Russian cyber-attacks on Ukrainian servicemen underscore the escalating use of digital warfare tactics in the ongoing conflict
Daily Archives: September 27, 2024
aws-2020-12.1.fc39
FEDORA-2024-d940f25a53
Packages in this update:
aws-2020-12.1.fc39
Update description:
CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf
aws-2020-16.1.fc40
FEDORA-2024-63f98f8c60
Packages in this update:
aws-2020-16.1.fc40
Update description:
CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number generator.
AWS.Utils.Random and AWS.Utils.Random_String used Ada.Numerics.Discrete_Random, which is not designed to be cryptographically secure. Random_String also introduced a bias in the generated pseudorandom string values, where the values “1” and “2” had a much higher frequency than any other character.
The internal state of the Mersenne Twister PRNG could be revealed, and lead to a session hijacking attack.
This update fixes the problem by using /dev/urandom instead of Discrete_Random.
More details: https://docs.adacore.com/corp/security-advisories/SEC.AWS-0040-v2.pdf
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications across networks is affected by an authentication bypass vulnerability. This flaw (CVE-2024-7593) arises from an incorrect implementation of an authentication algorithm, which can be exploited by a remote unauthenticated attacker to bypass authentication in the admin panel, allowing them to create a new admin user. This potentially grants unauthorized access and control over the affected system.A public Proof of Concept (PoC) is available for this exploit and CISA has added this vulnerability to Known Exploited Vulnerabilities (KEV) Catalog on September 24, 2024.What is the recommended Mitigation?Ivanti released updates for Ivanti Virtual Traffic Manager (vTM) which addresses the vulnerability. Security Advisory: Ivanti Virtual Traffic Manager (vTM ) (CVE-2024-7593)What FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard team is currently investigating IPS Protection.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
ZDI-24-1310: Lenovo Service Bridge Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Lenovo Service Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-4696.
DSA-5776-1 tryton-server – security update
Albert Cervera discovered two missing authorisation checks in the Tryton
application platform.
DSA-5777-1 booth – security update
It was discovered that the Booth cluster ticket manager failed to
correctly validate some authentication hashes.