The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer.

**Critical Photon OS Security Update****Summary**

Advisory Id : PHSA-2022-3.0-0356

Type : Security

Severity : \['Critical', 'Important', 'Moderate'\]

Issue date : 2022-01-28

Affected Release: 3.0

**Details**

Updates of \['glibc', 'polkit', 'linux-esx', 'linux', 'vim', 'openssh', 'linux-secure', 'linux-aws', 'linux-rt'\] packages of Photon OS have been released.

**Affected Packages****Critical**

glibc - \['CVE-2022-23219', 'CVE-2022-23218'\]

**Important**

polkit - \['CVE-2021-4034'\]

linux-esx - \['CVE-2022-0330', 'CVE-2022-22942'\]

linux - \['CVE-2022-0330', 'CVE-2022-22942'\]

vim - \['CVE-2021-4136'\]

linux-secure - \['CVE-2022-0330', 'CVE-2022-22942'\]

linux-aws - \['CVE-2022-0330', 'CVE-2022-22942'\]

linux-rt - \['CVE-2022-0330', 'CVE-2022-22942'\]

**Moderate**

linux-esx - \['CVE-2021-45095'\]

linux - \['CVE-2021-45095'\]

openssh - \['CVE-2020-14145'\]

linux-secure - \['CVE-2021-45095'\]

linux-aws - \['CVE-2021-45095'\]

linux-rt - \['CVE-2021-45095'\]

**Solution**

Update the affected packages (tdnf update package)

Note: For packages \['glibc', 'linux-esx', 'linux', 'linux-secure', 'linux-aws', 'linux-rt'\] after updating, a reboot is required for taking effect.

**Updated Packages Information**

glibc-2.28-18.ph3.x86\_64.rpm | size : 3.9M , sha256 : e99e224e7d1f8d20d995763122c0c023f34ba8b570632f105269a710e1b0573b , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-devel-2.28-18.ph3.x86\_64.rpm | size : 3.0M , sha256 : 067d4b0dc9c3a1c745a72d97cba8c6f46a9ec3a19c0d5b30bed23182792db386 , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-i18n-2.28-18.ph3.x86\_64.rpm | size : 4.5M , sha256 : 0158c892d114425d5daedbbbd1c93a287e50959f12b30dd3cc616be57285cab3 , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-iconv-2.28-18.ph3.x86\_64.rpm | size : 2.8M , sha256 : 9d256088557f3c8e2375b3868e56fb7213679a30d2cd75694be66790243c8171 , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-lang-2.28-18.ph3.x86\_64.rpm | size : 1.4M , sha256 : 14136b43b3eec60db6c5617dc6651dc9b1b343c84c2cb0e4307d06f1ae1340e0 , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-nscd-2.28-18.ph3.x86\_64.rpm | size : 80K , sha256 : 1ee3766da102fe710c9a1692f7de1faa38733f7a6c0bfede2bc04c484d87fd6d , build time : Thu, 27 Jan 2022 20:37:38 UTC

glibc-tools-2.28-18.ph3.x86\_64.rpm | size : 356K , sha256 : edae3f52fc39f0fe8495faa68ab8df53e982f99f3f510977ca6b9c89510e35c9 , build time : Thu, 27 Jan 2022 20:37:38 UTC

polkit-0.116-3.ph3.x86\_64.rpm | size : 188K , sha256 : fee211a42088843fe1f32c1a6f06c6b4dc31e7d034a71728b220da425644a122 , build time : Thu, 27 Jan 2022 20:46:03 UTC

polkit-devel-0.116-3.ph3.x86\_64.rpm | size : 92K , sha256 : 5baf555f581793df7e68a89dbd51470ca6b25f507e1c85a09c36c7f11eaa2749 , build time : Thu, 27 Jan 2022 20:46:03 UTC

