QuickJob version 6.1 suffers from an ignored default credential vulnerability.

**QuickJob 6.1 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

QuickJob version 6.1 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | e6896d4cea9d5e1f38adf67e9cf29b00d07caf0ece1ebc4e316d431f13e72eca

Download | Favorite | View

**QuickJob 6.1 Insecure Settings**

    ====================================================================================================================================| # Title     : quickjob 6.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://codecanyon.net/item/quickjob-job-board-php-script/25217096                                                 |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] panel : https://www/127.0.0.1/xpressdigitalonline/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

QuickJob 6.1 Insecure Settings

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

**Prison Management System version 1.0 Insecure Settings**

Posted Jul 29, 2024

Authored by indoushka

Prison Management System version version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 81a9d01f3c8c94bb0000f4403731ff41830ed447ed13fdad39cbe7cc67884842

Download | Favorite | View

**Prison Management System version 1.0 Insecure Settings**

    ====================================================================================================================================| # Title     : Prison Management System version 1.0 Insecure Settings Vulnerability                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.sourcecodester.com/php/15368/prison-management-system-phpoop-free-source-code.html                     |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/untcarriercom/admin/?page=system_infoGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,161)
*   Arbitrary (16,833)
*   BBS (2,859)
*   Bypass (1,853)
*   CGI (1,033)
*   Code Execution (7,780)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,380)
*   DoS (25,014)
*   Encryption (2,389)
*   Exploit (53,083)
*   File Inclusion (4,257)
*   File Upload (989)
*   Firewall (822)
*   Info Disclosure (2,876)
*   Intrusion Detection (914)
*   Java (3,141)
*   JavaScript (895)
*   Kernel (7,179)
*   Local (14,782)
*   Magazine (586)
*   Overflow (13,153)
*   Perl (1,435)
*   PHP (5,220)
*   Proof of Concept (2,381)
*   Protocol (3,723)
*   Python (1,630)
*   Remote (31,618)
*   Root (3,625)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,023)
*   Shell (3,272)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,271)
*   SQL Injection (16,589)
*   TCP (2,440)
*   Trojan (690)
*   UDP (901)
*   Virus (669)
*   Vulnerability (32,911)
*   Web (9,949)
*   Whitepaper (3,781)
*   x86 (967)
*   XSS (18,236)
*   Other

**File Archives**

*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   August 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,090)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,084)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,534)
*   HPUX (880)
*   iOS (376)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,556)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,418)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,700)
*   UNIX (9,431)
*   UnixWare (187)
*   Windows (6,667)
*   Other

