SB2022090114 - Multiple vulnerabilities in OpenShift API for Data Protection (OADP)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022090114

SB2022090114 - Multiple vulnerabilities in OpenShift API for Data Protection (OADP)

Published: September 1, 2022 Updated: February 22, 2023

Security Bulletin ID SB2022090114
Severity
High
Patch available
YES
Number of vulnerabilities 19
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 26% Medium 53% Low 21%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 19 secuirty vulnerabilities.


1) OS Command Injection (CVE-ID: CVE-2022-2068)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).


2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-32208)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.


3) Resource exhaustion (CVE-ID: CVE-2022-32206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.


4) Integer overflow (CVE-ID: CVE-2022-29824)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). A remote attacker can pass specially crafted multi-gigabyte XML file to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Path traversal (CVE-ID: CVE-2022-29154)

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.


6) Improper Authorization (CVE-ID: CVE-2022-26691)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in implementation of "Local" authorization mechanism. A remote attacker can authenticate as to CUPS as root/admin without the 32-byte secret key and execute arbitrary code on the system.


7) Integer overflow (CVE-ID: CVE-2022-25314)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in copyString. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.


8) Stack-based buffer overflow (CVE-ID: CVE-2022-25313)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in build_model. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.



10) Out-of-bounds read (CVE-ID: CVE-2022-1586)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.


11) Input validation error (CVE-ID: CVE-2022-21698)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


12) OS Command Injection (CVE-ID: CVE-2022-1292)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.



13) Input validation error (CVE-ID: CVE-2022-1271)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation when processing filenames with two or more newlines. A remote attacker can force zgrep or xzgrep to write arbitrary files on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.


14) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-40528)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in the ElGamal implementation. A remote attacker can gain unauthorized access to sensitive information on the system.


15) Buffer overflow (CVE-ID: CVE-2021-3634)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when handling shared secrets. A remote attacker can supply a shared secret of a different size, trigger a memory corruption during the second key re-exchange and crash the application or potentially execute arbitrary code.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


16) Resource exhaustion (CVE-ID: CVE-2022-30631)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


17) Use of insufficiently random values (CVE-ID: CVE-2022-30629)

The vulnerability allows a remote attacker gain access to sensitive information.

The vulnerability exists in crypto/tls implementation when generating TLS tickets age. The newSessionTicketMsgTLS13.ageAdd is always set to "0" instead of a random value.


18) Integer overflow (CVE-ID: CVE-2022-28327)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.


19) Buffer overflow (CVE-ID: CVE-2022-24675)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References