linux-esx-4.19.225-3.ph3.x86\_64.rpm | size : 11M , sha256 : 6095ff25e620479b4a6cee2578f7842a9cc58120705604635792aa46fa196df9 , build time : Thu, 27 Jan 2022 22:09:25 UTC

linux-esx-devel-4.19.225-3.ph3.x86\_64.rpm | size : 12M , sha256 : 82bc0ca22b121d63cfc5653973b898bdd0483c2e181a4517b0ec5cdf4dd31ec6 , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-esx-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.3M , sha256 : 5435278e5b9152c91e176e4a1831c7d7f66160259eb1b5d749be6382139b649d , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-esx-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 44K , sha256 : 3992b2e7dfd381cbbcffe9dabbc33d8e4de8728938b60488034cff6003f5347c , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-4.19.225-3.ph3.x86\_64.rpm | size : 23M , sha256 : 3096bd89ed45b2c9aae61d4448a01ada61290626edc929109f41b6915780d3e5 , build time : Thu, 27 Jan 2022 22:09:28 UTC

linux-api-headers-4.19.225-1.ph3.noarch.rpm | size : 1.4M , sha256 : 607d0bde54467791bccd44452bc518e7cb52516bdc7943682451467e2c03d97c , build time : Thu, 27 Jan 2022 20:32:12 UTC

linux-aws-4.19.225-3.ph3.x86\_64.rpm | size : 17M , sha256 : a4740f6b931a12e7c6951140fb21d902a6328366cb59ac6df8addd9c16062f75 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-devel-4.19.225-3.ph3.x86\_64.rpm | size : 17M , sha256 : 3bf05ef65a7e3d6a3ee00b3b319d1574b5570c0ab1ec3fabca884b45a898140a , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : f4775ba1efce5732d6986618f7ac013da538f7a0d08ba4663baf6d0137ad92d1 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-drivers-gpu-4.19.225-3.ph3.x86\_64.rpm | size : 1.5M , sha256 : 08aa9635a4a1111ce13e4f5851bc5b7c8d7319dbe7fe4e593673060e3a4e52c7 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 24K , sha256 : dbfc7fd398e1fe6237aac5f2b4bbb34161dcc87ba24c832b0527305bccf607af , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-oprofile-4.19.225-3.ph3.x86\_64.rpm | size : 40K , sha256 : 63a07191fba241c23942bccdf8e5e2f8262883f98c178f26c51e95bb7c740fdd , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-sound-4.19.225-3.ph3.x86\_64.rpm | size : 248K , sha256 : f883099698e4e4b7181d280024e35889b57b61bca61f7e22b57e4935ce917d4d , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-devel-4.19.225-3.ph3.x86\_64.rpm | size : 13M , sha256 : a431de3cf8e757af4c962d9a13120abb01cc2a02ef3110dfa6da3e5aea6805b7 , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.3M , sha256 : b5efab9841c96480966bb3b15d47b5a996cde8a290981b7bf6d88bb8d38f032c , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-drivers-gpu-4.19.225-3.ph3.x86\_64.rpm | size : 1.5M , sha256 : d77cbb2e968a8e6b01010f0d619f4cf52d89d59e7ed80b8e6df56b0a55f731b8 , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-drivers-intel-sgx-4.19.225-3.ph3.x86\_64.rpm | size : 52K , sha256 : 6fbcc8b9ee587cd8de7eefaaf91857eb0ee82481fd83bed96e922bc627aafd31 , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-drivers-sound-4.19.225-3.ph3.x86\_64.rpm | size : 548K , sha256 : 970d0819b50ef955684def55a505a8e572060b48f360a70fcd42655ab406b40f , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-esx-4.19.225-3.ph3.x86\_64.rpm | size : 11M , sha256 : 6095ff25e620479b4a6cee2578f7842a9cc58120705604635792aa46fa196df9 , build time : Thu, 27 Jan 2022 22:09:25 UTC

