SB2024013008 - Multiple vulnerabilities in IBM Security Guardium
Published: January 30, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2020-15706)
The vulnerability allows a local attacker to execute arbitrary code and bypass secure boot restriction.
The vulnerability exists due to a race condition in the "grub_script_function_create()" function. An attacker with physical access can exploit the race and execute arbitrary code on the target system.
2) Information disclosure (CVE-ID: CVE-2022-27776)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to curl can leak authentication or cookie header data during HTTP redirects to the same host but another port number. When asked to send custom headers or cookies in its HTTP requests, curl sends that set of headers only to the host which name is used in the initial URL, so that redirects to other hosts will make curl send the data to those. However, due to a flawed check, curl wrongly also sends that same set of headers to the hosts that are identical to the first one but use a different port number or URL scheme.
The vulnerability exists due to an incomplete fix for #VU10224 (CVE-2018-1000007).
3) Resource management error (CVE-ID: CVE-2022-27775)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources when handling IPv6 protocol. Due to errors in the logic, the config matching function did not take the IPv6 address zone id into account which could lead to libcurl reusing the wrong connection when one transfer uses a zone id and a subsequent transfer uses another (or no) zone id.
4) Cross-site scripting (CVE-ID: CVE-2022-27545)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
5) Insufficiently protected credentials (CVE-ID: CVE-2022-27544)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to BigFix Web Reports authorized users may see SMTP credentials in clear text. A remote user can gain unauthorized access to sensitive information on the system.
6) Improper Authentication (CVE-ID: CVE-2022-22576)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when re-using OAUTH2 connections for SASL-enabled protocols, such as SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). libcurl may reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. As a result, a connection that is successfully created and authenticated with a user name + OAUTH2 bearer can subsequently be erroneously reused even for user + [other OAUTH2 bearer], even though that might not even be a valid bearer.
A remote attacker can exploit this vulnerability against applications intended for use in multi-user environments to bypass authentication and gain unauthorized access to victim's accounts.
7) Integer overflow (CVE-ID: CVE-2020-15707)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the "grub_cmd_initrd" and "grub_initrd_init" functions in the "efilinux" component. An attacker with physical access can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-15705)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the affected software fails to validate kernel signature when booted directly without shim. An attacker with physical access can bypass secure boot.
9) Integer overflow (CVE-ID: CVE-2020-14310)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the read_section_as_string() function when processing font names. A local user can create a specially crafted font name, trigger integer overflow and crash the affected system.
10) Integer overflow (CVE-ID: CVE-2020-14309)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow when handling symlinks on ext filesustem in grub_squash_read_symlink() function. A local user can create a specially crafted symlink, trigger an integer overflow and crash the system.
11) Heap-based buffer overflow (CVE-ID: CVE-2020-14308)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. An attacker with physical access can trigger heap-based buffer overflow and execute arbitrary code on the target system during the boot process.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Integer overflow (CVE-ID: CVE-2020-14311)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within the grub_ext2_read_link() function when processing symlinks. A local user can create a specially crafted symlink, trigger integer overflow and crash the system.
13) Out-of-bounds Write (CVE-ID: CVE-2020-10713)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.
14) Format string error (CVE-ID: CVE-2018-17336)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a format string error in udisks_log in udiskslogging.c. A local user can supply a specially crafted input that contains format string specifiers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label.
Remediation
Install update from vendor's website.