FoW, to vmware Korean
@FoW@netsphere.one avatar

VMware Security Advisories
이제 웹사이트 공시가 없고 Broadcom Support 포털 가입해야만 볼 수 있다.
5월 6일부터 적용했는데, 이에 맞추어 공개한 보안 권고가 많아보인다.
VMware 제품 쓴다면 가능한 빠르게 지원 포털에 가입하고 이메일 알림 켜기를 권장.

image/png

alien, (edited ) to Software
@alien@fosstodon.org avatar

Chromium update fixes 5th zero-day exploit for 2024

In Google's release notes for the latest Chromium 124.0.6367.201 source code it is mentioned that this release fixes a zero-day vulnerability. Beware: this is already the 5th zero-day which was reported and fixed in Chromium in 2024.

This vulnerability is already actively exploited in the wi

https://alien.slackbook.org/blog/chromium-update-fixes-5th-zero-day-exploit-for-2024/

popey, to security
@popey@mastodon.social avatar

I'm taking part in a webinar at work tomorrow. At some point before then, I need to stop fiddling with the slides!

But I can't stop re-aligning things, tweaking the colours, or changing logos. 💀

https://get.anchore.com/adapting-to-new-normal-at-nvd-anchore-vulnerability-feed/

#nvd #cve #security

mttaggart, to Aruba

CVSS 9.8 Buffer overflow -> RCE in ArubaOS:

There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.

Note that it says "results in the ability," not "may result in the ability" to execute remote code.

Affected Products 
================= 
HPE Aruba Networking 
  - Mobility Conductor (formerly Mobility Master) 
  - Mobility Controllers 
  - WLAN Gateways and SD-WAN Gateways managed by Aruba Central 
  
Affected Software Versions: 
  - ArubaOS 10.5.x.x:       10.5.1.0 and below 
  - ArubaOS 10.4.x.x:       10.4.1.0 and below 
  - ArubaOS 8.11.x.x:       8.11.2.1 and below 
  - ArubaOS 8.10.x.x:       8.10.0.10 and below 
  
The following ArubaOS and SD-WAN software versions that are End 
of Maintenance are affected by these vulnerabilities and are not 
patched by this advisory: 
  - ArubaOS 10.3.x.x:          all 
  - ArubaOS 8.9.x.x:           all 
  - ArubaOS 8.8.x.x:           all 
  - ArubaOS 8.7.x.x:           all 
  - ArubaOS 8.6.x.x:           all 
  - ArubaOS 6.5.4.x:           all 
  - SD-WAN 8.7.0.0-2.3.0.x:    all 
  - SD-WAN 8.6.0.4-2.2.x.x:    all 

More vulns in the replies.

www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-004.txt
support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04640en_us&docLocale=en_US

kernellogger, (edited ) to linux
@kernellogger@fosstodon.org avatar

The 's team just published their thousandth CVE[1]. 🥳 🙃

This happened 78 days after the effort was announced[2].

Note, 26 of the 1003 CVE entries published so far were later rejected. For details check https://git.kernel.org/pub/scm/linux/security/vulns.git/ or https://lore.kernel.org/linux-cve-announce/

[1] https://git.kernel.org/pub/scm/linux/security/vulns.git/commit/?id=55441d0dd1f40c5762cd7cf8c9ca312ed0964c4a

[2] http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/

shaknais, to php
@shaknais@mastodon.social avatar

PHP's use of iconv allows for immediate and easy buffer overflows, via a bug in glibc. (Other servers don't tend to use iconv in the same way, so don't appear to be vulnerable yet.)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2961

#CVE #Bug #PHP

RedPacketSecurity, to OSINT
@RedPacketSecurity@mastodon.social avatar
bobby, to hacking
@bobby@mastodon.sexypokemon.xyz avatar

There is a new PHP vulnerability out. It is being tracked as CVE-2024-2961. Here’s a video explaining the vulnerability https://youtu.be/u8jLUjpCWrs?si=Fm1JSBdAW9VBzuhj

tcurdt, to php
@tcurdt@mastodon.social avatar

CVE-2024-2961 sounds pretty scary.

Supposedly especially problematic for PHP.

Exploit demonstration is scheduled for May.

https://securityonline.info/cve-2024-2961-glibc-vulnerability-opens-door-to-php-attacks-patch-immediately/

Stay safe out there.

83r71n, to Cybersecurity
@83r71n@ioc.exchange avatar

A critical vulnerability, identified as CVE-2024-20356, has been found in Cisco's Integrated Management Controller (IMC). This flaw allows for command injection, potentially giving attackers the ability to gain root access to systems. The vulnerability is located in the web-based management interface of the IMC, which is used for remotely managing Cisco hardware. The issue arises from insufficient user input validation in the IMC interface, allowing an authenticated, remote attacker with administrative privileges to inject malicious commands.

