CVE-2023-26604
CVE Details
Visit the official vulnerability details page for CVE-2023-26604 to learn more.
Initial Publication
11/13/2024
Last Update
12/12/2024
Third Party Dependency
libsystemd0
NIST CVE Summary
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
CVE Severity
Our Official Summary
This vulnerability is reported on several of the 3rd party cni images used by our products such as calico and multus-cni. The out-of-bounds write vulnerability in the Bzip2 libraries can be exploited by a malicious bzip2 payload, potentially resulting in a denial of service or remote code execution. Network services or command line utilities that decompress untrusted bzip2 payloads are at risk. The risk scenario is low for the following reasons: These images are optional and will be installed depending on the configuration of the deployments; there are no known reports of exploitation from the 3rd party vendors; and these images are not accessible directly for an attacker to send crafted input. We will upgrade the images when the fixes become available from the vendors.
Status
Ongoing
Affected Products & Versions
Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
---|---|---|---|---|
4.5.15 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.5.11 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.5.10 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.5.8 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.5.5 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.5.4 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
Date | Revision |
---|---|
12/12/2024 | Official summary revised: This vulnerability is reported on several of the 3rd party cni images used by our products such as calico andmultus-cni. The out-of-bounds write vulnerability in the Bzip2 libraries can be exploited by a malicious bzip2 payload,potentially resulting in a denial of service or remote code execution. Network services or command line utilities thatdecompress untrusted bzip2 payloads are at risk. The risk scenario is low for the following reasons: These images areoptional and will be installed depending on the configuration of the deployments; there are no known reports ofexploitation from the 3rd party vendors; and these images are not accessible directly for an attacker to send craftedinput. We will upgrade the images when the fixes become available from the vendors. |
12/12/2024 | Official summary revised: "A vulnerability was found in the systemd package. The systemd package does not adequately block local privilege escalation for some Sudo configurations, for example, plausible sudoers files, in which the ""systemctl status"" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This issue presents a substantial security risk when running systemctl from Sudo because less executes as root when the terminal size is too small to show the complete systemctl output.This is reported on a few of the third party images for which an upstream fix is not available. Probability of exploitation is less likely as attackers need privileged access to thesecontainers and sufficient controls are in place to prevent that. We will wait for the upstream fix to become available." |