SB2022110720 - Multiple vulnerabilities in Dell EMC Unisphere Central
Published: November 7, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 30 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-1000007)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to insufficient validation of user-supplied input. A remote attacker can send custom headers in an HTTP request and an HTTP 30X redirect response code, cause the application to send the custom headers to the server specified in the 'Location:' response header and obtain potentially sensitive authentication information from applications that use custom 'Authorization:' headers.
2) Information disclosure (CVE-ID: CVE-2017-0739)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37712181.
3) Memory corruption (CVE-ID: CVE-2018-11236)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Buffer overflow (CVE-ID: CVE-2017-15804)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the glob function in glob.c due to buffer overflow during unescaping of user names with the ~ operator. A remote attacker can trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
5) Memory leak (CVE-ID: CVE-2017-15671)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the glob function in glob.c due to it skips freeing allocated memory when processing the ~ operator with a long user name when invoked with GLOB_TILDE. A remote attacker can trigger memory corruption and cause the service to crash.
6) Memory corruption (CVE-ID: CVE-2017-15670)
The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.The weakness exists in the glob function in glob.c due to off-by-one error. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
7) Use-after-free error (CVE-ID: CVE-2017-12133)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists in the DNS stub resolver due to it will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation when enabling EDNS support. A remote attacker can trigger use after free and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
8) NULL pointer dereference (CVE-ID: CVE-2015-5180)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in res_query in libresolv due to NULL pointer dereference. A remote attacker can cause the service to crash.
9) Heap-based buffer overflow (CVE-ID: CVE-2018-16842)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer over-read in the tool_msgs.c:voutf() function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption to read back out-of-buffer data and cause the service to crash.
10) Use-after-free error (CVE-ID: CVE-2018-16840)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to use-after-free error in closing an easy handle in the 'Curl_close()' function. A remote unauthenticated attacker can specially crafted data, trigger memory corruption and cause the service to crash.
11) Buffer overflow (CVE-ID: CVE-2018-14618)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists on systems with a 32-bit size_t and that use more than 2 GB of memory for the password field due to a buffer overflow in Curl_ntlm_core_mk_nt_hash() in 'lib/curl_ntlm_core.c' when handling malicious input. A remote unauthenticated attacker can send a specially crafted NTLM authentication password, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Heap-based buffer over-read (CVE-ID: CVE-2018-1000301)
The vulnerability allows a remote attacker to obtain potentially sensitive information and cause DoS condition on the target system.The weakness exists due to heap-based buffer over-read. When servers send RTSP responses back to curl, the data starts out with a set of headers. curl parses that data to separate it into a number of headers to deal with those appropriately and to find the end of the headers that signal the start of the "body" part. The function that splits up the response into headers is called Curl_http_readwrite_headers()
13) Buffer over-read (CVE-ID: CVE-2018-1000122)
The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.The weakness exists due to buffer over-read. A remote attacker can cause the target application to trigger a buffer copy error in processing RTSP URLs and cause the application to crash or access potentially sensitive information on the target system.
14) Null pointer dereference (CVE-ID: CVE-2018-1000121)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in ldap_get_attribute_ber(). A remote attacker can return a specially crafted redirect to an LDAP URL, trigger NULL pointer dereference and cause the service to crash.//
15) Heap-based buffer overflow (CVE-ID: CVE-2018-1000120)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow. A remote attacker that can control the paths that curl uses for FTP can create specially crafted path names containing the control characters '%00', trigger memory corruption and execute arbitrary code.
16) Out-of-bounds read (CVE-ID: CVE-2017-1000254)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read when parsing a directory name when connecting to an FTP server. A remote attacker can trigger memory corruption, access arbitrary files and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
17) Double Free (CVE-ID: CVE-2016-8619)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
18) Arbitrary code execution (CVE-ID: CVE-2016-7167)
The vulnerability exposes a remote user's possibility to cause arbitrary code execution on the target system.The weakness exists due to integer overflow. Using of specially crafted length parameter value to certain libcurl functions allows attackers to obtain potentially sensitive information and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
19) Security Features (CVE-ID: CVE-2016-8615)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
20) Credentials management (CVE-ID: CVE-2016-8616)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.
21) Out-of-bounds write (CVE-ID: CVE-2016-8617)
The vulnerability allows a local authenticated user to execute arbitrary code.
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
22) Double Free (CVE-ID: CVE-2016-8618)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
23) Out-of-bounds read (CVE-ID: CVE-2016-8620)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
24) Open redirect (CVE-ID: CVE-2017-1000100)
The vulnerability allows a remote attacker to redirect website visitors to external websites.The weakness exists due to incorrect validation of redirected URL. A remote attacker can redirect the target user's curl request to a TFTP URL with a long filename to cause the target user's curl application to send portions of system memory.
Successful exploitation of the vulnerability results in information disclosure.
25) Out-of-bounds read (CVE-ID: CVE-2016-8621)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
26) Out-of-bounds write (CVE-ID: CVE-2016-8622)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
27) Use-after-free (CVE-ID: CVE-2016-8623)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
28) URL redirection (CVE-ID: CVE-2016-8624)
The vulnerability allows a remote attacker to perform phishing attacks.
The vulnerability is caused by an error when parsing URL. A remote attacker can supply a link with ending "#" character in hostname and cause libcurl client to redirect to a host, specified after the "#" character.
Exploit example:
http://example.com#@evilsite.com/1.txt
The above URL will force libcurl client to connect to evilsite.com hostname instead of example.com.
The vulnerability allows an attacker to perform phishing attacks by tricking victims to connect to untrusted host.
29) Buffer overflow (CVE-ID: CVE-2016-9586)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.
30) Buffer overflow (CVE-ID: CVE-2017-7407)
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read.
Remediation
Install update from vendor's website.