SB2023091530 - Multiple vulnerabilities in Red Hat OpenShift Service Mesh Containers 2.4

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023091530

SB2023091530 - Multiple vulnerabilities in Red Hat OpenShift Service Mesh Containers 2.4

Published: September 15, 2023 Updated: June 28, 2024

Security Bulletin ID SB2023091530
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 10% Medium 70% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2023-35942)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the gRPC access logger extension. A remote user can perform a denial of service (DoS) attack.


2) Memory leak (CVE-ID: CVE-2023-2602)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.


3) PHP file inclusion (CVE-ID: CVE-2023-2603)

The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.

The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.


4) Incorrect authorization (CVE-ID: CVE-2023-3899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect authorization caused by D-Bus interface com.redhat.RHSM1 that exposes a significant number of methods to all users. A local user can abuse the com.redhat.RHSM1.Config.SetAll() method to change the state of the registration and escalate privileges on the system.


5) State Issues (CVE-ID: CVE-2023-27536)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.


6) Improper certificate validation (CVE-ID: CVE-2023-28321)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.

Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.


7) NULL pointer dereference (CVE-ID: CVE-2023-28484)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) Resource management error (CVE-ID: CVE-2023-29469)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.


9) Information disclosure (CVE-ID: CVE-2023-32681)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.


10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References