SB2023072741 - Multiple vulnerabilities in OpenShift sandboxed containers 1.4
Published: July 27, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 23 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2022-40304)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption issues, such as double free errors and result in a denial of service.
2) Improper Privilege Management (CVE-ID: CVE-2023-26604)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
3) Input validation error (CVE-ID: CVE-2023-24329)
The vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
4) Resource management error (CVE-ID: CVE-2023-2650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
5) Improper Authentication (CVE-ID: CVE-2023-2283)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The A remote attacker can bypass authentication process and gain unauthorized access to the system.
6) Input validation error (CVE-ID: CVE-2023-1667)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.
7) Out-of-bounds read (CVE-ID: CVE-2023-1255)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
8) Security features bypass (CVE-ID: CVE-2023-0466)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error within the X509_VERIFY_PARAM_add0_policy() function, which does not perform the certificate policy check despite being implicitly enabled. A remote attacker can bypass expected security restrictions and perform MitM attack.
9) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-0465)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.
10) Resource exhaustion (CVE-ID: CVE-2023-0464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.
11) Integer overflow (CVE-ID: CVE-2022-47629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the CRL signature parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Integer overflow (CVE-ID: CVE-2022-40303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Inadequate Encryption Strength (CVE-ID: CVE-2023-3089)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.
14) NULL pointer dereference (CVE-ID: CVE-2022-36227)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.
15) Improper Validation of Array Index (CVE-ID: CVE-2022-35737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling an overly large input passed as argument to a C API. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
16) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
17) Heap-based buffer overflow (CVE-ID: CVE-2022-28805)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the singlevar function in lparser.c. A remote attacker can use a specially crafted luaK_exp2anyregup call, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2022-3715)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in valid_parameter_transform() function in GNU bash. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.
19) Double Free (CVE-ID: CVE-2022-2509)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
21) Input validation error (CVE-ID: CVE-2022-1271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
22) Off-by-one (CVE-ID: CVE-2021-46848)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.
23) Buffer overflow (CVE-ID: CVE-2020-24736)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.