SB2022090635 - Remote code execution in IBM API Connect

Description

This security bulletin contains information about 1 security vulnerability.

1) Off-by-one (CVE-ID: CVE-2021-23017)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error within the ngx_resolver_copy() function when processing DNS responses. A remote attacker can trigger an off-by-one error, write a dot character (‘.’, 0x2E) out of bounds in a heap allocated buffer and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

The vulnerability can be triggered by a DNS response in reply to a DNS request from nginx when the resolver primitive is configured. A specially crafted packet allows overwriting the least significant byte of next heap chunk metadata with 0x2E.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-impacted-by-a-vulnerability-in-nginx-cve-2021-23017/"
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-impacted-by-a-vulnerability-in-nginx-cve-2021-23017/</a><br>
• https://www.ibm.com/support/pages/node/6483657<br><br></p>