Prison Management System version 1.0 Insecure Settings

Ubuntu Security Notice 6924-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6924-1July 29, 2024linux, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp,linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,linux-iot, linux-kvm, linux-raspi, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-bluefield: Linux kernel for NVIDIA BlueField platforms- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-iot: Linux kernel for IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-raspi: Linux kernel for Raspberry Pi systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM SCMI message protocol;  - InfiniBand drivers;  - TTY drivers;  - TLS protocol;(CVE-2024-26584, CVE-2024-36016, CVE-2024-26585, CVE-2021-47131,CVE-2024-26907, CVE-2022-48655, CVE-2024-26583)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1041-iot      5.4.0-1041.42  linux-image-5.4.0-1048-xilinx-zynqmp  5.4.0-1048.52  linux-image-5.4.0-1076-ibm      5.4.0-1076.81  linux-image-5.4.0-1089-bluefield  5.4.0-1089.96  linux-image-5.4.0-1096-gkeop    5.4.0-1096.100  linux-image-5.4.0-1113-raspi    5.4.0-1113.125  linux-image-5.4.0-1117-kvm      5.4.0-1117.124  linux-image-5.4.0-1133-gcp      5.4.0-1133.142  linux-image-5.4.0-1134-azure    5.4.0-1134.141  linux-image-5.4.0-190-generic   5.4.0-190.210  linux-image-5.4.0-190-generic-lpae  5.4.0-190.210  linux-image-5.4.0-190-lowlatency  5.4.0-190.210  linux-image-azure-lts-20.04     5.4.0.1134.128  linux-image-bluefield           5.4.0.1089.85  linux-image-gcp-lts-20.04       5.4.0.1133.135  linux-image-generic             5.4.0.190.188  linux-image-generic-lpae        5.4.0.190.188  linux-image-gkeop               5.4.0.1096.94  linux-image-gkeop-5.4           5.4.0.1096.94  linux-image-ibm-lts-20.04       5.4.0.1076.105  linux-image-kvm                 5.4.0.1117.113  linux-image-lowlatency          5.4.0.190.188  linux-image-oem                 5.4.0.190.188  linux-image-oem-osp1            5.4.0.190.188  linux-image-raspi               5.4.0.1113.143  linux-image-raspi2              5.4.0.1113.143  linux-image-virtual             5.4.0.190.188  linux-image-xilinx-zynqmp       5.4.0.1048.48Ubuntu 18.04 LTS  linux-image-5.4.0-1076-ibm      5.4.0-1076.81~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1133-gcp      5.4.0-1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1134-azure    5.4.0-1134.141~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-190-generic   5.4.0-190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-190-lowlatency  5.4.0-190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-azure               5.4.0.1134.141~18.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1133.142~18.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1076.81~18.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-oem                 5.4.0.190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.190.210~18.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.190.210~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6924-1  CVE-2021-47131, CVE-2022-48655, CVE-2024-26583, CVE-2024-26584,  CVE-2024-26585, CVE-2024-26907, CVE-2024-36016Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-190.210  https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1134.141  https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1089.96  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1133.142  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1096.100  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1076.81  https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1041.42  https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1117.124  https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1113.125  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1048.52

