SB2024062848 - Multiple vulnerabilities in Red Hat Ceph Storage 5
Published: June 28, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Code Injection (CVE-ID: CVE-2023-29405)
The vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.
2) Code Injection (CVE-ID: CVE-2023-29404)
The vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.
3) Code Injection (CVE-ID: CVE-2023-29402)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the cgo go command when building code that contains directories with newline characters in their names. A remote attacker can pass specially crafted input to the cgo command at build time and potentially compromise the system.
Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
4) Code Injection (CVE-ID: CVE-2023-24540)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation when processing whitespace characters. A remote attacker can send a specially crafted request and execute arbitrary JavaScript code.
5) Integer overflow (CVE-ID: CVE-2021-43618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
6) Race condition (CVE-ID: CVE-2023-3758)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a race condition where the GPO policy is not consistently applied for authenticated users. A remote user can exploit the race and gain unauthorized access to the system.
7) OS Command Injection (CVE-ID: CVE-2023-6004)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in OpenSSH client. If an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive.
8) UNIX symbolic link following (CVE-ID: CVE-2023-6597)
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.
9) Unchecked Return Value (CVE-ID: CVE-2023-6918)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to libssh does not check for returned values of message digest (MD) operations in low memory conditions. A remote attacker can terminate the connection or force the library to use weak keys.
10) Insufficient verification of data authenticity (CVE-ID: CVE-2023-7008)
The vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature. A remote attacker can perform MitM attack.
11) OS Command Injection (CVE-ID: CVE-2023-28486)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
12) OS Command Injection (CVE-ID: CVE-2023-28487)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.13) Improper Authentication (CVE-ID: CVE-2023-42465)
The vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to insufficient resistance to rowhammer attacks. A local user can bypass authentication process and gain unauthorized access to the system.
14) Resource exhaustion (CVE-ID: CVE-2024-0450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
15) Cross-site scripting (CVE-ID: CVE-2024-22195)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
16) Resource exhaustion (CVE-ID: CVE-2024-22365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in pam_namespace. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
17) Use-after-free (CVE-ID: CVE-2024-25062)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmlValidatePopElement when using the XML Reader interface with DTD validation and XInclude expansion enabled. A remote attacker can pass a specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
18) Memory leak (CVE-ID: CVE-2024-26458)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in /krb5/src/lib/rpc/pmap_rmt.c. A remote attacker can perform a denial of service attack.
19) Memory leak (CVE-ID: CVE-2024-26461)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in /krb5/src/lib/gssapi/krb5/k5sealv3.c. A remote attacker can force the application to leak memory and perform denial of service attack.
20) Cryptographic issues (CVE-ID: CVE-2024-28834)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to a side-channel attack when using the gnutls_privkey_sign_data2 API function with the "GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE" flag. A remote attacker can launch Minerva attack and gain access to sensitive information.
21) Stack-based buffer overflow (CVE-ID: CVE-2024-33599)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
22) NULL pointer dereference (CVE-ID: CVE-2024-33600)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
23) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-33601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
24) Buffer overflow (CVE-ID: CVE-2024-33602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.