kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

CVE-2024-38471

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CVE-2024-38471

Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi...

CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45236)

The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45236 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This...

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion

Info Stealing Campaign Uses DLL Sideloading Through Legitimate Cisco Webex’s Binaries for Initial Execution and Defense Evasion By Ale Houspanossian · June 17, 2024 Case Summary It was a quiet Monday morning in March 2024 when the EDR researchers with our Trellix Advanced Research Center identifi...

Telerik Report Server Auth Bypass

This module exploits an authentication bypass vulnerability in Telerik Report Server versions 10.0.24.305 and prior which allows an unauthenticated attacker to create a new account with administrative privileges. The vulnerability leverages the initial setup page which is still accessible once th...

Rocket.Chat: The initial E2EE password generated by Rocket.Chat mobile can be recovered in a practical timescale.

The initial E2EE password generated by Rocket.Chat mobile prior to version 4.5.1 was found to have insufficient entropy, allowing it to be recovered in a practical timescale by an attacker...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices

Microsoft has emphasized the need for securing internet-exposed operational technology OT devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and...

CVE-2023-52881

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

SUSE CVE-2023-52880

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace CAPNETADMIN to do that...

DEBIAN-CVE-2023-52880

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace CAPNETADMIN to do that...

UBUNTU-CVE-2023-52880

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace CAPNETADMIN to do that...

CVE-2023-52880

CVE-2023-52880 affects the Linux kernel tty subsystem, specifically the N_GSM0710 ldisc. The issue allowed attaching the N_GSM0710 line discipline without privileges, but creating a GSM network would require CAP_NET_ADMIN. The advisory indicates that CAP_NET_ADMIN is now required in the initial n...

SUSE CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 "RDMA/ipoib: Set rtnllinkops for ipoib interfaces", if the IPoIB device is moved to non-initial netns, destroying that netns lets the...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 "RDMA/ipoib: Set rtnllinkops for ipoib interfaces", if the IPoIB device is moved to non-initial netns, destroying that netns lets the...

DEBIAN-CVE-2021-47266

In the Linux kernel, the following vulnerability has been resolved: RDMA/ipoib: Fix warning caused by destroying non-initial netns After the commit 5ce2dced8e95 "RDMA/ipoib: Set rtnllinkops for ipoib interfaces", if the IPoIB device is moved to non-initial netns, destroying that netns lets the...