Security researchers from Nettitude have developed a Proof of Concept (PoC) exploit, named "CISCown," to demonstrate this vulnerability. The exploit involves sending crafted commands through the web interface, enabling attackers to execute arbitrary code with root privileges on the underlying operating system of Cisco hardware. This PoC exploit is part of a toolkit developed by Nettitude and is available on GitHub. It uses parameters such as target IP, username, and password to automate the exploitation process and deploy a telnetd root shell service on compromised devices.

The release of this PoC exploit signifies a critical threat level for organizations using affected Cisco products. Gaining root access can lead to data theft, system downtime, and further network compromise. Cisco has responded by releasing software updates to address this vulnerability. It is strongly recommended that all affected organizations apply these updates immediately, as no known workaround mitigates this vulnerability.

The affected products include a range of Cisco servers and computing systems, such as the 5000 Series Enterprise Network Compute Systems (ENCS), Catalyst 8300 Series Edge uCPE, UCS C-Series M5, M6, and M7 Rack Servers in standalone mode, UCS E-Series Servers, and UCS S-Series Storage Servers. Users and administrators are advised to visit Cisco’s official security advisory page and the Nettitude GitHub repository hosting the exploitation toolkit for more detailed information and access to the updates.

https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

#cybersecurity #cisco #vulnerability #imc #cve #poc #nettitude #encs #ucpe #ucs #m5 #m6 #m7 #github

HonkHase, to random German
@HonkHase@chaos.social avatar

Mit -Beschreibung: kann eigenständig bekannte ausnutzen

"Forscher haben festgestellt, dass GPT-4 allein anhand der zugehörigen 13 von 15 Sicherheitslücken erfolgreich ausnutzen kann."
https://www.golem.de/news/mit-cve-beschreibung-gpt-4-kann-eigenstaendig-bekannte-sicherheitsluecken-ausnutzen-2404-184301.html

circl, to infosec
@circl@social.circl.lu avatar

vulnerability-lookup version v0.7.0 has been released.

  • News feed added
  • Support for CSAF sources (CERT Bund, RedHat, Siemens, CISA, CISCO, Nozomi Networks, OpenXchange, SICK)
  • OSSF Malicious packages repository
  • Pagination for recent vulnerabilities (API & Web)

🔗 Source code https://github.com/cve-search/vulnerability-lookup/releases/tag/v0.7.0

🔗 Vulnerability lookup online https://vulnerability.circl.lu/

#cve #vulnerability #vulnerabilities #csaf #infosec

opensuse, to Ansible
@opensuse@fosstodon.org avatar

2024.03, is now available. This update introduces Confidential Computing with , an enhanced Audit, security fixes for , and more. Review the release notes for more detailed information. https://www.uyuni-project.org/pages/stable-version.html#releasenotes

tim, to php
@tim@mastodon.timnolte.com avatar

@ramsey does this really mean that Debian has patched PHP 7.4 for it's binary packages? 👀

"CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096"

https://lists.debian.org/debian-security-announce/2024/msg00068.html

ethauvin, to rust
@ethauvin@mastodon.social avatar
fschaap, to random
@fschaap@mastodon.social avatar

The hoopla about the has quieted a bit. It was a nasty one, but also a very devious one requiring a LOT of work. However, if you compare that with the constant stream of Microsoft, Ivanti, Fortinet, etc. CVEs, you wonder why not more people scream bloody murder about those. Probably Stockholm syndrome. Also bug (Really? That many that often? Isn't that some kind of malpractice?) vs deliberate attack. But still.

83r71n, to Cybersecurity
@83r71n@ioc.exchange avatar

Fortinet has revealed vulnerabilities in its FortiOS, FortiProxy, FortiClient Linux, and FortiClient Mac products, including a critical one that could allow remote code execution. This critical flaw, identified as CVE-2023-45590, has a high severity score and could enable an attacker to execute arbitrary code by tricking a user into visiting a malicious website. Other high-severity issues affect FortiOS and FortiProxy, where credentials are not adequately protected. A specific flaw (CVE-2023-41677) might allow an attacker to steal the administrator cookie under certain conditions. Additionally, FortiClientMac has vulnerabilities due to a lack of configuration file validation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about the potential for cyber threat actors to exploit these vulnerabilities.

https://www.fortiguard.com/psirt/FG-IR-23-087

https://www.fortiguard.com/psirt/FG-IR-23-345

https://www.fortiguard.com/psirt/FG-IR-23-493

#cybersecurity #fortinet #fortios #fortiproxy #forticlient #linux #mac #vulnerability #cve #cisa

