Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC) 1.7
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2023-5129 CVE-2023-4863 CVE-2023-32681 CVE-2023-30630 CVE-2023-29491 CVE-2023-29469 CVE-2023-28484 CVE-2023-28321 CVE-2023-27536 CVE-2023-3978 CVE-2023-3899 CVE-2023-2603 CVE-2023-2602 CVE-2023-0804 CVE-2023-0803 CVE-2023-0802 CVE-2023-0801 CVE-2023-0800 |
| CWE-ID | CWE-122 CWE-200 CWE-264 CWE-119 CWE-399 CWE-476 CWE-295 CWE-371 CWE-79 CWE-863 CWE-98 CWE-401 CWE-787 CWE-125 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software Subscribe |
Migration Toolkit for Containers Client/Desktop applications / Software for system administration |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU80637
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2023-5129,CVE-2023-4863
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing WebP images within libwebp library. A remote attacker can trick the victim to visit a malicious website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. The vulnerability affects all modern browsers that support WebP image processing.
Note, the vulnerability is being actively exploited in the wild.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Information disclosure
EUVDB-ID: #VU77164
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32681
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU75432
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30630
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when executing the command with the "--dump-bin" option. A local user can overwrite arbitrary files on the system and escalate privileges.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU75141
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29491
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU74862
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-29469
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU74863
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28484
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper certificate validation
EUVDB-ID: #VU76237
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28321
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) State Issues
EUVDB-ID: #VU73829
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27536
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU79294
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3978
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Incorrect authorization
EUVDB-ID: #VU79878
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-3899
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect authorization caused by D-Bus interface com.redhat.RHSM1 that exposes a significant number of methods to all users. A local user can abuse the com.redhat.RHSM1.Config.SetAll() method to change the state of the registration and escalate privileges on the system.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) PHP file inclusion
EUVDB-ID: #VU72703
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2603
CWE-ID:
CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU76757
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2602
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.
MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds write
EUVDB-ID: #VU72601
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0804
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds write
EUVDB-ID: #VU72600
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0803
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU72598
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0802
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack. MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU72597
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0801
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack. MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Out-of-bounds read
EUVDB-ID: #VU72596
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0800
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the tiffcrop() function in tools/tiffcrop.c. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack. MitigationInstall updates from vendor's website.
Migration Toolkit for Containers: 1.7.0 - 1.7.12
External linkshttp://access.redhat.com/errata/RHSA-2023:5888
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
