SB2023072131 - Multiple vulnerabilities in Dell NetWorker vProxy
Published: July 21, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-42011)
The vulnerability allows a local user to gain access to potentially sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error caused by an invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element. A local user can trigger an out-of-bounds read and gain access to sensitive information.
2) Use-after-free (CVE-ID: CVE-2022-43680)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
3) Insufficient verification of data authenticity (CVE-ID: CVE-2021-20271)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error in RPM's signature check functionality when reading package files. A remote attacker can create a specially crafted package with a modified signature header, trick the victim into installing and compromise the affected system.
4) Out-of-bounds read (CVE-ID: CVE-2021-20266)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the hdrblobInit() function in lib/header.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-3421)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insufficient signature validation in the read functionality n the RPM package. A remote attacker can trick the victim into installing a seemingly verifiable package and cause RPM database corruption.
6) Memory leak (CVE-ID: CVE-2022-2929)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the fqdn_universe_decode() function when processing DHCP packets with DNS labels. A remote attacker can send specially crafted DHCP packets to the affected server, trigger memory leak and perform denial of service attack.
7) Input validation error (CVE-ID: CVE-2022-2928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error related to the way processing lease queries are processed by the DHCP server. With a DHCP server configured with "allow leasequery;" a remote attacker can send lease queries for the same lease multiple times, leading to the "add_option()" function being repeatedly called. This can cause an option's "refcount" field to overflow and the server to abort.
8) Use-after-free (CVE-ID: CVE-2022-42012)
The vulnerability allows a local user to escalate privileges on the system.
9) Reachable Assertion (CVE-ID: CVE-2022-42010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in debug builds caused by a syntactically invalid type signature with incorrectly nested parentheses and curly brackets. A local user can perform a denial of service (DoS) attack.
10) Out-of-bounds write (CVE-ID: CVE-2022-43995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within plugins/sudoers/auth/passwd.c when Sudo is configured to use the crypt() password backend (e.g. when passwd authentication is enabled). A local user with access to Sudo can enter a password of 8 characters or fewer to trigger a heap-based buffer over-read and gain access to sensitive information.
11) Incorrect default permissions (CVE-ID: CVE-2019-2708)
The vulnerability allows a local user to crash the service.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can cause a denial of service attack.
12) Path traversal (CVE-ID: CVE-2018-18586)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
13) Heap-based buffer overflow (CVE-ID: CVE-2022-39260)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "git shell" command when handling untrusted input. A remote attacker can trick the victim to execute the affected command against a malicious repository, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Input validation error (CVE-ID: CVE-2022-39253)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the way Git handles hardlinks when performing a local clone. A remote attacker can trick the victim into clocking a malicious repository and create or copy hardlinks to critical files on the system, which can result in sensitive information exposure.
15) Off-by-one (CVE-ID: CVE-2022-3821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.