linux-esx-devel-4.19.225-3.ph3.x86\_64.rpm | size : 12M , sha256 : 82bc0ca22b121d63cfc5653973b898bdd0483c2e181a4517b0ec5cdf4dd31ec6 , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-esx-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.3M , sha256 : 5435278e5b9152c91e176e4a1831c7d7f66160259eb1b5d749be6382139b649d , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-esx-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 44K , sha256 : 3992b2e7dfd381cbbcffe9dabbc33d8e4de8728938b60488034cff6003f5347c , build time : Thu, 27 Jan 2022 21:14:17 UTC

linux-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 44K , sha256 : cb7f1577b82b593776d160ab4438504f754487642c34406e0987a8ce82e3eb84 , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-oprofile-4.19.225-3.ph3.x86\_64.rpm | size : 60K , sha256 : 2417848da531e145b7e1c249d4633067ffe753c6e72e0901e87ac38b8f98ddb2 , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-python3-perf-4.19.225-3.ph3.x86\_64.rpm | size : 164K , sha256 : 7d07802f1a6492c6597dba87d71cfb0c1bb577ff26f9b6d327b14313361aa44a , build time : Thu, 27 Jan 2022 21:20:46 UTC

linux-rt-4.19.225-3.ph3.x86\_64.rpm | size : 22M , sha256 : 4f18fe7865ab322c77baa12b1dc41c1c918a206900a4cce75cd490ed4057d467 , build time : Thu, 27 Jan 2022 22:09:07 UTC

linux-rt-devel-4.19.225-3.ph3.x86\_64.rpm | size : 13M , sha256 : c182cddafaf062774bd412cae65d5e293da98063876e76d0fa25bd6573c1fcf4 , build time : Thu, 27 Jan 2022 21:17:00 UTC

linux-rt-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : 65a8173c6ed7d28f30a1b138be8fc72095d5cbd326aa18abc981502814770a2f , build time : Thu, 27 Jan 2022 21:17:00 UTC

linux-secure-4.19.225-3.ph3.x86\_64.rpm | size : 24M , sha256 : b99db39e17025513d2e0ca9f59357b350d9436cebc234ff429c1eac33f682a0a , build time : Thu, 27 Jan 2022 22:08:50 UTC

linux-secure-devel-4.19.225-3.ph3.x86\_64.rpm | size : 13M , sha256 : 24a01c894caba847226f288539adb5d5aa972b26c32dc1715173a19c15fbf5bc , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : 833239ad3a1ed82952cba2a8dfa74702365ca203d3142f0e608cc1e458fd6a72 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 32K , sha256 : 7da273f929d46786358718378e43f2579c99f54f7bc01cccb575ed23a03e99b7 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-lkcm-4.19.225-3.ph3.x86\_64.rpm | size : 36K , sha256 : ef9081a5f12d3d86687e3d62a35ff8188837d39e604ae82f503f276cd9fe4838 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-tools-4.19.225-3.ph3.x86\_64.rpm | size : 11M , sha256 : 2b9aa458b96601cd2468e3a45973c846c199c625f9326046bff0f8edb058697a , build time : Thu, 27 Jan 2022 21:20:46 UTC

vim-8.2.3408-12.ph3.x86\_64.rpm | size : 1.7M , sha256 : 79446c916d2b98280b97be056f5795e183504f9a14b63d07c08e73b4d4ae93af , build time : Thu, 27 Jan 2022 20:42:49 UTC

vim-extra-8.2.3408-12.ph3.x86\_64.rpm | size : 11M , sha256 : ea4d027261dea48fe49aabebb31d373f08c6523a28f449a9e1297c1fc8a48e80 , build time : Thu, 27 Jan 2022 20:42:49 UTC

openssh-7.8p1-11.ph3.x86\_64.rpm | size : 12K , sha256 : 9a689ffcdbd1151da67661ab0a969addc0ab6f5f50ad70fc3f42d24abc0227e6 , build time : Thu, 27 Jan 2022 20:48:58 UTC

