CVE-2023-5455 – Ipa: invalid csrf protection
https://notcve.org/view.php?id=CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. • https://access.redhat.com/errata/RHSA-2024:0137 https://access.redhat.com/errata/RHSA-2024:0138 https://access.redhat.com/errata/RHSA-2024:0139 https://access.redhat.com/errata/RHSA-2024:0140 https://access.redhat.com/errata/RHSA-2024:0141 https://access.redhat.com/errata/RHSA-2024:0142 https://access.redhat.com/errata/RHSA-2024:0143 https://access.redhat.com/errata/RHSA-2024:0144 https://access.redhat.com/errata/RHSA-2024:0145 https://access.redhat.com/errata/RHSA • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2023-5869 – Postgresql: buffer overrun from integer overflow in array modification
https://notcve.org/view.php?id=CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. • https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA • CWE-190: Integer Overflow or Wraparound •
CVE-2023-3972 – Insights-client: unsafe handling of temporary files and directories
https://notcve.org/view.php?id=CVE-2023-3972
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). Se encontró una vulnerabilidad en insights-client. • https://access.redhat.com/errata/RHSA-2023:6264 https://access.redhat.com/errata/RHSA-2023:6282 https://access.redhat.com/errata/RHSA-2023:6283 https://access.redhat.com/errata/RHSA-2023:6284 https://access.redhat.com/errata/RHSA-2023:6795 https://access.redhat.com/errata/RHSA-2023:6796 https://access.redhat.com/errata/RHSA-2023:6798 https://access.redhat.com/errata/RHSA-2023:6811 https://access.redhat.com/security/cve/CVE-2023-3972 https://bugzilla.redhat.com/show • CWE-379: Creation of Temporary File in Directory with Insecure Permissions CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-4911 – GNU C Library Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. Se descubrió un desbordamiento del búfer en el cargador dinámico ld.so de la librería GNU C mientras se procesaba la variable de entorno GLIBC_TUNABLES. Este problema podría permitir que un atacante local utilice variables de entorno GLIBC_TUNABLES manipuladas con fines malintencionados al iniciar archivos binarios con permiso SUID para ejecutar código con privilegios elevados. Dubbed Looney Tunables, Qualys discovered a buffer overflow vulnerability in the glibc dynamic loader's processing of the GLIBC_TUNABLES environment variable. • https://github.com/leesh3288/CVE-2023-4911 https://github.com/ruycr4ft/CVE-2023-4911 https://github.com/guffre/CVE-2023-4911 https://github.com/NishanthAnand21/CVE-2023-4911-PoC https://github.com/RickdeJager/CVE-2023-4911 https://github.com/hadrian3689/looney-tunables-CVE-2023-4911 https://github.com/Green-Avocado/CVE-2023-4911 https://github.com/xiaoQ1z/CVE-2023-4911 https://github.com/Diego-AltF4/CVE-2023-4911 https://github.com/KernelKrise/CVE-2023-4911 https:/ • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2023-3899 – Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration
https://notcve.org/view.php?id=CVE-2023-3899
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. • https://access.redhat.com/errata/RHSA-2023:4701 https://access.redhat.com/errata/RHSA-2023:4702 https://access.redhat.com/errata/RHSA-2023:4703 https://access.redhat.com/errata/RHSA-2023:4704 https://access.redhat.com/errata/RHSA-2023:4705 https://access.redhat.com/errata/RHSA-2023:4706 https://access.redhat.com/errata/RHSA-2023:4707 https://access.redhat.com/errata/RHSA-2023:4708 https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •