ISHACK AI BOT

Rocky Linux: CVE-2022-28737: grub2,-mokutil,-shim,-and-shim-unsigned-x64 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/30/2025 Description There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. Solution(s) rocky-upgrade-grub2-debuginfo rocky-upgrade-grub2-debugsource rocky-upgrade-grub2-efi-ia32 rocky-upgrade-grub2-efi-ia32-cdboot rocky-upgrade-grub2-efi-x64 rocky-upgrade-grub2-efi-x64-cdboot rocky-upgrade-grub2-pc rocky-upgrade-grub2-tools rocky-upgrade-grub2-tools-debuginfo rocky-upgrade-grub2-tools-efi rocky-upgrade-grub2-tools-efi-debuginfo rocky-upgrade-grub2-tools-extra rocky-upgrade-grub2-tools-extra-debuginfo rocky-upgrade-grub2-tools-minimal rocky-upgrade-grub2-tools-minimal-debuginfo rocky-upgrade-mokutil rocky-upgrade-mokutil-debuginfo rocky-upgrade-mokutil-debugsource rocky-upgrade-shim-ia32 rocky-upgrade-shim-unsigned-x64 rocky-upgrade-shim-x64 References https://attackerkb.com/topics/cve-2022-28737 CVE - 2022-28737 https://errata.rockylinux.org/RLSA-2022:5095 https://errata.rockylinux.org/RLSA-2022:5099

VMware Photon OS: CVE-2022-28733 Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-28733 CVE - 2022-28733

Samba CVE-2023-34968: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967 and CVE-2023-34968. Please see announcements for details. Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) samba-upgrade-4_16_11 samba-upgrade-4_17_10 samba-upgrade-4_18_5 References https://attackerkb.com/topics/cve-2023-34968 CVE - 2023-34968 http://www.samba.org/samba/security/CVE-2023-34968.html

Alma Linux: CVE-2023-3347: Moderate: samba security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/30/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) alma-upgrade-ctdb alma-upgrade-libnetapi alma-upgrade-libnetapi-devel alma-upgrade-libsmbclient alma-upgrade-libsmbclient-devel alma-upgrade-libwbclient alma-upgrade-libwbclient-devel alma-upgrade-python3-samba alma-upgrade-python3-samba-dc alma-upgrade-python3-samba-devel alma-upgrade-python3-samba-test alma-upgrade-samba alma-upgrade-samba-client alma-upgrade-samba-client-libs alma-upgrade-samba-common alma-upgrade-samba-common-libs alma-upgrade-samba-common-tools alma-upgrade-samba-dc-libs alma-upgrade-samba-dcerpc alma-upgrade-samba-devel alma-upgrade-samba-krb5-printing alma-upgrade-samba-ldb-ldap-modules alma-upgrade-samba-libs alma-upgrade-samba-pidl alma-upgrade-samba-test alma-upgrade-samba-test-libs alma-upgrade-samba-tools alma-upgrade-samba-usershares alma-upgrade-samba-vfs-iouring alma-upgrade-samba-winbind alma-upgrade-samba-winbind-clients alma-upgrade-samba-winbind-krb5-locator alma-upgrade-samba-winbind-modules alma-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347 https://errata.almalinux.org/8/ALSA-2023-4328.html https://errata.almalinux.org/9/ALSA-2023-4325.html

FreeBSD: (Multiple Advisories) (CVE-2023-38408): FreeBSD -- Potential remote code execution via ssh-agent forwarding Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 07/25/2023 Added 07/22/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) freebsd-upgrade-base-12_4-release-p4 freebsd-upgrade-base-13_1-release-p9 freebsd-upgrade-base-13_2-release-p2 freebsd-upgrade-package-openssh-portable freebsd-upgrade-package-openssh-portable-gssapi freebsd-upgrade-package-openssh-portable-hpn References CVE-2023-38408

