SB2021011923 - Multiple vulnerabilities in OpenShift Virtualization 2.5

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2020-27813)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow when processing frames received via a websocket connection. A remote attacker can pass specially crafted data to the application, trigger integer overflow and perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2020-1971)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via the API functions TS_RESP_verify_response and TS_RESP_verify_token). If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack.

3) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2020-8177)

The vulnerability allows a remote attacker to overwrite files on the victim's system.

The vulnerability exists due to a logical error when processing Content-Disposition: HTTP response header in curl when executed with the -J flag and -i flags in the same command line. A remote attacker can trick the victim to run a specially crafted curl command against a malicious website and overwrite files on the user's system.

4) Buffer overflow (CVE-ID: CVE-2020-12321)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a boundary error. A remote attacker on the local network can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

5) Use of insufficiently random values (CVE-ID: CVE-2020-16166)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to use of insufficiently random values error within the prandom_state_selftest() function in lib/random32.c, within the update_process_times() function in kernel/time/timer.c, within the add_interrupt_randomness() function in drivers/char/random.c. A remote non-authenticated attacker can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2021:0187