In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
Yearly Archives: 2023
CVE-2020-27213
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.
IZ1H9 Botnet Targets IoT Devices With New Exploits
FortiGuard Labs said the new campaign incorporates 13 distinct payloads
Flagstar Bank MOVEit Breach Affects 800K Customer Records
The incident occurred between May 27 and 31 2023, before MOVEit Transfer vulnerability was publicly disclosed
The Crucial Role of Cybersecurity for U.S. Election Offices
U.S. election offices can’t always afford to buy what they need for effective cybersecurity. Here’s how CIS can help.
USN-6426-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
USN-6425-1: Samba vulnerabilities
Sri Nagasubramanian discovered that the Samba acl_xattr VFS module
incorrectly handled read-only files. When Samba is configured to ignore
system ACLs, a remote attacker could possibly use this issue to truncate
read-only files. (CVE-2023-4091)
Andrew Bartlett discovered that Samba incorrectly handled the DirSync
control. A remote attacker with an RODC DC account could possibly use this
issue to obtain all domain secrets. (CVE-2023-4154)
Andrew Bartlett discovered that Samba incorrectly handled the rpcecho
development server. A remote attacker could possibly use this issue to
cause Samba to stop responding, resulting in a denial of service.
(CVE-2023-42669)
Kirin van der Veer discovered that Samba incorrectly handled certain RPC
service listeners. A remote attacker could possibly use this issue to cause
Samba to start multiple incompatible RPC listeners, resulting in a denial
of service. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-42670)
#CyberMonth: Google Makes Passkeys Default Sign-In Option
The tech giant said the move is designed to help efforts to make passwords obsolete
Hacktivists send fake nuclear attack warning via Israeli Red Alert app
Hackers have exploited a flaw in a widely-used app that warns of missile attacks against Israel to send a fake alert that a nuclear strike is imminent.
Read more in my article on the Hot for Security blog.
USN-6407-2: libx11 vulnerabilities
USN-6407-1 fixed several vulnerabilities in libx11. This update provides
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Gregory James Duck discovered that libx11 incorrectly handled certain
keyboard symbols. If a user were tricked into connecting to a malicious X
server, a remote attacker could use this issue to cause libx11 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2023-43785)
Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could possibly use this issue to consume
memory, leading to a denial of service. (CVE-2023-43786)
Yair Mizrahi discovered that libx11 incorrectly handled certain malformed
XPM image files. If a user were tricked into opening a specially crafted
XPM image file, a remote attacker could use this issue to cause libx11 to
crash, leading to a denial of service, or possibly execute arbitrary code.
(CVE-2023-43787)