SB2024011667 - Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024011667

SB2024011667 - Multiple vulnerabilities in Oracle Communications Cloud Native Core Network Repository Function

Published: January 16, 2024 Updated: December 6, 2024

Security Bulletin ID SB2024011667
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 30% Medium 50% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2023-45145)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition between listen(2) and chmod(2) calls on startup. A local user can exploit the race and escalate privileges on the system.


2) LDAP injection (CVE-ID: CVE-2023-33201)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation in applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. A remote non-authenticated attacker can use a specially crafted X.509 certificate to bypass authentication process and gain unauthorized access to the application.


3) Improper Authentication (CVE-ID: CVE-2023-2283)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error within the pki_verify_data_signature() function in pki_crypto.c. The pki_key_check_hash_compatible() function can return SSH_OK value if memory allocation error happens later in the function. The  A remote attacker can bypass authentication process and gain unauthorized access to the system.


4) Insufficient entropy (CVE-ID: CVE-2023-31582)

The vulnerability allows a remote attacker to brute-force JWT token.

The vulnerability exists due to usage of insufficient entropy when generating JWT token. A remote attacker can brute-force the JWT token and gain unauthorized access to the application.


5) Resource exhaustion (CVE-ID: CVE-2023-44487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.


6) Improper certificate validation (CVE-ID: CVE-2023-38325)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper certificate validation when handling SSH certificates that have critical options. A remote attacker can perform MitM attack.


7) Improper Certificate Validation (CVE-ID: CVE-2023-31486)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing verification of the TLS certificate. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.

8) Improper input validation (CVE-ID: CVE-2023-22102)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.


9) Incorrect default permissions (CVE-ID: CVE-2023-43496)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to the affected plugin creates the temporary file in the system temporary directory with the default permissions for newly created files. A local user can view contents of files and directories and execute arbitrary code on the target system.


10) Off-by-one (CVE-ID: CVE-2021-46848)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References