Red Hat Security Advisory 2023-3429-02 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3429-02  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3429  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux  
8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
cups-filters-1.20.0-18.el8_1.1.src.rpm

aarch64:  
cups-filters-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-debuginfo-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-debugsource-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-libs-1.20.0-18.el8_1.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-18.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53jtzjgjWX9erEAQh0vg//UBqwZMmzLAZt1mOBI3HSkj041LcSFG7w  
s70FPF3/KUdtxYcZvwVLWt4J4HdUSXIfgh9hY1ZLfOhbYtRmel32GWUAqM6RK1nX  
U4ZXwDF+wSF1bxyybzMnCRUFifHM6ACNfqZUxZ8GTy7zG9r8LAN0k76y5DxfmiHg  
RJFowO6p4aCQDPqU1X0GxFre9D99YSrhMKeefzF0cmFF1QPpdWPgRIy6pkzJ+cK1  
WG1pF6c+/F6RrubW3nyubLFkMnlLe6/KAgG5pub8iuGpUNqC0EF85hOnigA8S6qH  
3XzVBAz52WIErT69CHTqv+c/EIZJNME69fTDNFqegwOzCu8sCX2iXmaaaMF21okf  
NoJqS5OeizkKMndAwMPAp4JxNg9n+HNDrfLTDsdVkNJi8TBYh4ODzJEgy9WWciwB  
mxp5lFtzHDt4K/4HiI74FltUPK3LhtS8c8tRP9f/BCBIIMmdi/Fvhta+RgKinoLP  
tW3b+/oO4Lqmat16YzsnjQsCSkowxUYPdKwOtlXN1q9fH2O7G8zeXPB2fewGyyoj  
c/qn1sO4iTEiB8CStxStNIqjIjux4O4qNmPbZN9iLwRZRo/1DT/8Gzz1aFRiJdQo  
31wetgcMa+kdiYQcwl5J6BXFmJsfIW6FQ3hxgiF0fzcaMKApbz3+sBfSj+BiPAEX  
vAPD413QGSM=  
=n2OG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3429-02

Red Hat Security Advisory 2023-3426-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3426-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3426  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
cups-filters-1.20.0-27.el8_6.1.src.rpm

aarch64:  
cups-filters-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-libs-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.aarch64.rpm

ppc64le:  
cups-filters-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-libs-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.ppc64le.rpm

s390x:  
cups-filters-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-libs-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.s390x.rpm

x86_64:  
cups-filters-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-libs-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-libs-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
cups-filters-debuginfo-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-devel-1.20.0-27.el8_6.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.aarch64.rpm

ppc64le:  
cups-filters-debuginfo-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-devel-1.20.0-27.el8_6.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.ppc64le.rpm

s390x:  
cups-filters-debuginfo-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-devel-1.20.0-27.el8_6.1.s390x.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.s390x.rpm

x86_64:  
cups-filters-debuginfo-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-debuginfo-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-debugsource-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-devel-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-devel-1.20.0-27.el8_6.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.i686.rpm  
cups-filters-libs-debuginfo-1.20.0-27.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53idzjgjWX9erEAQjZkBAAjSU8LLexSMogtklvpt2bwIPMJ0VhwOO1  
cHdus8qf3zb0Q2bjUP9ctvszvw0w5wB+lGc5TUH5F1Ta16IF1PwIMA0z1Z4kKK8P  
RSl46e5Zu2jTLMDm1yTWgUx8/v2xFPtRqhSNA+rLoUf2k9Sw/2mQmZgC3voxOTPM  
T4C3nIDxKzl2sjasqTKhFwPCV9/ZhVdyE6aHAewKLoDJMG7tnSRk1T7QVO1HVrl4  
j9PHkPOU2A3RpTUSc/8sdOZdkMrv0AFnL6yKHC0F+LXj+owlL3ljRUMUcl60oVXe  
xpoqYlL7b06sDjgA6DTSvCvAzqDmbZzhiod3rE4j7PVfAMS3aCmXSLFOtJ6qz7yK  
o/vr9wwTM6+FbWK35YZ1Pqp0bvXTNQqDZvKjU9w3aTlKqCvOw18Idaby+int4X6h  
SwlEUqdAoR/UULAV3RbLglK8vpCWcU7GaZ0xmkkUOgpHjxsEJDmGSrrRaBdRJgiS  
Kzmjj444mg+WrcUm1vbpODconrQogYwkbuQbevguy3xhOncnHvh2QN2Ob9vAjnmR  
Bhm3SUKPPGhaNexz7Jyws0f4HTdX405Lj1kSMHKtUuMjZDPUhc22NfbFr9fLYuM1  
1m70sdbiOx/gTU4gkOH4w1HZWBatoiU2+A8clKLHFYwK4u8z/Y+LCxLkb71PvpLv  
Bz0N1wGrSUQ=  
=eBnj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3426-01

Red Hat Security Advisory 2023-3423-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: cups-filters security update  
Advisory ID:       RHSA-2023:3423-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3423  
Issue date:        2023-06-02  
CVE Names:         CVE-2023-24805   
=====================================================================

1. Summary:

An update for cups-filters is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The cups-filters package contains back ends, filters, and other software  
that was once part of the core Common UNIX Printing System (CUPS)  
distribution but is now maintained independently.

