This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Category: Race Condition
This seems to affect glibc-based Linux systems and not e.g. musl-based systems. Impacted products and operating systems are known to include at least the below:
(OpenBSD is NOT currently believed to be affected.)
A signal handler race condition was found in OpenSSH’s server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd’s SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). This race condition affects sshd in its default configuration.
This vulnerability is in fact a regression of CVE-2006-5051, which was reported in 2006 – although the flaw was fixed it has since reappeared in a subsequent software release, via a code change that inadvertently reintroduced the issue. This regression was introduced in October 2020 (OpenSSH 8.5p1) by commit 752250c (“revised log infrastructure for OpenSSH”), which accidentally removed an “#ifdef DO_LOG_SAFE_IN_SIGHAND” from sigdie(), a function that is directly called by sshd’s SIGALRM handler.
Update to the latest version. After upgrading to openssh-9.8p1, the existing SSH daemon will be unable to accept new connections on some systems. When upgrading remote hosts, please make sure to restart the sshd service using systemctl try-restart sshd or appropriate system-specific command directly after upgrading.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
Category: Command Injection
At the time of publication, this vulnerability affected the following Cisco products if they were running a vulnerable release of Cisco NX-OS Software:
Although NX-OS is based on a Linux kernel, it abstracts away the underlying Linux environment and provides its own set of commands using the NX-OS CLI. In order to execute commands on the underlaying Linux operating system from the Switch management console, an attacker would need a “jailbreak” type of vulnerability to escape the NX-OS CLI context.
A vulnerability in the CLI of Cisco NX-OS Software allows exactly this kind of jaailbreak, due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to escape the NX-OS CLI and execute arbitrary commands on the Linux underlaying operating system.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Customers are advised to upgrade to the latest version of the impacted product.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
That wraps up another week for high-profile vulnerabilities. Next week is likely to be especially exciting with the next monthly ‘Patch Tuesday‘ falling on July 9th, and likely to include high-profile patches for critical exploits from vendors including Microsoft and Google. Add it to your calendars now!
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA)
