Read Time:7 Second
JumpCloud found that half of SME IT teams believe they lack the resources and staffing to defend their organization against cyber-threats
Daily Archives: July 16, 2024
USN-6895-2: Linux kernel vulnerabilities
Read Time:3 Minute, 14 Second
It was discovered that the ATA over Ethernet (AoE) driver in the Linux
kernel contained a race condition, leading to a use-after-free
vulnerability. An attacker could use this to cause a denial of service or
possibly execute arbitrary code. (CVE-2023-6270)
It was discovered that the HugeTLB file system component of the Linux
Kernel contained a NULL pointer dereference vulnerability. A privileged
attacker could possibly use this to to cause a denial of service.
(CVE-2024-0841)
It was discovered that the Open vSwitch implementation in the Linux kernel
could overflow its stack during recursive action operations under certain
conditions. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-1151)
Gui-Dong Han discovered that the software RAID driver in the Linux kernel
contained a race condition, leading to an integer overflow vulnerability. A
privileged attacker could possibly use this to cause a denial of service
(system crash). (CVE-2024-23307)
Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in
the Linux kernel contained a race condition, leading to an integer overflow
vulnerability. An attacker could possibly use this to cause a denial of
service (system crash). (CVE-2024-24861)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– x86 architecture;
– Cryptographic API;
– Android drivers;
– Block layer subsystem;
– Bluetooth drivers;
– DMA engine subsystem;
– GPU drivers;
– HID subsystem;
– Hardware monitoring drivers;
– I2C subsystem;
– IIO ADC drivers;
– IIO subsystem;
– IIO Magnetometer sensors drivers;
– InfiniBand drivers;
– On-Chip Interconnect management framework;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– PHY drivers;
– MediaTek PM domains;
– SCSI drivers;
– TTY drivers;
– USB subsystem;
– DesignWare USB3 driver;
– Framebuffer layer;
– AFS file system;
– BTRFS file system;
– Ceph distributed file system;
– Ext4 file system;
– File systems infrastructure;
– NILFS2 file system;
– NTFS3 file system;
– SMB network file system;
– Core kernel;
– Memory management;
– Bluetooth subsystem;
– CAN network layer;
– Devlink API;
– Handshake API;
– HSR network protocol;
– IPv4 networking;
– IPv6 networking;
– MAC80211 subsystem;
– Multipath TCP;
– Netfilter;
– NFC subsystem;
– RxRPC session sockets;
– TIPC protocol;
– Unix domain sockets;
– Realtek audio codecs;
(CVE-2024-26684, CVE-2024-26889, CVE-2024-26662, CVE-2024-26660,
CVE-2024-26708, CVE-2024-26677, CVE-2024-26696, CVE-2024-26664,
CVE-2024-26642, CVE-2023-52637, CVE-2024-26680, CVE-2024-26822,
CVE-2023-52638, CVE-2024-26830, CVE-2024-26715, CVE-2024-26693,
CVE-2024-26697, CVE-2024-26694, CVE-2024-26685, CVE-2023-52642,
CVE-2024-26691, CVE-2024-26798, CVE-2024-26828, CVE-2024-26663,
CVE-2024-26710, CVE-2024-26601, CVE-2024-26707, CVE-2024-26802,
CVE-2024-26675, CVE-2024-26826, CVE-2024-26916, CVE-2024-26803,
CVE-2024-26700, CVE-2024-26917, CVE-2024-26600, CVE-2024-26825,
CVE-2024-26716, CVE-2024-26602, CVE-2024-26698, CVE-2024-26711,
CVE-2024-26920, CVE-2024-26722, CVE-2024-26681, CVE-2024-26674,
CVE-2024-26712, CVE-2024-26735, CVE-2024-26782, CVE-2024-26734,
CVE-2024-26926, CVE-2024-26923, CVE-2023-52880, CVE-2024-26719,
CVE-2024-26593, CVE-2024-26603, CVE-2024-26922, CVE-2024-26717,
CVE-2024-26695, CVE-2023-52643, CVE-2024-35833, CVE-2024-26733,
CVE-2024-26667, CVE-2024-26659, CVE-2024-26714, CVE-2024-26748,
CVE-2024-26702, CVE-2024-26676, CVE-2024-26718, CVE-2024-27416,
CVE-2024-26890, CVE-2024-26720, CVE-2024-26838, CVE-2024-26665,
CVE-2024-26792, CVE-2024-26818, CVE-2024-26679, CVE-2024-26606,
CVE-2024-26736, CVE-2024-26829, CVE-2023-52631, CVE-2024-26790,
CVE-2024-26824, CVE-2024-26820, CVE-2024-26831, CVE-2024-26689,
CVE-2024-26898, CVE-2024-26789, CVE-2024-26703, CVE-2023-52645,
CVE-2024-26688, CVE-2024-26723, CVE-2024-26919, CVE-2024-26661,
CVE-2024-26726, CVE-2024-26910, CVE-2024-26666)
CVE-2024-30078: Patch Your Wi-Fi Now!
