Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Hyperledger: POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Hyperledger: POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
This issue is related to the https://github.com/hyperledger/indy-node. The issue was found in the indy-node code that handles the write request of type *POOL_UPGRADE (in file* indy-node/indy_node/server/request_handlers/config_req_handlers/pool_upgrade_handler.py).** The additional_dynamic_validation function handles an undocumented field called package that can contain the name of the package to be upgraded. I case that this field is not empty, it is passed as is to the following functions self.upgrader.check_upgrade_possible -> NodeControlUtil.curr_pkg_info -> cls._get_curr_info. python def _get_curr_info(cls, package): cmd = compose_cmd(['dpkg', '-s', package]) return cls.run_shell_command(cmd) As seen in the code snippet above, the user supplied name is then concatenated to the string dpkg -s and is run as a system command without any sanitization. This can lead to an attacker supplying a package name, followed by a semicolon and another system command (e.g. package ; whoami), resulting in a remote code execution. This of course can be any command, and in the PoC code attached Iโ€™m running a reverse shell, effectively taking control of the node, and possibly the entire network and the identities in it (assuming I run this exploit on enough nodes). The documentation specifies that the POOL_UPGRADE can be run by a Trustee only, however, we can run this exploit being a client without any roles in the network. This is made possible by the fact that the... ...



๐Ÿ“Œ Hyperledger: POOL_UPGRADE request handler may allow an unauthenticated attacker to remotely execute code on every node in the network.


๐Ÿ“ˆ 168.05 Punkte

๐Ÿ“Œ intel patches three flaws that could allow a local attacker to execute arbitrary code on impacted systems.


๐Ÿ“ˆ 42.75 Punkte

๐Ÿ“Œ A vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code: CVE-2021-30461


๐Ÿ“ˆ 42.67 Punkte

๐Ÿ“Œ Juniper JunOS RCE Flaw Let Unauthenticated Remote Attacker Execute Code


๐Ÿ“ˆ 42.67 Punkte

๐Ÿ“Œ Cisco IP Phone Vulnerability Let Unauthenticated Attacker Execute Remote Code


๐Ÿ“ˆ 42.67 Punkte

๐Ÿ“Œ Build and Deploy a Blockchain Web App With Hyperledger Fabric & Hyperledger Composer


๐Ÿ“ˆ 42.53 Punkte

๐Ÿ“Œ Hyperledger: Remote denial of service in HyperLedger Fabric


๐Ÿ“ˆ 42.53 Punkte

๐Ÿ“Œ Hyperledger: CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data


๐Ÿ“ˆ 42.53 Punkte

๐Ÿ“Œ Hyperledger: Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native


๐Ÿ“ˆ 42.53 Punkte

๐Ÿ“Œ VideoLAN Fixed 13 VLC Media Player Vulnerabilities that allow Attackers to Execute Arbitrary Code Remotely


๐Ÿ“ˆ 40.66 Punkte

๐Ÿ“Œ Microsoft Fixed 74 Bugs Including IE Zero-day That Allow Hackers to Execute Arbitrary Code Remotely in Windows PC


๐Ÿ“ˆ 40.66 Punkte

๐Ÿ“Œ The vulnerability could allow attacker to execute arbitrary sql queries.


๐Ÿ“ˆ 38.86 Punkte

๐Ÿ“Œ Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code


๐Ÿ“ˆ 34.79 Punkte

๐Ÿ“Œ [SUPEE 1533] An attacker could execute arbitrary code on Magento server


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Zoom 0day Vulnerability Let Remote Attacker to Execute Arbitrary Code on Victimโ€™s Computer


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ OWASSRF โ€“ New Exploit Let Attacker Execute Remote Code on Microsoft Exchange Server


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ GitLab Critical Security Flaw Let Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Apple Privilege Escalation Bug Let Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Sophos Web Appliance Critical Flaw Let Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Firefox Memory Corruption Flaw Let Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Adobe Substance 3D Stager Let Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ New Fortinet FortiOS Flaw Lets Attacker Execute Arbitrary Code


๐Ÿ“ˆ 32.31 Punkte

๐Ÿ“Œ Attackers using WhatsApp MP4 video files vulnerability can remotely execute code


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ Critical Skype Bug Lets Hackers Remotely Execute Malicious Code


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ SQLite Vulnerability allows Hackers to Remotely Execute Code on the Vulnerable Device


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ Microsoft Emergency Patch โ€“ IE Zero-day Vulnerability Let Hackers Execute Arbitrary Code Remotely in Windows PC


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ Critical Vulnerability in Android Phone Let Hackers Execute an Arbitrary Code Remotely


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ Magellan 2.0 โ€“ Multiple Chrome Vulnerabilities that Exists in SQLite Let Hackers Execute Arbitrary Code Remotely


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ SweynTooth โ€“ 11 Bluetooth Bugs That Affected SoC Vendors Let Hackers to Crash The Device & Execute the Code Remotely


๐Ÿ“ˆ 30.22 Punkte

๐Ÿ“Œ Critical RCE Vulnerability in Cisco Protection let Hackers Execute an Arbitrary code Remotely


๐Ÿ“ˆ 30.22 Punkte











matomo