Ubuntu 23.04: USN-6217-1 Critical Dotnet Account Bypass Threat
Jul 11, 2023
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
The maximum failed attempts security feature for .NET could be bypassed.
=========================================================================Ubuntu Security Notice USN-6217-1 July 11, 2023 dotnet6, dotnet7 vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS Summary: The maximum failed attempts security feature for .NET could be bypassed. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-host 6.0.120-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~23.04.1 dotnet6 6.0.120-0ubuntu1~23.04.1 dotnet7 7.0.109-0ubuntu1~23.04.1 Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~22.10.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-host 6.0.120-0ubuntu1~22.10.1 dotnet-host-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~22.10.1 dotnet6 6.0.120-0ubuntu1~22.10.1 dotnet7 7.0.109-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-host 6.0.120-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~22.04.1 dotnet6 6.0.120-0ubuntu1~22.04.1 dotnet7 7.0.109-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6217-1 CVE-2023-33170 Package Information: https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~22.04.1
PREVIOUS
NEXT
Ubuntu 23.04: USN-6217-1 Critical Dotnet Account Bypass Threat
ubuntu
July 11, 2023
The maximum failed attempts security feature for .NET could be bypassed.
Summary
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~23.04.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-host 6.0.120-0ubuntu1~23.04.1 dotnet-host-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~23.04.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~23.04.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~23.04.1 dotnet6 6.0.120-0ubuntu1~23.04.1 dotnet7 7.0.109-0ubuntu1~23.04.1 Ubuntu 22.10: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~22.10.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-host 6.0.120-0ubuntu1~22.10.1 dotnet-host-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~22.10.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~22.10.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~22.10.1 dotnet6 6.0.120-0ubuntu1~22.10.1 dotnet7 7.0.109-0ubuntu1~22.10.1 Ubuntu 22.04 LTS: aspnetcore-runtime-6.0 6.0.120-0ubuntu1~22.04.1 aspnetcore-runtime-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-host 6.0.120-0ubuntu1~22.04.1 dotnet-host-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-hostfxr-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-hostfxr-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-runtime-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-runtime-7.0 7.0.109-0ubuntu1~22.04.1 dotnet-sdk-6.0 6.0.120-0ubuntu1~22.04.1 dotnet-sdk-7.0 7.0.109-0ubuntu1~22.04.1 dotnet6 6.0.120-0ubuntu1~22.04.1 dotnet7 7.0.109-0ubuntu1~22.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6217-1
CVE-2023-33170
Severity
critical
Lowest
Low
Medium
High
Critical
July 11, 2023
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~23.04.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~22.10.1 https://launchpad.net/ubuntu/+source/dotnet6/6.0.120-0ubuntu1~22.04.1 https://launchpad.net/ubuntu/+source/dotnet7/7.0.109-0ubuntu1~22.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!