Read Time:5 Minute, 28 Second
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
The relentless battle against cyber threats continues, and CVE-2024-30078 stands as a stark reminder of the ever-present need for vigilance. A critical vulnerability (CVE-2024-30078) has been identified in Wi-Fi drivers for various Microsoft Windows versions. This flaw allows attackers within Wi-Fi range to remotely execute malicious code (RCE) on vulnerable systems. Immediate patching is recommended.
Understanding the Threat: Remote Code Execution via Wi-Fi
CVE-2024-3078 lurks within the Wi-Fi drivers of various Windows operating systems. These drivers act as interpreters, facilitating communication between the operating system and the Wi-Fi adapter hardware. The vulnerability lies in how these drivers handle specific data packets received over Wi-Fi networks.
An attacker can exploit this flaw by crafting a malicious packet containing specially crafted code. When a vulnerable system receives this packet, the Wi-Fi driver misinterprets it, leading to the execution of the attacker’s code on the target machine. This technique, known as Remote Code Execution (RCE), is particularly severe because it grants attackers full control over the compromised device.
Discovery and Responsible Disclosure
The discovery of CVE-2024-3078 deserves recognition. A team of researchers from Cyber Kunlun identified and responsibly disclosed this vulnerability, significantly contributing to the security of millions of Windows users. Their adherence to established disclosure protocols ensured Microsoft had ample time to develop and release a patch before public details were released.
Technical Breakdown for the Keen-Eyed
For those with a deeper understanding of security concepts, a closer look at the technical aspects of CVE-2024-3078 is insightful:
Vulnerability Type: Memory Corruption. The malicious packet can potentially overwrite memory locations within the Wi-Fi driver, resulting in erratic behavior and possible code execution.
Attack Vector: Adjacent (AV:A). The attacker must be within Wi-Fi range of the target device. Techniques like setting up a rogue access point or exploiting existing Wi-Fi networks can be employed.
Attack Complexity: Low (AC:L). Exploiting this vulnerability requires minimal user interaction, making it highly attractive to attackers.
Privileges Required: None (PR:N). The attacker doesn’t need any prior privileges on the target system, further increasing the threat level.
User Interaction: None (UI:N). No user action is required for exploitation.
Impact: Confidentiality (C): High. Successful exploitation can lead to the theft of sensitive data stored on the compromised system.
Integrity (I): High. Attackers can alter or corrupt data on the system, rendering it unusable.
Availability (A): High. Attackers can disable the affected system entirely, causing a denial-of-service (DoS).
CVSS Scores: CVSS v3: 8.8 (HIGH) These scores highlight the critical nature of this vulnerability, underscoring the need for immediate action.
Affected Microsoft Windows Versions:
Windows 10 (all versions)
Windows 11 (all versions)
Windows Server versions: 2008, 2012, 2016, 2019
Resources:
Microsoft Security Update for CVE-2024-3078
National Institute of Standards and Technology (NIST)
Cybersecurity Framework Potential Attack Scenarios and Mitigation Strategies
The potential ramifications of CVE-2024-3078 are far-reaching. Here are some possible attack scenarios:
Malware Installation: Attackers could install malware on compromised systems to steal data, launch further attacks, or mine cryptocurrency.
Lateral Movement: An attacker could use a compromised system as a springboard to attack other devices within the network.
Botnet Recruitment: The compromised system could be integrated into a botnet, a network of infected devices used for large-scale attacks.
Data Exfiltration: Sensitive information, such as login credentials, financial data, or personal documents, could be exfiltrated from the compromised.
Mitigation Strategies: Patching and Best Practices
Fortunately, Microsoft has released security updates to fix CVE-2024-30078. Here’s what you should do:
Install Updates Immediately: The most important step is to install the latest security updates for your Windows version as soon as possible. These updates fix the vulnerability and greatly reduce the risk of exploitation. You can find updates through the Windows Update feature.
Maintain Strong Wi-Fi Security: Use a strong Wi-Fi password and WPA3 encryption whenever possible. Avoid connecting to public Wi-Fi networks without protection like a VPN.
Beware of Rogue Access Points: Be careful about connecting to unknown Wi-Fi networks. Attackers may set up fake access points that look legitimate but exploit vulnerabilities like CVE-2024-30078.