openssh-clients-7.8p1-11.ph3.x86\_64.rpm | size : 1.5M , sha256 : 5c265c7e365c44c8ff8e2f036a7a562f806ddf8c83d637c5814e76e4363bcca9 , build time : Thu, 27 Jan 2022 20:48:58 UTC

openssh-server-7.8p1-11.ph3.x86\_64.rpm | size : 452K , sha256 : 31e4ea0d2332753cabe0b6eadc6046a293b78027d432737dc85eb4e5cd7fe70d , build time : Thu, 27 Jan 2022 20:48:58 UTC

linux-secure-4.19.225-3.ph3.x86\_64.rpm | size : 24M , sha256 : b99db39e17025513d2e0ca9f59357b350d9436cebc234ff429c1eac33f682a0a , build time : Thu, 27 Jan 2022 22:08:50 UTC

linux-secure-devel-4.19.225-3.ph3.x86\_64.rpm | size : 13M , sha256 : 24a01c894caba847226f288539adb5d5aa972b26c32dc1715173a19c15fbf5bc , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : 833239ad3a1ed82952cba2a8dfa74702365ca203d3142f0e608cc1e458fd6a72 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 32K , sha256 : 7da273f929d46786358718378e43f2579c99f54f7bc01cccb575ed23a03e99b7 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-secure-lkcm-4.19.225-3.ph3.x86\_64.rpm | size : 36K , sha256 : ef9081a5f12d3d86687e3d62a35ff8188837d39e604ae82f503f276cd9fe4838 , build time : Thu, 27 Jan 2022 21:15:34 UTC

linux-aws-4.19.225-3.ph3.x86\_64.rpm | size : 17M , sha256 : a4740f6b931a12e7c6951140fb21d902a6328366cb59ac6df8addd9c16062f75 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-devel-4.19.225-3.ph3.x86\_64.rpm | size : 17M , sha256 : 3bf05ef65a7e3d6a3ee00b3b319d1574b5570c0ab1ec3fabca884b45a898140a , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : f4775ba1efce5732d6986618f7ac013da538f7a0d08ba4663baf6d0137ad92d1 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-drivers-gpu-4.19.225-3.ph3.x86\_64.rpm | size : 1.5M , sha256 : 08aa9635a4a1111ce13e4f5851bc5b7c8d7319dbe7fe4e593673060e3a4e52c7 , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-hmacgen-4.19.225-3.ph3.x86\_64.rpm | size : 24K , sha256 : dbfc7fd398e1fe6237aac5f2b4bbb34161dcc87ba24c832b0527305bccf607af , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-oprofile-4.19.225-3.ph3.x86\_64.rpm | size : 40K , sha256 : 63a07191fba241c23942bccdf8e5e2f8262883f98c178f26c51e95bb7c740fdd , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-aws-sound-4.19.225-3.ph3.x86\_64.rpm | size : 248K , sha256 : f883099698e4e4b7181d280024e35889b57b61bca61f7e22b57e4935ce917d4d , build time : Thu, 27 Jan 2022 21:16:46 UTC

linux-rt-4.19.225-3.ph3.x86\_64.rpm | size : 22M , sha256 : 4f18fe7865ab322c77baa12b1dc41c1c918a206900a4cce75cd490ed4057d467 , build time : Thu, 27 Jan 2022 22:09:07 UTC

linux-rt-devel-4.19.225-3.ph3.x86\_64.rpm | size : 13M , sha256 : c182cddafaf062774bd412cae65d5e293da98063876e76d0fa25bd6573c1fcf4 , build time : Thu, 27 Jan 2022 21:17:00 UTC

linux-rt-docs-4.19.225-3.ph3.x86\_64.rpm | size : 8.2M , sha256 : 65a8173c6ed7d28f30a1b138be8fc72095d5cbd326aa18abc981502814770a2f , build time : Thu, 27 Jan 2022 21:17:00 UTC

CVE-2022-22942: Security Update 3.0 356

WordPress Backup Migration plugin versions 1.3.7 and below suffer from a remote code execution vulnerability.

