Adam Zabrocki

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux anteriores à 5.10-rc1 **Descrição** Foi detectada uma falha do tipo “use-after-free” no arquivo kernel/trace/ring buffer.c, que poderia causar um problema de negação de serviço devido a uma condição de corrida (race condition) nas funções trace open e resize do buffer da CPU, executadas em paralelo em diferentes CPUs. Este problema também pode permitir que um invasor local com privilégios especiais de usuário vaze informações do kernel. **Recomendações** Para versões do kernel Linux anteriores à 5.10-rc1, atualize para a versão 5.10-rc1 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso ao componente kernel/trace/ring buffer.c para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Versões do kernel Linux anteriores à 5.6.5 **Descrição** Foi descoberta uma falha de controle de acesso a sinais no kernel do Linux. A falha é causada por um estouro de inteiro na variável `exec id` em `include/linux/sched.h`, o que pode interferir em um mecanismo de proteção. Isso permite que um processo filho envie um sinal arbitrário a um processo pai em um domínio de segurança diferente. A exploração dessa falha é limitada pelo tempo que leva para ocorrer um estouro de inteiro e pela ausência de cenários em que sinais enviados a um processo pai representem uma ameaça significativa. **Recomendações** Para versões do kernel Linux anteriores à 5.6.5, atualize para a versão 5.6.5 ou posterior para resolver o problema. Como solução temporária, considere restringir o tratamento de sinais entre processos pai e filho para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions 7.7 through 7.9 OpenSSH versions 8.x before 8.1 **Description** The issue is caused by an integer overflow in the XMSS key parsing algorithm, leading to memory corruption and local code execution. This occurs when OpenSSH is compiled with an experimental key type and a client or server is configured to use a crafted XMSS key. The XMSS implementation is considered experimental in all released OpenSSH versions. **Recommendations** For OpenSSH versions 7.7 through 7.9, consider disabling the experimental XMSS key type until a patch is available. For OpenSSH versions 8.x before 8.1, consider disabling the experimental XMSS key type until a patch is available. As a temporary workaround, avoid using the crafted XMSS key in the affected OpenSSH versions.

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined. **Description** A denial-of-service issue allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LCG Disk Pool Manager (DPM) versions prior to 1.8.6 **Description** The issue allows remote attackers to execute arbitrary SQL commands via vulnerable variables in several functions. The affected variables include `r token`, `surl`, `to surl`, `u token`, and `s token` in various functions such as `dpm get pending req by token`, `dpm get cpr by surl`, `dpm get cpr by surls`, and others. Additionally, remote administrators can execute arbitrary SQL commands via the `poolname` variable in functions like `dpm get pool entry` and `dpm insert fs entry`. **Recommendations** For LCG Disk Pool Manager (DPM) versions prior to 1.8.6, update to version 1.8.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functions and variables until a patch is applied. Avoid using the vulnerable variables `r token`, `surl`, `to surl`, `u token`, `s token`, and `poolname` in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OPIE versions 2.4.1-test1 and earlier **Description** The issue is related to an off-by-one error in the ` opiereadrec` function in `readrec.c` in `libopie`. This error can be exploited by remote attackers to cause a denial of service, potentially leading to a daemon crash, or possibly execute arbitrary code. The exploitation can be achieved via a long `username` by sending a long USER command, for example, to the FreeBSD `ftpd`. Additionally, there are multiple vulnerabilities in the OPIE package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For OPIE versions 2.4.1-test1 and earlier, consider updating to a version that fixes the off-by-one error in the ` opiereadrec` function to prevent potential denial of service or arbitrary code execution. As a temporary workaround, consider restricting the length of the `username` parameter to prevent exploitation until a patch is available. Restrict access to the `ftpd` service to minimize the risk of remote exploitation.

**Name of the Vulnerable Software and Affected Versions** Fcron versions 2.9.5 through 3.0.0 **Description** The issue allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file used during conversion by `convert-fcrontab` in Fcron. **Recommendations** For Fcron versions 2.9.5 through 3.0.0, consider restricting access to the `convert-fcrontab` function until a patch is available. As a temporary workaround, avoid using `convert-fcrontab` for remote conversions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** wu-ftpd versions 2.6.1 through 2.6.2 **Description** The issue concerns multiple vulnerabilities in the wu-ftpd package of the Debian GNU/Linux operating system, which can lead to disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the wu fnmatch function in wu-ftpd allows remote attackers to cause a denial of service via a glob pattern with a large number of * (wildcard) characters. **Recommendations** For versions 2.6.1 and 2.6.2, consider disabling the wu fnmatch function as a temporary workaround to prevent CPU exhaustion by recursion until a patch is available. Restrict access to the wu-ftpd service to minimize the risk of exploitation. Avoid using glob patterns with a large number of * (wildcard) characters in the dir command until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** kdegraphics versions prior to 3.02pl4 Xpdf versions 2.x and 3.x before 3.02pl4 Poppler version 0.x libkscan-dev (affected versions not specified) kdegraphics-dev (affected versions not specified) xpdf-common (affected versions not specified) kviewshell (affected versions not specified) kdegraphics-dbg (affected versions not specified) kdegraphics-doc-html (affected versions not specified) kdvi (affected versions not specified) xpdf-reader (affected versions not specified) kdegraphics (affected versions not specified) libkscan1 (affected versions not specified) xpdf-utils (affected versions not specified) kdegraphics-kfile-plugins (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libkscan-dev, kdegraphics-dev, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, kdegraphics, libkscan1, xpdf-utils, and kdegraphics-kfile-plugins. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. The Splash::drawImage function in Splash.cc in Xpdf and Poppler does not properly allocate memory, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. **Recommendations** For Xpdf versions 2.x and 3.x, update to version 3.02pl4 or later. For Poppler version 0.x, update to a version that includes the fix for the memory allocation issue. For kdegraphics versions prior to 3.02pl4, update to version 3.02pl4 or later. For libkscan-dev, kdegraphics-dev, xpdf-common, kviewshell, kdegraphics-dbg, kdegraphics-doc-html, kdvi, xpdf-reader, kdegraphics, libkscan1, xpdf-utils, and kdegraphics-kfile-plugins, at the moment, there is no information about a newer version that contains a fix for this vulnerability.