Linode Safety Digest July 24-July 30, 2023

0
170


On this week’s digest, we’ll focus on the next:

  • Atlassian Confluence Information Heart & Server Distant Code Execution
  • Adobe ColdFusion Distant Code Execution
  • OpenSSH Forwarded ssh-agent Distant Code Execution
  • AMD “Zenbleed” 
CVE-2023-22505 & CVE-2023-22508: Atlassian Confluence Information Heart & Server Distant Code Execution

Background

Confluence, developed by the Australian software program firm Atlassian, is a web-based company wiki designed for collaboration and information sharing inside enterprises. Initially launched in 2004 and constructed utilizing Java, Confluence has developed into a flexible platform that facilitates seamless teamwork and documentation processes. With its built-in Tomcat internet server and HSQL database, Confluence Standalone affords a self-contained answer whereas additionally accommodating varied different databases. Atlassian affords Confluence as enterprise software program, permitting organizations to decide on between on-premises deployment or a Software program-as-a-Service.

Vulnerability

Two high-severity Distant Code Execution (RCE) vulnerabilities have been recognized in Confluence Information Heart & Server.

The primary vulnerability, often called CVE-2023-22505, was launched in model 8.0.0. It holds a CVSS Rating of 8, in keeping with Confluence’s evaluation, enabling an authenticated attacker to execute arbitrary code. This vulnerability poses a excessive threat to confidentiality, integrity, and availability, making it a crucial concern. Moreover, the attacker can exploit this flaw with out requiring any person interplay.

The second vulnerability, labeled CVE-2023-22508, was launched in model 6.1.0. With a CVSS Rating of 8.5 in keeping with Confluence’s evaluation, it shares related traits with the earlier one. An authenticated attacker can execute arbitrary code with out person interplay with a excessive influence on confidentiality, integrity, and availability.

Mitigation

CVE-2023-22505:

  • Improve your occasion to the most recent model of Confluence Information Heart & Server.
  • If you happen to can not improve to the most recent model, improve to one of many fastened variations, particularly 8.3.2 or 8.4.0.

CVE-2023-22508:

  • Improve your occasion to a Confluence function launch equal to or larger than 8.2.0 (e.g., 8.2, 8.2, 8.4, and so forth.).
  • Alternatively, improve to a Confluence 7.19 LTS bugfix launch equal to or larger than 7.19.8 (e.g., 7.19.8, 7.19.9, 7.19.10, 7.19.11, and so forth.) or a Confluence 7.13 LTS bugfix launch equal to or larger than 7.13.20 (Launch obtainable early August).
CVE-2023-38205: Adobe ColdFusion Entry Management Bypass

Background

Adobe ColdFusion is a flexible Java-based internet software growth platform. It permits builders to create dynamic and data-driven internet purposes by seamlessly integrating server-side logic and database interactions into internet pages utilizing ColdFusion Markup Language (CFML) combined with HTML. 

Vulnerability

This vulnerability, tracked as CVE-2023-38205 is a patch bypass for fixing a beforehand patched vulnerability, CVE-2023-29298 addressed in Adobe’s Safety Bulletin. The preliminary patch launched on July 11, 2023, for CVE-2023-29298, didn’t efficiently repair the problem and could possibly be bypassed by an attacker. In keeping with Rapid7, the repair for the vulnerability was right in addressing a sound URL however may nonetheless be bypassed by supplying an invalid URL which might nonetheless bypass the repair and nonetheless permit entry to the anticipated endpoint with no legitimate URL path.

The next variations of ColdFusion are weak:

  • Adobe ColdFusion 2023 Replace 2 and earlier variations
  • Adobe ColdFusion 2021 Replace 8 and earlier variations
  • Adobe ColdFusion 2018 Replace 18 and earlier variations

Mitigation

Adobe has launched a patch for mitigating this vulnerability on Jul 19, 2023, on this advisory. The patches are as follows:

  • Replace 3 for ColdFusion 2023
  • Replace 9 for ColdFusion 2021
  • Replace 19 for ColdFusion 2018
CVE-2023-38408: Distant Code Execution in OpenSSH’s forwarded ssh-agent

Background

OpenSSH’s forwarded ssh-agent is a performance that allows customers to securely ahead their ssh-agent from one machine to a different throughout SSH connections. The ssh-agent manages non-public keys for SSH public key authentication. By way of agent forwarding, the person’s native ssh-agent will be utilized to authenticate connections to distant machines, eliminating the necessity to retailer non-public keys on these techniques.

Vulnerability

In keeping with the advisory printed by researchers at Qualys, anybody who logs into a bunch managed by the attacker utilizing ssh-agent forwarding can probably open themselves as much as distant code execution by the attacker to the machine (base host) from which they logged into the attacker-controlled host.

The vulnerability stems from OpenSSH agent’s dealing with of the forwarded shared libraries on the distant host. When a base host’s ssh-agent is compiled with the ENABLE_PKCS11 flag — which is the default — the distant host can load (dlopen()) and instantly unload (dlclose()) any shared library in /usr/lib/* of the bottom host. This habits, nevertheless, doesn’t play properly with many shared libraries, which can have unintended negative effects. By chaining collectively such negative effects, researchers may acquire distant code execution on the bottom host. Nonetheless, the researchers’ scope was restricted to Ubuntu Desktop 22.04 and 21.10.

Mitigation

  • Use an up to date model of the OpenSSH library: 9.3p2
  • Exploitation of the vulnerability will be prevented by not utilizing the ssh-agent forwarding choice to connect with the hosts that aren’t trusted by the person.
CVE-2023-20593: Cross-Course of Info Leak aka “Zenbleed”

On July 24, 2023, AMD disclosed a safety vulnerability (CVE-2023-20593) that affected a subset of Akamai cloud computing hosts working EPYC “Rome” CPUs. Please discover extra data in our current weblog submit

LEAVE A REPLY

Please enter your comment!
Please enter your name here