It was discovered that the eBPF implementation in the Linux kernel
contained a race condition around read-only maps. A privileged attacker
could use this to modify read-only maps. (CVE-2021-4001)

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

Yang Lan discovered that the GFS2 file system implementation in the Linux
kernel could attempt to dereference a null pointer in some situations. An
attacker could use this to construct a malicious GFS2 image that, when
mounted and operated on, could cause a denial of service (system crash).
(CVE-2023-3212)

Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)

Read More

It was discovered that the IPv6 implementation in the Linux kernel
contained a high rate of hash collisions in connection lookup table. A
remote attacker could use this to cause a denial of service (excessive CPU
consumption). (CVE-2023-1206)

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)

It was discovered that the IPv6 RPL protocol implementation in the Linux
kernel did not properly handle user-supplied data. A remote attacker could
use this to cause a denial of service (system crash). (CVE-2023-2156)

Davide Ornaghi discovered that the DECnet network protocol implementation
in the Linux kernel contained a null pointer dereference vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. Please note that kernel support for the
DECnet has been removed to resolve this CVE. (CVE-2023-3338)

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel
did not properly validate command payload size, leading to a out-of-bounds
read vulnerability. A remote attacker could possibly use this to cause a
denial of service (system crash). (CVE-2023-38432)

It was discovered that the NFC implementation in the Linux kernel contained
a use-after-free vulnerability when performing peer-to-peer communication
in certain conditions. A privileged attacker could use this to cause a
denial of service (system crash) or possibly expose sensitive information
(kernel memory). (CVE-2023-3863)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
did not properly validate a buffer size in certain situations, leading to
an out-of-bounds read vulnerability. A remote attacker could use this to
cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-3865)

Laurence Wit discovered that the KSMBD implementation in the Linux kernel
contained a null pointer dereference vulnerability when handling handling
chained requests. A remote attacker could use this to cause a denial of
service (system crash). (CVE-2023-3866)

It was discovered that the Siano USB MDTV receiver device driver in the
Linux kernel did not properly handle device initialization failures in
certain situations, leading to a use-after-free vulnerability. A physically
proximate attacker could use this cause a denial of service (system crash).
(CVE-2023-4132)

Andy Nguyen discovered that the KVM implementation for AMD processors in
the Linux kernel with Secure Encrypted Virtualization (SEV) contained a
race condition when accessing the GHCB page. A local attacker in a SEV
guest VM could possibly use this to cause a denial of service (host system
crash). (CVE-2023-4155)

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-4194)

Maxim Suhanov discovered that the exFAT file system implementation in the
Linux kernel did not properly check a file name length, leading to an out-
of-bounds write vulnerability. An attacker could use this to construct a
malicious exFAT image that, when mounted and operated on, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2023-4273)

Thelford Williams discovered that the Ceph file system messenger protocol
implementation in the Linux kernel did not properly validate frame segment
length in certain situation, leading to a buffer overflow vulnerability. A
remote attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code. (CVE-2023-44466)

Read More

USN-6414-1 and USN-6378-1 fixed CVE-2023-43665 and CVE-2023-41164 in Django,
respectively. This update provides the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

Wenchao Li discovered that the Django Truncator function incorrectly
handled very long HTML input. A remote attacker could possibly use this
issue to cause Django to consume resources, leading to a denial of service.

It was discovered that Django incorrectly handled certain URIs with a very
large number of Unicode characters. A remote attacker could possibly use
this issue to cause Django to consume resources or crash, leading to a
denial of service.

Read More

Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD
processors utilising speculative execution and branch prediction may allow
unauthorised memory reads via a speculative side-channel attack. A local
attacker could use this to expose sensitive information, including kernel
memory. (CVE-2023-20569)

Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem
discovered that the InfiniBand RDMA driver in the Linux kernel did not
properly check for zero-length STAG or MR registration. A remote attacker
could possibly use this to execute arbitrary code. (CVE-2023-25775)

It was discovered that the USB subsystem in the Linux kernel contained a
race condition while handling device descriptors in certain situations,
leading to a out-of-bounds read vulnerability. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-37453)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel contained a null pointer dereference vulnerability in some
situations. A local privileged attacker could use this to cause a denial of
service (system crash). (CVE-2023-3772)

