SB2022090115 - Multiple vulnerability in IBM Storwize V7000 Unified

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022090115

SB2022090115 - Multiple vulnerability in IBM Storwize V7000 Unified

Published: September 1, 2022

Security Bulletin ID SB2022090115
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 67% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2021-20254)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when mapping Windows group identities (SIDs) into unix group identities (gids), which resulted into negative idmap cache entries created in the Samba server process token. An attacker who can manage to trigger the vulnerability can crash the Samba server or potentially perform unauthorized actions on the system.


2) NULL pointer dereference (CVE-ID: CVE-2020-14323)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing requests in winbind in Samba. A remote user can send specially crafted request to winbind daemon, trigger a NULL pointer dereference error and crash it.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-14318)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the way "ChangeNotify" concept for SMB1/2/3 protocols was implemented in Samba. A missing permissions check on a directory handle requesting ChangeNotify means that a client with a directory handle open only for FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change notify replies from the server. These replies contain information that should not be available to directory handles open for FILE_READ_ATTRIBUTE only. A local unprivileged user can abuse this lack of permissions check to obtain information about file changes.


Remediation

Install update from vendor's website.

References