ISHACK AI BOT

Alma Linux: CVE-2023-34966: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) alma-upgrade-ctdb alma-upgrade-libnetapi alma-upgrade-libnetapi-devel alma-upgrade-libsmbclient alma-upgrade-libsmbclient-devel alma-upgrade-libwbclient alma-upgrade-libwbclient-devel alma-upgrade-python3-samba alma-upgrade-python3-samba-dc alma-upgrade-python3-samba-devel alma-upgrade-python3-samba-test alma-upgrade-samba alma-upgrade-samba-client alma-upgrade-samba-client-libs alma-upgrade-samba-common alma-upgrade-samba-common-libs alma-upgrade-samba-common-tools alma-upgrade-samba-dc-libs alma-upgrade-samba-dcerpc alma-upgrade-samba-devel alma-upgrade-samba-krb5-printing alma-upgrade-samba-ldb-ldap-modules alma-upgrade-samba-libs alma-upgrade-samba-pidl alma-upgrade-samba-test alma-upgrade-samba-test-libs alma-upgrade-samba-tools alma-upgrade-samba-usershares alma-upgrade-samba-vfs-iouring alma-upgrade-samba-winbind alma-upgrade-samba-winbind-clients alma-upgrade-samba-winbind-krb5-locator alma-upgrade-samba-winbind-modules alma-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 https://errata.almalinux.org/8/ALSA-2023-7139.html https://errata.almalinux.org/9/ALSA-2023-6667.html

Huawei EulerOS: CVE-2023-34967: samba security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) huawei-euleros-2_0_sp8-upgrade-ctdb huawei-euleros-2_0_sp8-upgrade-ctdb-tests huawei-euleros-2_0_sp8-upgrade-libsmbclient huawei-euleros-2_0_sp8-upgrade-libwbclient huawei-euleros-2_0_sp8-upgrade-python2-samba huawei-euleros-2_0_sp8-upgrade-python2-samba-test huawei-euleros-2_0_sp8-upgrade-python3-samba huawei-euleros-2_0_sp8-upgrade-python3-samba-test huawei-euleros-2_0_sp8-upgrade-samba huawei-euleros-2_0_sp8-upgrade-samba-client huawei-euleros-2_0_sp8-upgrade-samba-client-libs huawei-euleros-2_0_sp8-upgrade-samba-common huawei-euleros-2_0_sp8-upgrade-samba-common-libs huawei-euleros-2_0_sp8-upgrade-samba-common-tools huawei-euleros-2_0_sp8-upgrade-samba-dc-libs huawei-euleros-2_0_sp8-upgrade-samba-krb5-printing huawei-euleros-2_0_sp8-upgrade-samba-libs huawei-euleros-2_0_sp8-upgrade-samba-pidl huawei-euleros-2_0_sp8-upgrade-samba-test huawei-euleros-2_0_sp8-upgrade-samba-test-libs huawei-euleros-2_0_sp8-upgrade-samba-winbind huawei-euleros-2_0_sp8-upgrade-samba-winbind-clients huawei-euleros-2_0_sp8-upgrade-samba-winbind-krb5-locator huawei-euleros-2_0_sp8-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 EulerOS-SA-2023-3157

Huawei EulerOS: CVE-2023-34966: samba security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) huawei-euleros-2_0_sp10-upgrade-libsmbclient huawei-euleros-2_0_sp10-upgrade-libwbclient huawei-euleros-2_0_sp10-upgrade-samba huawei-euleros-2_0_sp10-upgrade-samba-client huawei-euleros-2_0_sp10-upgrade-samba-common huawei-euleros-2_0_sp10-upgrade-samba-common-tools huawei-euleros-2_0_sp10-upgrade-samba-libs huawei-euleros-2_0_sp10-upgrade-samba-winbind huawei-euleros-2_0_sp10-upgrade-samba-winbind-clients huawei-euleros-2_0_sp10-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 EulerOS-SA-2023-3229

OS X update for BOM (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUserEthernet (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-3674: keylime (RLSA-2024-1139) Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:P/A:N) Published 07/19/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/30/2025 Description A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. Solution(s) rocky-upgrade-keylime rocky-upgrade-keylime-base rocky-upgrade-keylime-registrar rocky-upgrade-keylime-tenant rocky-upgrade-keylime-verifier rocky-upgrade-python3-keylime References https://attackerkb.com/topics/cve-2023-3674 CVE - 2023-3674 https://errata.rockylinux.org/RLSA-2024:1139

