openEuler 20.03 LTS SP4 update for shim

1) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU74148

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0465

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

shim-debugsource: before 15-35

shim-debuginfo: before 15-35

shim: before 15-35

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1222

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU76651

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-2650

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

shim-debugsource: before 15-35

shim-debuginfo: before 15-35

shim: before 15-35

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1222

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource management error

EUVDB-ID: #VU78463

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3446

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 20.03 LTS SP4

shim-debugsource: before 15-35

shim-debuginfo: before 15-35

shim: before 15-35

External links

http://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1222

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.