Jörg Schwenk

**Name of the Vulnerable Software and Affected Versions** BigBlueButton versions 3.0.19 and below **Description** BigBlueButton is a virtual classroom platform. When a user joins a session with the microphone initially muted, the client may send audio data to the server despite the mute state. While the server discards this audio, preventing it from being audible to other participants, a malicious server operator could potentially access this data. This behavior occurs only between joining the meeting and the first time the user unmutes. **Recommendations** Update to version 3.0.20 or later.

Nome do Software Vulnerável e Versões Afetadas: Versões do Apache HTTP Server até a 2.4.63 Descrição: Em certas configurações do mod ssl, um atacante man-in-the-middle pode sequestrar uma sessão HTTP por meio de um ataque de upgrade TLS. Este problema afeta configurações que utilizam "SSLEngine optional" para habilitar upgrades TLS. O ataque está relacionado à dessincronização HTTP. Recomendações: Atualize para a versão 2.4.64, que remove o suporte para upgrade TLS.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 9.6 **Description** The issue is related to errors in key management in the ssh-agent tool of OpenSSH. It allows an attacker to disclose protected information by exploiting certain destination constraints that are not fully applied when adding PKCS#11-hosted private keys. Specifically, when destination constraints are specified, they are only applied to the first key, even if a PKCS#11 token returns multiple keys. This can be exploited by sending a specially crafted request to obtain sensitive information, which can then be used to launch further attacks against the affected system. **Recommendations** For OpenSSH versions prior to 9.6, update to OpenSSH 9.6 to resolve the issue. As a temporary workaround, consider restricting the use of PKCS#11-hosted private keys until a patch is available. Avoid using the `PKCS#11` token in the affected ssh-agent tool to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 9.6 **Description** The issue is related to OS command injection in OpenSSH, which might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. The estimated number of potentially affected devices worldwide is around 116,742,290, mainly distributed in the United States, China, and other countries. **Recommendations** Update to OpenSSH 9.6p1 to resolve the issue. As a temporary workaround, consider disabling the use of ProxyCommand until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `ProxyCommand` directive in the OpenSSH configuration until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenSSH versions prior to 9.6 libssh2 versions through 1.11.0 Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17.0 libssh before 0.10.6 Thorn Tech SFTP Gateway before 3.4.6 Tera Term before 5.1 Paramiko before 3.4.0 jsch before 0.2.15 SFTPGo before 2.5.6 Netgate pfSense Plus through 23.09.1 Netgate pfSense CE through 2.7.2 HPN-SSH through 18.2.0 ProFTPD before 1.3.8b ORYX CycloneSSH before 2.3.4 NetSarang XShell 7 before Build 0144 CrushFTP before 10.6.0 ConnectBot SSH library before 2.2.22 Apache MINA sshd through 2.11.0 sshj through 0.37.0 TinySSH through 20230101 trilead-ssh2 6401 LANCOM LCOS and LANconfig FileZilla before 3.66.4 Nova before 11.8 PKIX-SSH before 14.4 SecureCRT before 9.4.3 Transmit5 before 5.10.4 Win32-OpenSSH before 9.5.0.0p1-Beta WinSCP before 6.2.2 Bitvise SSH Server before 9.32 Bitvise SSH Client before 9.33 KiTTY through 0.76.1.13 the net-ssh gem 7.2.0 for Ruby the mscdex ssh2 module before 1.15.0 for Node.js the thrussh library before 0.35.1 for Rust the Russh crate before 0.40.2 for Rust **Description** The SSH transport protocol with certain OpenSSH extensions is vulnerable to a prefix truncation attack, known as the Terrapin attack. This attack allows a man-in-the-middle attacker to strip an arbitrary number of messages right after the initial key exchange, breaking SSH extension negotiation and downgrading connection security. The attack works by injecting arbitrary SSH MSG IGNORE messages during the initial key exchange and removing the same number of messages just after the initial key exchange has concluded. This is possible due to missing authentication of the excess SSH MSG IGNORE messages and the fact that the implicit sequence numbers used within the SSH protocol are only checked after the initial key exchange. **Recommendations** To mitigate this vulnerability, update to OpenSSH 9.6 or later, and consider implementing "strict kex" to alter the SSH handshake and prevent man-in-the-middle attacks. Additionally, temporarily disable the affected algorithms and use unaffected alternatives like AES-GCM until patches are available. For each affected version, apply the corresponding update or patch: - OpenSSH: Update to version 9.6 or later. - libssh2: Update to version 1.11.1 or later. - Maverick Synergy Java SSH API: Update to version 3.1.0-SNAPSHOT or later. - Dropbear: Update to version 2022.84 or later. - Ssh in Erlang/OTP: Update to version 5.1.1 or later. - PuTTY: Update to version 0.80 or later. - AsyncSSH: Update to version 2.14.2 or later. - golang.org/x/crypto: Update to version 0.17.0 or later. - libssh: Update to version 0.10.6 or later. - Thorn Tech SFTP Gateway: Update to version 3.4.6 or later. - Tera Term: Update to version 5.1 or later. - Paramiko: Update to version 3.4.0 or later. - jsch: Update to version 0.2.15 or later. - SFTPGo: Update to version 2.5.6 or later. - Netgate pfSense Plus: Update to version 23.09.2 or later. - Netgate pfSense CE: Update to version 2.7.3 or later. - HPN-SSH: Update to version 18.2.1 or later. - ProFTPD: Update to version 1.3.8b or later. - ORYX CycloneSSH: Update to version 2.3.4 or later. - NetSarang XShell 7: Update to Build 0144 or later. - CrushFTP: Update to version 10.6.0 or later. - ConnectBot SSH library: Update to version 2.2.22 or later. - Apache MINA sshd: Update to version 2.11.1 or later. - sshj: Update to version 0.37.1 or later. - TinySSH: Update to version 20230102 or later. - trilead-ssh2: Update to version 6402 or later. - LANCOM LCOS and LANconfig: Apply the latest security patches. - FileZilla: Update to version 3.66.4 or later. - Nova: Update to version 11.8 or later. - PKIX-SSH: Update to version 14.4 or later. - SecureCRT: Update to version 9.4.3 or later. - Transmit5: Update to version 5.10.4 or later. - Win32-OpenSSH: Update to version 9.5.0.0p1-Beta or later. - WinSCP: Update to version 6.2.2 or later. - Bitvise SSH Server: Update to version 9.32 or later. - Bitvise SSH Client: Update to version 9.33 or later. - KiTTY: Update to version 0.76.1.14 or later. - the net-ssh gem: Update to version 7.2.1 or later for Ruby. - the mscdex ssh2 module: Update to version 1.15.0 or later for Node.js. - the thrussh library: Update to version 0.35.1 or later for Rust. - the Russh crate: Update to version 0.40.2 or later for Rust.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in Microsoft Office. It allows a remote attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 15.2 Versões do iPadOS anteriores à 15.2 **Descrição** Existia uma falha no S/MIME no tratamento de e-mails criptografados, permitindo que um invasor pudesse recuperar o conteúdo em texto simples de um e-mail criptografado por S/MIME. Essa falha foi corrigida com a exclusão do carregamento automático de algumas partes MIME. **Recomendações** Para versões do iOS anteriores à 15.2, atualize para o iOS 15.2 ou posterior para resolver o problema. Para versões do iPadOS anteriores à 15.2, atualize para o iPadOS 15.2 ou posterior para resolver o problema.