Enable Network Firewalls: Network firewalls can help block suspicious traffic and reduce the risk of attacks.
Stay Informed: Keep yourself updated on the latest security threats and vulnerabilities. Resources like the National Institute of Standards and Technology (NIST) and security blogs can be helpful.
Now, let us take a look at how CVEs are assigned?
The Common Vulnerabilities and Exposures (CVE) system is crucial in cybersecurity. When a vulnerability is found, the researcher or organization reports it to a CVE Numbering Authority (CNA). The CNA checks the report, confirms the vulnerability, and assigns a unique CVE identifier. This identifier ensures that everyone in the cybersecurity community can reference the same vulnerability consistently.
Once a CVE is assigned, the entry includes detailed information about the vulnerability, like its description, potential impacts, and how to fix it. This standard process helps communicate vulnerabilities clearly, allowing security professionals to understand and address them quickly.
The Role of CVEs in Enhancing Cybersecurity
The CVE system improves cybersecurity by providing a clear and consistent way to identify and talk about vulnerabilities. Here’s how it helps:
Standardization: CVEs standardize how vulnerabilities are identified and referenced, reducing confusion and ensuring everyone is on the same page.
Awareness: By publicizing vulnerabilities, CVEs raise awareness about potential threats, prompting organizations to act quickly.
Collaboration: The CVE system encourages collaboration among researchers, vendors, and security professionals, leading to better vulnerability management.
Prioritization: CVE entries often include severity scores, helping organizations prioritize their response based on the potential impact.
Transparency: CVEs promote transparency in the cybersecurity community, allowing users to make informed decisions about their system’s security.
As of now, no public exploit for CVE-2024-30078 has been reported. However, the critical nature of this vulnerability and its potential impact make it essential to patch affected systems quickly. Even though no public exploit is available, attackers might still create and use private exploits.
By staying aware and following best practices, both individual users and organizations can strengthen their defences against such vulnerabilities. The cybersecurity community must continue to work together and innovate to stay ahead of potential threats, ensuring a safer digital future for everyone.
USN-6893-2: Linux kernel vulnerabilities
Read Time:3 Minute, 54 Second
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– RISC-V architecture;
– S390 architecture;
– x86 architecture;
– Block layer subsystem;
– Compute Acceleration Framework;
– Accessibility subsystem;
– Android drivers;
– Drivers core;
– Bluetooth drivers;
– Clock framework and drivers;
– Data acquisition framework and drivers;
– Cryptographic API;
– Buffer Sharing and Synchronization framework;
– GPU drivers;
– On-Chip Interconnect management framework;
– IOMMU subsystem;
– Multiple devices driver;
– Media drivers;
– VMware VMCI Driver;
– Network drivers;
– Microsoft Azure Network Adapter (MANA) driver;
– Device tree and open firmware driver;
– Chrome hardware platform drivers;
– i.MX PM domains;
– TI SCI PM domains driver;
– S/390 drivers;
– SCSI drivers;
– SPI subsystem;
– Thermal drivers;
– TTY drivers;
– USB subsystem;
– Framebuffer layer;
– BTRFS file system;
– Network file system server daemon;
– NILFS2 file system;
– File systems infrastructure;
– Pstore file system;
– SMB network file system;
– BPF subsystem;
– Bluetooth subsystem;
– Netfilter;
– io_uring subsystem;
– Core kernel;
– Extra boot config (XBC);
– Memory management;
– Amateur Radio drivers;
– B.A.T.M.A.N. meshing protocol;
– Ethernet bridge;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Multipath TCP;
– NFC subsystem;
– RDS protocol;
– Network traffic control;