Rocky Linux: CVE-2023-3446: edk2 (RLSA-2024-2264) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) rocky-upgrade-edk2-tools rocky-upgrade-edk2-tools-debuginfo References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 https://errata.rockylinux.org/RLSA-2024:2264

CentOS Linux: CVE-2023-3446: Low: openssl security update (CESA-2023:7877) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 12/21/2023 Added 12/20/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) centos-upgrade-openssl centos-upgrade-openssl-debuginfo centos-upgrade-openssl-debugsource centos-upgrade-openssl-devel centos-upgrade-openssl-libs centos-upgrade-openssl-libs-debuginfo centos-upgrade-openssl-perl References CVE-2023-3446

FreeBSD: VID-441E1E1A-27A5-11EE-A156-080027F5FEC9 (CVE-2023-34967): samba -- multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 08/09/2023 Added 08/06/2023 Modified 01/28/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) freebsd-upgrade-package-samba413 freebsd-upgrade-package-samba416 References CVE-2023-34967

FreeBSD: VID-441E1E1A-27A5-11EE-A156-080027F5FEC9 (CVE-2023-34968): samba -- multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/19/2023 Created 08/09/2023 Added 08/06/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) freebsd-upgrade-package-samba413 freebsd-upgrade-package-samba416 References CVE-2023-34968

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-38205) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 07/19/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-38205 CVE - 2023-38205 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Oracle Linux: CVE-2023-34966: ELSA-2023-7139:samba security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 11/18/2023 Added 11/16/2023 Modified 12/05/2024 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) oracle-linux-upgrade-evolution-mapi oracle-linux-upgrade-evolution-mapi-langpacks oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-openchange oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 ELSA-2023-7139 ELSA-2023-6667

Oracle Linux: CVE-2023-3347: ELSA-2023-4325:samba security and bug fix update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:C/A:N) Published 07/19/2023 Created 08/04/2023 Added 08/03/2023 Modified 12/05/2024 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) oracle-linux-upgrade-ctdb oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-glusterfs oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347 ELSA-2023-4325 ELSA-2023-4328

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-38206) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/19/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-38206 CVE - 2023-38206 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Foxit Reader: Unspecified Security Vulnerability (CVE-2023-33876) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-33876 CVE - 2023-33876 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1796

APSB23-47: Security updates available for Adobe ColdFusion | APSB23-47 (CVE-2023-38204) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. Solution(s) adobe-coldfusion-2018-release-update-19 adobe-coldfusion-2021-release-update-9 adobe-coldfusion-2023-release-update-3 References https://attackerkb.com/topics/cve-2023-38204 CVE - 2023-38204 https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html

Huawei EulerOS: CVE-2023-3446: shim security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp8-upgrade-shim-aa64 References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 EulerOS-SA-2024-1299

Ubuntu: USN-6238-1 (CVE-2022-2127): Samba vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) ubuntu-upgrade-samba References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 USN-6238-1

Foxit Reader: Use After Free (CVE-2023-33866) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-33866 CVE - 2023-33866 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1757

Foxit Reader: Unspecified Security Vulnerability (CVE-2023-32664) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-32664 CVE - 2023-32664 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1795

