Noam Rathaus

**Nome do Software Vulnerável e Versões Afetadas** Versões do Ubuntu Linux de 6.8.0-56.58 a 6.8.0-84.84 **Descrição** O kernel do Ubuntu Linux mantém um coletor de lixo AF UNIX legado que, quando combinado com um commit upstream backportado, pode levar a uma condição de use-after-free. Especificamente, sockets MSG OOB órfãos, quando processados pela função `unix gc()`, podem resultar na liberação de memória enquanto esta ainda está acessível. Percursos subsequentes na fila então desreferenciam essa memória liberada, potencialmente levando à elevação de privilégio local (LPE). Isso ocorre porque o coletor de lixo assume incorretamente que SKBs OOB mantêm duas referências quando possuem apenas uma. Sistemas que utilizam a nova pilha do coletor de lixo não são afetados. **Recomendações** Atualize para a versão do Ubuntu Linux 6.8.0-84.84 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A resolved issue in the Linux kernel involves a mismatch between the sum of field lengths and the set key length in the netfilter nf tables component. The field length description provides the length of each separated key field, which is rounded up to 32-bits to calculate the pipapo rule width. However, register-based arithmetics can still combine mismatching set key lengths and field length descriptions, potentially leading to incorrect pipapo widths. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Wi-Fi Alliance wfa dut (no Wi-Fi Test Suite) versões 9.0.0 e anteriores **Descrição** A vulnerabilidade permite a injeção de comandos do sistema operacional por meio de quadros 802.11x, devido ao uso da função da biblioteca system(). Por exemplo, em dispositivos Arcadyan FMIMG51AX000J, isso leva à execução remota de código wfaTGSendPing como root por meio de tráfego na porta TCP 8000 ou 8080 em uma interface LAN. Em outros dispositivos, isso pode ser explorado por meio de uma interface WAN. A falha permite acesso administrativo total, possibilitando que invasores modifiquem configurações do sistema, interrompam serviços de rede críticos ou reiniciem completamente o dispositivo, o que pode levar a interrupções, comprometimento de dados de rede e perda de conexão para todos os usuários na rede afetada. **Recomendações** Para o Wi-Fi Alliance wfa dut (no Wi-Fi Test Suite) versões 9.0.0 e anteriores, atualize para a versão 9.0 ou posterior para resolver o problema. Como solução alternativa temporária, considere desativar o uso da função de biblioteca system() ou restringir o acesso ao Wi-Fi Test Suite vulnerável até que um patch esteja disponível. Além disso, remover o Wi-Fi Test Suite dos dispositivos ou atualizar para a versão 9.0 ou posterior pode ajudar a mitigar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Kernel do Linux (versões afetadas não especificadas) **Descrição** O problema está relacionado à função `taprio parse mqprio opt()` no módulo `net/sched` do kernel do Linux. Se um atributo `TCA TAPRIO ATTR PRIOMAP` for fornecido, a função deve validá-lo para impedir que o espaço do usuário injete dados arbitrários no kernel quando `taprio change()` for chamado pela segunda vez. A primeira chamada com atributos válidos define `dev->num tc` como um valor diferente de zero, e a segunda chamada com atributos `mqprio` arbitrários retorna antecipadamente de `taprio parse mqprio opt()`, o que pode causar problemas. A vulnerabilidade está associada à validação insuficiente dos dados fornecidos pelo usuário. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Microsoft Lync Server 2013 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. This is related to incorrect handling of specially crafted content, which can lead to the execution of scripts in a user's browser and access to web session information. **Recommendations** For Microsoft Lync Server 2013, consider disabling the Web Components Server as a temporary workaround until a patch is available. Restrict access to the server to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the XSS issue until the problem is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rdesktop versions prior to 1.7.0 **Description** The issue is related to a directory traversal vulnerability in the `disk create` function in `disk.c` when disk redirection is enabled. This allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname. The vulnerability can lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider disabling disk redirection to minimize the risk of exploitation. Restrict access to the `disk create` function in `disk.c` until a patch is available. Avoid using the `disk create` function when disk redirection is enabled until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions 1.2.x through 1.2.34 Asterisk Open Source versions 1.4.x through 1.4.26.1 Asterisk Open Source versions 1.6.0.x through 1.6.0.14 Asterisk Open Source versions 1.6.1.x through 1.6.1.5 Asterisk Business Edition versions B.x.x through B.2.5.9 Asterisk Business Edition versions C.2.x through C.2.4.2 Asterisk Business Edition versions C.3.x through C.3.0.0 s800i versions 1.3.x through 1.2.9.2 is not mentioned, but s800i version 1.3.0.2 is mentioned as vulnerable, so s800i versions 1.3.x through 1.3.0.2 **Description** The IAX2 protocol implementation in Asterisk allows remote attackers to cause a denial of service by initiating many IAX2 message exchanges. **Recommendations** For Asterisk Open Source versions 1.2.x through 1.2.34, update to version 1.2.35 or later. For Asterisk Open Source versions 1.4.x through 1.4.26.1, update to version 1.4.26.2 or later. For Asterisk Open Source versions 1.6.0.x through 1.6.0.14, update to version 1.6.0.15 or later. For Asterisk Open Source versions 1.6.1.x through 1.6.1.5, update to version 1.6.1.6 or later. For Asterisk Business Edition versions B.x.x through B.2.5.9, update to version B.2.5.10 or later. For Asterisk Business Edition versions C.2.x through C.2.4.2, update to version C.2.4.3 or later. For Asterisk Business Edition versions C.3.x through C.3.0.0, update to version C.3.1.1 or later. For s800i versions 1.3.x through 1.3.0.2, update to version 1.3.0.3 or later.

Name of the Vulnerable Software and Affected Versions: Python version 2.5 Description: A stack-based buffer overflow issue exists in the file compress function in minigzip (Modules/zlib), allowing attackers to execute arbitrary code via a long file argument. Recommendations: For Python version 2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.7 before 0.9.7l OpenSSL versions 0.9.8 before 0.9.8d OpenSSL earlier versions Description: The issue allows remote servers to cause a denial of service, potentially leading to a client crash via unknown vectors that trigger a null pointer dereference in the get server hello function. Multiple vulnerabilities in the openssl package may lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely. Recommendations: For OpenSSL versions 0.9.7 before 0.9.7l, update to version 0.9.7l or later. For OpenSSL versions 0.9.8 before 0.9.8d, update to version 0.9.8d or later. For OpenSSL earlier versions, update to a version 0.9.7l or 0.9.8d, or later.

**Name of the Vulnerable Software and Affected Versions** Wordpress versions 1.5.2 through 2.0.1 **Description** A cross-site scripting (XSS) issue exists in the paging links functionality, allowing remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the `REQUEST URI` in the request URI. **Recommendations** For Wordpress versions 1.5.2 through 2.0.1, update to a version after 2.0.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** KMail version 1.7.1 **Description** The issue allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. **Recommendations** For KMail version 1.7.1, consider avoiding the use of HTML formatted emails until a fix is available. As a temporary workaround, restrict the interpretation of HTML emails to minimize the risk of exploitation.