SB2024112005 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024112005

SB2024112005 - Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

Published: November 20, 2024

Security Bulletin ID SB2024112005
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 14% Medium 43% Low 43%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2024-24786)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when parsing data in an invalid JSON format within the protojson.Unmarshal() function. A remote attacker can consume all available system resources and cause denial of service conditions.


2) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2024-3596)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.


3) Input validation error (CVE-ID: CVE-2024-9407)

The vulnerability allows a remote user to gain access to sensitive information.

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files.

Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.


4) Path traversal (CVE-ID: CVE-2024-9675)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to input validation error when processing directory traversal sequences in cache mounts. A local user can execute a 'RUN' instruction in a Container file to mount an arbitrary directory from the host into the container as long as those files can be accessed by the user running Buildah.


5) UNIX symbolic link following (CVE-ID: CVE-2024-9676)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a symlink following issue when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). A local user can create a symbolic link to an arbitrary file on the system, force the library to read it and perform a denial of service (DoS) attack.


6) Buffer overflow (CVE-ID: CVE-2024-44244)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


7) Security features bypass (CVE-ID: CVE-2024-44296)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper checks in WebKit. A remote attacker can trick the victim into visiting a specially crafted website and prevent Content Security Policy from being enforced.


Remediation

Install update from vendor's website.

References