    Vulnerability Summary from Wordfence IntelligenceDescription: Backup Migration <= 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup MigrationPlugin Slug: backup-backupAffected Versions: <= 1.3.7CVE ID:CVE-2023-6553Pending CVSS Score: 9.8 (Critical)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HResearcher/s: Nex Team Fully Patched Version: 1.3.8Bounty Award: $2,751.00The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.Technical AnalysisLine 118 within the /includes/backup-heart.php file used by the Backup Migration plugin attempts to include bypasser.php from the BMI_INCLUDES directory. The BMI_INCLUDES directory is defined by concatenating BMI_ROOT_DIR with the includes string on line 64. However, note that BMI_ROOT_DIR is defined via the content-dir HTTP header on line 62.affected_code_image_2 This means that the BMI_ROOT_DIR is user-controllable. By submitting a specially-crafted request, threat-actors can leverage this issue to include arbitrary, malicious PHP code and execute arbitrary commands on the underlying server in the security context of the WordPress instance.Disclosure TimelineDecember 5, 2023 – We receive the submission of the PHP Code Injection vulnerability in Backup Migration via the Wordfence Bug Bounty Program.December 6, 2023 – We validate the report and confirm the proof-of-concept exploit.December 6, 2023 – We initiate contact with the plugin developer and send over the full disclosure details. The vendor acknowledges the report and begins working on a fix. A fully patched version of the plugin, 1.3.8, is released.ConclusionIn this blog post, we detailed a critical PHP Code Injection vulnerability within the Backup Migration plugin affecting versions 1.3.7 and earlier. This vulnerability allows unauthenticated threat actors to inject arbitrary PHP code, resulting in a full site compromise. The vulnerability has been fully addressed in version 1.3.8 of the plugin.We urge WordPress users to verify that their sites are updated to the latest patched version of Backup Migration.Wordfence users running Wordfence Premium , Wordfence Care , and Wordfence Response  have been protected against these vulnerabilities as of December 6, 2023. Users still using the free version of Wordfence will receive the same protection on January 5, 2024.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.

WordPress Backup Migration 1.3.7 Remote Code Execution

Researchers have found a way to guess passwords from keyboard sounds recorded by a smartphone with 95% accuracy.

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on previous work to produce a more accurate way to guess your password by listening to the sound of you typing it on your keyboard.

The slight differences in the sounds each key makes is an unintentional leak of information, known as a “side channel”. Computers typically have lots of side channels, such as noises, heat, and changes in electromagnetic emissions, which can be hoovered up and analysed by adversaries to learn more about what’s happening on the computer.

Side channel research can get a little far-fetched and impractical at times but it serves a useful purpose in improving our knowledge about what’s possible. However, this research is firmly rooted in the possible, starting with the decision to monitor sound, rather than something more exotic.

> The ubiquity of keyboard acoustic emanations makes them not only a readily available attack vector, but also prompts victims to underestimate (and therefore not try to hide) their output. For example, when typing a password, people will regularly hide their screen but will do little to obfuscate their keyboard’s sound.

The researchers also used real-world attack scenarios, such as snooping on a laptop keyboard using the microphone on a smartphone in the same room, and by capturing the sound on a Zoom call.

As it is in so much cybersecurity research, Artificial Intelligence is centre stage. The new password-busting technique uses Deep Learning (a form of AI that mimics the learning process of the human brain) to determine which of a keyboard’s 36 keys are being pressed. The algorithm was taught using 25 presses on each key of an Apple laptop using different fingers and different pressures. The sounds from the key presses were processed extensively before being turned into images, and then fed into a deep learning algorithm used for image classification.

Did it work? Yes, even over Zoom.

