SB2022090133 - Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client
Published: September 1, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2021-22901)
The vulnerability allows a remote attacker to crash the application or compromise the vulnerable system.
The vulnerability exists due to a use-after-free error when processing creation of new TLS sessions or during client certificate negotiation. A remote attacker can force the application to connect to a malicious server, trigger a use-after-free error and crash the application.
Remote code execution is also possible if the application can be forced to initiate multiple transfers with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection in order to inject a crafted memory content into the correct place in memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system but requires that libcurl is using OpenSSL.
2) Use of uninitialized variable (CVE-ID: CVE-2021-22898)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
Proof of concept:
curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-high-speed-transfer-server-endpoint-and-desktop-client-are-vulnerable-to-libcurl-vulnerabilities-cve-2021-22901-cve-2021-22898/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-aspera-high-speed-transfer-server-endpoint-and-desktop-client-are-vulnerable-to-libcurl-vulnerabilities-cve-2021-22901-cve-2021-22898/</a><br><a
- https://www.ibm.com/support/pages/node/6494763"
- https://www.ibm.com/support/pages/node/6494763</a><br><br><br></p>