Symantec has also created additional detections and protections, which are in place, and is continuing to monitor any attempts of this exploit against our products. At this time, there is no evidence of any attempts at this exploit in the wild.
CVE-2020-5826 (endpoint protection)
In sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (sudo_editor, visual, and editor), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an editor='vim -- /path/to/extra/file' value. (( CVE-2023-22809)
freerdp is a free remote desktop protocol library and clients. Freerdp based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. Freerdp based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. (( CVE-2022-39282) freerdp is a free remote desktop protocol library and clients. All freerdp based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. (( CVE-2022-39283) freerdp is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in zgfx decoder component of freerdp. A malicious server can trick a freerdp based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. (( CVE-2022-39316) freerdp is a free remote desktop protocol library and clients. Affected versions of freerdp are missing a range check for input offset index in zgfx decoder. A malicious server can trick a freerdp based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue. (( CVE-2022-39317) freerdp is a free remote desktop protocol library and clients. All users are advised to upgrade. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.ConsequenceSuccessful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.SolutionPlease refer to Amazon advisory: ALAS2-2023-1930 for affected packages and patching details, or update with your package manager.Patches amazon linux 2 ALAS2-2023-1930CVE-2022-41318+QID: 354715Amazon Linux Security Advisory for squid : ALAS-2023-1677SeverityCritical4Recently PublishedQualys ID354715Date PublishedFebruary 7, 2023Vendor ReferenceALAS-2023-1677CVE ReferenceCVE-2022-41318, CVE-2021-46784CVSS ScoresBase 7.5 / Temporal 6.5DescriptionIn squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a denial of service can occur when processing long gopher server responses. (( CVE-2021-46784) a flaw was found in squid. An incorrect integer overflow protection in the squid sspi and smb authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure or a denial of service. (( CVE-2022-41318)
CVE-2022-44020 Severity: moderate Released on: 26/10/2022 Advisory: RHSA-2022:8896, Bugzilla: 2142678 Bugzilla Description: CVE-2022-44020 Sushy-Tools & VirtualBMC: removes password protection from the managed libvirt XML domain CVSS Score: CVSSv3 Score: 5.5 Vector: CWE: CWE-305 Affected Packages: python-virtualbmc-0:1.2.0-2.el7ost, Full Details CVE document
CVE-2022-3592 Severity: moderate Released on: 25/10/2022 Advisory: Bugzilla: 2137776 Bugzilla Description: CVE-2022-3592 samba: wide links protection broken CVSS Score: CVSSv3 Score: 5.4 Vector: CWE: CWE-61 Affected Packages: Full Details CVE document
CVE-2022-43407 Severity: important Released on: 19/10/2022 Advisory: RHSA-2023:0560, Bugzilla: 2136386 Bugzilla Description: CVE-2022-43407 jenkins-plugin/pipeline-input-step: CSRF protection for any URL can be bypassed in Pipeline: Input Step Plugin CVSS Score: CVSSv3 Score: 8.8 Vector: CWE: CWE-838 Affected Packages: jenkins-2-plugins-0:4.10.1675144701-1.el8, Full Details CVE document
CVE-2022-43408 Severity: moderate Released on: 19/10/2022 Advisory: RHSA-2023:0560, Bugzilla: 2136388 Bugzilla Description: CVE-2022-43408 jenkins-plugin/pipeline-stage-view: CSRF protection for any URL can be bypassed in Pipeline: Stage View Plugin CVSS Score: CVSSv3 Score: 5.7 Vector: CWE: CWE-838 Affected Packages: jenkins-2-plugins-0:4.10.1675144701-1.el8, Full Details CVE document
CVE-2022-42722 Severity: moderate Released on: 13/10/2022 Advisory: Bugzilla: 2134517 Bugzilla Description: CVE-2022-42722 Kernel: Denial of service in beacon protection for P2P-device CVSS Score: CVSSv3 Score: 5.5 Vector: CWE: CWE-705 Affected Packages: Full Details CVE document 2ff7e9595c
Comments