Multiple vulnerabilities in Openshift Logging 5.3

1) Resource exhaustion

EUVDB-ID: #VU66062

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-30631

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) OS Command Injection

EUVDB-ID: #VU62765

Risk: Medium

CVSSv3.1: 7.3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2022-1292

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Out-of-bounds read

EUVDB-ID: #VU63945

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1586

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary condition in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error, gain access to sensitive information or perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds write

EUVDB-ID: #VU63487

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1785

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code

The vulnerability exists due to a boundary error when processing untrusted input in vim_regsub_both() function. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU64506

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1897

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to an out-of-bounds write vulnerability in the vim_regsub_both() function. A local attacker can trick the victim into opening a specially crafted file, leading to a system crash or code execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU64508

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1927

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to Illegal memory access and leads to a buffer over-read vulnerability in the utf_ptr2char() function. A local attacker can trick the victim into opening a specially crafted file, trigger out-of-bounds read error and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) OS Command Injection

EUVDB-ID: #VU64559

Risk: Medium

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2068

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.

The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Missing Encryption of Sensitive Data

EUVDB-ID: #VU64922

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2097

CWE-ID: CWE-311 - Missing Encryption of Sensitive Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU66757

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-2526

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Path traversal

EUVDB-ID: #VU66189

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-29154

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource exhaustion

EUVDB-ID: #VU64682

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32206

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64685

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-32208

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

OpenShift Logging: 5.3.0 - 5.3.10

CPE2.3

• cpe:2.3:a:red_hat:openshift_logging:5.3.10:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.9:*:*:*:*:*:*:
• cpe:2.3:a:red_hat:openshift_logging:5.3.8:*:*:*:*:*:*:

External links

http://access.redhat.com/errata/RHSA-2022:6182

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.