SB2021030444 - Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.0

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021030444

SB2021030444 - Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.0

Published: March 4, 2021

Security Bulletin ID SB2021030444
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 30% Medium 30% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Improper Validation of Array Index (CVE-ID: CVE-2021-3121)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper validation of index array in plugin/unmarshal/unmarshal.go. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions, possibly leading to remote code execution.


2) Integer overflow (CVE-ID: CVE-2020-10543)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Integer overflow (CVE-ID: CVE-2020-10878)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Buffer overflow (CVE-ID: CVE-2020-12723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.

The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.


5) Use-after-free (CVE-ID: CVE-2020-14351)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.



6) Use-after-free (CVE-ID: CVE-2020-15436)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in fs/block_dev.c in the Linux kernel. A local user can run a specially crafted program to escalate privileges on the system.


7) Use of insufficiently random values (CVE-ID: CVE-2020-25705)

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.


8) Improper locking (CVE-ID: CVE-2020-29661)

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.


9) Improper Privilege Management (CVE-ID: CVE-2020-35513)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper privilege management in the Linux kernel NFS (network file system) functionality in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A local user can trigger the vulnerability to starve the resources and perform a denial of service attack.


10) Improper Certificate Validation (CVE-ID: CVE-2021-20230)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper client certificate validation, when redirect and verifyChain options are used. A remote attacker can bypass implemented security restrictions with a any valid certificated and gain access to sensitive information.


Remediation

Install update from vendor's website.

References