SUSE update for etcd



Risk High
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2018-16873
CVE-2018-16874
CVE-2018-16875
CVE-2018-16886
CVE-2020-15106
CVE-2020-15112
CVE-2021-28235
CVE-2022-41723
CVE-2023-29406
CVE-2023-47108
CVE-2023-48795
CWE-ID CWE-77
CWE-22
CWE-20
CWE-287
CWE-399
CWE-285
CWE-400
CWE-644
CWE-326
Exploitation vector Network
Public exploit N/A
Vulnerable software
openSUSE Leap
Operating systems & Components / Operating system

etcd
Operating systems & Components / Operating system package or component

etcdctl
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Command injection

EUVDB-ID: #VU16545

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16873

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists in the go get command due to import path of a malicious Go package, or a package that imports it directly or indirectly. A remote unauthenticated attacker can use a vanity import path that ends with "/.git", use custom domains to arrange things so that a Git repository is cloned to a folder named ".git", trick the victim into considering the parent directory as a repository root, and run Git commands on it that will use the "config" file in the original Git repository root for its configuration, and if that config file contains malicious commands, and execute arbitrary code on the system running "go get -u".

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Path traversal

EUVDB-ID: #VU16544

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16874

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct a directory traversal attack on the target system.

The vulnerability exists in the go get command due to path traversal attack when the affected software executes the go get command with the import path of a Go package that contains curly braces. A remote unauthenticated attacker can execute the go get command, trick the victim into accessing a Go package that submits malicious input, conduct a directory traversal attack, which the attacker can use to execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU16546

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16875

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on Go TLS servers accepting client certificates and TLS clients due to the crypto/x509 package does not limit the amount of work performed for each chain verification. A remote unauthenticated attacker can craft pathological inputs leading to a CPU denial of service.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper Authentication

EUVDB-ID: #VU64828

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16886

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. A remote user can authenticate as user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource management error

EUVDB-ID: #VU41650

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15106

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as a large slice causes panic in decodeRecord method. A remote attacker can  forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU41624

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-15112

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources with the application, as it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Authorization

EUVDB-ID: #VU75512

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-28235

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the system.

The vulnerability exists due to missing authorization to the "/debug" feature. A remote non-authenticated attacker can access the "/debug/requests" endpoint and gain unauthorized access to the application.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource exhaustion

EUVDB-ID: #VU72686

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-41723

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Neutralization of HTTP Headers for Scripting Syntax

EUVDB-ID: #VU78327

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-29406

CWE-ID: CWE-644 - Improper Neutralization of HTTP Headers for Scripting Syntax

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.

Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU84507

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47108

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to grpc Unary Server Interceptor does not properly control consumption of internal resources when processing multiple requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Inadequate encryption strength

EUVDB-ID: #VU84537

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-48795

CWE-ID: CWE-326 - Inadequate Encryption Strength

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.

The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.

Mitigation

Update the affected package etcd to the latest version.

Vulnerable software versions

openSUSE Leap: 15.5 - 15.6

etcd: before 3.5.12-150000.7.6.1

etcdctl: before 3.5.12-150000.7.6.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###