> The method presented in this paper achieved a top-1 classification accuracy of 95% on phone-recorded laptop keystrokes, representing improved results for classifiers not utilising language models and the second best accuracy seen across all surveyed literature. When implemented on the Zoom-recorded data, the method resulted in 93% accuracy, an improved result for classifiers using such applications as attack vectors.

Research like this always begs the question, should you be worried about this? Most people have far more basic password problems to concern themselves with before fixing their noisy keyboards. However, all targets of cybercrime are not created equal, and there are nation state agencies willing to spend millions to compromise specific people. It is not difficult to imagine an intelligence agency using a technique like this, and it isn’t too far fetched for industrial espionage either.

As the reseachers point out, a deep learning engine trained on one laptop could probably guess passwords on other laptops of the same model, meaning “a successful attack on a single laptop could prove viable on a large number of devices.” A hint that techniques like this could even be commodified one day.

If you are concerned about this it’s worth noting that entering a password with a password manager makes almost no sound. However, if you think you’re genuinely at risk from techniques like this you should be looking beyond passwords at things like passkeys anyway.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 The sound of you typing on your keyboard could reveal your password 

SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application.



CVE-2023-42478

An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)

BeyondTrust is the worldwide leader in intelligent identity and access security, enabling organizations to protect identities, stop threats, and deliver dynamic access. We offer the only platform with both intelligent identity threat detection and a privilege control plane that delivers zero-trust based least privilege to shrink your attack surface and eliminate security blind spots.

*   Solutions
*   Services
*   Blog
*   Resources
*   Manage Cookies
*   Contact Us

*   Facebook
*   Twitter
*   LinkedIn

©2003-2023 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority. 11/30/2023

Top

CVE-2021-3187: Privilege Management Release Notes

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user.

CVE-2020-12613: Privilege Management Release Notes

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-49796: GitHub Security Lab (GHSL) Vulnerability Report: GHSL-2023-184

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

Two surveillance bills are barreling their way through the US House of Representatives this week. Both claim to achieve roughly the same goal: Enact sweeping reforms and save a dying surveillance program beleaguered by “persistent and widespread” abuse.

Under this program, Section 702, the US government collects hundreds of millions of phone calls, emails, and text messages each year. An inestimable chunk belongs to American citizens, permanent residents, and others in the United States neither suspected nor accused of any crime.

While both bills would extend the program’s life, only one of them can credibly lay claim to the title of reform. Legislation introduced last week by Representative Andy Biggs in the House Judiciary Committee would require the Federal Bureau of Investigation (FBI) to obtain warrants before accessing the communications of Americans collected under Section 702. The second bill, introduced by the House Intelligence Committee, contains no equivalent protection.

The House Judiciary Committee’s Protect Liberty and End Warrantless Surveillance Act (PLEWSA, unfortunately) secures a glaring loophole in US law that helps police and intelligence agencies buy their way around the Fourth Amendment by paying US companies for information that they’d otherwise demand a warrant to disclose. The House Intelligence Committee’s bill—the FISA Reform and Reauthorization Act, or FRRA—does nothing to address this privacy threat.

What the FRRA does appear to do, despite its name, is explode the number of companies the US government may compel to cooperate with wiretaps under Section 702. That was the assessment on Friday of Marc Zwillinger, amicus curiae to the Foreign Intelligence Surveillance Court of Review (FISCR). “These changes would vastly widen the scope of businesses, entities, and their affiliates who are eligible to be compelled to assist 702 surveillance,” Zwillinger wrote in an article with Steve Lane, a former Justice Department (DOJ) attorney.

Section 702 currently allows the government to compel a class of companies called “electronic communications providers” to collect communications. If the FRRA becomes law, according to Zwillinger, that category would be greatly expanded to include a slew of new businesses, including “data centers, colocation providers, business landlords, and shared workspaces,” as well as, he says, “hotels where guests connect to the internet.”

