SB2021051001 - Multiple vulnerabilities in Red Hat OpenShift Container Platform

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) XML External Entity injection (CVE-ID: CVE-2020-25649)

The vulnerability allows a remote attacker to modify information on the system.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and modify information on the system.

2) Improper input validation (CVE-ID: CVE-2021-2163)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

3) Use-after-free (CVE-ID: CVE-2021-3347)

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to a use-after-free error when handling PI futexes. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.

4) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2021-3447)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. A local user can read the log files and gain access to sensitive data.

5) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2021-20305)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

6) Information disclosure (CVE-ID: CVE-2021-27363)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to the show_transport_handle() shows iSCSI transport handle to non-root users. A local user can gain unauthorized access to sensitive information and use it along with another vulnerability, such as #VU51452, to escalate privileges on the system.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-27364)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to iscsi_if_recv_msg() allows non-root users to connect and send commands to the Linux kernel. A local user can escalate privileges on the system.

8) Buffer overflow (CVE-ID: CVE-2021-27365)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing Netlink messages in Linux kernel through 5.11.3, as certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. A local unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message, trigger memory corruption and execute arbitrary code on the system with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2021:1429