Security Fix(es):

* cups-filters: remote code execution in cups-filters, beh CUPS backend  
(CVE-2023-24805)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
cups-filters-1.28.7-11.el9_2.1.src.rpm

aarch64:  
cups-filters-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-libs-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.aarch64.rpm

ppc64le:  
cups-filters-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-libs-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.ppc64le.rpm

s390x:  
cups-filters-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-libs-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.s390x.rpm

x86_64:  
cups-filters-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-libs-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-libs-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
cups-filters-debuginfo-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-devel-1.28.7-11.el9_2.1.aarch64.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.aarch64.rpm

ppc64le:  
cups-filters-debuginfo-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-devel-1.28.7-11.el9_2.1.ppc64le.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.ppc64le.rpm

s390x:  
cups-filters-debuginfo-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-devel-1.28.7-11.el9_2.1.s390x.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.s390x.rpm

x86_64:  
cups-filters-debuginfo-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-debuginfo-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-debugsource-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-devel-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-devel-1.28.7-11.el9_2.1.x86_64.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.i686.rpm  
cups-filters-libs-debuginfo-1.28.7-11.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24805  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH53hdzjgjWX9erEAQibwg/+P5bnqCe3Ck5cAymznC4AUgQVROCSt0Y1  
l1EiVE+63qLI+FMGMHzV54eX7mh4qew5+xggvHFnU5P1+3Eud4v3Ti3f7FgK5FE/  
NcWy/sQ5r5DKyiEafSAiDb2ndwAXWj6/i4546sslRlP3ojEgEjetk/F6U9FXRZzL  
FVFI0hLnTwiMBp9cb0fEnAaJAafe4WMTYquDwUWClLfoR8J7RI65zwQ6lCIUn75C  
twPY256s1CkBtbsXVMMfSRtsjF0tYr9YVyANA1Aoi6sLwSM4YPS2MPZ/eF34aHUf  
pAlzoY9KQs5OPdfrfjM8ia3FoJvZ72vD0SHgdFdOxl76kX3zqBX2gGUsWDXIl9pj  
Qj6h+MmnbhPw1l3PP1/M7jRJBqjbdqLUi7EajkFE4XL9mKqzCz7KyXKQRyKYQER5  
xtxFPeZ1MgFRI5cMSUMD0W18AXdDzXcYt9EPIaMtjbD9uja9UXGK5x5Rm0jPMvJl  
ir9xjqUQpyrF561Ak4O9CWLyCP/Q4uMlJM0bpdZFxdh7JSLCumcODghf2YReVmM5  
dsWpo2SYsmZjaeFe9hvVOOIPJgZ0nzqJYR0WwRTdkozrvykz+TU5/yORjP0DQ7gc  
yUWApT92sfHjka1bKlVcFJ5OdCJeS8FL9w4cb6Z/IsRgjKLXu6OioflJ3XzMB/Ug  
/+ReIxiDzR8=  
=I6q7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3423-01

Landscape allowed URLs which caused open redirection.

**Open redirection vulnerability**

Bug #1929620 reported by Anton on 2021-05-25

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

Landscape Server

Fix Released

High

Simon Poirier

Landscape Server 19.10.5

**Bug Description**

Open redirect is possible using request path /redirect?next\_url=/\\example.com.  
This can be used to perform phishing campaigns in order to obtain landscape credentials, that further can be used to RCE on multiple endpoints registered in the victim's Landscape account.

CVE-2023-32551: Bug #1929620 “Open redirection vulnerability” : Bugs : Landscape Server

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator.

Hi team!

