ID

VAR-202208-0314

CVE

CVE-2022-32292

TITLE

Intel's  connman  Out-of-Bounds Write Vulnerability in Other Vendors' Products

DESCRIPTION

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. Intel's connman Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability.The specific flaw exists within the received_data method. Crafted data in a HTTP response can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the ConnMan process.This vulnerability was demonstrated on a Tesla Model 3 during Pwn2Own 2022 Vancouver competition. For the stable distribution (bullseye), these problems have been fixed in version 1.36-2.2+deb11u1. We recommend that you upgrade your connman packages. For the detailed security status of connman please refer to its security tracker page at: https://security-tracker.debian.org/tracker/connman Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmMl6e9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TRZA//QR46xvu66PMnDmLubjco12vyMnfonbCrOI+ZrgQl1OHtIB1/i1/sX/e6 YJfjJpMjIM+9tbGP6wUSPYli4ZjW7fYGipaXJYFYH/Mxq8zleLO7YeO5RGtl7isi trvOcJ0N8Og+KQZHymgxI9zSiAA1cA7VjWtdZjj7izt7fm2VN/xO7Yksecm053tF hBBffflPnOXL/BA75kQ6zK+l4GJKCoqE67zWqirpoFOIzbvQsOInfkG4WBh3fxee dzSjLJ5UjmEkiJC9la9y6TnO64b1nvNkp1akGbqVHmxQrrxcS5QoWvAa4K3mNVI8 l7+lTLxqsodLv6io71pI6UQbvLiyeOBKBycGxbFvnX38GiuO2qjNGrrKUfi77Lj3 23zwbKPiOl3bcBoH6/zhJmJsCR6rREN0uhULnEDMiiEQNVqbTw2RekFSNnSiprhC CvUhaioqcNQ0Km7Uhd23kIdpBcM5lZh3hwSXWuGxpEXyyBAzorn+1rh5l/Zu0x8I OpAbtgG4EaiB4crHBnDE8Tc2ZW/VmilnJF/syrVxL8zx78ZulK+fNmTwNWTV+wRz A5xHsvmR1D0FpBr2uKQ0bq6uDWxajd5kNOmboNnha3UL+EftjgIEW3f3Y4fgHeWx 1io1lrYjacfCEm3uf+NnAjACpwnQzWh41EIJpIDBhI09KB+LDeQ= =qzlf -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6236-1 July 19, 2023 connman vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ConnMan. Software Description: - connman: Intel Connection Manager daemon Details: It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: connman 1.41-2ubuntu0.23.04.1 Ubuntu 22.04 LTS: connman 1.36-2.3ubuntu0.1 Ubuntu 20.04 LTS: connman 1.36-2ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): connman 1.35-6ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): connman 1.21-1.2+deb8u1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6236-1 CVE-2021-26675, CVE-2021-26676, CVE-2021-33833, CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293, CVE-2023-28488 Package Information: https://launchpad.net/ubuntu/+source/connman/1.41-2ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1 https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ConnMan: Multiple Vulnerabilities Date: October 31, 2023 Bugs: #832028, #863425 ID: 202310-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Background ========= ConnMan provides a daemon for managing Internet connections. Affected packages ================ Package Vulnerable Unaffected ---------------- ------------------ ------------------- net-misc/connman < 1.42_pre20220801 >= 1.42_pre20220801 Description ========== Multiple vulnerabilities have been discovered in ConnMan. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All ConnMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/connman-1.42_pre20220801" References ========= [ 1 ] CVE-2022-23096 https://nvd.nist.gov/vuln/detail/CVE-2022-23096 [ 2 ] CVE-2022-23097 https://nvd.nist.gov/vuln/detail/CVE-2022-23097 [ 3 ] CVE-2022-23098 https://nvd.nist.gov/vuln/detail/CVE-2022-23098 [ 4 ] CVE-2022-32292 https://nvd.nist.gov/vuln/detail/CVE-2022-32292 [ 5 ] CVE-2022-32293 https://nvd.nist.gov/vuln/detail/CVE-2022-32293 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-21 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

David BERARD and Vincent DEHORS from @Synacktiv

SOURCES

LAST UPDATE DATE

2024-08-14T13:11:15.001000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE