The vulnerability could be exploited by an attacker to execute arbitrary code on the affected system. INPUT_ISDESCRIPTION is used to validate and filter user input before it is used. An attacker could submit an input string to the INPUT_ISDESCRIPTION function that would cause the validation to fail, causing the application to run an arbitrary script. An attacker could exploit this vulnerability to execute arbitrary code on the affected system. INPUT_ISDESCRIPTION is used by a number of modules and is the most critical in this scenario. If an attacker can inject arbitrary code into INPUT_ISDESCRIPTION, then no other input validation is needed. This would result in a full RCE. ****************

Affected Packages:

The following packages are vulnerable:
- acpi_call_usermode_linux.ko
- at.ko
- bnx2.ko
- e1000e.ko
- fnic.ko
- igb.ko
- ipv6.ko  
- iscsi_target_utils.ko  
- kvm_intel.ko  
- libata.ko  
- libcacard.so
- libdrmutil.so
- libdrmutil1.so
- llc2pppoeapiclient2ndhalfinitla3rdpartyclientsrcpvc4mmodulefsa4hscommsdrivermodulemodulenamehslibhspltclntservermodulemodulenamehstcpipclntservermodulemodulenamehstunixsocketmodulemodulenamehstunixsocketmodulemodulenamehstunixsocketmodulemodulenamehstraceregisteritconfondereruntimeservermodule

Vulnerability Severity

Vulnerability Severity: High
Affected Module: INPUT_ISDESCRIPTION

Vulnerable Code Location input_isdescription.php

The vulnerable code is located in the input_isdescription.php file. The vulnerability is present when the application fails to validate user input, which would cause a buffer overflow and potential RCE. An attacker is able to exploit this vulnerability by submitting an input string that would cause the validation to fail, causing the application to run an arbitrary script.

Vulnerability discovery

The vulnerability was discovered through fuzzing input validation in a way that triggered some of the functions. This means that the vulnerability was found by injecting malformed inputs into the application's code.

Vulnerability discovery is an important part of an attack, because it can be used to discover new vulnerabilities for other systems. For example, if an attacker knows about a vulnerability in one application, they might choose to report it to the developer so that they can fix it and avoid future attacks from this source.

Timeline

Published on: 11/10/2022 15:15:00 UTC
Last modified on: 11/15/2022 18:38:00 UTC

References