{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-14T21:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/seccomp/libseccomp-golang/issues/22"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"}, {"name": "[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/6"}, {"name": "RHSA-2019:4087", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4087"}, {"name": "RHSA-2019:4090", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:4090"}, {"name": "[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"}, {"name": "USN-4574-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4574-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-18367", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/seccomp/libseccomp-golang/issues/22", "refsource": "MISC", "url": "https://github.com/seccomp/libseccomp-golang/issues/22"}, {"name": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e", "refsource": "MISC", "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"}, {"name": "[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/04/25/6"}, {"name": "RHSA-2019:4087", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4087"}, {"name": "RHSA-2019:4090", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:4090"}, {"name": "[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"}, {"name": "USN-4574-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4574-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T21:20:50.557Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/seccomp/libseccomp-golang/issues/22"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"}, {"name": "[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/6"}, {"name": "RHSA-2019:4087", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4087"}, {"name": "RHSA-2019:4090", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:4090"}, {"name": "[debian-lts-announce] 20200811 [SECURITY] [DLA 2320-1] golang-github-seccomp-libseccomp-golang security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"}, {"name": "USN-4574-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4574-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-18367", "datePublished": "2019-04-24T20:02:19", "dateReserved": "2019-04-24T00:00:00", "dateUpdated": "2024-08-05T21:20:50.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libseccomp-golang_project:libseccomp-golang:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BE659D4-728B-49ED-878F-D0F43E9C2B31", "versionEndIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."}, {"lang": "es", "value": "libseccomp-golang versi\u00f3n 0.9.0 y anteriores, BPF generan incorrectamente m\u00faltiples argumentos OR en lugar de ANDing. Un proceso que se realiza bajo un filtro seccomp restrictivo que especific\u00f3 m\u00faltiples argumentos de syscall podr\u00eda omitir las restricciones de acceso previstas al especificar un \u00fanico argumento coincidente."}], "id": "CVE-2017-18367", "lastModified": "2020-10-14T22:15:12.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-24T21:29:00.243", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/04/25/6"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:4087"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:4090"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/seccomp/libseccomp-golang/issues/22"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4574-1/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:2479", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.232-1.git.0.a5bc32f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-06-18T00:00:00Z"}, {"advisory": "RHSA-2019:4087", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift-0:4.1.27-201912021146.git.0.a40116f.el8_0", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-12-17T00:00:00Z"}, {"advisory": "RHSA-2019:4090", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-cli:v4.1.27-201912030019", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-12-17T00:00:00Z"}, {"advisory": "RHSA-2019:4090", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-cli-artifacts:v4.1.27-201912030019", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-12-17T00:00:00Z"}, {"advisory": "RHSA-2019:4090", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-hyperkube:v4.1.27-201912030019", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-12-17T00:00:00Z"}, {"advisory": "RHSA-2019:4090", "cpe": "cpe:/a:redhat:openshift:4.1::el7", "package": "openshift4/ose-hypershift:v4.1.27-201912030019", "product_name": "Red Hat OpenShift Container Platform 4.1", "release_date": "2019-12-17T00:00:00Z"}], "bugzilla": {"description": "libseccomp-golang: mishandling of multiple argument rules leading to a bypass of intended access restrictions", "id": "1706826", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1706826"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-305", "details": ["libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument."], "name": "CVE-2017-18367", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift-enterprise-node-container", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-04-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-18367\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-18367"], "statement": "This issue may affect OpenShift Container Platform 3.x and 4.x if you are providing a custom Seccomp profile using Security Context Constraints [1]. The custom Seccomp profile would need to specify multiple arguments, such as below, from [2].\n{\n\"names\": [\n\"socketcall\"\n],\n\"action\": \"SCMP_ACT_ALLOW\",\n\"args\": [\n{\n\"index\": 0,\n\"value\": 1,\n\"valueTwo\": 0,\n\"op\": \"SCMP_CMP_EQ\"\n},\n{\n\"index\": 1,\n\"value\": 1,\n\"valueTwo\": 0,\n\"op\": \"SCMP_CMP_EQ\"\n}\n],\n\"comment\": \"\",\n\"includes\": {},\n\"excludes\": {}\n},\nIf such a profile was used the arguments could be combined as an OR rule, not AND, as the user might expect from Seccomp.\n[1] https://docs.openshift.com/container-platform/4.1/authentication/managing-security-context-constraints.html\n[2] https://github.com/moby/moby/issues/32714#issuecomment-295532163", "threat_severity": "Moderate", "upstream_fix": "libseccomp-golang 0.9.1"}