IBM Support

Security Bulletin: Multiple security vulnerabilities affect IBM Cloud Foundry Migration Runtime

Security Bulletin


Summary

There are multiple Ruby vulnerabilities that affect IBM Cloud Foundry Migration Runtime that could cause a denial of service, HTTP response splitting, a remote attacker to bypass security restrictions, a remote attacker to obtain sensitive information, a local attacker to gain unauthorized access to the system and a local authenticated attacker to execute arbitrary code on the system.

Vulnerability Details

CVEID:   CVE-2021-25217
DESCRIPTION:   ISC DHCP is vulnerable to a denial of service, caused by a buffer overrun in program code used to read and parse stored leases. A remote attacker from within the local network could exploit this vulnerability to cause a crash in the DHCP server or DHCP client.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/202604 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-25613
DESCRIPTION:   WEBrick gem for Ruby is vulnerable to HTTP request smuggling, caused by improper validation of transfer-encoding header value. By sending specially a crafted HTTP(S) request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189414 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2021-28965
DESCRIPTION:   REXML gem for Ruby could allow a remote attacker to bypass security restrictions, caused by an XML round-trip issues when parsing and serializing XML document. By using a specially-crafted XML document, an attacker could exploit this vulnerability to create an incorrect XML document.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200534 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2019-15845
DESCRIPTION:   Ruby could allow a local attacker to gain unauthorized access to the system, caused by a NUL injection vulnerability in the built-in methods (File.fnmatch and File.fnmatch). An attacker could exploit this vulnerability to make path matching pass despite the intention of the program author.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169463 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:   CVE-2019-16201
DESCRIPTION:   Ruby is vulnerable to a denial of service, caused by an error in WEBrick’s Digest authentication module. A remote attacker could exploit this vulnerability to cause a regular expression denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2019-16254
DESCRIPTION:   Ruby is vulnerable to HTTP response splitting attacks, caused by improper validation of user-supplied input in the WEBrick module. A remote attacker could exploit this vulnerability to inject arbitrary HTTP headers and cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning or cross-site scripting, and possibly obtain sensitive information.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169464 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

CVEID:   CVE-2019-16255
DESCRIPTION:   Ruby could allow a local attacker to execute arbitrary commands on the system, caused by a code injection vulnerability in the (lib/shell.rb standard library. By passing untrusted data to methods of Shell, an attacker could exploit this vulnerability to inject code and call an arbitrary Ruby method.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169465 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID:   CVE-2019-3881
DESCRIPTION:   RubyGems Bundler could allow a local authenticated attacker to execute arbitrary code on the system, caused by an insecure temporary directory issue in tmp/ when the home directory of the user is not writable the tmp_home_path function in lib/bundler.rb. By placing a specially-crafted file to the temporary directory, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187807 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-10663
DESCRIPTION:   RubyGems JSON gem for Ruby could allow a remote attacker to bypass security restrictions, caused by improper validation of input by the gem when parsing JSON documents. By parsing a specially-crafted JSON document, an attacker could exploit this vulnerability to create malicious object within the interpreter.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181414 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

CVEID:   CVE-2020-10933
DESCRIPTION:   Ruby could allow a remote attacker to obtain sensitive information, caused by a flaw in the BasicSocket#read_nonblock method. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information from the heap buffer, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181416 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2021-33910
DESCRIPTION:   Systemd is vulnerable to a denial of service, caused by a memory allocation with an excessive size value in basic/unit-name.c. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205907 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)Version(s)
IBM Cloud Foundry Migration Runtime4.1.1

Remediation/Fixes

To upgrade to IBM Cloud Foundry Migration Runtime 4.1.2 or higher, if automatic upgrades has been disabled, locate IBM Cloud Foundry Migration Runtime in the IBM Operator Catalog in OperatorHub UI in OpenShift to uninstall the affected version and reinstall the latest version.

The operator is installed by subscribing to one of the update channels which also keeps the operator up to date.

To find the current version of IBM Cloud Foundry Migration Runtime being used,

Click on the IBM Cloud Foundry Operator Catalog menu.

Select IBM Cloud Foundry Migration Runtime catalog.

If the version located on the left hand side of the catalog is 2.1.0 an upgrade is required. A successful upgrade will show 2.1.1.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Change History

4 Oct 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSBHDK","label":"IBM Cloud Foundry Migration Runtime"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"4.1.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
13 October 2021

UID

ibm16498497