Lin Ma discovered that the Netlink Transformation (XFRM) subsystem in the
Linux kernel did not properly initialize a policy data structure, leading
to an out-of-bounds vulnerability. A local privileged attacker could use
this to cause a denial of service (system crash) or possibly expose
sensitive information (kernel memory). (CVE-2023-3773)

Kyle Zeng discovered that the netfiler subsystem in the Linux kernel did
not properly calculate array offsets, leading to a out-of-bounds write
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-42753)

Bing-Jhong Billy Jheng discovered that the Unix domain socket
implementation in the Linux kernel contained a race condition in certain
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4622)

Budimir Markovic discovered that the qdisc implementation in the Linux
kernel did not properly validate inner classes, leading to a use-after-free
vulnerability. A local user could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2023-4623)

Read More

FEDORA-EPEL-2023-0e8bb46da1

Packages in this update:

python-waitress-1.4.4-8.el9

Update description:

Security update to fix CVE-2022-24761.

Read More

What is Progress Software WS_FTP?

WS_FTP is a secure file transfer client and server software package from Ipswitch, which is now a part of Progress Software.

What is the Attack?

CVE-2023-40044 is a .NET deserialization vulnerability that affects WS_FTP Server versions prior to 8.7.4 and 8.8.2 with the Ad Hoc Transfer module installed. Successful exploitation of the vulnerability allows unauthenticated attackers to remotely execute commands on the underlying operating system via a specially crafted HTTP request.

CVE-2023-40044 has a CVSS score of 10 (maximum score) and is rated “critical” by Progress Software.

Why is this Significant?

This is significant because CVE-2023-40044 is reportedly being exploited in the wild. With Proof-of-Concept (PoC) being publicly available, attacks that leverage the vulnerability are expected to increase.

FortiGuard Labs recommends that users of vulnerable WS_FTP servers apply the patch as soon as possible.

What is the Vendor Solution?

Progress Software released a patch for CVE-2023-40044 on September 27, 2023.

Progress Software also published patches for other WS_FTP vulnerabilities, including one other critical security bug (CVE-2023-42657), in the same release.

What FortiGuard Coverage is available?

FortiGuard Labs is currently investigating coverage feasibility and will update this Threat Signal once relevant information becomes available.

Read More

FEDORA-2023-1f5f7b9b92

Packages in this update:

thunderbird-115.3.1-1.fc38

Update description:

Rebase / Update to 115.3.1 ;
https://www.thunderbird.net/en-US/thunderbird/115.0/whatsnew/ ;
https://support.mozilla.org/en-US/kb/thunderbird-115-supernova-faq ;
https://www.thunderbird.net/en-US/thunderbird/115.2.3/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/115.3.0/releasenotes/ ;
https://www.thunderbird.net/en-US/thunderbird/115.3.1/releasenotes/

Read More

It was discovered that GNU binutils was not properly performing checks
when dealing with memory allocation operations, which could lead to
excessive memory consumption. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.
(CVE-2017-17122, CVE-2017-8421)

It was discovered that GNU binutils was not properly performing bounds
checks when processing debug sections with objdump, which could lead to
an overflow. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu
14.04 LTS. (CVE-2018-20671, CVE-2018-6543)

It was discovered that GNU binutils contained a reachable assertion, which
could lead to an intentional assertion failure when processing certain
crafted DWARF files. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2022-35205)

It was discovered that GNU binutils incorrectly handled memory management
operations in several of its functions, which could lead to excessive
memory consumption due to memory leaks. An attacker could possibly use
these issues to cause a denial of service.
(CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011)

It was discovered that GNU binutils was not properly performing bounds
checks when dealing with memory allocation operations, which could lead
to excessive memory consumption. An attacker could possibly use this issue
to cause a denial of service. (CVE-2022-48063)

Read More

Wenchao Li discovered that the Django Truncator function incorrectly
handled very long HTML input. A remote attacker could possibly use this
issue to cause Django to consume resources, leading to a denial of service.

Read More

The ‘sReferencia’, ‘sDescripcion’, ‘txtCodigo’ and ‘txtDescripcion’ parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.

Read More