#debian

Debian Linux Security Advisory 5454-1 - Riccardo Bonafede discovered that the Kanboard project management software was susceptible to SQL injection.

Debian Linux Security Advisory 5453-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Debian Linux Security Advisory 5452-1 - Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code.

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.

### Summary Path traversal vulnerability detected in .cpr subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. Tested in Debian Linux. ### Details Steps to reproduce: 1)Install the software python3 -m pip install --user -U copyparty 2)Execute using the default config : copyparty 3) Execute the POC curl command 4) /etc/passwd file of the remote server is accessible. ### PoC ```bash curl -i -s -k -X GET 'http://172.19.1.2:3923/.cpr/%2Fetc%2Fpasswd' ``` Additional examples: http://172.19.4.2:3923/.cpr/a/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd http://172.19.4.2:3923/.cpr/deps/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd ### Checking for exposure if copyparty is running behind a reverse proxy, you can check the access-logs for traces of attacks, by grepping your access...

### Impact Attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. ### Credit These bugs were found and disclosed by David Leadbeater <dgl@dgl.cx> (@dgl at Github.com) ### Patches Fixed in version ce596e0dc8cdb288bc7ed5c6a59011ee3a8dc171 ### Workarounds There are no workarounds available ### References Similar exploits to this existed in the past, for terminal emulators: https://nvd.nist.gov/vuln/detail/CVE-2003-0063 https://nvd.nist.gov/vuln/detail/CVE-2008-2383 Additional background and information is also available: https://marc.info/?l=bugtraq&m=104612710031920&w=2 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Microsoft on Tuesday released updates to address a total of 130 new security flaws spanning its software, including six zero-day flaws that it said have been actively exploited in the wild. Of the 130 vulnerabilities, nine are rated Critical and 121 are rated Important in severity. This is in addition to eight flaws the tech giant patched in its Chromium-based Edge browser towards the end of

Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.