Multiple vulnerabilities in OpenShift Logging 5.7



Published: 2024-06-18
Risk High
Patch available YES
Number of vulnerabilities 12
CVE-ID CVE-2021-33631
CVE-2021-43618
CVE-2022-38096
CVE-2022-48624
CVE-2023-6546
CVE-2023-6931
CVE-2023-28322
CVE-2023-38546
CVE-2023-46218
CVE-2023-51042
CVE-2024-0565
CVE-2024-1086
CWE-ID CWE-190
CWE-476
CWE-78
CWE-362
CWE-787
CWE-440
CWE-73
CWE-200
CWE-416
CWE-191
Exploitation vector Network
Public exploit Vulnerability #12 is being exploited in the wild.
Vulnerable software
Subscribe 		OpenShift Logging
Server applications / Other server solutions

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 12 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU86575

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-33631

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when mounting a malicious filesystem. A local user can mount a specially crafted filesystem, trigger an integer overflow and execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU63553

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-43618

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU73764

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) OS Command Injection

EUVDB-ID: #VU86885

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48624

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation within the close_altfile() function in filename.c. A remote attacker can trick the victim into using a specially crafted argument for the less command and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Race condition

EUVDB-ID: #VU85241

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6546

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the GSM 0710 tty multiplexor in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU85021

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6931

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in the Linux kernel's Performance Events system component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Expected behavior violation

EUVDB-ID: #VU76238

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-28322

CWE-ID: CWE-440 - Expected Behavior Violation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) External control of file name or path

EUVDB-ID: #VU81863

Risk: Low

CVSSv3.1: 2.3 [CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-38546

CWE-ID: CWE-73 - External Control of File Name or Path

Exploit availability: No

Description

The vulnerability allows an attacker to inject arbitrary cookies into request.

The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU83900

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46218

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error in curl that allows a malicious HTTP server to set "super cookies" that are then passed back to more origins than what is otherwise allowed or possible. A remote attacker can force curl to send such cookie to different and unrelated sites and domains.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU86560

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-51042

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the amdgpu_cs_wait_all_fences() function in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer underflow

EUVDB-ID: #VU86552

Risk: High

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0565

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU86577

Risk: High

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2024-1086

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

OpenShift Logging: before 5.7.13

External links

http://access.redhat.com/errata/RHSA-2024:2093


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###