SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection.

CVE-2021-45041: 8.0 Releases

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

**Conversation**

![@socram8888](https://avatars.githubusercontent.com/u/515068?s=88&u=c808dd61db01a5de45763b10ff27fec126eb22d5&v=4)

According to the official Microsoft MS-SMB2 document section 3.3.5.4, this  
flag should be used only for 3.0 and 3.0.2 dialects. Setting it for 3.1.1 is  
a violation of the specification.

This caused Windows 10 to detect a mistake in the protocol, and disable  
encryption despite being enabled in the settings.

![@hclee](https://avatars.githubusercontent.com/u/3643784?s=88&u=63affffaafd8508c0b29b785bc936f82912bda07&v=4)

Copy link

Member

**![@hclee](https://avatars.githubusercontent.com/u/3643784?s=60&u=63affffaafd8508c0b29b785bc936f82912bda07&v=4) **hclee** commented Dec 15, 2021**

![namjaejeon](https://avatars.githubusercontent.com/u/13989893?s=60&v=4)

@@ -323,9 +323,6 @@ int init\_smb3\_11\_server(struct ksmbd\_conn \*conn)

if (server\_conf.flags & KSMBD\_GLOBAL\_FLAG\_SMB2\_LEASES)

conn->vals\->capabilities |= SMB2\_GLOBAL\_CAP\_LEASING;

  

if (conn->cipher\_type)

conn->vals\->capabilities |= SMB2\_GLOBAL\_CAP\_ENCRYPTION;

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

Is this the root cause of your encryption problem?

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

Yes.

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

Okay, Looks great!

![namjaejeon](https://avatars.githubusercontent.com/u/13989893?s=60&v=4)

\* SMB 3.1.1 uses the cipher\_type field.

\*/

encrequested = conn->cipher\_type ||

(conn->vals\->capabilities & SMB2\_GLOBAL\_CAP\_ENCRYPTION);

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

we don't need to use encrequested variable.

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

I created the variable to make clearer the conditions on which the encryption applied, since there were already a sizeable amount of operands in the if statement.

Mixing complex and, ors and bit-twiddling in the same if would be a big no for me since it requires thinking about C's operand priorities, but if you'd prefer I can change it.

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

I've moved the logic into a function, which makes it IMHO clearer and reduces duplicate code.

I'll send it now to the LKML for further review.

![@socram8888](https://avatars.githubusercontent.com/u/515068?s=40&v=4)

According to the official Microsoft MS-SMB2 document section 3.3.5.4, this
flag should be used only for 3.0 and 3.0.2 dialects. Setting it for 3.1.1 is
a violation of the specification.

![namjaejeon](https://avatars.githubusercontent.com/u/13989893?s=60&v=4)

\*

\* Return: true if should be encrypted, else false

\*/

static bool should\_encrypt(struct ksmbd\_conn \*conn)

**Choose a reason for hiding this comment**

The reason will be displayed to describe this comment to others. Learn more.

I don't like this naming sense. how about smb3\_encryption\_negotiated()

![@socram8888](https://avatars.githubusercontent.com/u/515068?s=88&u=c808dd61db01a5de45763b10ff27fec126eb22d5&v=4)

I've just sent the patch to the LKML, so I am gonna close this PR :)

CVE-2021-45100: Do not set SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1. Fixes #550 by socram8888 · Pull Request #551 · cifsd-team/ksmbd

A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.

**LAST UPDATED: DEC 10, 2021**

**Release Date:** December 10, 2021

**Trend Micro Vulnerability Identifier:** CVE-2021-44023

**Platform(s):** Windows OS

**CVSS 3.0 Score:** 2.8 (Low)

**Summary**

Trend Micro has released an updated version of the Trend Micro Security 2021 consumer family of products. This update resolves a link following denial-of-service (DoS) vulnerability.

**Affected version(s)**

PRODUCT

AFFECTED VERSION(S)

PLATFORM

LANGUAGE(S)

Premium Security

2021 (v17) and below

Microsoft Windows

English

Maximum Security

2021 (v17) and below

Microsoft Windows

English

Internet Security

2021 (v17) and below

Microsoft Windows

English

Antivirus+ Security

2021 (v17) and below

Microsoft Windows

English

**Solution**

Trend Micro has released a version to resolve this issue:

PRODUCT

AFFECTED VERSION(S)

PLATFORM

LANGUAGE(S)

All version above

2022 (v17.7)

Microsoft Windows

English

**Vulnerability Details**

This updated version resolves a vulnerability in the product that could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.

Trend Micro has received no reports nor is aware of any actual attacks against the affected products related to this vulnerability at this time.

**Acknowledgment**

Trend Micro would like to thank **Michael DePlante (@izobashi)** of **Trend Micro Zero Day Initiative)**, for responsibly disclosing this issue and working with Trend Micro to help protect our customers.

**Additional Assistance**

Customers who have questions are encouraged to contact Trend Micro technical support for further assistance.

**External Reference**

*   ZDI-CAN-14587

How helpful was this article?

*   It wasn't helpful at all.
*   Somewhat helpful.
*   Just okay.
*   It was somewhat helpful.
*   It was helpful.

*   \*Feedback submitted will only be used as reference for future product, service and article improvements.

CVE-2021-44023: Security Bulletin: Trend Micro Maximum Security Link Following Denial-of-Service Vulnerability

Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222.

CVE-2021-43236

Microsoft PowerShell Spoofing Vulnerability

CVE-2021-43896

Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309.

CVE-2021-42294

Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889.

CVE-2021-42315

Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.

CVE-2021-42320

Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889.

CVE-2021-42313

Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889.

Tag

#microsoft