SB2023020113 - Multiple vulnerabilities in IBM Rational ClearCase

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Double Free (CVE-ID: CVE-2022-42915)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing non-200 proxy HTTP responses for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. A remote attacker can trigger a double free error by forcing the application into connecting to resources that are not allowed by the configured proxy.

2) Cleartext transmission of sensitive information (CVE-ID: CVE-2022-42916)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when parsing URL with IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. A remote attacker can bypass curl's HSTS check and trick it into using unencrypted HTTP protocol.

3) Expected behavior violation (CVE-ID: CVE-2022-32221)

The vulnerability allows a remote attacker to force unexpected application behavior.

The vulnerability exists due to a logic error for a reused handle when processing subsequent HTTP PUT and POST requests. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request, which used that callback. As a result, such behavior can influence application flow and force unpredictable outcome.

4) Input validation error (CVE-ID: CVE-2022-35252)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.

5) Resource exhaustion (CVE-ID: CVE-2022-32205)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to curl does not impose limits to the size of cookies stored in the system. A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and consume all available disk space.

6) Resource exhaustion (CVE-ID: CVE-2022-32206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

7) Incorrect default permissions (CVE-ID: CVE-2022-32207)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions set to cookies, alt-svc and hsts data stored in local files. A local user with ability to read such files can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/6855601