SB2023112910 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023112910

SB2023112910 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13

Published: November 29, 2023 Updated: December 6, 2024

Security Bulletin ID SB2023112910
Severity
High
Patch available
YES
Number of vulnerabilities 20
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 20 secuirty vulnerabilities.


1) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2023-29406)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.


2) Resource management error (CVE-ID: CVE-2023-42669)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to inclusion of the "rpcecho" server into production build, which can call sleep() on AD DC. A remote user can request the server block using the "rpcecho" server and perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2023-39322)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.


4) Input validation error (CVE-ID: CVE-2023-39321)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing  post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.


5) Cross-site scripting (CVE-ID: CVE-2023-39319)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.


6) Cross-site scripting (CVE-ID: CVE-2023-39318)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.


7) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2023-31130)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a buffer underflow when using certain IPv6 addresses, such as 0::00:00:00/2". A local privileged user can trigger a boundary error and crash the service.


8) Buffer overflow (CVE-ID: CVE-2023-29491)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.



9) Improper Certificate Validation (CVE-ID: CVE-2023-29409)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.


10) Use-after-free (CVE-ID: CVE-2023-4813)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.



11) Resource exhaustion (CVE-ID: CVE-2023-44487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.


12) Use-after-free (CVE-ID: CVE-2023-4806)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the getaddrinfo() function. A remote attacker can perform a denial of service (DoS) attack.



13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-4091)

The vulnerability allows a remote user to truncate read-only files.

The vulnerability exists due to an error in the way SMB protocol implementation in Samba handles file operations. A remote user can request read-only access to files and then truncate them to 0 bytes by opening files with OVERWRITE disposition when using the acl_xattr Samba VFS module with the smb.conf setting "acl_xattr:ignore system acls = yes".


14) Improper Authorization (CVE-ID: CVE-2023-3961)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper input validation when handling client pipe names. A remote attacker can provide a specially crafted pipe name containing directory traversal characters and force Samba to connect to Unix domain sockets outside of the private directory meant to restrict the services a client could connect to.The connection to Unix domain sockets is performed as root, which means that if client sends a pipe name that resolved to an external service using an existing Unix domain socket, the client is able to connect to it without any filesystem restrictions.


15) PHP file inclusion (CVE-ID: CVE-2023-2603)

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.


16) Memory leak (CVE-ID: CVE-2023-2602)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.


17) Out-of-bounds write (CVE-ID: CVE-2022-44638)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the rasterize_edges_8() function. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.


18) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.


19) NULL pointer dereference (CVE-ID: CVE-2022-4285)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when parsing an ELF file containing corrupt symbol version information. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.


20) Resource exhaustion (CVE-ID: CVE-2023-39325)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References