SB2023021411 - Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak
Published: February 14, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 secuirty vulnerabilities.
1) Predictable from Observable State (CVE-ID: CVE-2022-30698)
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about subdomain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.
The attack is carried out when Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation.2) Infinite loop (CVE-ID: CVE-2020-27618)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within iconv implementation when processing multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, IBM1399 encodings. A remote attacker can pass specially crafted data to the application, consume all available system resources and cause denial of service conditions.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-41032)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the NuGet Client, which leads to security restrictions bypass and privilege escalation.
4) Stack-based buffer overflow (CVE-ID: CVE-2022-38752)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.
5) Out-of-bounds write (CVE-ID: CVE-2022-38751)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted YAML input. A remote attacker can pass a specially crafted YAML file to the application, trigger out-of-bounds write and perform a denial of service (DoS) attack.
6) Stack-based buffer overflow (CVE-ID: CVE-2022-38750)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.7) Stack-based buffer overflow (CVE-ID: CVE-2022-38749)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.8) Input validation error (CVE-ID: CVE-2022-36087)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within uri_validate functions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
9) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
10) Code Injection (CVE-ID: CVE-2022-21797)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the pre_dispatch flag in Parallel() class due to the eval() statement. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
11) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)
The vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
12) Security features bypass (CVE-ID: CVE-2021-30465)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the security features bypass issue. A remote authenticated attacker on the local network can perform a symlink exchange attack and host filesystem being bind-mounted into the container.
13) Predictable from Observable State (CVE-ID: CVE-2022-30699)
The vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to the way Unbound handles delegation information expiration event. A remote attacker who controls a rouge DNS server can force the Unbound instance to cache incorrect information about domain delegation and permanently poison the DNS cache, e.g. perform the "ghost domain names" attack.
The attack is perform when Unbound is queried for a rogue domain name, which cached delegation information is about to expire. The rogue nameserver delays the response until the cached delegation information expires. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.
14) Resource exhaustion (CVE-ID: CVE-2022-3204)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing a malicious delegation with a considerable number of non responsive nameservers. A remote attacker can trigger CPU high usage and perform a denial of service (DoS) attack.
The attack is known as "Non-Responsive Delegation Attack" (NRDelegation Attack).
15) Integer overflow (CVE-ID: CVE-2019-25033)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in regional allocator. A remote attacker can pass specially crafted data to the server via the ALIGN_UP macro, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Buffer overflow (CVE-ID: CVE-2019-16866)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack
The vulnerability exists due to a boundary error when processing NOTIFY queries in Unbound. A remote attacker can send a specially crafted NOTIFY query, trigger uninitialized memory access and crash the service.
Successful exploitation of this vulnerability requires that the source IP address of the query matches an access-control rule.
17) Out-of-bounds read (CVE-ID: CVE-2019-19246)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to heap-based buffer over-read in str_lower_case_match in regexec.c, if used with PPH 7.3. A remote attacker can perform a denial of service attack or gain access to sensitive information.
18) Buffer Over-read (CVE-ID: CVE-2019-19204)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "fetch_interval_quantifier" function (formerly known as fetch_range_quantifier) in "regparse.c" file due to the PFETCH is called without checking PEND. A remote attacker can cause a denial of service condition on the target system.19) Buffer Over-read (CVE-ID: CVE-2019-19203)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the "gb18030_mbc_enc_len" function in "gb18030.c" file due to the UChar pointer is dereferenced without checking if it passed the end of the matched string. A remote attacker can cause a denial of service condition on the target system.
20) Integer overflow (CVE-ID: CVE-2019-19012)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to integer overflow in the "search_in_range" function in "regexec.c". A remote attacker can use a specially crafted regular expression, trigger out-of-bounds read and cause a denial-of-service or information disclosure on the target system.
21) Resource exhaustion (CVE-ID: CVE-2019-16163)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
22) Use-after-free (CVE-ID: CVE-2019-13224)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the onig_new_deluxe() function in regext.c in Oniguruma library when processing regular expressions. A remote attacker can pass specially crafted input to the application using the vulnerable library version, trigger use-after-free error and perform denial of service attack or execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
23) Out-of-bounds read (CVE-ID: CVE-2019-25013)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in GNU C Library within the iconv feature when processing multi-byte input sequences in the EUC-KR encoding. A remote attacker can pass specially crafted input to the application, trigger out-of-bounds read error and perform a denial of service (DoS) attack.
24) Input validation error (CVE-ID: CVE-2019-7309)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) when the RDX most significant bit is mishandled. A local attacker can supply specially crafted input and cause the application to crash.
25) Input validation error (CVE-ID: CVE-2016-10739)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the getaddrinfo() function accepts an IPv4 address followed by whitespace and arbitrary characters and treats his input as a correct IPv4 address. Software that accepts input from the getaddrinfo() function may incorrectly assume that the function return IPv4 address only. As a result, a remote attacker can inject arbitrary data into the IPv4 address and change application's behavior that relies on getaddrinfo() output (e.g., inject HTTP headers or other potentially dangerous strings).
26) Buffer overflow (CVE-ID: CVE-2016-4074)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file.
Remediation
Install update from vendor's website.