Landscape API Access and Secret keys are generated using python random.choice() function:  
/opt/canonical/landscape/canonical/lib/credentials.py

import random  
import string

\_\_all\_\_ = \["create\_access\_key", "create\_secret\_key"\]

def create\_access\_key():  
    """Create a randomly generated 20 character access key."""  
    key\_choice = string.uppercase + string.digits  
    key = \[\]  
    for i in xrange(20):  
        key.append(random.choice(key\_choice))  
    return "".join(key)

def create\_secret\_key():  
    """Create a randomly generated 40 character access secret."""  
    secret\_choice = (  
        string.uppercase + string.lowercase + string.digits + "+/")  
    secret = \[\]  
    for i in xrange(40):  
        secret.append(random.choice(secret\_choice))  
    return "".join(secret)

Python random module uses the Mersenne Twister as the core generator. As it is a pseudo-random numbers generator it is not suitable for generating secrets.  
From https://docs.python.org/2/library/random.html:  
Warning The pseudo-random generators of this module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

The same function (random.choice()) used to generate password recovery token:  
/opt/canonical/landscape/canonical/lib/text.py

...  
import string  
import random  
...  
def make\_secure\_id(length=64):  
    choices = string.digits + string.letters  
    return "".join(random.choice(choices) for \_ in xrange(length))  
...

In theory, it is possible to collect as much data as needed to obtain the state of the Mersenne Twister matrix and, afterwards, predict the next values of the generator. A related technique is described on https://github.com/tna0y/Python-random-module-cracker. It can be used to obtain the password reset token of the admin account or try to retrieve API tokens.

To get generated password reset tokens attacker can register a new account using '/new-standalone-user' endpoint using the email address he controls (no rights needed) and then use reset password functionality on '/forgot-my-passphrase' endpoint.

Impact  
Compromising admin account or obtaining secret API keys which can be used to RCE on multiple hosts registered in organisation.

Mitigation  
Use os.urandom() or SystemRandom functions to generate secret tokens.

CVE-2023-32549: Bug #1929034 “Landscape insecure tokens generation” : Bugs : Landscape Server

In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588531; Issue ID: ALPS07588531.

CVE-2023-20727: June 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a

Network Security / Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a denial-of-service (DoS) condition and remote code execution.

Patches to plug the security holes were released by Zyxel on May 24, 2023. The following list of devices are affected -

*   ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
*   USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
*   USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
*   VPN (versions ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
*   ZyWALL/USG (versions ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)

While the exact nature of the attacks is unknown, the development comes days after another flaw in Zyxel firewalls (CVE-2023-28771) has been actively exploited to ensnare susceptible devices into a Mirai botnet.

UPCOMING WEBINAR

🔐 Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

Federal Civilian Executive Branch (FCEB) agencies are required to remediate identified vulnerabilities by June 26, 2023, to secure their networks against possible threats.

Zyxel, in a new guidance issued last week, is also urging customers to disable HTTP/HTTPS services from WAN unless "absolutely" required and disable UDP ports 500 and 4500 if not in use.

The development also comes as the Taiwanese company fixes for two flaws in GS1900 series switches (CVE-2022-45853) and 4G LTE and 5G NR outdoor routers (CVE-2023-27989) that could result in privilege escalation and denial-of-service (DoS).

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Zyxel Firewalls Under Attack! Urgent Patching Required

The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution.

**Brook's tproxy server is vulnerable to a drive-by command injection.**

Critical severity GitHub Reviewed Published May 30, 2023 in txthinking/brook • Updated Jun 6, 2023

GHSA-vfrj-fv6p-3cpf: Brook's tproxy server is vulnerable to a drive-by command injection.






In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it, which can lead to remote code execution.







CVE-2023-32628

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes when viewing a manipulated record. This issue has been addressed in commit `ec117882d` which is expected to be included in subsequent releases. Users are advised to limit access to untrusted users until a new release is made.

Expand Up

@@ -199,11 +199,13 @@ def to\_permitted\_param

def fill\_field(model, key, value, params)

return model unless model.methods.include? key.to\_sym

  

valid\_model\_class \= valid\_polymorphic\_class params\["#{polymorphic\_as}\_type"\]

  

if polymorphic\_as.present?

model.send("#{polymorphic\_as}\_type=", params\["#{polymorphic\_as}\_type"\])

model.send("#{polymorphic\_as}\_type=", valid\_model\_class)

  

\# If the type is blank, reset the id too.

if params\["#{polymorphic\_as}\_type"\].blank?

if valid\_model\_class.blank?

model.send("#{polymorphic\_as}\_id=", nil)

else

model.send("#{polymorphic\_as}\_id=", params\["#{polymorphic\_as}\_id"\])

Expand All

@@ -215,6 +217,12 @@ def fill\_field(model, key, value, params)

model

end

  

def valid\_polymorphic\_class(possible\_class)

types.find do |type|

type.to\_s == possible\_class.to\_s

end

end

  

def database\_id

\# If the field is a polymorphic value, return the polymorphic\_type as key and pre-fill the \_id in fill\_field.

return "#{polymorphic\_as}\_type" if polymorphic\_as.present?

Expand Down

Tag

#rce