Alma Linux: CVE-2023-34968: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) alma-upgrade-ctdb alma-upgrade-libnetapi alma-upgrade-libnetapi-devel alma-upgrade-libsmbclient alma-upgrade-libsmbclient-devel alma-upgrade-libwbclient alma-upgrade-libwbclient-devel alma-upgrade-python3-samba alma-upgrade-python3-samba-dc alma-upgrade-python3-samba-devel alma-upgrade-python3-samba-test alma-upgrade-samba alma-upgrade-samba-client alma-upgrade-samba-client-libs alma-upgrade-samba-common alma-upgrade-samba-common-libs alma-upgrade-samba-common-tools alma-upgrade-samba-dc-libs alma-upgrade-samba-dcerpc alma-upgrade-samba-devel alma-upgrade-samba-krb5-printing alma-upgrade-samba-ldb-ldap-modules alma-upgrade-samba-libs alma-upgrade-samba-pidl alma-upgrade-samba-test alma-upgrade-samba-test-libs alma-upgrade-samba-tools alma-upgrade-samba-usershares alma-upgrade-samba-vfs-iouring alma-upgrade-samba-winbind alma-upgrade-samba-winbind-clients alma-upgrade-samba-winbind-krb5-locator alma-upgrade-samba-winbind-modules alma-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34968 CVE - 2023-34968 https://errata.almalinux.org/8/ALSA-2023-7139.html https://errata.almalinux.org/9/ALSA-2023-6667.html

Alma Linux: CVE-2023-34967: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) alma-upgrade-ctdb alma-upgrade-libnetapi alma-upgrade-libnetapi-devel alma-upgrade-libsmbclient alma-upgrade-libsmbclient-devel alma-upgrade-libwbclient alma-upgrade-libwbclient-devel alma-upgrade-python3-samba alma-upgrade-python3-samba-dc alma-upgrade-python3-samba-devel alma-upgrade-python3-samba-test alma-upgrade-samba alma-upgrade-samba-client alma-upgrade-samba-client-libs alma-upgrade-samba-common alma-upgrade-samba-common-libs alma-upgrade-samba-common-tools alma-upgrade-samba-dc-libs alma-upgrade-samba-dcerpc alma-upgrade-samba-devel alma-upgrade-samba-krb5-printing alma-upgrade-samba-ldb-ldap-modules alma-upgrade-samba-libs alma-upgrade-samba-pidl alma-upgrade-samba-test alma-upgrade-samba-test-libs alma-upgrade-samba-tools alma-upgrade-samba-usershares alma-upgrade-samba-vfs-iouring alma-upgrade-samba-winbind alma-upgrade-samba-winbind-clients alma-upgrade-samba-winbind-krb5-locator alma-upgrade-samba-winbind-modules alma-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 https://errata.almalinux.org/8/ALSA-2023-7139.html https://errata.almalinux.org/9/ALSA-2023-6667.html

VMware Photon OS: CVE-2023-38408 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408

VMware Photon OS: CVE-2022-28735 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-28735 CVE - 2022-28735

Debian: CVE-2023-38408: openssh -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/18/2023 Added 08/18/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) debian-upgrade-openssh References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 DLA-3532-1

OS X update for IOAcceleratorFamily (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Oracle Linux: CVE-2023-3417: ELSA-2023-4499:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 08/10/2023 Added 08/08/2023 Modified 12/06/2024 Description Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while infact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Solution(s) oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-3417 CVE - 2023-3417 ELSA-2023-4499 ELSA-2023-4497 ELSA-2023-4495

IBM AIX: openssh_advisory15 (CVE-2023-38408): Vulnerabilities in OpenSSH affect AIX Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) ibm-aix-openssh_advisory15 References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 https://aix.software.ibm.com/aix/efixes/security/openssh_advisory15.asc

OS X update for libxslt (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CUPS (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-34968: samba -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-34968 CVE - 2023-34968 DSA-5477-1

Debian: CVE-2022-28733: grub2 -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2022-28733 CVE - 2022-28733

SUSE: CVE-2023-38408: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) suse-upgrade-openssh suse-upgrade-openssh-askpass-gnome suse-upgrade-openssh-cavs suse-upgrade-openssh-clients suse-upgrade-openssh-common suse-upgrade-openssh-fips suse-upgrade-openssh-helpers suse-upgrade-openssh-server References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408

SUSE: CVE-2023-34968: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-34968 CVE - 2023-34968

OS X update for Image Capture (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-3347: samba -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347 DSA-5477-1

OS X update for Maps (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-34967: samba -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 DSA-5477-1

Debian: CVE-2023-34966: samba -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 DSA-5477-1