– SMC sockets;
– Sun RPC protocol;
– TLS protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– SELinux security module;
(CVE-2024-35976, CVE-2024-35873, CVE-2024-35959, CVE-2024-27012,
CVE-2024-36025, CVE-2024-35868, CVE-2024-26995, CVE-2024-35916,
CVE-2024-36023, CVE-2024-35964, CVE-2024-35890, CVE-2024-26980,
CVE-2024-35950, CVE-2024-27006, CVE-2024-35955, CVE-2024-35885,
CVE-2024-35960, CVE-2024-35932, CVE-2024-26986, CVE-2024-35884,
CVE-2024-35860, CVE-2024-36020, CVE-2024-35930, CVE-2024-35919,
CVE-2024-27020, CVE-2024-26928, CVE-2024-35903, CVE-2024-35907,
CVE-2024-35904, CVE-2024-35972, CVE-2024-35892, CVE-2024-26921,
CVE-2024-35869, CVE-2024-35957, CVE-2024-35967, CVE-2024-35927,
CVE-2024-35946, CVE-2024-27000, CVE-2024-35943, CVE-2024-35902,
CVE-2024-27013, CVE-2024-35968, CVE-2024-35970, CVE-2024-35865,
CVE-2024-36022, CVE-2024-26993, CVE-2024-36027, CVE-2024-35895,
CVE-2024-35908, CVE-2024-35901, CVE-2024-35872, CVE-2024-26925,
CVE-2024-35917, CVE-2024-35898, CVE-2024-35861, CVE-2024-35900,
CVE-2024-26984, CVE-2024-35891, CVE-2023-52699, CVE-2024-35961,
CVE-2024-35951, CVE-2024-36019, CVE-2024-27021, CVE-2024-35939,
CVE-2024-26997, CVE-2024-26999, CVE-2024-35897, CVE-2024-35896,
CVE-2024-26817, CVE-2024-35875, CVE-2024-35935, CVE-2024-27015,
CVE-2024-26982, CVE-2024-35958, CVE-2024-26989, CVE-2024-26922,
CVE-2024-26811, CVE-2024-27003, CVE-2024-35920, CVE-2024-27007,
CVE-2024-35879, CVE-2024-35979, CVE-2024-35978, CVE-2024-35914,
CVE-2024-35938, CVE-2024-35913, CVE-2024-26985, CVE-2024-35915,
CVE-2024-35974, CVE-2024-27001, CVE-2024-35940, CVE-2024-35867,
CVE-2024-26994, CVE-2024-35886, CVE-2024-35899, CVE-2024-27022,
CVE-2024-35910, CVE-2024-35893, CVE-2024-27010, CVE-2024-36024,
CVE-2024-26926, CVE-2024-26923, CVE-2024-26990, CVE-2024-35912,
CVE-2024-26987, CVE-2024-35966, CVE-2024-35977, CVE-2024-35866,
CVE-2024-35975, CVE-2024-35965, CVE-2024-35933, CVE-2024-26936,
CVE-2024-35889, CVE-2024-35863, CVE-2024-27002, CVE-2024-27018,
CVE-2024-36021, CVE-2024-27019, CVE-2024-35921, CVE-2024-35870,
CVE-2024-35956, CVE-2024-27016, CVE-2024-26996, CVE-2024-35878,
CVE-2024-26988, CVE-2024-35888, CVE-2024-35936, CVE-2024-27014,
CVE-2024-35883, CVE-2024-35862, CVE-2024-35945, CVE-2024-26983,
CVE-2024-35982, CVE-2024-35924, CVE-2024-27004, CVE-2024-27008,
CVE-2024-35963, CVE-2024-35909, CVE-2024-35911, CVE-2024-35973,
CVE-2024-35887, CVE-2024-27009, CVE-2024-35980, CVE-2024-36026,
CVE-2024-35969, CVE-2024-35954, CVE-2024-35864, CVE-2024-35953,
CVE-2024-26998, CVE-2024-35931, CVE-2024-26981, CVE-2024-35971,
CVE-2024-35934, CVE-2024-35929, CVE-2024-35918, CVE-2024-35937,
CVE-2024-36018, CVE-2024-35877, CVE-2024-35925, CVE-2024-35981,
CVE-2024-35985, CVE-2024-35942, CVE-2024-35922, CVE-2024-35952,
CVE-2024-27011, CVE-2024-35944, CVE-2024-35905, CVE-2024-35880,
CVE-2024-35882, CVE-2024-27005, CVE-2024-26991, CVE-2024-35871,
CVE-2024-35926, CVE-2024-26992, CVE-2024-35894, CVE-2024-27017)
Kaspersky to Quit US Following Commerce Department Ban
Read Time:4 Second
Russian AV-maker Kaspersky is set to shutter its US operations from Saturday
Two-Fifths of Senior Citizens Suffer Frequent Fraud Attempts
Read Time:5 Second
A Portsmouth University study finds that large numbers of elderly citizens are being harassed by phone fraudsters
python-zipp-3.16.2-3.fc39
Read Time:7 Second
FEDORA-2024-f69e3c5255
Packages in this update:
python-zipp-3.16.2-3.fc39
Update description:
Security fix for CVE-2024-5569 (rhbz#2297117)
python-zipp-3.17.0-4.fc40
Read Time:7 Second
FEDORA-2024-c678f46845
Packages in this update:
python-zipp-3.17.0-4.fc40
Update description:
Security fix for CVE-2024-5569 (rhbz#2297118)
ZDI-24-900: Parse Server literalizeRegexPart SQL Injection Information Disclosure Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Parse Server. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-27298.
DSA-5731-1 linux – security update
Read Time:9 Second
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.