Tencent Security Xuanwu Lab Daily News
• www.bleepingcomputer.com:
https://www.bleepingcomputer.com/news/security/new-linux-kernel-netfilter-flaw-gives-attackers-root-privileges/
・ 一个新的 Linux NetFilter 内核漏洞被发现,允许无特权的本地用户将特权提升到根级别。
– SecTodayBot
• [OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088):
https://seclists.org/oss-sec/2023/q2/140
・ 通过挂在已删除的卷来访问未经授权的卷
– SecTodayBot
• GHSL-2023-085: Authentication bypass in libssh – CVE-2023-2283:
https://securitylab.github.com/advisories/GHSL-2023-085_libssh/
・ libssh pki_verify_data_signature 中存在身份验证绕过漏洞
– SecTodayBot
• GHSL-2023-032_GHSL-2023-042: Denial of Service in libssh – CVE-2023-1667:
https://securitylab.github.com/advisories/GHSL-2023-032_GHSL-2023-042_libssh/
・ libssh 存在空指针引用漏洞,相关结构为 ssh_packet_kexinit 函数处理客户端验证后发送的 SSH_MSG_KEXINIT 数据包
– SecTodayBot
• Crash when executing `ucomiss` instructions emulating an x86-64 CPU on an AArch64 host:
https://gitlab.com/qemu-project/qemu/-/issues/1637#note_1383971436
・ QEMU 模拟执行 x86-64 CPU 的 ucomiss 指令时发生崩溃。
– SecTodayBot
• ManageEngine ADAudit Plus Remote Code Execution:
https://packetstormsecurity.com/files/172258
・ ManageEngine ADAudit Plus 7006 之前版本中存在安全问题,允许经过身份验证的用户通过创建自定义警报配置文件并利用其自定义警报脚本来执行任意代码
– SecTodayBot
• CVE-2023-25394 – VideoStream Local Privilege Escalation:
https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/
・ macOS Videostream 中发现本地权限提升漏洞。此漏洞利用了 Videostream 的更新机制,使攻击者能够操纵安装程序提取恶意的 tar.gz 文件
– SecTodayBot
* 查看或搜索历史推送内容请访问:
https://sec.today
* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab
原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(5-12)