chromium-114.0.5735.133-1.fc37
Update to 114.0.5735.133. Fixes the following security issues:
CVE-2023-3214, CVE-2023-3215, CVE-2023-3215, CVE-2023-3217,
chromium-114.0.5735.133-1.el7
Update to 114.0.5735.133. Fixes the following security issues:
CVE-2023-3214, CVE-2023-3215, CVE-2023-3215, CVE-2023-3217,
chromium-114.0.5735.133-1.fc38
Update to 114.0.5735.133. Fixes the following security issues:
CVE-2023-3214, CVE-2023-3215, CVE-2023-3215, CVE-2023-3217,
Jurien de Jong discovered that the parsing of KeyInfo elements within the
XMLTooling library may result in server-side request forgery.
Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.
wabt-1.0.33-1.fc38
Latest stable release. Full upstream changelog: https://github.com/WebAssembly/wabt/compare/1.0.32…1.0.33 .
Fixes CVE-2023-27116, CVE-2023-30300 and CVE-2023-31669.
What is Barracuda Email Security Gateway Appliance (ESG)?
The Barracuda Email Security Gateway Appliance is an email security solution that monitors and filters inbound and outbound emails for unwanted content such as spam and malware.
What is the Attack?
The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives) and their names. An attacker can leverage these file names in a specific manner to allow for remote command execution (RCE).
Why is this Significant?
This is significant because CVE-2023-2868 was exploited as early as October 2022 for backdoor deployment according to reports. CISA has already added the vulnerability on its Known Exploited Vulnerabilities (KEV) catalog due to observed active exploitation in the wild.
What is the Vendor Solution?
Although a patch to address the vulnerability was released, the vendor recommends replacing all impacted devices regardless of patch level.
What FortiGuard Coverage is available?
FortiGuard Labs released an IPS signature “Barracuda.Email.Security.Gateway.Tar.File.Command.Injection” for CVE-2023-2868.
Some of the reported file IOCs are detected as Linux/SaltWater.A!tr, ELF/Vigorf.A!tr, and Data/ESG.ADA0!tr.
All network IOCs in the security advisory are blocked by the Webfiltering client.
Is Mitigation Available?
The Barracuda security advisory provides mitigation methods. Please refer to the Appendix for a link to “Barracuda Email Security Gateway Appliance (ESG) Vulnerability”.
FortiGuard Labs is aware of recent reports of a new APT group called Cadet Blizzard. Most recent notable attacks attributed to this group were the 2022 WhisperGate MBR wiping attacks along with the various destructive/defacement of websites of various organizations within Ukraine.have also been observed in Central Asia, Europe and Latin America. Cadet Blizzard uses known living off the land techniques to perform lateral movement to essentially cause damage, destruction and downtime to victims targeted.What is the Modus Operandi?Cadet Blizzard has been observed performing data exfiltration/wiping, defacement, destruction and espionage against victims. The leaking of sensitive data has been observed as well to create further chaos and pain points for victims already crippled by the threat actor.Cadet Blizzard leverages an arsenal of tools used to conduct operations, including known living off the land techniques. Observed tactics were the usage of various vulnerabilities, specifically:CVE-2021-26084 – which is a Confluence OGNL web injection vulnerability that allows for arbitrary code execution (ACE).CVE-2022-41040 – ProxyNotShell was (at the time) a zero day vulnerability in Microsoft Exchange that allowed for remote command execution (RCE). CVE-2021-34473 – ProxyShell, similar to ProxyNotShell was a vulnerability in Microsoft Exchange that allow for remote command execution (RCE). Both ProxyShell and ProxyNotShell vulnerabilities are similar, whereas ProxyNotShell requires authentication. Other TTPs observed were the usage of known commodity and custom web shells, credential harvesting, evasion, privilege escalation, registry dumping and lateral movement attacks. Finally, exfiltrated data containing sensitive documentation was leaked to various Darkweb (TOR) and Telegram sites compounding further damage to the victim.Is DEV-0586 the Same Threat Actor as Cadet Blizzard?Yes.What Regions were Targeted?According to the report – besides Ukraine, parts of Central Asia, Europe and Latin America have been targeted.What Sectors were Targeted?Government, non-government (NGOs) and information technology sectors.What is the Status of Coverage?FortiGuard Customers running the latest definitions are protected by the following (AV) signatures:JS/ReGeorg.B!trPHP/WebShell.NIB!trJS/WebShell.0DD2!trPHP/WebShell.NAF!trPHP/Kryptik.AJ!trFortiGuard customers running the latest definitions are protected by the following (IPS) signatures:For CVE-2021-26084:Atlassian.Confluence.CVE-2021-26084.Remote.Code.ExecutionFor both ProxyShell CVE-2021-34473 and ProxyNotShell CVE-2022-41040:MS.Exchange.Server.Autodiscover.Remote.Code.Execution For further detailed protections on ProxyNotShell, please refer to our Outbreak Alert page:Microsoft Exchange ProxyNotShell Vulnerabilities
This is just crazy:
Scientists don’t yet know for sure why octopuses, and other shell-less cephalopods including squid and cuttlefish, are such prolific editors. Researchers are debating whether this form of genetic editing gave cephalopods an evolutionary leg (or tentacle) up or whether the editing is just a sometimes useful accident. Scientists are also probing what consequences the RNA alterations may have under various conditions.
