Articles by KENNETH

About KENNETH
지락문화예술공작단
No Image

USN-5822-1: Samba vulnerabilities

2023-01-24 KENNETH 0

USN-5822-1: Samba vulnerabilities It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. (CVE-2021-20251) Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. (CVE-2022-3437) Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges. (CVE-2022-37966, CVE-2022-37967) It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. A remote attacker could possibly use this issue to elevate privileges. (CVE-2022-38023) Greg Hudson discovered that Samba incorrectly handled PAC parsing. On 32-bit systems, a remote attacker could use this issue to escalate [ more… ]

No Image

USN-5821-1: wheel vulnerability

2023-01-24 KENNETH 0

USN-5821-1: wheel vulnerability Sebastian Chnelik discovered that wheel incorrectly handled certain file names when validated against a regex expression. An attacker could possibly use this issue to cause a denial of service. Source: USN-5821-1: wheel vulnerability

No Image

USN-5820-1: exuberant-ctags vulnerability

2023-01-24 KENNETH 0

USN-5820-1: exuberant-ctags vulnerability Lorenz Hipp discovered a flaw in exuberant-ctags handling of the tag filename command-line argument. A crafted tag filename specified in the command line or in the configuration file could result in arbitrary command execution. Source: USN-5820-1: exuberant-ctags vulnerability

No Image

Learn to Configure NGINX Unit with Zero Pain in Our Video Course

2023-01-24 KENNETH 0

Learn to Configure NGINX Unit with Zero Pain in Our Video Course NGINX Unit is a universal web application server that can be used as a building block for any web architecture, regardless of its complexity – from personal websites to startups to enterprise‑grade production deployments. NGINX Unit compresses multiple layers of the typical web application stack by solving for multiple use cases, including simplifying modern microservices environments and modernizing legacy and monolithic applications. With NGINX Unit, you can: Serve static assets as a web server Natively run application code in multiple languages Proxy requests to backend servers Achieve true end-to-end TLS for your web apps Reconfigure runtime behavior on the fly with the control API Given its many capabilities, where do you start learning about NGINX Unit? Well, we’ve developed a comprehensive video course with over a dozen lessons that cover all the [ more… ]

No Image

USN-5806-2: Ruby vulnerability

2023-01-23 KENNETH 0

USN-5806-2: Ruby vulnerability USN-5806-1 fixed vulnerabilities in Ruby. This update fixes the problem for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.10. Original advisory details: Hiroshi Tokumaru discovered that Ruby did not properly handle certain user input for applications which generate HTTP responses using cgi gem. An attacker could possibly use this issue to maliciously modify the response a user would receive from a vulnerable application. Source: USN-5806-2: Ruby vulnerability