#vulnerability

BeyondMachines :verified:'s avatar
BeyondMachines :verified:

@[email protected]

Chrome releases new version patching critical issues

beyondmachines.net/event_detai

Jason Parker (he/they)'s avatar
Jason Parker (he/they)

@north@ꩰ.com

told me on that this isn't a security , so cool, I'll talk about it publicly.

You can disable 2FA¹ on another person's account if you get access to their phone momentarily.

All you have to do is create a new account and put their phone number in as the login; if you verify the code, it strips it from the other account with no warning, and they can't take it back.

So have fun I guess?

¹ SMS is not

Not Simon 🐐's avatar
Not Simon 🐐

@[email protected]

GitLab security advisory: GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
CVE-2024-45409 (perfect 10.0 critical 🥳 cc: @cR0w) SAML authentication bypass

GitLab doing me a heccin' concern because they're already talking about detecting unsuccessful and successful exploitation attempts. I can't definitively say if exploitation in the wild occurred based on the verbiage in this advisory.

cc: @campuscodi @goatyell @da_667

Not Simon 🐐's avatar
Not Simon 🐐

@[email protected]

watchTowr: We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Yo what the fuck. watchTowr had inadvertently undermined the CA process for the entire .mobi TLD:

we took control of a chunk of the Internet’s infrastructure, opened up a big slab of juicy attack surface, and found a neat way of undermining TLS/SSL - the fundamental protocol that allows for secure communication on the web.

No spoilers, this is a must-read.

Not Simon 🐐's avatar
Not Simon 🐐

@[email protected]

Moving forward, I will be linking to CVE.org instead of NVD for any CVE IDs.

cc: @CVE_Program @cve

meme image macro 'Friendship ended with Mudasir, now Salman is my best friend' replaced with NVD in the ended spot, and CVE in the best friend spot.
meme image macro 'Friendship ended with Mudasir, now Salman is my best friend' replaced with NVD in the ended spot, and CVE in the best friend spot.
circl's avatar
circl

@[email protected]

OpenBSD crond / crontab set_range() heap underflow - CVE-2024-43688

supernetworks.org/CVE-2024-436

vulnerability.circl.lu/cve/CVE

Sam Stepanyan :verified: 🐘's avatar
Sam Stepanyan :verified: 🐘

@[email protected]

: if you are using SSH on you need to patch it immediately! Critical CVE-2024-7589 allows attackers to execute remote code without authentication:
👇
thehackernews.com/2024/08/free

Gonéri's avatar
Gonéri

@[email protected]

- with a background in space and aeronautics, I have been working on remote sensing and geosciences, including at BRGM (🇨🇵geological survey) since 2006.
My main research focus since 2007 are and climate change, especially sea-level rise impacts on flooding and erosion.
I am one of the lead authors if the 6th assessment report of the /WGII on , and , chapters Europe, Mediterranean region and sea-level rise cross-chapter box.

Soatok Dreamseeker's avatar
Soatok Dreamseeker

@[email protected] · Reply to Soatok Dreamseeker's post

So, like...

OMEMO v0.3 has a pretty fucking obvious issue similar to what I found in Threema.

You're forced to use AES-GCM in a way that makes Invisible Salamanders a trivial exploit to pull off.

github.com/soatok/gcm-exploit

I'm not going to bother with an embargo for this. This specific protocol and design problem is not present in newer versions of their spec.

Conversations is impacted.
Gajim is impacted.
Et cetera.

> Is this 0day?

Probably not to the spec authors, but to the implementation developers? Maybe.

This is why you don't roll your own crypto.

Also, Conversations uses Java's Base64 class to decode private keys, which is susceptible to cache-timing attacks: codeberg.org/iNPUTmice/Convers

See this paper: arxiv.org/abs/2108.04600

That one is *definitely* a 0day.

Fedify: an ActivityPub server framework's avatar
Fedify: an ActivityPub server framework

@[email protected]

We released 0.9.2, 0.10.1, and 0.11.1, which patched the last reported , CVE-2024-39687, but the vulnerability of SSRF attacks via DNS rebinding still exists, so we released Fedify 0.9.3, 0.10.2, and 0.11.2, which fixes it.

If you are using an earlier version, please update as soon as possible.

Thanks to @benaryorg for reporting the vulnerability!

Hollo's avatar
Hollo

@[email protected]

To users: please update your to 0.1.0-dev.46, a patch which addresses @fedify's CVE-2024-39687, as soon as possible!

https://hollo.social/@fedify/019080c7-c784-755d-a6f2-d1f91f2c5709

Not Simon 🐐's avatar
Not Simon 🐐

@[email protected]

just in time to celebrate infosec.exchange returning, Cisco zero day: Cisco NX-OS Software CLI Command Injection Vulnerability
CVE-2024-20399 (6.0 medium) A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials.

In April 2024, the Cisco Product Security Incident Response Team (PSIRT) became aware of attempted exploitation of this vulnerability in the wild.

cc: @campuscodi @briankrebs @cR0w @mttaggart