This week’s digest covers:
- OpenSSL Security Advisory.
- OpenSSH server double free vulnerability.and
- Improper session handling in Pi-hole Web.
OpenSSL Security Advisory
OpenSSL is a toolkit for general purpose cryptography and secure communication.
X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
Vulnerability
The vulnerability is due to type confusion between ANS1_STRING and ANS1_TYPE in the x400Address field during X.400 address parsing. Under certain conditions, an attacker can push an arbitrary pointer to her memcmp, allowing it to be read from memory or launching a denial of service attack.
OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. This vulnerability is rated as high severity.
relief
OpenSSL Advisory We recommend that 3.0 users upgrade to OpenSSL 3.0.8 and 1.0 users upgrade to OpenSSL 1.1.1t.
Oracle timing for RSA decryption (CVE-2022-4304)
Vulnerability
OpenSSL’s implementation of RSA decryption is vulnerable to attacks affecting all RSA padding modes (PKCS#1 v1.5, RSA-OEAP, and RSASVE), allowing an attacker to decrypt traffic. There is a nature.
OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory We recommend that 3.0 users upgrade to OpenSSL 3.0.8 and 1.0 users upgrade to OpenSSL 1.1.1t.
X.509 Name Constraints Read Buffer Overflow (CVE-2022-4203)
Vulnerability
OpenSSL’s X.509 implementation is vulnerable to a buffer overflow when handling malicious signed certificates, which could lead to a denial of service attack and, theoretically, a private memory leak.
OpenSSL versions 3.0.0 through 3.0.7 are vulnerable to this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory 3.0 users are advised to upgrade to OpenSSL 3.0.8.
Use after free following BIO_new_NDEF (CVE-2023-0215)
Vulnerability
Many public API functions called unsafe helper functions, causing crashes under certain conditions. It is believed that this could be used to create a denial of service attack. OpenSSL 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.
The OpenSSL cms and smime command line applications are similarly affected. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory We recommend that 3.0 users upgrade to OpenSSL 3.0.8 and 1.0 users upgrade to OpenSSL 1.1.1t.
PEM_read_bio_ex (CVE-2022-4450)
Vulnerability
The OpenSSL functions that generate the header and data arguments contained an implementation error that could cause a buffer to be freed twice, resulting in a crash. If exploited by an attacker, this could lead to a denial of service attack. This function is called by many other OpenSSL functions to increase the attack surface.
OpenSSL 3.0 and 1.1.1 are vulnerable to this issue. The OpenSSL asn1parse command line application is also affected by this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory We recommend that 3.0 users upgrade to OpenSSL 3.0.8 and 1.0 users upgrade to OpenSSL 1.1.1t.
d2i_PKCS7 function (CVE-2023-0216)
Vulnerability
If an application attempts to load malformed PKCS7 data in certain functions, it may trigger an invalid pointer dereference on read. This can lead to denial of service attacks.
OpenSSL versions 3.0.0 through 3.0.7 are vulnerable to this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory 3.0 users are advised to upgrade to OpenSSL 3.0.8
NULL dereference (CVE-2023-0217)
Vulnerability
An application attempting to load a malformed DSA public key with certain functions can trigger an invalid pointer dereference on read. This can lead to denial of service attacks.
OpenSSL versions 3.0.0 through 3.0.7 are vulnerable to this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory 3.0 users are advised to upgrade to OpenSSL 3.0.8
NULL dereference during PKCS7 data validation (CVE-2023-0401)
Vulnerability
If the algorithm is known to OpenSSL but the implementation is not, a null pointer can be dereferenced when the signature is verified with the signed PKCS7, potentially leading to a crash . This can be exploited by attackers to facilitate denial of service attacks.
OpenSSL versions 3.0.0 through 3.0.7 are vulnerable to this issue. The severity of this vulnerability is moderate.
relief
OpenSSL Advisory We recommend that 3.0 users upgrade to OpenSSL 3.0.8 and 1.0 users upgrade to OpenSSL 1.1.1t.
Double Free Vulnerability in OpenSSH Server
An OpenSSH server is a tool that allows you to securely create remote terminal sessions.
Vulnerability
CVE-2023-25136 In OpenSSH, this happens as a result of freeing memory twice. Although this happens before authentication, the process containing the vulnerability is also sandboxed, so remote code execution is unlikely to be exploitable.was there proof of concept Indicates a denial of service attack.
OpenSSH server version 9.1 is vulnerable to this issue. The severity of this vulnerability is moderate.
relief
qualis advises users to upgrade to OpenSSH version 9.2 to mitigate this vulnerability.
Improper session handling in Pi-hole Web
Pi-hole Web is a web utility used to interact with pihole, a DNS server implementation with built-in ad and malicious domain blocking.
Vulnerability
Reported by GitHub user PromoFaux CVE-2023-23614 and GitHub security advisoryThis vulnerability is due to a pull request that introduced a feature to keep you logged in for 7 days. This feature is implemented by storing a hash of the user’s password in her cookie, which, if stolen, could allow an attacker to steal the user’s hash. This hash can be used to create a new cookie with an arbitrary expiration time and will work until the affected user changes their password.
This vulnerability affects Pi-hole Web versions 4.0 through 5.18.2. This vulnerability is rated as high severity.
relief
The developer recommends that Pi-hole Web users upgrade to version 5.18.3 or later.