SB2022090760 - Multiple vulnerabilities in Openshift Logging 5.5

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022090760

SB2022090760 - Multiple vulnerabilities in Openshift Logging 5.5

Published: September 7, 2022

Security Bulletin ID SB2022090760
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-1705)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of Transfer-Encoding headers in HTTP/1 responses. A remote attacker can send a specially crafted HTTP/1 response to the client and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


2) Resource exhaustion (CVE-ID: CVE-2022-30631)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


3) Security features bypass (CVE-ID: CVE-2022-32148)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to unexpected behavior of httputil.ReverseProxy.ServeHTTP. When the method is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation.


4) Use-after-free (CVE-ID: CVE-2022-2526)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.


5) Path traversal (CVE-ID: CVE-2022-29154)

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.


6) Resource exhaustion (CVE-ID: CVE-2022-32206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.


7) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-32208)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.


Remediation

Install update from vendor's website.

References