Ubuntu Security Notice USN-6924-1

Ubuntu Security Notice 6921-1 - Benedict SchlÃ¼ter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6921-1July 29, 2024linux, linux-aws, linux-gcp, linux-gke, linux-ibm, linux-nvidia,linux-oem-6.8, linux-raspi vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-nvidia: Linux kernel for NVIDIA systems- linux-oem-6.8: Linux kernel for OEM systems- linux-raspi: Linux kernel for Raspberry Pi systemsDetails:Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shindediscovered that an untrusted hypervisor could inject malicious #VCinterrupts and compromise the security guarantees of AMD SEV-SNP. This flawis known as WeSee. A local attacker in control of the hypervisor could usethis to expose sensitive information or possibly execute arbitrary code inthe trusted execution environment. (CVE-2024-25742)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - DMA engine subsystem;  - HID subsystem;  - I2C subsystem;  - PHY drivers;  - TTY drivers;  - IPv4 networking;(CVE-2024-35990, CVE-2024-35997, CVE-2024-35992, CVE-2024-35984,CVE-2024-36008, CVE-2024-36016)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1007-gke      6.8.0-1007.10  linux-image-6.8.0-1008-raspi    6.8.0-1008.8  linux-image-6.8.0-1009-ibm      6.8.0-1009.9  linux-image-6.8.0-1009-oem      6.8.0-1009.9  linux-image-6.8.0-1010-nvidia   6.8.0-1010.10  linux-image-6.8.0-1010-nvidia-64k  6.8.0-1010.10  linux-image-6.8.0-1011-gcp      6.8.0-1011.12  linux-image-6.8.0-1012-aws      6.8.0-1012.13  linux-image-6.8.0-39-generic    6.8.0-39.39  linux-image-6.8.0-39-generic-64k  6.8.0-39.39  linux-image-aws                 6.8.0-1012.13  linux-image-gcp                 6.8.0-1011.12  linux-image-generic             6.8.0-39.39  linux-image-generic-64k         6.8.0-39.39  linux-image-generic-64k-hwe-24.04  6.8.0-39.39  linux-image-generic-hwe-24.04   6.8.0-39.39  linux-image-generic-lpae        6.8.0-39.39  linux-image-gke                 6.8.0-1007.10  linux-image-ibm                 6.8.0-1009.9  linux-image-ibm-classic         6.8.0-1009.9  linux-image-ibm-lts-24.04       6.8.0-1009.9  linux-image-kvm                 6.8.0-39.39  linux-image-nvidia              6.8.0-1010.10  linux-image-nvidia-64k          6.8.0-1010.10  linux-image-oem-24.04           6.8.0-1009.9  linux-image-oem-24.04a          6.8.0-1009.9  linux-image-raspi               6.8.0-1008.8  linux-image-virtual             6.8.0-39.39  linux-image-virtual-hwe-24.04   6.8.0-39.39After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6921-1  CVE-2024-25742, CVE-2024-35984, CVE-2024-35990, CVE-2024-35992,  CVE-2024-35997, CVE-2024-36008, CVE-2024-36016Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-39.39  https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1012.13  https://launchpad.net/ubuntu/+source/linux-gcp/6.8.0-1011.12  https://launchpad.net/ubuntu/+source/linux-gke/6.8.0-1007.10  https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1009.9  https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1010.10  https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1009.9  https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1008.8

