SB2022070719 - Multiple vulnerabilities in IBM Security Verify Access 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022070719

SB2022070719 - Multiple vulnerabilities in IBM Security Verify Access

Published: July 7, 2022

Security Bulletin ID SB2022070719
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 9% Medium 45% Low 45%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2018-20574)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.


2) Buffer overflow (CVE-ID: CVE-2019-6285)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.


3) Buffer overflow (CVE-ID: CVE-2018-20573)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.


4) Reachable Assertion (CVE-ID: CVE-2017-11692)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in the Token& Scanner::peek() function in scanner.cpp in yaml-cpp. A remote attacker can send a specially crafted !2 string and perform a denial of service attack.


5) Configuration (CVE-ID: CVE-2010-4021)

The vulnerability allows a remote user to modify files on the system.

The vulnerability exists due to MIT Kerberos 5 does not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user can impersonate a client by rewriting an inner request, aka a KrbFastReq forgery issue.


6) Cryptographic issues (CVE-ID: CVE-2010-1324)

The vulnerability allows a remote attacker to modify files on the system.

The vulnerability exists due to MIT Kerberos 5 does not properly determine the acceptability of checksums. A remote attacker can forge GSS tokens, gain privileges, or have unspecified other impact via an unkeyed checksum, an unkeyed PAC checksum, or a KrbFastArmoredReq checksum based on an RC4 key.


7) Cryptographic issues (CVE-ID: CVE-2010-4020)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to MIT Kerberos 5 does not reject RC4 key-derivation checksums. A remote user can forge a AD-SIGNEDPATH or AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.


8) Cryptographic issues (CVE-ID: CVE-2010-1323)

The vulnerability allows a remote attacker to escalate privileges on the target system.

The vulnerability exists due to MIT Kerberos 5 does not properly determine the acceptability of checksums. A remote attacker can modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that are unkeyed or use RC4 keys.


9) Security restrictions bypass (CVE-ID: CVE-2018-5730)

The vulnerability allows a remote authenticated attacker to bypass security restrictions on a targeted system.

The weakness exists due to insufficient security restrictions. A remote attacker can add crafted principals to the Lightweight Directory Access Protocol (LDAP) database and bypass a DN containership check.

10) Reachable Assertion (CVE-ID: CVE-2018-20217)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion in in the KDC. A remote attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4) and crash the KDC by making an S4U2Self request.


11) Uncontrolled Recursion (CVE-ID: CVE-2020-28196)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion in MIT Kerberos 5 (aka krb5) implementation when processing ASN.1-encoded Kerberos messages in lib/krb5/asn.1/asn1_encode.c. A remote attacker can pass specially crafted data to the application that uses Kerberos and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References