CVE-2022-31214
https://notcve.org/view.php?id=CVE-2022-31214
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. Se ha detectado un problema de cambio de contexto de privilegios en el archivo join.c en Firejail versión 0.9.68. Al diseñar un contenedor Firejail falso que es aceptado por el programa Firejail setuid-root como objetivo de join, un atacante local puede entrar en un entorno en el que el espacio de nombres de usuario de Linux sigue siendo el espacio de nombres de usuario inicial, el prctl NO_NEW_PRIVS no está activado, y el espacio de nombres de montaje introducido está bajo el control del atacante. • https://firejail.wordpress.com/download-2/release-notes https://lists.debian.org/debian-lts-announce/2022/06/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RZOTZ36RUSL6DOVHITY25ZYKWTG5HN3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KUZZ5M6LIBYRKTKGROXC47TDC3FRTGJF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIBEBE3KFINMGJATBQQS7D2VQQ62ZVMF https://security.gentoo.org/glsa/202305-19 h • CWE-269: Improper Privilege Management •
CVE-2022-31813 – mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism
https://notcve.org/view.php?id=CVE-2022-31813
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. Apache HTTP Server versiones 2.4.53 y anteriores, no envían los encabezados X-Forwarded-* al servidor de origen basándose en el mecanismo hop-by-hop del encabezado de conexión del lado del cliente. Esto puede usarse para evitar la autenticación basada en la IP en el servidor de origen/aplicación A flaw was found in the mod_proxy module of httpd. The server may remove the X-Forwarded-* headers from a request based on the client-side Connection header hop-by-hop mechanism. • http://www.openwall.com/lists/oss-security/2022/06/08/8 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-31813 ht • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVE-2022-30556 – Information Disclosure in mod_lua with websockets
https://notcve.org/view.php?id=CVE-2022-30556
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. Apache HTTP Server versiones 2.4.53 y anteriores, pueden devolver longitudes a las aplicaciones que llaman a r:wsread() que apuntan más allá del final del almacenamiento asignado para el buffer A flaw was found in the mod_lua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure. • http://www.openwall.com/lists/oss-security/2022/06/08/7 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-30556 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-30522 – mod_sed denial of service
https://notcve.org/view.php?id=CVE-2022-30522
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. Si Apache HTTP Server versión 2.4.53, está configurado para hacer transformaciones con mod_sed en contextos en los que la entrada a mod_sed puede ser muy grande, mod_sed puede hacer asignaciones de memoria excesivamente grandes y provocar un aborto A flaw was found in the mod_sed module of httpd. A very large input to the mod_sed module can result in a denial of service due to excessively large memory allocations. • http://www.openwall.com/lists/oss-security/2022/06/08/6 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-30522 ht • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •
CVE-2022-29404 – Denial of service in mod_lua r:parsebody
https://notcve.org/view.php?id=CVE-2022-29404
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. En Apache HTTP Server 2.4.53 y anteriores, una petición maliciosa a un script lua que llame a r:parsebody(0) puede causar una denegación de servicio debido a que no presenta un límite por defecto en el tamaño posible de la entrada A flaw was found in the mod_lua module of httpd. A malicious request to a Lua script that calls parsebody(0) can lead to a denial of service due to no default limit on the possible input size. • http://www.openwall.com/lists/oss-security/2022/06/08/5 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND https://security.gentoo.org/glsa/202208-20 https://security.netapp.com/advisory/ntap-20220624-0005 https://access.redhat.com/security/cve/CVE-2022-29404 ht • CWE-770: Allocation of Resources Without Limits or Throttling •