SB2023083144 - Multiple vulnerabilities in Migration Toolkit for Containers (MTC) 1.7

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023083144

SB2023083144 - Multiple vulnerabilities in Migration Toolkit for Containers (MTC) 1.7

Published: August 31, 2023 Updated: January 9, 2026

Security Bulletin ID SB2023083144
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Incorrect calculation (CVE-ID: CVE-2023-24532)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars.


2) Buffer overflow (CVE-ID: CVE-2020-24736)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.


3) Heap-based buffer overflow (CVE-ID: CVE-2022-48281)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Input validation error (CVE-ID: CVE-2023-1667)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.


5) Improper Authentication (CVE-ID: CVE-2023-2283)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The  A remote attacker can bypass authentication process and gain unauthorized access to the system.


6) Resource exhaustion (CVE-ID: CVE-2023-2828)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.


7) Improper Privilege Management (CVE-ID: CVE-2023-26604)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.


8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.


9) Untrusted search path (CVE-ID: CVE-2023-38408)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.

Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).


Remediation

Install update from vendor's website.

References