SB2023092246 - Multiple vulnerabilities in OpenShift API for Data Protection (OADP) 1.1

Description

This security bulletin contains information about 17 secuirty vulnerabilities.

1) Memory leak (CVE-ID: CVE-2023-2602)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.

3) Improper Authentication (CVE-ID: CVE-2023-32360)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to missing authentication in CUPS. A remote attacker can access recently printed documents.

4) Resource management error (CVE-ID: CVE-2023-29469)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2023-28484)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

6) Improper certificate validation (CVE-ID: CVE-2023-28321)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.

Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.

7) State Issues (CVE-ID: CVE-2023-27536)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.

8) PHP file inclusion (CVE-ID: CVE-2023-2603)

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.

9) Improper Authentication (CVE-ID: CVE-2023-2283)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The  A remote attacker can bypass authentication process and gain unauthorized access to the system.

10) Input validation error (CVE-ID: CVE-2022-21698)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2023-1667)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.

12) Heap-based buffer overflow (CVE-ID: CVE-2022-48281)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the processCropSelections() function in tools/tiffcrop.c in LibTIFF. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

13) Buffer overflow (CVE-ID: CVE-2020-24736)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.

14) Improper Privilege Management (CVE-ID: CVE-2023-25173)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management where supplementary groups are not set up properly inside a container. A local user can use supplementary group access to bypass primary group restrictions and compromise the container.

15) Incorrect calculation (CVE-ID: CVE-2023-24532)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars.

16) Resource management error (CVE-ID: CVE-2023-2253)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application. A remote attacker can send specially crafted requests to the "/v2/_catalog" API endpoint and perform a denial of service (DoS) attack.

17) Resource exhaustion (CVE-ID: CVE-2022-41723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2023:5314