Jeff Dileo

Name of the Vulnerable Software and Affected Versions: Metasploit Framework (affected versions not specified) Description: The issue arises when the drb remote codeexec exploit is launched, exposing Metasploit to a deserialization issue due to its reliance on vulnerable Distributed Ruby class functions. This can lead to a system compromise on the Metasploit workstation, especially since Metasploit Framework typically runs with elevated privileges. An attacker would need to lure the Metasploit user into running the affected module against a malicious endpoint. The vulnerability is only present when the drb remote codeexec module is running, which in most cases cannot happen automatically. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.3.9 and 1.4.3 Description: The issue is related to the improper exposure of the containerd-shim API to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. Recommendations: To resolve the issue for versions prior to 1.3.9, update to version 1.3.9 or later. To resolve the issue for versions prior to 1.4.3, update to version 1.4.3 or later. As a temporary workaround, consider denying access to all abstract sockets with AppArmor by adding a line similar to `deny unix addr=@**` to your policy. Restrict access to the vulnerable `containerd-shim` API by running containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. Stop and restart containers started with an old version of `containerd-shim` after updating, as running containers will continue to be vulnerable even after an upgrade.

**Name of the Vulnerable Software and Affected Versions** Eclipse OpenJ9 version 0.8 **Description** The issue is related to the Java Attach API, which is enabled by default on Windows, Linux, and AIX JVMs. This allows users other than the process owner to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and execute untrusted native code using Attach API operations. The vulnerability may also be related to the recovery of an invalid data structure in memory, potentially allowing an attacker to execute arbitrary code. A local attacker could exploit this to gain elevated privileges on the system. **Recommendations** For Eclipse OpenJ9 version 0.8, consider disabling the Java Attach API using the command line option -Dcom.ibm.tools.attach.enable=no as a temporary workaround to minimize the risk of exploitation.