SB2023081530 - Multiple vulnerabilities in Dell Data Protection Central
Published: August 15, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Incorrect Implementation of Authentication Algorithm (CVE-ID: CVE-2022-27782)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several TLS and SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.
2) Information disclosure (CVE-ID: CVE-2022-27776)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.
The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).
3) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2020-12401)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to usage of ECDSA signatures. A local user can perform a side channel attack and gain access to sensitive information.
4) Improper Authentication (CVE-ID: CVE-2022-22576)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
5) Information disclosure (CVE-ID: CVE-2022-27774)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl attempts to follow redirects during authentication process and does not consider different port numbers or protocols to be separate authentication targets. If the web application performs redirection to a different port number of protocol, cURL will allow such redirection and will pass credentials. It could also leak the TLS SRP credentials this way.
By default, curl only allows redirects to HTTP(S) and FTP(S), but can be asked to allow redirects to all protocols curl supports.
6) CRLF injection (CVE-ID: CVE-2022-0391)
The vulnerability allows a remote attacker to inject arbitrary data in server response.
The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.
7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-32208)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.
8) Out-of-bounds write (CVE-ID: CVE-2021-46822)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing images within the get_word_rgb_row() function in rdppm.c. A remote attacker can pass a specially crafted file to the affected software, trigger an out-of-bounds write and execute arbitrary code on the target system.
9) Creation of Temporary File With Insecure Permissions (CVE-ID: CVE-2022-24823)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to usage of insecure permissions for temporary files. A local user can view contents of temporary files and gain access to sensitive information.
10) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
11) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-40528)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.
12) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-35937)
The vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exist due to race condition. A local privileged user can bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges.
13) Link following (CVE-ID: CVE-2021-35938)
The vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability occurs when rpm sets the desired permissions and credentials after installing a file. A local privileged user can use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system.
14) Link following (CVE-ID: CVE-2021-35939)
The vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exist due to fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local privileged user who owns another ancestor directory could potentially use this flaw to gain root privileges.
15) Stack-based buffer overflow (CVE-ID: CVE-2022-25313)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Resource exhaustion (CVE-ID: CVE-2022-32206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
17) Out-of-bounds read (CVE-ID: CVE-2022-27405)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the "FNT_Size_Request" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
18) Out-of-bounds read (CVE-ID: CVE-2022-27406)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in the "FT_Request_Size" function. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
19) Integer overflow (CVE-ID: CVE-2022-29824)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Integer overflow (CVE-ID: CVE-2022-25314)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
21) Out-of-bounds write (CVE-ID: CVE-2022-27404)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "sfnt_init_face" function. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
22) Out-of-bounds write (CVE-ID: CVE-2020-36518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
Remediation
Install update from vendor's website.