PoC Week 2024-04-07
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2024-3094
- Severity: 10.0 CRITICAL
- Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.6.1-r2), and Arch Linux among others.
- Description: Malicious code was identified within the upstream tarballs of xz, starting with version 5.6.0. This code involves complex obfuscations allowing for the extraction of a prebuilt object file from a disguised test file within the source code. This file then alters specific functions in the liblzma code, resulting in a library that can intercept and modify data interactions.
- Remediation: Users and administrators are advised to verify their version of xz and update to a non-compromised, safe version as soon as possible. Distros and software that bundled affected versions of xz have issued advisories and patches.
- More Info: NVD - CVE-2024-3094
- PoC: https://github.com/amlweems/xzbot
CVE-2024-28085
- Severity: N/A (Severity not yet provided by NVD)
- Impacted Products: Util-linux through 2.40
- Description: The ‘wall’ command in util-linux up to version 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. Escape sequences received from stdin are blocked, but those from argv are not, which might lead to account takeover scenarios.
- Remediation: Users should upgrade to util-linux version 2.40 to mitigate this vulnerability.
- More Info: NVD - CVE-2024-28085
- PoC: https://seclists.org/fulldisclosure/2024/Mar/35
CVE-2024-20767
- Severity: 8.2 HIGH
- Impacted Products: ColdFusion versions 2023.6, 2021.12 and earlier
- Description: This vulnerability stems from improper access control that could lead to arbitrary file system read. It allows attackers to bypass security measures, gain unauthorized access to sensitive files, and perform arbitrary file system write operations without requiring user interaction.
- Remediation: Users are advised to follow the guidance provided in Adobe’s official security bulletin to address this vulnerability.
- More Info: CVE-2024-20767 on MITRE
- PoC: https://github.com/m-cetin/CVE-2024-20767
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.