SB2024082835 - Multiple vulnerabilities in IBM Concert Software 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024082835

SB2024082835 - Multiple vulnerabilities in IBM Concert Software

Published: August 28, 2024 Updated: December 19, 2024

Security Bulletin ID SB2024082835
Severity
High
Patch available
YES
Number of vulnerabilities 16
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 13% Medium 81% Low 6%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 16 secuirty vulnerabilities.


1) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2015-5739)

The vulnerability allows a remote attacker to conduct an HTTP request smuggling attack on the target system.

The vulnerability exists due to the "net/http" library in "net/textproto/reader.go" does not properly parse HTTP header keys. A remote attacker can send a specially crafted HTTP request and conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by "Content Length" instead of "Content-Length."



2) Improper access control (CVE-ID: CVE-2016-5386)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.


3) Observable discrepancy (CVE-ID: CVE-2023-45287)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.


4) Resource exhaustion (CVE-ID: CVE-2023-45288)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single HTTP/2 stream. A remote attacker can send specially crafted HTTP/2 requests to the server and perform a denial of service (DoS) attack.

5) Resource exhaustion (CVE-ID: CVE-2023-49568)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling responses from a Git server. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Path traversal (CVE-ID: CVE-2023-49569)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can overwrite arbitrary files on the system. Applications are only affected if they are using the ChrootOS, which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone).


7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5528)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions. A remote user with ability to create pods and persistent volumes on Windows nodes can obtain admin privileges on those nodes.

The vulnerability affects Kubernetes clusters only, if they are using an in-tree storage plugin for Windows nodes.


8) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2024-23650)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.


9) Race condition (CVE-ID: CVE-2024-23651)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to a race condition. A remote attacker can exploit the race and cause the files from the host system being accessible to the build container.


10) Path traversal (CVE-ID: CVE-2024-23652)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within BuildKit frontend or Dockerfile using RUN --mount. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.


11) Incorrect authorization (CVE-ID: CVE-2024-23653)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to interactive containers API does not validate entitlements check. A remote attacker can use these APIs to ask BuildKit to run a container with elevated privileges.


12) Insufficient verification of data authenticity (CVE-ID: CVE-2024-24557)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can poison victim´s cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps.


13) Resource exhaustion (CVE-ID: CVE-2024-28180)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when decompressing JWE with Decrypt or DecryptMulti. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-3177)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions. A remote user can launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated.

Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.


15) Improper validation of integrity check value (CVE-ID: CVE-2024-3727)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of integrity check. A remote attacker can trick the victim into providing authenticated registry accesses, causing resource exhaustion, local path traversal, and other attacks.


16) Infinite loop (CVE-ID: CVE-2024-24786)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.


Remediation

Install update from vendor's website.

References