SB2022102109 - Multiple vulnerabilities in IBM MQ Operator

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2022-23648)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error when handling specially crafted image configuration in containerd where containers launched through containerd’s CRI implementation. A remote attacker can bypass any policy-based enforcement on container setup and access the read-only copies of arbitrary files and directories on the host.

2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.

3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-16884)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect checking of the mount targets in libcontainer/rootfs_linux.go in runc. A local user can bypass AppArmor restrictions and perform unauthorized actions on the system, as demonstrated by overwriting the /proc directory with a malicious Doker image.

4) Authentication Bypass by Spoofing (CVE-ID: CVE-2022-22476)

The vulnerability allows a remote attacker to execute identity spoofing attacks.

The vulnerability exists due to an unspecified error in IBM WebSphere Application Server Liberty. A remote authenticated user can send a specially crafted request to perform identity spoofing attacks.

5) Security features bypass (CVE-ID: CVE-2021-30465)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the security features bypass issue. A remote authenticated attacker on the local network can perform a symlink exchange attack and host filesystem being bind-mounted into the container.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-containerd-gnupg2-runc-and-ibm-websphere-application-server-liberty/"
• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-operator-and-queue-manager-container-images-are-vulnerable-to-multiple-vulnerabilities-from-containerd-gnupg2-runc-and-ibm-websphere-application-server-liberty/</a><br>
• https://www.ibm.com/support/pages/node/6830587<br><br></p>