SB2023053131 - Multiple vulnerabilities in IBM Security Guardium 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023053131

SB2023053131 - Multiple vulnerabilities in IBM Security Guardium

Published: May 31, 2023

Security Bulletin ID SB2023053131
Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 23% Medium 31% Low 46%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2020-0465)

The vulnerability allows an attacker with physical access to escalate privileges on the system.

The vulnerability exists due to an out of bounds write in various methods of hid-multitouch.c. An attacker with physical access can trigger out-of-bounds write and escalate privileges on the system.


2) Improper Authorization (CVE-ID: CVE-2022-41974)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrectly implemented authorization process within multipathd daemon. A local unprivileged user can bypass build-in authorization and execute privileged commands on the system.


3) Use-after-free (CVE-ID: CVE-2021-0920)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the unix_scm_to_skb() function of af_unix.c in Linux kernel. A local user can run a specially crafted program to trigger a race condition and execute arbitrary code with elevated privileges.



4) Buffer overflow (CVE-ID: CVE-2020-12723)

The vulnerability allows a remote attacker to perform a denial of service (DoS) áttack.

The vulnerability exists due to a boundary error within the recursive "S_study_chunk" calls. A remote attacker can use a specially crafted regular expression , trigger memory corruption and cause a denial of service condition on the target system.


5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-31676)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions. A local unprivileged user on the guest OS can execute arbitrary code as a root user in the virtual machine.


6) Use-after-free (CVE-ID: CVE-2022-2526)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.


7) Path traversal (CVE-ID: CVE-2022-29154)

The vulnerability allows a remote server to perform directory traversal attacks.

The vulnerability exists due to input validation error within the rsync client  when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.


8) Integer overflow (CVE-ID: CVE-2020-10878)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A remote attacker can use a specially crafted regular expression, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Use-after-free (CVE-ID: CVE-2022-40674)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


10) CRLF injection (CVE-ID: CVE-2020-26137)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data passed via the "method" parameter. A remote authenticated attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


11) Integer overflow (CVE-ID: CVE-2020-10543)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in nested regular expression quantifiers. A remote attacker can pass specially crafted data to the application, trigger integer overflow, leading to heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-0466)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to unspecified error, related to I/O subsystem in kernel. A local user can elevated privileges on the system.


13) Incorrect authorization (CVE-ID: CVE-2022-22307)

The vulnerability allows a local user to elevate privileges on the target system.

The vulnerability exists due to incorrect authorization checks. A local user can trigger the vulnerability and elevate privileges on the target system.


Remediation

Install update from vendor's website.

References