Ubuntu update for connman

1) Stack-based buffer overflow

EUVDB-ID: #VU50670

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26675

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within dnsproxy in ConnMan. A remote unauthenticated attacker on the local network can send specially crafted packets to the affected system, trigger a stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU50669

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-26676

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due memory leak in gdhcp in ConnMan. A remote attacker on the local network can force the application to leak sensitive stack information.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Stack-based buffer overflow

EUVDB-ID: #VU53998

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33833

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the dnsproxy  component in the uncompress function when unpacking NAME and RDATA/RDLENGTH fields with TYPE A/AAAA. A remote attacker can send specially crafted DNS packet to the ConnMan and perform a denial of service (DoS) attack.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU67465

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23096

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the DNS proxy dnsproxy.c when handling Header Data in DNS responses. A remote attacker can send specially crafted TCP packets to the affected software, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU67466

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23097

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the forward_dns_reply() function in the DNS proxy. A remote attacker can send specially crafted TCP packets to the application, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Infinite loop

EUVDB-ID: #VU67467

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23098

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when handling TCP connections. A remote attacker can send specially crafted packets to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

EUVDB-ID: #VU67397

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32292

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the received_data method. A remote attacker on the local network can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Double Free

EUVDB-ID: #VU67410

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32293

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the wispr_portal_web_result method. A remote attacker on the local network can pass specially crafted data to the application, trigger double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Stack-based buffer overflow

EUVDB-ID: #VU75171

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28488

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the listener_event function in the ./gdhcp/client.c. A remote unauthenticated attacker can trigger stack-based buffer overflow and cause a denial of service condition on the target system.

Mitigation

Update the affected package connman to the latest version.

Vulnerable software versions

Ubuntu: 16.04 - 23.04

connman (Ubuntu package): before Ubuntu Pro

External links

http://ubuntu.com/security/notices/USN-6236-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.