SB2023080920 - Multiple vulnerabilities in Dell Container Storage Modules

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023080920

SB2023080920 - Multiple vulnerabilities in Dell Container Storage Modules

Published: August 9, 2023 Updated: September 18, 2023

Security Bulletin ID SB2023080920
Severity
High
Patch available
YES
Number of vulnerabilities 39
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 5% Medium 49% Low 46%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 39 secuirty vulnerabilities.


1) Type Confusion (CVE-ID: CVE-2023-0286)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.


2) Unprotected Alternate Channel (CVE-ID: CVE-2023-28842)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.


3) Inadequate Encryption Strength (CVE-ID: CVE-2023-0361)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.


4) Out-of-bounds write (CVE-ID: CVE-2021-44568)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted input within the resolve_dependencies() function at src/solver.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and crash the application.

5) Input validation error (CVE-ID: CVE-2021-42694)

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the character definitions of the Unicode Specification. The specification allows an attacker to produce source code identifiers such as function names using homoglyphs that render visually identical to a target identifier. Adversaries can leverage this to inject code via adversarial identifier definitions in upstream software dependencies invoked deceptively in downstream software.


6) Memory leak (CVE-ID: CVE-2018-20657)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the demangle_template function in cplus-dem.c in GNU libiberty. A remote attacker can trigger a memory leak via a crafted string and perform denial of service attack.

7) Integer overflow (CVE-ID: CVE-2019-14250)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in simple_object_elf_match() function in simple-object-elf.c. A remote attacker can use a specially crFted ELF file to trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


8) Resource exhaustion (CVE-ID: CVE-2022-27943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within demangle_const in libiberty/rust-demangle.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


9) Use-after-free (CVE-ID: CVE-2023-0215)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.



10) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-4304)

The vulnerability allows a remote attacker to obtain sensitive information.

The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.

To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.


11) Unprotected Alternate Channel (CVE-ID: CVE-2023-28840)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.


12) Heap-based buffer overflow (CVE-ID: CVE-2022-3715)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in valid_parameter_transform() function in GNU bash. A local user can trigger a heap-based buffer overflow and execute arbitrary code on the target system.


13) Buffer overflow (CVE-ID: CVE-2021-3826)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the dlang_lname() function in d-demangle.c in libiberty. A local user can perform a denial of service (DoS) attack via a crafted mangled symbol.


14) Out-of-bounds read (CVE-ID: CVE-2017-14501)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to out-of-bounds read condition in the parse_file_info function, as defined in the archive_read_support_format_iso9660.c source code file when extracting ISO 9660 files. A remote attacker can trick the victim into extracting an ISO 9660 file that submits malicious input and cause the service to crash.


15) Buffer over-read (CVE-ID: CVE-2017-14166)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in libarchive 3.3.2. A remote attacker can trigger xml_data heap-based buffer over-read and application crash via a specially crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.


16) Double Free (CVE-ID: CVE-2022-4450)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.


17) Input validation error (CVE-ID: CVE-2019-19244)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage in select.c . A remote attacker can crash the affected application using a specially crafted SQL query.


18) Out-of-bounds read (CVE-ID: CVE-2019-9936)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the fts5HashEntrySort in sqlite3.c when running fts5 prefix queries inside a transaction. A remote user with ability to send queries can trigger heap-based buffer over-read error and read contents of memory on the system.


19) NULL pointer dereference (CVE-ID: CVE-2019-9937)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error when processing interleaving reads and writes in a single transaction with an fts5 virtual table in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c. A remote attacker can perform a denial of service (DoS) attack.


20) Missing Encryption of Sensitive Data (CVE-ID: CVE-2023-28841)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.


21) Out-of-bounds write (CVE-ID: CVE-2022-3219)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. A remote attacker can send a specially crafted file, trigger an out-of-bounds write and execute arbitrary code on the target system.


22) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-27191)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.


23) Cross-site scripting (CVE-ID: CVE-2023-29400)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


24) Cross-site scripting (CVE-ID: CVE-2023-24539)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


25) Resource management error (CVE-ID: CVE-2023-2253)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can send specially crafted requests to the "/v2/_catalog" API endpoint and perform a denial of service (DoS) attack.


26) Improper access control (CVE-ID: CVE-2023-27561)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.


27) Resource exhaustion (CVE-ID: CVE-2022-41723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.


28) Improper Preservation of Permissions (CVE-ID: CVE-2023-28642)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper preservation of permissions in the AppArmor and SELinux when /proc inside the container is symlinked with a specific mount configuration. A remote attacker can gain access to the target application.


29) Improper Preservation of Permissions (CVE-ID: CVE-2023-25809)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the rootless "/sys/fs/cgroup" is writable when cgroupns is not unshared. A local administrator can gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host.


30) Resource exhaustion (CVE-ID: CVE-2022-32149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.


31) OS Command Injection (CVE-ID: CVE-2022-28391)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation of DNS PTR records output within the netstat utility if executed on VT compatible terminal. A remote attacker can trick the victim to run the netstat command after initiating a connection to the system and execute arbitrary OS commands on the target system with privileges of the user running the netstat command.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.


33) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29162)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to containers are incorrectly started with non-empty inheritable Linux process capabilities, which leads to security restrictions bypass and privilege escalation.


34) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-23916)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.


35) Input validation error (CVE-ID: CVE-2022-35252)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.


36) Use-after-free (CVE-ID: CVE-2022-43552)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.



37) UNIX symbolic link following (CVE-ID: CVE-2022-41973)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.


38) Stack out-of-bounds read (CVE-ID: CVE-2019-8905)

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to stack-based buffer over-read in the do_core_note function, related to file_printable. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the file command, trigger memory corruption and gain access to arbitrary data or perform a denial of service attack.


39) Out-of-bounds read (CVE-ID: CVE-2019-8906)

The vulnerability allows a remote attacker to obtain potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to out-of-bounds read in the do_core_note function. A remote attacker can trick the victim into executing a file that submits malicious input to the targeted system with the file command, trigger memory corruption and gain access to arbitrary data or perform a denial of service attack.


Remediation

Install update from vendor's website.

References