CVE-2022-44640 (Remote code execution)
thrivikramgit opened this issue · comments
Summary
It was observed that the Image registry.k8s.io/sig-storage/smbplugin:v1.11.0 was using heimdal that was vulnerable for CVE-2022-44640.
Details
because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC) which leads to execute arbitrary code.
PoC
Scan the Image registry.k8s.io/sig-storage/smbplugin:v1.11.0 using any docker image scanner like Trivy. We should see the affected CVE.
https://github.com/kubernetes-csi/csi-driver-smb/blob/master/deploy/v1.11.0/csi-smb-controller.yaml#L72
Impact
This is potentially a remote code execution (RCE) against Heimdal KDCs.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44640
GHSA-88pm-hfmq-7vv4
will cut a new release v1.12.0 since registry.k8s.io/sig-storage/smbplugin:canary does not have CVE
pls try with registry.k8s.io/sig-storage/smbplugin:v1.12.0
Hello @andyzhangx,
I tried again with Trivy and found that the CVE still exists for the image registry.k8s.io/sig-storage/smbplugin:v1.12.0. Could you please check this again?
Thanks for your support
Hello @andyzhangx, I tried again with Trivy and found that the CVE still exists for the image registry.k8s.io/sig-storage/smbplugin:v1.12.0. Could you please check this again?
Thanks for your support
@thrivikramgit we only fix the package with fixed version, there is no fix version for libwbclient0 package.
# trivy image --ignore-unfixed registry.k8s.io/sig-storage/smbplugin:v1.12.0
2023-08-30T11:50:06.081Z INFO Vulnerability scanning is enabled
2023-08-30T11:50:06.081Z INFO Secret scanning is enabled
2023-08-30T11:50:06.081Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-08-30T11:50:06.081Z INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2023-08-30T11:50:06.362Z INFO Detected OS: debian
2023-08-30T11:50:06.362Z INFO Detecting Debian vulnerabilities...
2023-08-30T11:50:06.373Z INFO Number of language-specific files: 1
2023-08-30T11:50:06.373Z INFO Detecting gobinary vulnerabilities...
registry.k8s.io/sig-storage/smbplugin:v1.12.0 (debian 11.7)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
â libwbclient0 â CVE-2022-44640 â CRITICAL â 2:4.13.13+dfsg-1~deb11u5 â â Heimdal before 7.7.1 allows remote attackers to execute â
â â â â â â arbitrary code ... â
â â â â â â https://avd.aquasec.com/nvd/cve-2022-44640 â
would be fixed by #657