VMware Tanzu products update for ncurses

Published: 2022-08-01

Risk	High
Patch available	YES
Number of vulnerabilities	11
CVE-ID	CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 CVE-2017-11113 CVE-2017-13728
CWE-ID	CWE-121 CWE-134 CWE-20 CWE-476 CWE-835
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	VMware Tanzu Application Service for VMs Server applications / Other server solutions Isolation Segment Server applications / Other server solutions Tanzu Greenplum for Kubernetes Other software / Other software solutions VMware Tanzu Operations Manager Server applications / Virtualization software
Vendor	VMware, Inc

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Stack-based buffer overflow

EUVDB-ID: #VU12110

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-10684

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists in the fmt_entry function of ncurses due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can send a request that submits malicious input, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use of externally-controlled format string

EUVDB-ID: #VU12190

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2017-10685

CWE-ID: CWE-134 - Use of Externally-Controlled Format String

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the fmt_entry function due to use of externally-controlled format string. A remote attacker can submit a specially crafted input and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU12191

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11112

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the append_acs function of tinfo/parse_entry.c due to an attempted 0xffffffffffffffff access. A remote attacker can cause the service to crash if the terminfo library code is used to process untrusted terminfo data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU12196

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13729

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the _nc_save_str function in alloc_entry.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU12197

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13730

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function _nc_read_entry_source() in progs/tic.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU12198

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13731

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function postprocess_termcap() in parse_entry.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU12199

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13732

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the function dump_uses() in progs/dump_entry.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU12200

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13733

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the fmt_entry function in progs/dump_entry.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU12201

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13734

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the _nc_safe_strcat function in strings.c due to an illegal address access. A remote attacker can cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU12193

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-11113

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the _nc_parse_entry function of tinfo/parse_entry.c due to NULL pointer dereference. A remote attacker can cause the service to crash if the terminfo library code is used to process untrusted terminfo data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU12195

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-13728

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause Dos condition on the target system.

The weakness exists in the next_char function in comp_scan.c due to an infinite loop. A remote attacker can submit a specially crafted input and cause the service to crash.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VMware Tanzu Application Service for VMs: All versions

Tanzu Greenplum for Kubernetes: 1.0.0 - 1.13.0

Isolation Segment: All versions

VMware Tanzu Operations Manager: before 2.9.39, 2.10.40, 2.9.39

CPE2.3

External links

https://tanzu.vmware.com/security/usn-5448-1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.