Congressional sources tell WIRED that officials at the DOJ, Department of Defense, and National Security Agency have been placing urgent calls directly to House lawmakers to oppose the PLEWSA and advance the FRRA—an effort, the sources say, being coordinated by White House advisers. Privately, some Democrats have been urged to help kill the “Jim Jordan bill,” an aide said, explaining the apparent jab is meant to frame an entirely bipartisan bill as an extreme Republican measure. (Jordan, the aide noted, is not the bill’s author and did not introduce it.) Regardless, a major chunk of the PLEWSA was cannibalized from privacy legislation with a record of broad bipartisan support, and particularly in the Senate, where top Democrat Chuck Schumer has previously lent his name to a bill banning police and intelligence agencies from buying people’s personal data.

The PLEWSA likewise exited the House Judiciary Committee last week with broad bipartisan support from both Jordan, the Republican chair, and Jerrold Nadler, its ranking Democrat.

Section 702 surveillance begins with monitoring the communications of foreigners believed to be located outside of the United States. Under these conditions, the US government can ignore most constitutional protections, wiretapping nearly any individual it deems likely to possess—or likely to possess in the future—information of intelligence value.

Correspondence between foreign targets and their lawyers, doctors, religious leaders, wives, husbands, and children are all open for collection, a fact that would not change if every one of them were a US citizen. Whatever calls, emails, or texts are intercepted as a result of targeting a foreigner under 702 are legally permissible, or “incidental,” in spy agency parlance.

Once that information is legally in the government’s possession, the use of it is subject to a different set of legal doctrines, many of which ignore the novel circumstances under which it was initially seized. A federal appeals court in 2021 described the “two-step” process by which communications may be seized under 702 and only years later dug up for an entirely different reason. The process on the whole is constitutional, it said, so long as each step “independently complies with the Fourth Amendment.” Under this logic, the FBI has been permitted to treat the private communications of Americans—secretly obtained during foreign surveillance—as roughly the equivalent of information it stumbles across in plain view.

How often Americans are targeted by Section 702 surveillance is a question that the government says it genuinely can’t answer. It does, however, disapprove of using the word “target” to describe Americans whose calls and texts are intercepted by US spies.

Congressional sources opposed to the FRRA, the House Intelligence Committee’s bill, say it reflects a deference toward executive power that has become customary among House and Senate intelligence staff. In arguing that constant experience has never shown secret agencies to be predisposed to self-restraint, a senior aide pointed to the case of an intelligence analyst caught abusing 702 data for “online dating” purposes last year. It had recently been confirmed, they said, that the analyst had not been fired.

“The Intelligence Committee’s ‘FISA Reform and Reauthorization Act’ may have the word ‘reform’ in its name, but the bill’s text proves otherwise,” says Representative Zoe Lofgren. “Congress must not green-light another major surveillance reauthorization without enacting surveillance reform measures that curb abuses and protect Americans’ civil liberties."

Talking points obtained by WIRED that were being circulated over the weekend by critics of the PLEWSA bill’s deeper reforms allude to the “grave damage” it poses to national security. Supporters of the FRRA bill have dubiously credited the 702 with halting “another 9/11.” But the PLEWSA bill strikes an appreciable balance between privacy and security for a surveillance authority aimed at foiling tier-one threats. It contains clear caveats to help the government advance investigations of cybercrime and exigencies for most immediate, violent threats.

Sources say both the PLEWSA and the FRRA could receive a floor vote as early as Tuesday under rarely prescribed Queen-of-the-Hill rules—meaning, in short, that the bill with the greatest number of supporters might ultimately carry the day.

Congress Clashes Over the Future of America’s Section 702 Spy Program

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.


Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

**Package**

pip mindsdb (pip)

**Affected versions**

23.7.4.1

**Patched versions**

23.11.4.1

**Description**

**Impact**

Issue 1: SSRF in file.py (GHSL-2023-182)

**Patches**

Use mindsdb staging branch or v23.11.4.1

**References**

SSRF prevention cheatsheet.

Tag

#intel