CVE-2023-6395 – Mock: privilege escalation for users that can access mock configuration
https://notcve.org/view.php?id=CVE-2023-6395
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server. El software Mock contiene una vulnerabilidad en la que un atacante podría explotar la escalada de privilegios, permitiendo la ejecución de código arbitrario con privilegios de usuario root. • http://www.openwall.com/lists/oss-security/2024/01/16/1 http://www.openwall.com/lists/oss-security/2024/01/16/3 https://access.redhat.com/security/cve/CVE-2023-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2252206 https://github.com/xsuchy/templated-dictionary/commit/0740bd0ca8d487301881541028977d120f8b8933 https://github.com/xsuchy/templated-dictionary/commit/bcd90f0dafa365575c4b101e6f5d98c4ef4e4b69 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTB • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-0567 – Gnutls: rejects certificate chain with distributed trust
https://notcve.org/view.php?id=CVE-2024-0567
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. Se encontró una vulnerabilidad en GnuTLS, donde una cabina (que usa gnuTLS) rechaza una cadena de certificados con confianza distribuida. Este problema ocurre al validar una cadena de certificados con cockpit-certificate-ensure. • http://www.openwall.com/lists/oss-security/2024/01/19/3 https://access.redhat.com/errata/RHSA-2024:0533 https://access.redhat.com/errata/RHSA-2024:1082 https://access.redhat.com/errata/RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.fedoraproject.org/archives/list/package-announce@lists. • CWE-347: Improper Verification of Cryptographic Signature •
CVE-2023-4001 – Grub2: bypass the grub password protection feature
https://notcve.org/view.php?id=CVE-2023-4001
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package. Se encontró un fallo de omisión de autenticación en GRUB debido a la forma en que GRUB usa el UUID de un dispositivo para buscar el archivo de configuración que contiene el hash de contraseña para la función de protección de contraseña de GRUB. Un atacante capaz de conectar una unidad externa, como una memoria USB que contenga un sistema de archivos con un UUID duplicado (el mismo que en el sistema de archivos "/boot/") puede omitir la función de protección con contraseña GRUB en los sistemas UEFI, que enumeran unidades extraíbles. antes que los no removibles. • http://www.openwall.com/lists/oss-security/2024/01/15/3 https://access.redhat.com/errata/RHSA-2024:0437 https://access.redhat.com/errata/RHSA-2024:0456 https://access.redhat.com/errata/RHSA-2024:0468 https://access.redhat.com/security/cve/CVE-2023-4001 https://bugzilla.redhat.com/show_bug.cgi?id=2224951 https://dfir.ru/2024/01/15/cve-2023-4001-a-vulnerability-in-the-downstream-grub-boot-manager https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject& • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-0333
https://notcve.org/view.php?id=CVE-2024-0333
Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) La validación de datos insuficiente en Extensions de Google Chrome anteriores a 120.0.6099.216 permitió a un atacante en una posición privilegiada de la red instalar una extensión maliciosa a través de una página HTML manipulada. (Severidad de seguridad de Chromium: alta) • https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html https://crbug.com/1513379 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B •
CVE-2023-41056 – Redis vulnerable to integer overflow in certain payloads
https://notcve.org/view.php?id=CVE-2023-41056
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. Redis es una base de datos en memoria que persiste en el disco. Redis maneja incorrectamente el cambio de tamaño de los búferes de memoria, lo que puede provocar un desbordamiento de enteros que provoca un desbordamiento del montón y una posible ejecución remota de código. • https://github.com/redis/redis/releases/tag/7.0.15 https://github.com/redis/redis/releases/tag/7.2.4 https://github.com/redis/redis/security/advisories/GHSA-xr47-pcmx-fq2m https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JTGQJ2YLYB24B72I5B5H32YIMPVSWIT https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JTWHPLC3RI67VNRDOIXLDVNC5YMYBMQN https://security.netapp.com/advisory/ntap-20240223-0003 • CWE-190: Integer Overflow or Wraparound CWE-762: Mismatched Memory Management Routines •