Category Archives: Advisories

ZDI-24-1613: Intel Driver & Support Assistant Log Folder Link Following Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-36488.

Read More

USN-7091-2: Ruby vulnerabilities

Read Time:52 Second

USN-7091-1 fixed several vulnerabilities in Ruby. This update provides the
corresponding update for ruby2.7 in Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that Ruby incorrectly handled parsing of an XML document
that has specific XML characters in an attribute value using REXML gem. An
attacker could use this issue to cause Ruby to crash, resulting in a
denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-35176, CVE-2024-39908, CVE-2024-41123)

It was discovered that Ruby incorrectly handled parsing of an XML document
that has many entity expansions with SAX2 or pull parser API. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-41946)

It was discovered that Ruby incorrectly handled parsing of an XML document
that has many digits in a hex numeric character reference. An attacker
could use this issue to cause Ruby to crash, resulting in a denial of
service. (CVE-2024-49761)

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Drupal core – Moderately critical – Gadget chain – SA-CORE-2024-008

Read Time:1 Minute, 29 Second
Project: 
Date: 
2024-November-20
Vulnerability: 
Gadget chain
Affected versions: 
>= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9
Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, some additional checks have been added to Drupal core’s database code. If you use a third-party database driver, check the release notes for additional configuration steps that may be required in certain cases.

Solution: 

Install the latest version:

If you are using Drupal 7, update to Drupal 7.102.
If you are using Drupal 10.2, update to Drupal 10.2.11.
If you are using Drupal 10.3, update to Drupal 10.3.9.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 
Drew Webber of the Drupal Security Team
Fixed By: 
Drew Webber of the Drupal Security Team
Fabian Franz
Juraj Nemec of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Dave Long of the Drupal Security Team
Alex Pott of the Drupal Security Team
Coordinated By: 
Juraj Nemec of the Drupal Security Team
Benji Fisher of the Drupal Security Team
xjm of the Drupal Security Team

Read More

Drupal core – Moderately critical – Gadget chain – SA-CORE-2024-007

Read Time:1 Minute, 29 Second
Project: 
Date: 
2024-November-20
Vulnerability: 
Gadget chain
Affected versions: 
>= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8
Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Remote Code Execution. It is not directly exploitable.

This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to allow an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this potential vulnerability, types have been added to properties in some of Drupal core’s classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.11.
If you are using Drupal 10.3, update to Drupal 10.3.9.
If you are using Drupal 11.0, update to Drupal 11.0.8.
Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 
Drew Webber of the Drupal Security Team
Fixed By: 
Drew Webber of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Coordinated By: 
Juraj Nemec of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
Benji Fisher of the Drupal Security Team
xjm of the Drupal Security Team

Read More

Drupal core – Less critical – Gadget chain – SA-CORE-2024-006

Read Time:1 Minute, 26 Second
Project: 
Date: 
2024-November-20
Vulnerability: 
Gadget chain
Affected versions: 
>= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8
Description: 

Drupal core contains a potential PHP Object Injection vulnerability that (if combined with another exploit) could lead to Artbitrary File Deletion. It is not directly exploitable.

This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allows an attacker to pass unsafe input to unserialize(). There are no such known exploits in Drupal core.

To help protect against this vulnerability, types have been added to properties in some of Drupal core’s classes. If an application extends those classes, the same types may need to be specified on the subclass to avoid a TypeError.

Solution: 

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.11.
If you are using Drupal 10.3, update to Drupal 10.3.9.
If you are using Drupal 11.0, update to Drupal 11.0.8.
Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Reported By: 
Drew Webber of the Drupal Security Team
Fixed By: 
Drew Webber of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Coordinated By: 
Juraj Nemec of the Drupal Security Team
Benji Fisher of the Drupal Security Team
xjm of the Drupal Security Team

Read More

Drupal core – Critical – Cross Site Scripting – SA-CORE-2024-005

Read Time:50 Second
Project: 
Date: 
2024-November-20
Vulnerability: 
Cross Site Scripting
Description: 

Drupal 7 core’s Overlay module doesn’t safely handle user input, leading to reflected cross-site scripting under certain circumstances.

Only sites with the Overlay module enabled are affected by this vulnerability.

Solution: 

Install the latest version:

If you are using Drupal 7, update to Drupal 7.102
Sites may also disable the Overlay module to avoid the issue.

Drupal 10 and Drupal 11 are not affected, as the Overlay module was removed from Drupal core in Drupal 8.

Reported By: 
Fixed By: 
Cesar
Greg Knaddison of the Drupal Security Team
Matthew Grill
Wim Leers
Drew Webber of the Drupal Security Team
Ra Mänd
Fabian Franz
Juraj Nemec of the Drupal Security Team
Coordinated By: 
Juraj Nemec of the Drupal Security Team
Greg Knaddison of the Drupal Security Team
xjm of the Drupal Security Team

Read More

Drupal core – Moderately critical – Access bypass – SA-CORE-2024-004

Read Time:1 Minute, 17 Second
Project: 
Date: 
2024-November-20
Vulnerability: 
Access bypass
Affected versions: 
>= 8.0.0 < 10.2.11 || >= 10.3.0 < 10.3.9 || >= 11.0.0 < 11.0.8
Description: 

Drupal’s uniqueness checking for certain user fields is inconsistent depending on the database engine and its collation.

As a result, a user may be able to register with the same email address as another user.

This may lead to data integrity issues.

Solution: 

Install the latest version:

If you are using Drupal 10.2, update to Drupal 10.2.11.
If you are using Drupal 10.3, update to Drupal 10.3.9.
If you are using Drupal 11.0, update to Drupal 11.0.8.
Drupal 7 is not affected.

All versions of Drupal 10 prior to 10.2 are end-of-life and do not receive security coverage. (Drupal 8 and Drupal 9 have both reached end-of-life.)

Updating Drupal will not solve potential issues with existing accounts affected by this bug. See Fixing emails that vary only by case for additional guidance.

Reported By: 
Fixed By: 
Wayne Eaker
cilefen of the Drupal Security Team
Kristiaan Van den Eynde
Drew Webber of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Coordinated By: 
Juraj Nemec of the Drupal Security Team
Benji Fisher of the Drupal Security Team
xjm of the Drupal Security Team

Read More