Lucene search
UbuntuUSN-6006-1HistoryApr 11, 2023 - 12:00 a.m.
.NET vulnerability
2023-04-1100:00:00
ubuntu.com
39
.net
ubuntu
security
vulnerability
dotnet6
dotnet7
arbitrary code
dll files
execution
unix
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.002
Percentile
64.8%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Packages
- dotnet6 - dotNET CLI tools and runtime
- dotnet7 - dotNET CLI tools and runtime
Details
It was discovered that .NET did not properly manage dll files. An
attacker could potentially use this issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | aspnetcore-runtime-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | aspnetcore-targeting-pack-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-apphost-pack-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-apphost-pack-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-host | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-host-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-hostfxr-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-hostfxr-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-runtime-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-runtime-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
References
Related
ubuntucve
ubuntucve
CVE-2023-28260
2023-04-11 00:00:00
mscve
mscve
.NET DLL Hijacking Remote Code Execution Vulnerability
2023-04-11 07:00:00
nessus
nessus
Ubuntu 22.04 LTS : .NET vulnerability (USN-6006-1)
2023-04-12 00:00:00
Security Updates for Microsoft .NET core (April 2023)
2023-04-13 00:00:00
Security Updates for Microsoft Visual Studio Products (April 2023)
2023-04-12 00:00:00
mskb
mskb
.NET 6.0 Update - April 11, 2023 (KB5025915)
2023-04-11 07:00:00
.NET 7.0 Update - April 11, 2023 (KB5025916)
2023-04-11 07:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6006-1)
2023-04-13 00:00:00
.NET Core SDK Remote Code Execution Vulnerability (Apr 2023)
2023-04-12 00:00:00
nvd
nvd
CVE-2023-28260
2023-04-11 21:15:25
cve
cve
CVE-2023-28260
2023-04-11 21:15:25
prion
prion
Remote code execution
2023-04-11 21:15:00
alpinelinux
alpinelinux
CVE-2023-28260
2023-04-11 21:15:25
osv
osv
BIT-dotnet-sdk-2023-28260
2024-03-06 10:56:14
dotnet6, dotnet7 vulnerability
2023-04-11 21:09:16
CVE-2023-28260
2023-04-11 21:15:25
cvelist
cvelist
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
2023-04-11 19:13:56
redhatcve
redhatcve
CVE-2023-28260
2023-04-11 16:58:25
veracode
veracode
Remote Code Execution
2023-04-18 05:41:50
cgr
cgr
CVE-2023-28260 vulnerabilities
2024-05-19 03:07:16
cnvd
cnvd
Microsoft .NET DLL Hijacking Remote Code Execution Vulnerability
2023-11-15 00:00:00
wolfi
wolfi
CVE-2023-28260 vulnerabilities
2024-09-30 09:32:54
github
github
.NET Remote Code Execution vulnerability
2023-04-11 22:02:15
kaspersky
kaspersky
KLA48843 Multiple vulnerabilities in Microsoft Developer Tools
2023-04-11 00:00:00
ics
ics
Siemens PNI
2023-11-16 12:00:00
Siemens ST7 ScadaConnect
2024-06-13 12:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.2
Confidence
High
EPSS
0.002
Percentile
64.8%
Related for USN-6006-1