Metasploit weekly wrap-up

New module content 1 Metabase Setup Token RCE Authors: Maxwell Garrett, Shubham Shah, and h00die Type: Exploit Pull request: 18232 contributed by h00die Path: exploits/linux/http/metabasesetuptokenrce AttackerKB reference: CVE-2023-38646 Description: This adds a module for an unauthenticated RCE...

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options...

GHSA-HF7J-XJ3W-87G4 1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

1Panel arbitrary file write vulnerability

Summary An arbitrary file write vulnerability could lead to direct control of the server Details Arbitrary file creation In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering...

openssh security update

7.4p1-23.0.1fips - Change Epoch from 1 to 10 - Enable fips KDF POST Orabug: 32461750 - Disable diffie-hellman-group-exchange-sha256 KEX FIPS method Orabug: 32461739 7.4p1-23.0.1 - enlarge format buffer size for certificate serial number so the log message can record any 64-bit integer without...

PKIX-SSH Detection (SSH Banner)

SSH banner-based detection of PKIX-SSH. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.170535";...

USN-6242-1: OpenSSH vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that OpenSSH incorrectly handled loading certain PKCS11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load...

CLSA-2023-1691606104 openssh: Fix of CVE-2023-38408

CVE-2023-38408: checks libraries before dlopen and separate ssh-pkcs11-helpers for each p11 module...

CLSA-2023-1691576488 Fix CVE(s): CVE-2023-38408

SECURITY UPDATE: helper programs can dlopen/dlclose any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate...

Malicious code in noblox.js-ssh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54d256313b540a1d57c4e1113c411f1a40210f65c3737a5f68ea3b324e23b054 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1250 Malicious code in noblox.js-ssh (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54d256313b540a1d57c4e1113c411f1a40210f65c3737a5f68ea3b324e23b054 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: openssh

Issue Overview: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into...

cloud-init bug fix update

An update is available for cloud-init. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The cloud-init packages provide a set of init scripts for cloud instances...

RLSA-2023:4419 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Remote code execution in ssh-agent PKCS11 support CVE-2023-38408 For more details...

Rocky Linux 8 : openssh (RLSA-2023:4419)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4419 advisory. - The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarde...

Fortinet Fortigate SSH authentication bypass when RADIUS authentication is used (FG-IR-22-255)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-255 advisory. - An authentication bypass by assumed-immutable data vulnerability CWE-302 in the FortiOS SSH login component 7.2.0, 7.0.0...

Ubuntu: Security Advisory (USN-6276-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New SkidMap Linux Malware Variant Targeting Vulnerable Redis Servers

Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher...

Important: openssh

Issue Overview: The PKCS11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if the target user's ssh-agent is forwarded to an attacker-controlled system the code in /usr/lib is not necessarily safe for loading into...

Information Disclosure

gitlab is vulnerable to Information Disclosure. This vulnerability occurs due to a flaw in the way that GitLab handles Git over SSH. An attacker can exploit this vulnerability to impersonate any user on the GitLab server, including users with administrative privileges...