SB2023080721 - Multiple vulnerabilities in Dell EMC PowerScale OneFS
Published: August 7, 2023 Updated: June 28, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2022-28615)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ap_strcmp_match() function when processing an extremely large input buffer. A remote attacker can send a specially crafted HTTP request to the web server, trigger an out-of-bounds read error and read contents of memory on the system.
Note, the code distributed with the Apache HTTP Server cannot be coerced into such a call. The vulnerability can affect third-party modules or lua scripts that use ap_strcmp_match().
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-15876)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient privilege checking in oce IOCTL. A local user can run a specially crafted application to send arbitrary commands to device firmware and escalate privileges on the system.
3) Code Injection (CVE-ID: CVE-2022-26815)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Windows DNS Server. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Improper Authentication (CVE-ID: CVE-2022-31813)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in mod_proxy implementation, where the web server may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. A remote attacker can bypass IP based authentication on the origin server/application and gain access to otherwise restricted functionality.
5) Out-of-bounds read (CVE-ID: CVE-2022-30556)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing HTTP requests in mod_lua with websockets. A remote attacker can force the module to return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer and gain access to sensitive information.
6) Resource exhaustion (CVE-ID: CVE-2022-30522)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to mod_sed does not properly control consumption of internal resources, if the web server is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2022-29404)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests to a lua script that calls r:parsebody(0). A remote attacker can send a very large HTTP request to the affected web server and perform a denial of service (DoS) attack.
8) Out-of-bounds read (CVE-ID: CVE-2022-28614)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ap_rwrite() function. A remote attacker can with the ability to force the server to reflect a very large input using ap_rwrite() or ap_rputs() (such as with mod_luas r:puts() function) can trigger an out-of-bounds read error and read read unintended memory on the system.
9) Out-of-bounds read (CVE-ID: CVE-2022-28330)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition with the mod_isapi module. A remote attacker can send a specially crafted HTTP request to the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
Note, only Windows installations are affected by this vulnerability.
10) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-26377)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the server and smuggle requests to the AJP server it forwards requests to.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
11) Improper control of a resource through its lifetime (CVE-ID: CVE-2023-25942)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.
12) Link following (CVE-ID: CVE-2023-25940)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to Dell PowerScale OneFS contains improper link resolution before file access vulnerability in isi_gather_info. A local user can exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.
13) Incorrect default permissions (CVE-ID: CVE-2023-25941)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.
Remediation
Install update from vendor's website.