Ubuntu Security Notice USN-6921-1

Ubuntu Security Notice 6923-1 - Benedict SchlÃ¼ter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6923-1July 29, 2024linux, linux-aws, linux-gcp, linux-gke, linux-gkeop, linux-gkeop-5.15,linux-hwe-5.15, linux-intel-iotg, linux-intel-iotg-5.15, linux-kvm,linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-oraclevulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-intel-iotg: Linux kernel for Intel IoT platforms- linux-kvm: Linux kernel for cloud environments- linux-lowlatency: Linux low latency kernel- linux-nvidia: Linux kernel for NVIDIA systems- linux-oracle: Linux kernel for Oracle Cloud systems- linux-gkeop-5.15: Linux kernel for Google Container Engine (GKE) systems- linux-hwe-5.15: Linux hardware enablement (HWE) kernel- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms- linux-lowlatency-hwe-5.15: Linux low latency kernelDetails:Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shindediscovered that an untrusted hypervisor could inject malicious #VCinterrupts and compromise the security guarantees of AMD SEV-SNP. This flawis known as WeSee. A local attacker in control of the hypervisor could usethis to expose sensitive information or possibly execute arbitrary code inthe trusted execution environment. (CVE-2024-25742)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - TTY drivers;  - SMB network file system;  - Netfilter;  - Bluetooth subsystem;(CVE-2024-26886, CVE-2024-26952, CVE-2023-52752, CVE-2024-27017,CVE-2024-36016)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1049-gkeop   5.15.0-1049.56  linux-image-5.15.0-1061-intel-iotg  5.15.0-1061.67  linux-image-5.15.0-1061-nvidia  5.15.0-1061.62  linux-image-5.15.0-1061-nvidia-lowlatency  5.15.0-1061.62  linux-image-5.15.0-1063-gke     5.15.0-1063.69  linux-image-5.15.0-1063-kvm     5.15.0-1063.68  linux-image-5.15.0-1064-oracle  5.15.0-1064.70  linux-image-5.15.0-1065-gcp     5.15.0-1065.73  linux-image-5.15.0-1066-aws     5.15.0-1066.72  linux-image-5.15.0-117-generic  5.15.0-117.127  linux-image-5.15.0-117-generic-64k  5.15.0-117.127  linux-image-5.15.0-117-generic-lpae  5.15.0-117.127  linux-image-5.15.0-117-lowlatency  5.15.0-117.127  linux-image-5.15.0-117-lowlatency-64k  5.15.0-117.127  linux-image-aws-lts-22.04       5.15.0.1066.66  linux-image-gcp-lts-22.04       5.15.0.1065.61  linux-image-generic             5.15.0.117.117  linux-image-generic-64k         5.15.0.117.117  linux-image-generic-lpae        5.15.0.117.117  linux-image-gke                 5.15.0.1063.62  linux-image-gke-5.15            5.15.0.1063.62  linux-image-gkeop               5.15.0.1049.48  linux-image-gkeop-5.15          5.15.0.1049.48  linux-image-intel-iotg          5.15.0.1061.61  linux-image-kvm                 5.15.0.1063.59  linux-image-lowlatency          5.15.0.117.107  linux-image-lowlatency-64k      5.15.0.117.107  linux-image-nvidia              5.15.0.1061.61  linux-image-nvidia-lowlatency   5.15.0.1061.61  linux-image-oracle-lts-22.04    5.15.0.1064.60  linux-image-virtual             5.15.0.117.117Ubuntu 20.04 LTS  linux-image-5.15.0-1049-gkeop   5.15.0-1049.56~20.04.1  linux-image-5.15.0-1061-intel-iotg  5.15.0-1061.67~20.04.1  linux-image-5.15.0-117-generic  5.15.0-117.127~20.04.1  linux-image-5.15.0-117-generic-64k  5.15.0-117.127~20.04.1  linux-image-5.15.0-117-generic-lpae  5.15.0-117.127~20.04.1  linux-image-5.15.0-117-lowlatency  5.15.0-117.127~20.04.1  linux-image-5.15.0-117-lowlatency-64k  5.15.0-117.127~20.04.1  linux-image-generic-64k-hwe-20.04  5.15.0.117.127~20.04.1  linux-image-generic-hwe-20.04   5.15.0.117.127~20.04.1  linux-image-generic-lpae-hwe-20.04  5.15.0.117.127~20.04.1  linux-image-gkeop-5.15          5.15.0.1049.56~20.04.1  linux-image-intel               5.15.0.1061.67~20.04.1  linux-image-intel-iotg          5.15.0.1061.67~20.04.1  linux-image-lowlatency-64k-hwe-20.04  5.15.0.117.127~20.04.1  linux-image-lowlatency-hwe-20.04  5.15.0.117.127~20.04.1  linux-image-oem-20.04           5.15.0.117.127~20.04.1  linux-image-oem-20.04b          5.15.0.117.127~20.04.1  linux-image-oem-20.04c          5.15.0.117.127~20.04.1  linux-image-oem-20.04d          5.15.0.117.127~20.04.1  linux-image-virtual-hwe-20.04   5.15.0.117.127~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6923-1  CVE-2023-52752, CVE-2024-25742, CVE-2024-26886, CVE-2024-26952,  CVE-2024-27017, CVE-2024-36016Package Information:  https://launchpad.net/ubuntu/+source/linux/5.15.0-117.127  https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1066.72  https://launchpad.net/ubuntu/+source/linux-gcp/5.15.0-1065.73  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1063.69  https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1049.56  https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1061.67  https://launchpad.net/ubuntu/+source/linux-kvm/5.15.0-1063.68  https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-117.127  https://launchpad.net/ubuntu/+source/linux-nvidia/5.15.0-1061.62  https://launchpad.net/ubuntu/+source/linux-oracle/5.15.0-1064.70  https://launchpad.net/ubuntu/+source/linux-gkeop-5.15/5.15.0-1049.56~20.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-117.127~20.04.1  https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1061.67~20.04.1  https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-117.127~20.04.1

