabilities 17
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 18% Medium 59% Low 24%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 17 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-1785)

The vulnerability allows a remote attacker to execute arbitrary code

The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.


2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.


3) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-32208)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.


4) Resource exhaustion (CVE-ID: CVE-2022-32206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.


5) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.



6) OS Command Injection (CVE-ID: CVE-2022-2068)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).


7) Out-of-bounds read (CVE-ID: CVE-2022-1927)

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.


8) Out-of-bounds write (CVE-ID: CVE-2022-1897)

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.


9) Out-of-bounds read (CVE-ID: CVE-2022-1586)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.


10) Code Injection (CVE-ID: CVE-2021-3918)

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.


11) OS Command Injection (CVE-ID: CVE-2022-1292)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.



12) CRLF injection (CVE-ID: CVE-2022-0391)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


13) OS Command Injection (CVE-ID: CVE-2015-20107)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.



14) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.


15) Path traversal (CVE-ID: CVE-2022-24785)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


16) Information disclosure (CVE-ID: CVE-2022-1650)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.


17) Information disclosure (CVE-ID: CVE-2022-0536)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.


Remediation

Install update from vendor's website.

References