What is the Vulnerability?
Ivanti recently published an advisory on two vulnerabilities on Jan 10, 2024 affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure Gateways (CVE-2023-46805 and CVE-2024-21887). The vulnerabilities are an authentication bypass and command injection vulnerabilities, respectively in the web component of affected application. According to the vendor advisory, when chained together, exploiting these vulnerabilities when chained together may allow attackers to run commands without the need for authentication on the compromised system. Both vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

What is the Vendor Solution?

At the time of posting, there is no patch available; Ivanti has released workarounds as the two new vulnerabilities are actively being exploited in the wild. FortiGuard Labs strongly recommends users to apply patches as soon as they are made available and track vendor advisory for any updates. [ Link ]

What FortiGuard Coverage is available?

FortiGuard Labs is investigating an IPS signature protection and should release it as soon as it becomes available. Please note: any new updates would be added to this Threat Signal.
FortiGuard Labs recommends companies to follow mitigation steps released by the vendor and track patch schedule for the affected systems.

Read More

Posted by Jeffrey Walton on Jan 18

I fail to see how a One Definition Rule (ODR) violation results in a
Remote Code Execution.

Can you share your PoC, please?

Jeff

Read More

Posted by Georgi Guninski on Jan 18

Minor firefox DoS – semi silently polluting ~/Downloads with files (part 2)

Tested on: firefox 121 and chrome 120 on GNU/linux

Date: Thu Jan 18 08:38:28 AM UTC 2024

This is barely a DoS, but since it might affect Chrome too we decided
to disclose it.

If firefox user visits a specially crafted page, then firefox
may create many files in `~/Downloads`,
The user is notified about this in a small dialog, but there is
no option to stop the…

Read More

It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2018-1311)

It was discovered that Xerces-C++ was not properly performing bounds
checks when processing XML Schema Definition files, which could lead to an
out-of-bounds access via an HTTP request. If a user or automated system
were tricked into processing a specially crafted XSD file, a remote
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-37536)

Read More

Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH
protocol used in FileZilla is prone to a prefix truncation attack, known as
the “Terrapin attack”. A remote attacker could use this issue to downgrade or
disable some security features and obtain sensitive information.

Read More

FEDORA-2024-633dc7e183

Packages in this update:

grub2-2.06-114.fc38

Update description:

Combined update for several fixes as well as security fix for CVE-2023-4001

Mon Jan 15 2024 Nicolas Frayer <nfrayer@redhat.com> – 2.06-114
grub-core/commands: add flag to only search root dev
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001

Sat Jan 13 2024 Hector Martin <marcan@fedoraproject.org> – 2.06-113
Switch memdisk compression to lzop

Thu Jan 11 2024 Daan De Meyer <daan.j.demeyer@gmail.com> – 2.06-112
Don’t obsolete the tools package with minimal

Mon Jan 8 2024 Nicolas Frayer <nfrayer@redhat.com> – 2.06-111
xfs: some bios systems with /boot partition created with
xfsprog < 6.5.0 can’t boot with one of the xfs upstream patches
Resolves: #2254370

Tue Dec 19 2023 Nicolas Frayer <nfrayer@redhat.com> – 2.06-110
normal: fix prefix when loading modules
Resolves: #2209435
Resolves: #2173015

Tue Dec 12 2023 leo sandoval <lsandova@redhat.com> – 2.06-109
chainloader: remove device path debug message

Read More

FEDORA-2024-53d986312e

Packages in this update:

grub2-2.06-116.fc39

Update description:

Combined update for several fixes as well as security fix for CVE-2023-4001

Mon Jan 15 2024 Nicolas Frayer nfrayer@redhat.com – 2.06-116
grub-core/commands: add flag to only search root dev
Resolves: #2223437
Resolves: #2224951
Resolves: #2258096
Resolves: CVE-2023-4001

Sat Jan 13 2024 Hector Martin marcan@fedoraproject.org – 2.06-115
Switch memdisk compression to lzop

Thu Jan 11 2024 Daan De Meyer daan.j.demeyer@gmail.com – 2.06-114
Don’t obsolete the tools package with minimal

Mon Jan 8 2024 Nicolas Frayer <nfrayer@redhat.com> – 2.06-113
xfs: some bios systems with /boot partition created with
xfsprog < 6.5.0 can’t boot with one of the xfs upstream patches
Resolves: #2254370

Tue Dec 19 2023 Nicolas Frayer <nfrayer@redhat.com> – 2.06-112
normal: fix prefix when loading modules
Resolves: #2209435
Resolves: #2173015

Tue Dec 12 2023 leo sandoval <lsandova@redhat.com> – 2.06-111
chainloader: remove device path debug message

Read More