SB20240613109 - Multiple vulnerabilities in Dell SmartFabric OS10
Published: June 13, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2019-20391)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.
2) OS Command Injection (CVE-ID: CVE-2023-28487)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.3) OS Command Injection (CVE-ID: CVE-2023-28486)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
4) Improper privilege management (CVE-ID: CVE-2023-7090)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management when handling ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. A local user can escalate privileges in applications, where client hosts retain privileges even after retracting them.
5) Improper input validation (CVE-ID: CVE-2023-22084)
The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
6) NULL pointer dereference (CVE-ID: CVE-2019-20398)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash. A remote attacker can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2019-20396)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
8) Resource exhaustion (CVE-ID: CVE-2019-20395)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.
9) Buffer overflow (CVE-ID: CVE-2019-20392)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.
10) Double Free (CVE-ID: CVE-2019-20397)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
11) Double Free (CVE-ID: CVE-2019-20394)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
12) Double Free (CVE-ID: CVE-2019-20393)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.
13) Stack-based buffer overflow (CVE-ID: CVE-2019-19334)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when libyang parses YANG files with a leaf of type "identityref". A remote unauthenticated attacker can pass to the application an untrusted YANG file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Stack-based buffer overflow (CVE-ID: CVE-2019-19333)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when libyang parses YANG files with a leaf of type "bits". A remote unauthenticated attacker can pass to the application an untrusted YANG file, trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2024-0553)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
Note, the vulnerability exists due to incomplete fox for #VU83316 (CVE-2023-5981).
16) Expected behavior violation (CVE-ID: CVE-2023-28322)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
17) Information disclosure (CVE-ID: CVE-2023-46218)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.
18) Resource exhaustion (CVE-ID: CVE-2023-3341)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling control channel messages . A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.