SB2024073013 - Multiple vulnerabilities in Dell PowerStoreT OS
Published: July 30, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-6594)
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.
2) Improper Authorization (CVE-ID: CVE-2023-34058)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
3) Improper access control (CVE-ID: CVE-2023-34059)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
4) SQL injection (CVE-ID: CVE-2024-1597)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using the "PreferQueryMode=SIMPLE" option. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
5) Integer overflow (CVE-ID: CVE-2023-5869)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in array modification. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
6) Information disclosure (CVE-ID: CVE-2023-5868)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the aggregate function calls when handling "unknown"-type arguments. A remote user can read parts of system memory.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5870)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to pg_cancel_backend rolse signals background workers, including the logical replication launcher, autovacuum workers and the autovacuum launcher. A remote privileged user can abuse this behavior and perform a denial of service (DoS) attack.
8) Integer overflow (CVE-ID: CVE-2020-36242)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing certain sequences of update calls to symmetrically encrypt multi-GB values. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Integer overflow (CVE-ID: CVE-2023-46228)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow when processing files in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, and lib/header.c. A remote attacker can pass specially crafted file to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Resource exhaustion (CVE-ID: CVE-2018-1000518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling compressed data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
11) Covert Timing Channel (CVE-ID: CVE-2020-25659)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
12) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
13) Information disclosure (CVE-ID: CVE-2023-32681)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
14) Improper validation of certificate with host mismatch (CVE-ID: CVE-2020-14387)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists in Samba rsync due to the application does not verify the hostname in the server certificate in openssl mode. A remote attacker can supply any valid certificate for another hostname and intercept the traffic.
15) Path traversal (CVE-ID: CVE-2023-34478)
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and bypass authentication process, when used together with APIs or other web frameworks that route requests based on non-normalized requests.
16) Heap-based buffer overflow (CVE-ID: CVE-2023-2137)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in sqlite. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
17) Deserialization of Untrusted Data (CVE-ID: CVE-2023-6378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
18) Out-of-bounds read (CVE-ID: CVE-2023-39615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the xmlSAX2StartElement() function in /libxml2/SAX2.c. A remote attacker can pass specially crafted XML input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
19) Out-of-bounds read (CVE-ID: CVE-2023-39197)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Netfilter Connection Tracking (conntrack) in the Linux kernel in the nf_conntrack_dccp_packet() function in net/netfilter/nf_conntrack_proto_dccp.c. A remote attacker can send specially crafted DCCP packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
20) Incorrect default permissions (CVE-ID: CVE-2023-2976)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.
21) Incorrect default permissions (CVE-ID: CVE-2020-8908)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
22) Improper input validation (CVE-ID: CVE-2023-35116)
The vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
23) Code Injection (CVE-ID: CVE-2022-21797)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the pre_dispatch flag in Parallel() class due to the eval() statement. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
24) Insufficient entropy (CVE-ID: CVE-2023-31582)
The vulnerability allows a remote attacker to brute-force JWT token.
The vulnerability exists due to usage of insufficient entropy when generating JWT token. A remote attacker can brute-force the JWT token and gain unauthorized access to the application.
25) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
26) Integer overflow (CVE-ID: CVE-2022-48468)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within parse_required_member() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
28) Buffer overflow (CVE-ID: CVE-2023-45871)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
30) NULL pointer dereference (CVE-ID: CVE-2023-31083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
31) Out-of-bounds write (CVE-ID: CVE-2023-5717)
The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
32) Security restrictions bypass (CVE-ID: CVE-2018-14348)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.33) Path traversal (CVE-ID: CVE-2018-18586)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
** DISPUTED ** chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application.
Remediation
Install update from vendor's website.