SB2023120651 - Multiple vulnerabilities in Migration Toolkit for Runtimes 1.2
Published: December 6, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Uncontrolled Recursion (CVE-ID: CVE-2023-1436)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to uncontrolled recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
2) Path traversal (CVE-ID: CVE-2007-4559)
The vulnerability allows a remote attacker to compromise the affected system.
The
vulnerability exists due to improper validation of filenames in the
tarfile module in Python. A remote attacker can
create a specially crafted archive with symbolic links inside or
filenames that contain directory traversal characters (e.g. "..") and
overwrite arbitrary files on the system.
3) Input validation error (CVE-ID: CVE-2023-1981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can initiate a DBUS call to the daemon and perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2023-3138)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within src/InitExt.c in libX11. A remote attacker can send specially crafted data to the server, trigger an out-of-bounds write and perform a denial of service (DoS) attack.
5) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
6) Heap-based buffer overflow (CVE-ID: CVE-2023-32324)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the format_log_line() function cups/string.c when the "loglevel" is set to "DEBUG". A remote attacker can pass specially crafted data to the daemon, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Use-after-free (CVE-ID: CVE-2023-34241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in cupsdAcceptClient(). A remote attacker can cause a denial of service condition on the target system.
8) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
Remediation
Install update from vendor's website.