SB2021090126 - Multiple vulnerabilities in Red Hat Migration Toolkit for Containers
Published: September 1, 2021 Updated: February 8, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 27 secuirty vulnerabilities.
1) Improper Certificate Validation (CVE-ID: CVE-2021-34558)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
2) Insufficient verification of data authenticity (CVE-ID: CVE-2021-20271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.
3) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2021-27218)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to incorrect conversion between numeric types in Gnome Glib. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation.
4) Information disclosure (CVE-ID: CVE-2021-25737)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a host network hijacking flaw because of holes in EndpointSlice validation. A remote administrator can redirect pod traffic to private networks on a Node and gain unauthorized access to sensitive information on the system.
5) Input validation error (CVE-ID: CVE-2021-25735)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks.
6) Out-of-bounds read (CVE-ID: CVE-2021-22918)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in uv__idna_toascii() function in libuv, which is used to convert strings to ASCII. A remote attacker can force the application to resolve a specially crafted hostname, trigger an out-of-bounds read error and gain access to sensitive information or perform a denial of service (DoS) attack.
7) Out-of-bounds write (CVE-ID: CVE-2021-22555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in net/netfilter/x_tables.c in Linux kernel. A local user can run a specially crafted program to trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
8) Buffer overflow (CVE-ID: CVE-2021-22543)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in Linux kernel when handling VM_IO|VM_PFNMAP vmas in KVM. A local user can can bypass RO checks and cause the pages to get freed while still accessible by the VMM and guest. As a result, an attacker with the ability to start and control a VM to read/write random pages of memory, can trigger memory corruption and execute arbitrary code with elevated privileges.
9) Cross-site scripting (CVE-ID: CVE-2021-21648)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
10) Improper Authentication (CVE-ID: CVE-2021-21640)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the affected software does not properly check that a newly created view has an allowed name. A remote authenticated attacker can create views with invalid or already-used names.
11) Input validation error (CVE-ID: CVE-2021-21639)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected software does not validate the type of object created after loading the data submitted to the "config.xml" REST API endpoint of a node. A remote authenticated attacker can replace a node with one of a different type.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-21623)
The vulnerability allows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to the affected plugin does not correctly perform permission checks to determine whether an item should be accessible. A remote authenticated attacker can gain access to sensitive information.
13) Resource exhaustion (CVE-ID: CVE-2021-21419)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling large websocket frames. A remote attacker can trigger resource exhaustion by sending highly compressed data frame and perform a denial of service (DoS) attack.
14) Improper Authentication (CVE-ID: CVE-2021-3636)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the generated certificate for the in-cluster Service CA, incorrectly
included additional certificates. The Service CA is automatically
mounted into all pods, allowing them to safely connect to trusted
in-cluster services that present certificates signed by the trusted
Service CA. The incorrect inclusion of additional CAs in this
certificate would allow an attacker that compromises any of the
additional CAs to masquerade as a trusted in-cluster service.
15) Resource exhaustion (CVE-ID: CVE-2021-33196)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing archives. A remote attacker can pass a specially crafted .zip file to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Race condition (CVE-ID: CVE-2021-3609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the CAN BCM networking protocol (net/can/bcm.c) in the Linux kernel ranging from version 2.6.25 to mainline 5.13-rc6. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
17) Input validation error (CVE-ID: CVE-2021-3541)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
18) NULL pointer dereference (CVE-ID: CVE-2021-3537)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
19) Integer overflow (CVE-ID: CVE-2021-3520)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the fast LZ compression algorithm library. A remote attacker can pass specially crafted archive, trick the victim into opening it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Use-after-free (CVE-ID: CVE-2021-3518)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in libxml2. A remote attacker can use a specially crafted file and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
21) Out-of-bounds write (CVE-ID: CVE-2021-3517)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the xml entity encoding functionality. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
22) Use-after-free (CVE-ID: CVE-2021-3516)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in xmllint. A remote attacker can use a specially crafted file to execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
23) Improper Validation of Array Index (CVE-ID: CVE-2021-3121)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper validation of index array in plugin/unmarshal/unmarshal.go. A remote attacker can pass specially crafted data to the application and bypass implemented security restrictions, possibly leading to remote code execution.
24) Incorrect calculation (CVE-ID: CVE-2021-3114)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to incorrect calculation performed by the application in "crypto/elliptic/p224.go". A remote attacker can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
25) Missing Authorization (CVE-ID: CVE-2021-33197)
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process.
26) Resource management error (CVE-ID: CVE-2021-33198)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
27) Cross-site scripting (CVE-ID: CVE-2021-33195)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of data passed from DNS lookups. A remote attacker can send a specially crafted DNS reqponse and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.