**Nome do software vulnerável e versões afetadas** Plataformas HTML do Windows (versões afetadas não especificadas) **Descrição** O problema está relacionado a erros no gerenciamento de privilégios dentro do componente Plataforma HTML do Windows do sistema operacional Windows. Isso pode permitir que um invasor remoto contorne as restrições de segurança existentes. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** An issue existed in the handling of links in encrypted PDFs, which could allow an attacker to exfiltrate the contents of an encrypted PDF. This issue was addressed by adding a confirmation prompt. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.9 Thunderbird versions prior to 68.1 **Description** The issue is related to the Secure/Multipurpose Internet Mail Extensions (S/MIME) functionality in the Thunderbird email client, specifically concerning the lack of protection for certain data. This could allow a remote attacker to gain unauthorized access to protected information. Additionally, it is noted that encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in an HTML reply or forward. **Recommendations** For versions prior to 60.9, update to version 60.9 or later. For versions prior to 68.1, update to version 68.1 or later.

**Name of the Vulnerable Software and Affected Versions** Clavister cOS Core versions prior to 11.00.11 Clavister cOS Core versions 11.20.xx prior to 11.20.06 Clavister cOS Core versions 12.00.xx prior to 12.00.09 **Description** The issue allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack, affecting the IKEv1 implementation. **Recommendations** For versions prior to 11.00.11, update to version 11.00.11 or later. For versions 11.20.xx prior to 11.20.06, update to version 11.20.06 or later. For versions 12.00.xx prior to 12.00.09, update to version 12.00.09 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the Secure/Multipurpose Internet Mail Extensions (S/MIME) function in the Thunderbird email client, which lacks protection for certain data. This can allow a remote attacker to gain unauthorized access to protected information when an email is forwarded or replied to. Specifically, decrypted S/MIME parts that are hidden using CSS or the plaintext HTML tag can leak plaintext when included in an HTML reply or forward. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for emails containing sensitive S/MIME-protected information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the decryption of S/MIME parts in HTML messages, which can lead to plaintext leakage when included in a reply or forward. This is due to a lack of protection for certain data in the S/MIME and PGP functions of the Thunderbird email client. An attacker can exploit this issue by manipulating HTML messages to gain unauthorized access to protected information. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for sensitive messages until the update is applied. Restrict access to sensitive information when using the affected Thunderbird versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Security component and allows websites to track users by leveraging the transmission of S/MIME client certificates. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Mail component and allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 **Description** The issue is related to information disclosure. It allows a remote attacker to gain unauthorized access to protected information through the `src` attribute of remote images or links. This could lead to the leakage of plaintext from decrypted emails. **Recommendations** For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. As a temporary workaround, consider restricting access to remote images or links in emails until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the handling of encrypted emails in Thunderbird, where plaintext of decrypted emails can leak when a user submits an embedded form. This is due to a lack of encryption measures for protected data. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later to resolve the issue. For Thunderbird versions prior to 52.8, update to version 52.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the implementation of the S/MIME protocol in the Thunderbird email client, which is associated with insufficiently robust data encryption. This can lead to the disclosure of plaintext when using remote content in encrypted messages. Exploitation of the issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.4 **Description** The issue involves the `Mail` component and allows man-in-the-middle attackers to read S/MIME encrypted message content. This is achieved by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. **Recommendations** For macOS versions prior to 10.13.4, update to version 10.13.4 or later to resolve the issue.