CVE-2021-3979 – ceph: Ceph volume does not honour osd_dmcrypt_key_size
https://notcve.org/view.php?id=CVE-2021-3979
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. Se ha encontrado un fallo de longitud de clave en Red Hat Ceph Storage. Un atacante puede explotar el hecho de que la longitud de la clave se pasa incorrectamente en un algoritmo de cifrado para crear una clave no aleatoria, que es más débil y puede ser explotada para la pérdida de confidencialidad e integridad en los discos cifrados. • https://access.redhat.com/security/cve/CVE-2021-3979 https://bugzilla.redhat.com/show_bug.cgi?id=2024788 https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 https://github.com/ceph/ceph/pull/44765 https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q https://tracker.ceph.com/issues/54006 • CWE-287: Improper Authentication CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2022-26148 – grafana: An information leak issue was discovered in Grafana through 7.3.4, when integrated with Zabbix
https://notcve.org/view.php?id=CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. Se ha detectado un problema en Grafana versiones hasta 7.3.4, cuando es integrado con Zabbix. La contraseña de Zabbix puede encontrarse en el código fuente HTML api_jsonrpc.php. • https://2k8.org/post-319.html https://security.netapp.com/advisory/ntap-20220425-0005 https://access.redhat.com/security/cve/CVE-2022-26148 https://bugzilla.redhat.com/show_bug.cgi?id=2066563 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2022-0492 – kernel: cgroups v1 release_agent feature may allow privilege escalation
https://notcve.org/view.php?id=CVE-2022-0492
A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. Se ha encontrado una vulnerabilidad en la función cgroup_release_agent_write en el archivo kernel/cgroup/cgroup-v1.c del kernel de Linux. Este fallo, bajo determinadas circunstancias, permite el uso de la función cgroups v1 release_agent para escalar privilegios y saltarse el aislamiento del espacio de nombres de forma no esperada • https://github.com/chenaotian/CVE-2022-0492 https://github.com/SofianeHamlaoui/CVE-2022-0492-Checker https://github.com/yoeelingBin/CVE-2022-0492-Container-Escape https://github.com/T1erno/CVE-2022-0492-Docker-Breakout-Checker-and-PoC https://github.com/bb33bb/CVE-2022-0492 http://packetstormsecurity.com/files/166444/Kernel-Live-Patch-Security-Notice-LSN-0085-1.html http://packetstormsecurity.com/files/167386/Kernel-Live-Patch-Security-Notice-LSN-0086-1.html http://packetstormsecurity.com/files/17 • CWE-287: Improper Authentication CWE-862: Missing Authorization •
CVE-2021-4115 – polkit: file descriptor leak allows an unprivileged user to cause a crash
https://notcve.org/view.php?id=CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned Se presenta un fallo en polkit que puede permitir a un usuario no privilegiado causar un bloqueo de polkit, debido al agotamiento del descriptor de archivos del proceso. La mayor amenaza de esta vulnerabilidad es la disponibilidad. NOTA: La duración de la interrupción del proceso de polkit está ligada al proceso que falla y a la creación de uno nuevo There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. • http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html https://access.redhat.com/security/cve/cve-2021-4115 https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat • CWE-400: Uncontrolled Resource Consumption CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') •
CVE-2021-44141 – samba: Information leak via symlinks of existance of files or directories outside of the exported share
https://notcve.org/view.php?id=CVE-2021-44141
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed. Todas las versiones de Samba anteriores a 4.15.5, son vulnerables a que un cliente malicioso use un enlace simbólico del servidor para determinar si un archivo o directorio se presenta en un área del sistema de archivos del servidor no exportada bajo la definición de recurso compartido. SMB1 con extensiones unix debe estar habilitado para que este ataque tenga éxito A vulnerability was found in Samba due to an insecure link following. By querying a symlink inside the exported share using SMB1 with unix extensions turned on, an attacker can discover if a named or directory exists on the filesystem outside the exported share. • https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2021-44141.html https://access.redhat.com/security/cve/CVE-2021-44141 https://bugzilla.redhat.com/show_bug.cgi?id=2046120 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •