Sunday, May 28, 2023
HomeOnline BusinessLinode Safety Digest February 20-26, 2023

Linode Safety Digest February 20-26, 2023


On this week’s digest, we’ll focus on:

  • an XSS vulnerability in phpMyAdmin drag-and-drop add;
  • a buffer overflow vulnerability within the ClamAV scanning library; and
  • an HTTP content material smuggling bug in HAProxy.

XSS vulnerability in phpMyAdmin drag-and-drop add

An nameless person found a Cross-Website Scripting (XSS) vulnerability within the add performance of phpMyAdmin. This vulnerability permits an authenticated person to set off XSS by importing a maliciously crafted .sql file within the drag-and-drop interface of phpMyAdmin.

The drag-and-drop add XSS vulnerability impacts phpMyAdmin customers who’ve put in variations earlier than 4.9.11 and 5.x earlier than 5.2.1. phpMyAdmin has launched variations 4.9.11 and 5.2.1 to remediate this vulnerability. Nonetheless, as a mitigation issue, customers can disable the configuration directive $cfg[‘enable_drag_drop_import’], which disables the drag-and-drop performance and protects customers towards the vulnerability.

The drag-and-drop add XSS vulnerability—registered as CVE-2023-25727—was rated 5.4 medium within the CVSS scoring by NIST because of the low affect to confidentiality and integrity. A profitable assault can carry out privilege escalation by bypassing kernel credential permission checks.

ClamAV HFS+ partition scanning buffer overflow vulnerability

On February 15, 2023, a vulnerability within the ClamAV scanning library was disclosed. The HFS+ partition file parser of ClamAV variations 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier have a safety vulnerability that might permit an unauthenticated, distant attacker to execute arbitrary code on a goal system. 

The vulnerability is from a lacking buffer dimension examine within the HFS+ partition file parser, which may end in a heap buffer overflow write. When a person submits a crafted HFS+ partition file to be scanned by ClamAV on an affected system, the engine may try and learn and course of the file, triggering the vulnerability. An attacker can benefit from this vulnerability by sending a specifically crafted HFS+ partition file to a weak system.

As soon as the file is scanned by ClamAV, the engine makes an attempt to course of the file, which might result in the execution of arbitrary code by the attacker. This might end result within the attacker gaining unauthorized entry to the system, stealing delicate knowledge, or putting in malware. Moreover, the attacker also can trigger the ClamAV scanning course of to crash, leading to a denial-of-service (DoS) situation, which may disrupt the traditional operations of the goal system. 

ClamAV software program has launched ClamAV 0.103.8, 0.105.2, and 1.0.1, which ought to embrace patches for the vulnerability. 

The vulnerability has been registered as CVE-2023-20032 and was rated 9.8 important within the CVSS scoring by Cisco because of the excessive affect to confidentiality, integrity, and availability. 

HTTP content material smuggling bug in HAProxy

A safety analysis staff from Northeastern, Akamai Applied sciences, and Google have found a bug in HAProxy headers processing; when exploited, the bug can permit an HTTP content material smuggling assault. The maintainer of HAProxy, Willy Tarreau, reported this vulnerability. HAProxy is an open supply load balancer and reverse proxy device for HTTP and TCP purposes.

The vulnerability was discovered within the header processing of HAProxy. It will get exploited by a maliciously crafted HTTP request that might set off the dropping of essential header fields after parsing. This might create further requests to the server and let subsequent requests bypass HAProxy filters, giving an attacker entry to restricted content material, the power to bypass URL authentication, or different malicious functions. 

Tarreau confirmed that the majority HAProxy variations had been affected by the vulnerability, together with HTX-aware variations 2.0 and above and non-HTX variations 1.9 and earlier than or model 2.0 in legacy mode. 

After confirming the vulnerability, Tarreau launched a repair throughout all HAProxy variations, together with 2.8-dev4, 2.7.3, 2.6.9, 2.5.12, 2.4.12, 2.2.29, and a pair of.0.31. Tarreau recommends that HAProxy customers improve to the patched model of their related department as the perfect follow to remain protected. If rapid upgrades aren’t potential, Tarreau has shared a workaround that rejects requests trying to set off the bug with a 403 error. Nonetheless, this workaround doesn’t assure full mitigation; due to this fact, upgrading to a patched model is finally beneficial.

This vulnerability has been registered as CVE-2023-25725 and was rated 9.1 important within the CVSS scoring by NIST because of the excessive affect to integrity and availability. 

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments