Several vulnerabilities were found in various open source projects

Few days ago a number of vulnerability disclosures were made public in various open source projects and of whichthe more important it is the one that was found in the OpenSSL cryptographic library, which is caused by a bug in the implementation of the adder in the BN_mod_exp function, which causes an incorrect result of the squaring operation to be returned.

The problem is already cataloged under CVE-2021-4160 and alone occurs on hardware based on the MIPS32 and MIPS64 architectures and can compromise elliptic curve algorithms, including those used by default in TLS 1.3. The issue was fixed in the December updates to OpenSSL 1.1.1m and 3.0.1.

In addition, it is observed that the implementation of real attacks to obtain information about private keys using the identified problem is considered for RSA, DSA and the Diffie-Hellman algorithm (DH, Diffie-Hellman) as possible, but unlikely, too difficult to do. to carry out and requires enormous computing resources.

At the same time, an attack on TLS is excluded, as in 2016, when the CVE-2016-0701 vulnerability was removed and sharing a DH private key by clients was prohibited.

Another vulnerability that was revealed is CVE-2022-0330 and was identified in i915 graphics driver related to missing GPU TLB reset. In the event that IOMMU (address translation) is not applied, the vulnerability allows access to random pages of memory from user space.

The problem can be used to corrupt or read data from random areas of memory. The issue occurs on all integrated and discrete Intel GPUs. The fix is ​​implemented by adding a mandatory TLB flush before each GPU buffer postback operation to the system, which will lead to performance degradation. Performance impact depends on the GPU, operations performed on the GPU, and system load. The fix is ​​currently only available as a patch.

were also found vulnerabilities in the Glibc standard C library that affect the functions realpath (CVE-2021-3998) and getcwd (CVE-2021-3999). The problem in realpath() is described as being caused by returning an invalid value under certain conditions, which contains uncleaned residual data from the stack. For the SUID-root fusermount program, vulnerability can be used to obtain sensitive information from process memory, for example, to get information about pointers.

A problem with getcwd() allows a one-byte buffer overflow. The problem is caused by a bug that has been around since 1995. To call an overflow, in a separate mount point namespace, just call chdir() on the "/" directory. It is not reported whether the vulnerability is limited to process flaws, but there have been instances of working exploits for such vulnerabilities in the past, despite skepticism from developers.

Of the other vulnerabilities that were recently identified in open source projects:

  • Vulnerability CVE-2022-23220: in the usbview package that allows local users to log in via SSH to run code as root, due to the setting (allow_any=yes) in the PolKit rules to run the usbview utility as root without authentication. The operation boils down to using the “–gtk-module” option to load your library into usbview. The problem was fixed in usbview 2.2.
  • Vulnerability CVE-2022-22942: isn vmwgfx graphics driver used to implement 3D acceleration in VMware environments. The issue allows an unprivileged user to access files opened by other processes on the system. The attack requires access to device /dev/dri/card0 or /dev/dri/rendererD128 and the ability to make an ioctl() call with the obtained file descriptor.
  • Vulnerabilities CVE-2021-3996 y CVE-2021-3995: in the libmount library provided with the util-linux package that allow an unprivileged user to mount disk partitions without being authorized to do so. The problem was identified during an audit of the SUID root programs umount and fusermount.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.