Ubuntu Security Notice USN-6923-1

Telegram for Android suffers from a use-after-free vulnerability in Connection::onReceivedData.

    Telegram for Android: Use-after-free in Connection::onReceivedDataReporting this in collaboration with Mitch, who found crashes indicating this issue and brought it to my attention.Related to https://bugs.chromium.org/p/project-zero/issues/detail?id=2505; there's another issue which I overlooked when reviewing the fix. If we look more closely at `Connection::onReceivedData`, there's another possibility that can invalidate `buffer`.```void Connection::onReceivedData(NativeByteBuffer *buffer) {  AES_ctr128_encrypt(buffer->bytes(), buffer->bytes(), buffer->limit(), &decryptKey, decryptIv, decryptCount, &decryptNum);    // snip...  NativeByteBuffer *reuseLater = nullptr;  while (buffer->hasRemaining()) {    // snip...    uint32_t old = buffer->limit();    buffer->limit(buffer->position() + currentPacketLength);    ConnectionsManager::getInstance(currentDatacenter->instanceNum).onConnectionDataReceived(this, buffer, currentPacketLength);    buffer->position(buffer->limit());  // <-- Use here    buffer->limit(old);    // snip...```We can see the call to `ConnectionsManager::onConnectionDataReceived`, and it should be the case that buffer etc. remain valid past this call. If we look at the implementation, we can see that (at least in the case where we aren't using a proxy) we call `connection->reconnect()````void ConnectionsManager::onConnectionDataReceived(Connection *connection, NativeByteBuffer *data, uint32_t length) {  bool error = false;  if (length <= 24 + 32) {    int32_t code = data->readInt32(&error);    if (code == 0) {      // snip...    } else {      Datacenter *datacenter = connection->getDatacenter();      if (LOGS_ENABLED) DEBUG_W(\"mtproto error = %d\", code);      if (code == -444 && connection->getConnectionType() == ConnectionTypeGeneric && !proxyAddress.empty() && !proxySecret.empty()) {        // snip...      } else if (code == -404 && (datacenter->isCdnDatacenter || PFS_ENABLED)) {        // snip...      } else {        connection->reconnect();      }    }    return;  }  // snip...````Connection::reconnect` calls down into `Connection::suspendConnection`, which releases `restOfTheData`, which may alias `buffer`.```void Connection::suspendConnection(bool idle) {  reconnectTimer->stop();  waitForReconnectTimer = false;  if (connectionState == TcpConnectionStageIdle || connectionState == TcpConnectionStageSuspended) {    return;  }  if (LOGS_ENABLED) DEBUG_D(\"connection(%p, account%u, dc%u, type %d) suspend\", this, currentDatacenter->instanceNum, currentDatacenter->getDatacenterId(), connectionType);  connectionState = idle ? TcpConnectionStageIdle : TcpConnectionStageSuspended;  dropConnection();  ConnectionsManager::getInstance(currentDatacenter->instanceNum).onConnectionClosed(this, 0);  firstPacketSent = false;  if (restOfTheData != nullptr) {    restOfTheData->reuse();  // <-- Free here    restOfTheData = nullptr;  }  lastPacketLength = 0;  connectionToken = 0;  wasConnected = false;}This will then lead to a use-after-free on buffer after returning from `ConnectionsManager::onConnectionDataReceived`.Crashes with a matching stack trace have been observed, so it is definitely possible for this to occur - since the simplest case requires that the client be connected directly to the datacenter instead of through a proxy, I haven't attempted to reproduce the issue yet. It is however possible to reach `connection->reconnect()` in multiple ways inside `ConnectionsManager::onConnectionDataReceived`, so it's very likely that this is also reachable in a similar way to issue 2505.This bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2024-07-23.Found by: markbrand@google.com

Telegram For Android Connection::onReceivedData Use-After-Free

PowerVR has an issue where wrapping addition in _DevmemXReservationPageAddress() causes an MMU operation at the wrong address.

PowerVR _DevmemXReservationPageAddress() Wrapping Addition Error

PowerVR has integer overflows in DevmemXIntMapPages() and DevmemXIntUnmapPages(), exploitable as dangling GPU page table entries.

PowerVR DevmemXIntMapPages() / DevmemXIntUnmapPages() Integer Overflows

PowerVR PMR allows physical memory to be freed before GPU TLB invalidation.

PowerVR PMR Physical Memory Handling Flaw

Ubuntu Security Notice 6922-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Chenyuan Yang discovered that the Unsorted Block Images flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6922-1July 29, 2024linux-nvidia-6.5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-nvidia-6.5: Linux kernel for NVIDIA systemsDetails:It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash devicevolume management subsystem did not properly validate logical eraseblocksizes in certain situations. An attacker could possibly use this to cause adenial of service (system crash). (CVE-2024-25739)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-6.5.0-1024-nvidia   6.5.0-1024.25  linux-image-6.5.0-1024-nvidia-64k  6.5.0-1024.25  linux-image-nvidia-6.5          6.5.0.1024.32  linux-image-nvidia-64k-6.5      6.5.0.1024.32  linux-image-nvidia-64k-hwe-22.04  6.5.0.1024.32  linux-image-nvidia-hwe-22.04    6.5.0.1024.32After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6922-1  CVE-2024-24857, CVE-2024-24858, CVE-2024-24859, CVE-2024-25739Package Information:  https://launchpad.net/ubuntu/+source/linux-nvidia-6.5/6.5.0-1024.25

Source

Packet Storm