Security Bulletin: Vulnerabilities in Samba and glibc affect Cloud Pak System

Summary

Vulnerabilities in Samba and glibc affect OS Image for Red Hat Enterprise Linux Systems shipped with Cloud Pak System.

Vulnerability Details

CVEID:CVE-2023-4806
**DESCRIPTION:**GNU glibc is vulnerable to a denial of service, caused by a use-after-free flaw in the getaddrinfo() function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-34968
**DESCRIPTION:**Samba could allow a remote attacker to obtain sensitive information, caused by a flaw in the Spotlight protocol. By sending a specially crafted RPC request, an attacker could exploit this vulnerability to obtain the real server-side share path information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261222 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2022-1615
**DESCRIPTION:**Samba could allow a local attacker to obtain sensitive information, caused by a flaw in the gnutls_rnd() function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain predictable random values information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235119 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2023-4911
**DESCRIPTION:**glibc could allow a local authenticated attacker to gain elevated privileges on the system, caused by a buffer overflow in the dynamic loader’s processing of the GLIBC_TUNABLES environment variable. By sending overly long data, an attacker could exploit this vulnerability to gain root privileges on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267581 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-32746
**DESCRIPTION:**Samba is vulnerable to a denial of service, caused by a use-after-free flaw when handling LDAP requests. By sending a specially-crafted LDAP request, a remote authenticated attacker could exploit this vulnerability to cause a corrupted log output or a crash.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232308 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)

CVEID:CVE-2023-34967
**DESCRIPTION:**Samba is vulnerable to a denial of service, caused by a type confusion flaw in the dalloc_value_for_key() function. By sending specially crafted Spotlight mdssvc RPC packets, a remote attacker could exploit this vulnerability to cause the worker process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261221 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Cloud Pak System

| 2.3.3.0

Cloud Pak System

| 2.3.3.3, 2.3.3.3ifix1

Cloud Pak System

| 2.3.3.4

Cloud Pak System

| 2.3.3.5

Cloud Pak System

| 2.3.3.6, v2.3.3.6 Ifix1, 2.3.3.6 iFix2

OS Image for Red Hat Enterprise Linux Systems

| 4.0.0.0

OS Image for Red Hat Enterprise Linux Systems

| 4.0.1.0

OS Image for Red Hat Enterprise Linux Systems

| 4.0.2.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by applying the fix below.

For Cloud Pak System on Intel

upgrade to Cloud Pak System v2.3.4.0 for Intel at IBM Fix Central

information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959&gt;

Workarounds and Mitigations

None