Amazon Linux 2023: CVE-2023-34966: Important priority package update for samba Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) amazon-linux-2023-upgrade-libnetapi amazon-linux-2023-upgrade-libnetapi-debuginfo amazon-linux-2023-upgrade-libnetapi-devel amazon-linux-2023-upgrade-libsmbclient amazon-linux-2023-upgrade-libsmbclient-debuginfo amazon-linux-2023-upgrade-libsmbclient-devel amazon-linux-2023-upgrade-libwbclient amazon-linux-2023-upgrade-libwbclient-debuginfo amazon-linux-2023-upgrade-libwbclient-devel amazon-linux-2023-upgrade-python3-samba amazon-linux-2023-upgrade-python3-samba-dc amazon-linux-2023-upgrade-python3-samba-dc-debuginfo amazon-linux-2023-upgrade-python3-samba-debuginfo amazon-linux-2023-upgrade-python3-samba-devel amazon-linux-2023-upgrade-python3-samba-test amazon-linux-2023-upgrade-samba amazon-linux-2023-upgrade-samba-client amazon-linux-2023-upgrade-samba-client-debuginfo amazon-linux-2023-upgrade-samba-client-libs amazon-linux-2023-upgrade-samba-client-libs-debuginfo amazon-linux-2023-upgrade-samba-common amazon-linux-2023-upgrade-samba-common-libs amazon-linux-2023-upgrade-samba-common-libs-debuginfo amazon-linux-2023-upgrade-samba-common-tools amazon-linux-2023-upgrade-samba-common-tools-debuginfo amazon-linux-2023-upgrade-samba-dcerpc amazon-linux-2023-upgrade-samba-dcerpc-debuginfo amazon-linux-2023-upgrade-samba-dc-libs amazon-linux-2023-upgrade-samba-dc-libs-debuginfo amazon-linux-2023-upgrade-samba-debuginfo amazon-linux-2023-upgrade-samba-debugsource amazon-linux-2023-upgrade-samba-devel amazon-linux-2023-upgrade-samba-krb5-printing amazon-linux-2023-upgrade-samba-krb5-printing-debuginfo amazon-linux-2023-upgrade-samba-ldb-ldap-modules amazon-linux-2023-upgrade-samba-ldb-ldap-modules-debuginfo amazon-linux-2023-upgrade-samba-libs amazon-linux-2023-upgrade-samba-libs-debuginfo amazon-linux-2023-upgrade-samba-pidl amazon-linux-2023-upgrade-samba-test amazon-linux-2023-upgrade-samba-test-debuginfo amazon-linux-2023-upgrade-samba-test-libs amazon-linux-2023-upgrade-samba-test-libs-debuginfo amazon-linux-2023-upgrade-samba-tools amazon-linux-2023-upgrade-samba-usershares amazon-linux-2023-upgrade-samba-vfs-iouring amazon-linux-2023-upgrade-samba-vfs-iouring-debuginfo amazon-linux-2023-upgrade-samba-winbind amazon-linux-2023-upgrade-samba-winbind-clients amazon-linux-2023-upgrade-samba-winbind-clients-debuginfo amazon-linux-2023-upgrade-samba-winbind-debuginfo amazon-linux-2023-upgrade-samba-winbind-krb5-locator amazon-linux-2023-upgrade-samba-winbind-krb5-locator-debuginfo amazon-linux-2023-upgrade-samba-winbind-modules amazon-linux-2023-upgrade-samba-winbind-modules-debuginfo References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 https://alas.aws.amazon.com/AL2023/ALAS-2023-316.html

Amazon Linux 2023: CVE-2023-38408: Important priority package update for openssh Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent. Solution(s) amazon-linux-2023-upgrade-openssh amazon-linux-2023-upgrade-openssh-clients amazon-linux-2023-upgrade-openssh-clients-debuginfo amazon-linux-2023-upgrade-openssh-debuginfo amazon-linux-2023-upgrade-openssh-debugsource amazon-linux-2023-upgrade-openssh-keycat amazon-linux-2023-upgrade-openssh-keycat-debuginfo amazon-linux-2023-upgrade-openssh-server amazon-linux-2023-upgrade-openssh-server-debuginfo amazon-linux-2023-upgrade-pam-ssh-agent-auth amazon-linux-2023-upgrade-pam-ssh-agent-auth-debuginfo References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 https://alas.aws.amazon.com/AL2023/ALAS-2023-273.html

Amazon Linux 2023: CVE-2023-4004: Important priority package update for kernel Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-49-69-116 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 https://alas.aws.amazon.com/AL2023/ALAS-2023-330.html

Ubuntu: (Multiple Advisories) (CVE-2023-3446): OpenSSL vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) ubuntu-pro-upgrade-libssl1-0-0 ubuntu-pro-upgrade-libssl1-1 ubuntu-pro-upgrade-libssl3 ubuntu-pro-upgrade-openssl References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 USN-6435-1 USN-6435-2 USN-6450-1 USN-6709-1 USN-7018-1

Huawei EulerOS: CVE-2023-3446: shim security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp5-upgrade-shim-unsigned-x64 References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 EulerOS-SA-2024-1164