KathyReid, to linux
@KathyReid@aus.social avatar

Great overview of the from @sjvn, explaining how this is a milestone in terms of compromise of the , and what it means going forward, for @TheNewStack

https://thenewstack.io/malicious-code-in-linux-xz-libraries-endangers-ssh/

winterschon, to infosec
@winterschon@hachyderm.io avatar

we're all aware of the xz issue, but systemd and CVEs are intertwined. linux distros choose insecurity + instability by using systemd.

it's brought to you by:

  • a dev who despises POSIX
  • a dev who eschews security, ethics, and foundations of UNIX
  • a dev explicitly aligned to microsoft propaganda
  • a dev who is anti-FOSS
  • a dev fiscally compensation by the closed-source juggernaut

never forget: https://pwnies.com/systemd-bugs/

#systemd #cve #infosec #microsoft #posix #bsd #linux #pottering #lol

isaac, to linux
@isaac@hachyderm.io avatar

what's really wild is that I bet state actors could just find and offer money to unscrupulous open source contributors instead of wasting years on infiltration.

I bet somebody like that has his DMs open right now and state actors just have to be brave enough to reach out.

heck, state actors, I bet the answer is right in front of your eye sacks.

to repeat, the ANSWER is in front of your EYE SACK...

ashed, to linux
@ashed@mastodon.ml avatar

The xz package, starting from version 5.6.0 to
5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates.

If you would like to be sure that you are up to date and not affected by this vulnerability, you can do the following to upgrade your local version of the package: sudo apt update && sudo apt install -only-upgrade liblzma5

ashed,
@ashed@mastodon.ml avatar

Всё самое интересное опять случилось ночью, пока вы спали.
Интернет штормит на 10 из 10 по CVE: скомпрометированы примерно все ssh сервера на debian-like, через подломленный репозиторий xz и библиотечку liblzma.
А как так, спросишь ты? openssh никак не используется liblzma. Но есть нюанс: шапка, федора и прочие дебианы патчат openssh для совместимости c нотификациями systemd и вот такая вот петрушка.
Автор кода, молодец каких поискать надо. Мало того что придумал как скомпрометировать проект через тест(то есть код xz чистый и до компиляции всё чинно-благородно), так говорят что он ещё и известный oss-fuzz отучил детектить своё нововведение.

Для любителей циферок: CVE-2024-3094

CISA говорят alarm - https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

Репозиторий xz выключен наглухо, а каждый второй судорожно проверяет версию xz, ведь если там 5.6.0 и выше, то надо срочно откатываться.

denzilferreira, to random
@denzilferreira@techhub.social avatar

If you have homebrew - update immediately:
$ brew update; brew upgrade

xz 5.5 or newer is compromised. This will downgrade to 5.4. CVE: 10 - max score for vulnerability! Retoot for reach!

irfan, to linux

There's a huge backdoor ( -2024-3094) allowing remote SSH access (as far as I can tell at this moment) caused by a util called affecting a ton of systems ( and , well not really) and it's causing quite a huge panic. I honestly don't know much about it just yet, but just sharing some pieces to read about the huge vulnerability.

The person who had maliciously planted this vulnerability into xz-utils, Jia Tan, has made at least 750 contributions to the project over the past 2 years. They even have direct push access to the code repo, allowing them to have pushed commits with forged authors. Being "free" from this vulnerability is not as simple as reverting to a previous version due to just how much and how long they've contributed to the project, and people are rightfully suspicious that this person might have hidden other backdoors in xz.

Unlike most other vulnerabilities, it's a lot harder to pinpoint versions affected by this but the most likely case is most systems out there have xz installed on their system that are impacted - which at this moment, the info being thrown around is any version past 5.3.1, 5.4.6, or 5.6.0 (latest is 5.6.1).

🔗 https://access.redhat.com/security/cve/CVE-2024-3094

🔗 https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094

🔗 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users

🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024

jwf, to opensource
@jwf@floss.social avatar
stdevel, to linux
@stdevel@chaos.social avatar

Admins on Monday be like…

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • thenastyranch
  • magazineikmin
  • cubers
  • InstantRegret
  • cisconetworking
  • Youngstown
  • vwfavf
  • slotface
  • Durango
  • rosin
  • everett
  • kavyap
  • DreamBathrooms
  • provamag3
  • mdbf
  • khanakhh
  • modclub
  • tester
  • ethstaker
  • osvaldo12
  • GTA5RPClips
  • ngwrru68w68
  • Leos
  • anitta
  • tacticalgear
  • normalnudes
  • JUstTest
  • All magazines