I sometimes think that cephalopods are aliens that crash-landed on this planet eons ago.
Another article.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in
the netfilter subsystem of the Linux kernel when processing batch requests,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-32233)
Gwangun Jung discovered that the Quick Fair Queueing scheduler
implementation in the Linux kernel contained an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)
Reima Ishii discovered that the nested KVM implementation for Intel x86
processors in the Linux kernel did not properly validate control registers
in certain situations. An attacker in a guest VM could use this to cause a
denial of service (guest crash). (CVE-2023-30456)
It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux
kernel did not properly perform data buffer size validation in some
situations. A physically proximate attacker could use this to craft a
malicious USB device that when inserted, could cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1380)
William Zhao discovered that the Traffic Control (TC) subsystem in the
Linux kernel did not properly handle network packet retransmission in
certain situations. A local attacker could use this to cause a denial of
service (kernel deadlock). (CVE-2022-4269)
It was discovered that the io_uring subsystem in the Linux kernel did not
properly perform file table updates in some situations, leading to a null
pointer dereference vulnerability. A local attacker could use this to cause
a denial of service (system crash). (CVE-2023-1583)
It was discovered that a race condition existed in the btrfs file system
implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly expose sensitive information. (CVE-2023-1611)
It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)
It was discovered that the APM X-Gene SoC hardware monitoring driver in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or expose sensitive information (kernel memory).
(CVE-2023-1855)
It was discovered that a race condition existed in the Xen transport layer
implementation for the 9P file system protocol in the Linux kernel, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (guest crash) or expose sensitive information (guest
kernel memory). (CVE-2023-1859)
It was discovered that a race condition existed in the Bluetooth HCI SDIO
driver, leading to a use-after-free vulnerability. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-1989)
It was discovered that the ST NCI NFC driver did not properly handle device
removal events. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2023-1990)
It was discovered that the SLIMpro I2C device driver in the Linux kernel
did not properly validate user-supplied data in some situations, leading to
an out-of-bounds write vulnerability. A privileged attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-2194)
It was discovered that the perf subsystem in the Linux kernel contained a
use-after-free vulnerability. A privileged local attacker could possibly
use this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2023-2235)
Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu
Linux kernel contained a race condition when handling inode locking in some
situations. A local attacker could use this to cause a denial of service
(kernel deadlock). (CVE-2023-2612)
It was discovered that a race condition existed in the TLS subsystem in the
Linux kernel, leading to a use-after-free or a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)
It was discovered that the Bluetooth subsystem in the Linux kernel did not
properly initialize some data structures, leading to an out-of-bounds
access vulnerability in certain situations. An attacker could use this to
expose sensitive information (kernel memory). (CVE-2023-28866)
It was discovered that the DA9150 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-30772)
It was discovered that the Qualcomm EMAC ethernet driver in the Linux
kernel did not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33203)
It was discovered that the BQ24190 charger driver in the Linux kernel did
not properly handle device removal, leading to a user-after free
vulnerability. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-33288)
