SB2022030441 - Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.3 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022030441

SB2022030441 - Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes 2.3

Published: March 4, 2022

Security Bulletin ID SB2022030441
Severity
High
Patch available
YES
Number of vulnerabilities 21
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 24% Medium 29% Low 48%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 21 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2021-43565)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


2) Code Injection (CVE-ID: CVE-2021-3918)

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.


3) Information disclosure (CVE-ID: CVE-2021-23566)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the valueOf() function. A local attacker can gain unauthorized access to sensitive information on the system.


4) Information disclosure (CVE-ID: CVE-2022-0155)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.


5) Memory leak (CVE-ID: CVE-2020-25704)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the Linux kernel performance monitoring subsystem when using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.


6) Improper Resource Shutdown or Release (CVE-ID: CVE-2020-36322)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).


7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-3521)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in RPM's signature functionality, as RPM does not check the binding signature of subkeys before importing them. A remote attacker with ability to add malicious subkey to a legitimate public key can run malicious code on the system.



8) Out-of-bounds read (CVE-ID: CVE-2021-3712)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing ASN.1 strings related to a confusion with NULL termination of strings in array. A remote attacker can pass specially crafted data to the application to trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.


9) Heap-based buffer overflow (CVE-ID: CVE-2021-3872)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


10) Heap-based buffer overflow (CVE-ID: CVE-2021-3984)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


11) Out-of-bounds write (CVE-ID: CVE-2021-4019)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Input validation error (CVE-ID: CVE-2021-4034)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.


13) Insufficient verification of data authenticity (CVE-ID: CVE-2021-4122)

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to improper handling of the LUKS2 reencryption recover. A local attacker with physical access to the medium can send a specially crafted LUKS header and trick cryptsetup into disabling encryption during the recovery of the device.

14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-4155)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to the OS kernel does not impose correctly security restrictions. A local user can gain access to sensitive information on the system.


15) Use-after-free (CVE-ID: CVE-2021-4192)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


16) Out-of-bounds read (CVE-ID: CVE-2021-4193)

The vulnerability allows a remote attacker to crash the application.

The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.


17) Input validation error (CVE-ID: CVE-2021-42574)

The vulnerability allows an attacker to bypass certain security checks.

The vulnerability exists in the Bidirectional Algorithm in the Unicode Specification. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters.

An attacker can leverage this behavior to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.


18) Buffer overflow (CVE-ID: CVE-2021-42739)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary within the firewire subsystem in the Linux kernel in drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c files. A local privileged user can run a specially crafted program tat calls avc_ca_pmt() function to trigger memory corruption and execute arbitrary code with elevated privileges.


19) Integer overflow (CVE-ID: CVE-2022-0185)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in the legacy_parse_param() function in fs/fs_context.c in Linux kernel. A local user can tun a specially crafted program to trigger integer overflow and execute arbitrary code with root privileges.



20) Cross-site request forgery (CVE-ID: CVE-2022-20612)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin in build triggers. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.


21) OS Command Injection (CVE-ID: CVE-2022-20617)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the name of an image or a tag. A remote authenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References