This week, we’ll discuss a couple of high-severity vulnerabilities, one in OpenSSL and another in Django. We will also discuss the now-supported Kali Linux distribution on Linode.
Potential Remote Code Execution in Openssl
Openssl is a Free Open Source Software (FOSS) CLI library that allows you to generate private keys, generate certificate signing requests (CSRs), configure and install SSL/TLS certificates, and verify certificate information.
The OpenSSL version 3.0.4 had a security vulnerability that was prone to remote memory corruption that could be triggered by a remote attacker. The underlying issue involves the RSA implementation with 2048 bit private keys incorrect on machines with an x86_64 CPU that run the AVX512IFMA instruction set, which causes memory corruption during the computation. Consequently, an attacker can cause a memory corruption that will allow them to perform remote code execution on the server. As per the advisory, “SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the x86_64 architecture are affected by this issue.”
An interesting point to note is that on a vulnerable machine, proper testing of OpenSSL would fail and should be noticed before deployment.
Any users who have OpenSSL 3.0.4 installed on their machine should upgrade to OpenSSL 3.0.5. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue. To check if you’re vulnerable to this, run `openssl version` on the terminal and see what version of openssl you have installed on your machine.
Django SQL Injection Vulnerability
Django is a python based web framework that enables rapid development while favoring pragmatic and clean design.
Django has a SQL injection that affects versions below 4.0.6 and 3.2.14. The Trunc() and the Extract() database functions were vulnerable to a SQL injection if untrusted data could get passed as a kind/lookup_name value. Depending on how you installed django will indicate how you can tell which version of django is your machine. If you installed django using pip then you can run `pip3 show django` to get your version of django.
Remediation for this vulnerability is to upgrade your django version to 3.2.14 and 4.0.6.
Mitigation: If you’re unable to patch your django version, you can constrain your application where the lookup and kind choices are associated with a known safe list.
Kali Linux Available on Akamai Linode Cloud
To the hackers, pentesters, bug bounty hunters, hobbyists, or aspiring security professionals reading this, we have Kali Linux as a turn key cloud instance.
We have an official Linode Kali distribution available as a lightweight minimal installation with the bare necessities needed for operating Kali. The minimal installation might not come with everything you need. If you want to add additional packages for your use case, then it’s highly recommended to follow the instructions here. The default desktop environment (DE) UI that comes with Kali is XFCE, which is way less resource intensive than other DEs such as GNOME or KDE Plasma.
If you want a GUI installed on your Kali instance, you can also download the Kali Linux Marketplace app.