USN-5638-1 fixed several vulnerabilities in Expat. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
It was discovered that PHP incorrectly handled certain invalid Blowfish
password hashes. An invalid password hash could possibly allow applications
to accept any password as valid, contrary to expectations. (CVE-2023-0567)
It was discovered that PHP incorrectly handled resolving long paths. A
remote attacker could possibly use this issue to obtain or modify sensitive
information. (CVE-2023-0568)
It was discovered that PHP incorrectly handled a large number of parts in
HTTP form uploads. A remote attacker could possibly use this issue to cause
PHP to consume resources, leading to a denial of service. (CVE-2023-0662)
USN-5821-1 fixed a vulnerability in wheel and pip. Unfortunately,
it was missing a commit to fix it properly in pip.
We apologize for the inconvenience.
Original advisory details:
Sebastian Chnelik discovered that wheel incorrectly handled
certain file names when validated against a regex expression.
An attacker could possibly use this issue to cause a
denial of service.
Hubert Kario discovered that GnuTLS had a timing side-channel when handling
certain RSA messages. A remote attacker could possibly use this issue to
recover sensitive information.
It was discovered that AWStats did not properly sanitize the content of
whois responses in the hostinfo plugin. An attacker could possibly use
this issue to conduct cross-site scripting (XSS) attacks.
Posted by Peter Ohm on Feb 27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ABUS Security Camera LFI, RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-001-2023]
# Vendor Homepage: https://www.abus.com
# Version/Model: TVIP 20000-21150 (probably many others)
# Tested on: GM ARM Linux 2.6, Server: Boa/0.94.14rc21
# CVE:…
Posted by Peter Ohm on Feb 27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access
# Date: 2023-02-16
# Exploit Author: d1g () segfault net for NetworkSEC [NWSSA-002-2023]
# Vendor Homepage: https://servers.asus.com/search?q=ASMB8
# Version/Model: ASMB8 iKVM Firmware <= 1.14.51 (probably others)
# Tested on: Linux AMI2CFDA1C7570E 2.6.28.10-ami…
Posted by hyp3rlinx on Feb 27
[-] Microsoft Windows Contact file / Remote Code Execution (Resurrected
2022) / CVE-2022-44666
[+] John Page (aka hyp3rlinx)
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec
Back in 2018 I discovered three related Windows remote code execution
vulnerabilities affecting both VCF and Contact files. They were purchased
by Trend Micro Zero Day Initiative (@thezdi) from me and received candidate
identifiers ZDI-CAN-6920 and ZDI-CAN-7591. Microsoft…
It was discovered that the Serialization component of OpenJDK did not
properly handle the deserialization of some CORBA objects. An attacker
could possibly use this to bypass Java sandbox restrictions.
(CVE-2023-21830)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
Juraj Somorovsky, Marcel Maehren, Nurullah Erinola, and Robert Merget
discovered that the DTLS implementation in the JSSE subsystem of OpenJDK
did not properly restrict handshake initiation requests from clients. A
remote attacker could possibly use this to cause a denial of service.
(CVE-2023-21835)
Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
