Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202301-02

Gentoo Linux Security Advisory 202301-2 - Multiple vulnerabilities have been discovered in Twisted, the worst of which could result in denial of service. Versions less than 22.10.0 are affected.

Packet Storm
#vulnerability#web#mac#linux#dos

Gentoo Linux Security Advisory GLSA 202301-02


                                       https://security.gentoo.org/  

Severity: Low
Title: Twisted: Multiple Vulnerabilities
Date: January 11, 2023
Bugs: #878499, #834542, #832875
ID: 202301-02


Synopsis

Multiple vulnerabilities have been discovered in Twisted, the worst of
which could result in denial of service.

Background

Twisted is an asynchronous networking framework written in Python.

Affected packages

-------------------------------------------------------------------  
 Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  

1 dev-python/twisted < 22.10.0 >= 22.10.0

Description

Multiple vulnerabilities have been discovered in Twisted. Please review
the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Twisted users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=dev-python/twisted-22.10.0”

References

[ 1 ] CVE-2022-21712
https://nvd.nist.gov/vuln/detail/CVE-2022-21712
[ 2 ] CVE-2022-21716
https://nvd.nist.gov/vuln/detail/CVE-2022-21716
[ 3 ] CVE-2022-39348
https://nvd.nist.gov/vuln/detail/CVE-2022-39348

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202301-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Ubuntu Security Notice USN-6575-1

Ubuntu Security Notice 6575-1 - It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly use this issue to perform HTML and script injection attacks. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Twisted incorrectly handled response order when processing multiple HTTP requests. A remote attacker could possibly use this issue to delay responses and manipulate the responses of second requests.

CVE-2023-32449: DSA-2023-173: Dell PowerStore Family Security Update for Multiple Vulnerabilities

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

GHSA-vg46-2rrj-3647: Twisted vulnerable to NameVirtualHost Host header injection

When the host header does not match a configured host, `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. Example configuration: ```python from twisted.web.server import Site from twisted.web.vhost import NameVirtualHost from twisted.internet import reactor resource = NameVirtualHost() site = Site(resource) reactor.listenTCP(8080, site) reactor.run() ``` Output: ``` ❯ curl -H"Host:<h1>HELLO THERE</h1>" http://localhost:8080/ <html> <head><title>404 - No Such Resource</title></head> <body> <h1>No Such Resource</h1> <p>host b'<h1>hello there</h1>' not in vhost map</p> </body> </html> ``` This vulnerability was introduced in f49041bb67792506d85aeda9cf6157e92f8048f4 and first appeared in the 0.9.4 release.

CVE-2022-39348: Merge pull request from GHSA-vg46-2rrj-3647 · twisted/twisted@f2f5e81

Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.

CVE-2022-21496: Oracle Critical Patch Update Advisory - April 2022

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...

CVE-2022-21716: Update the release date. · twisted/twisted@89c395e

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

CVE-2022-21712: Merge pull request from GHSA-92x2-jw7w-xvvx · twisted/twisted@af8fe78

twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds.

Packet Storm: Latest News

Ivanti EPM Agent Portal Command Execution