SB2023081023 - Multiple vulnerabilities in Red Hat VolSync 0.6 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023081023

SB2023081023 - Multiple vulnerabilities in Red Hat VolSync 0.6

Published: August 10, 2023 Updated: January 9, 2026

Security Bulletin ID SB2023081023
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 50% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Inadequate Encryption Strength (CVE-ID: CVE-2023-3089)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists within the OpenShift container platform configuration with enabled FIPS mode, which resulted in usage of not validated cryptographic modules. A remote attacker can perform various attacks against not validated cryptographic modules and gain access to sensitive information.


2) Buffer overflow (CVE-ID: CVE-2020-24736)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when executing a crafted SELECT query. A local user can execute a specially crafted query to trigger memory corruption and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2022-36227)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in libarchive. A remote attacker can pass a specially crafted archive to the application and perform a denial of service (DoS) attack.


4) Inadequate Encryption Strength (CVE-ID: CVE-2023-0361)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.


5) Input validation error (CVE-ID: CVE-2023-1667)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to multiple errors in kex implementation, related to kex guessing algorithm. A remote attacker can bypass implemented security restrictions.


6) Improper Authentication (CVE-ID: CVE-2023-2283)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The  A remote attacker can bypass authentication process and gain unauthorized access to the system.


7) Input validation error (CVE-ID: CVE-2023-24329)

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.


8) Improper Privilege Management (CVE-ID: CVE-2023-26604)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.


9) State Issues (CVE-ID: CVE-2023-27535)

The vulnerability allows a remote attacker to gain unauthorized access to FTP server.

The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.

The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.


10) Untrusted search path (CVE-ID: CVE-2023-38408)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.

Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).


Remediation

Install update from vendor's website.

References