SB2022111592 - Red Hat Enterprise Linux 9 update for buildah 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022111592

SB2022111592 - Red Hat Enterprise Linux 9 update for buildah

Published: November 15, 2022

Security Bulletin ID SB2022111592
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 71% Low 29%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper locking (CVE-ID: CVE-2021-20291)

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).


2) Cross-site scripting (CVE-ID: CVE-2021-33195)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of data passed from DNS lookups. A remote attacker can send a specially crafted DNS reqponse and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


3) Missing Authorization (CVE-ID: CVE-2021-33197)

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process. 


4) Resource management error (CVE-ID: CVE-2021-33198)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method.  A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


5) Incorrect authorization (CVE-ID: CVE-2022-2989)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of the supplementary groups in the Podman container engine. A local user with direct access to the affected container where supplementary groups are used can set access permissions and execute a binary code in that container.


6) Incorrect authorization (CVE-ID: CVE-2022-2990)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of the supplementary groups in the Buildah container engine. A local user with direct access to the affected container where supplementary groups are used can set access permissions and execute a binary code in that container.

7) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-27191)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.


Remediation

Install update from vendor's website.

References