Stories with Tag NVD

• Unauthenticated Remote Code Execution in Erlang/OTP SSH

  permalink

  Posted: 2025-04-17 13:29:44

  Verbose tl;dr

  A critical vulnerability (CVE-2025-32433) exists in Erlang/OTP's SSH implementation, affecting versions prior to 26.2.1 and 25.3.2.6. This flaw allows unauthenticated remote attackers to execute arbitrary code on the server. Specifically, a specially crafted SSH message can trigger the vulnerability during the initial handshake, before authentication occurs, enabling complete system compromise. Users are urged to update their Erlang/OTP installations to the latest patched versions as soon as possible.

  The National Vulnerability Database entry, CVE-2025-32433, details a critical vulnerability affecting Erlang/OTP (Open Telecom Platform) versions prior to 26.1, and versions prior to 25.3.2.3 in the 25 series. This vulnerability allows for unauthenticated remote code execution, meaning an attacker can execute arbitrary code on a vulnerable system without needing any valid credentials. This is achieved by exploiting a flaw in the implementation of the SSH (Secure Shell) protocol within Erlang/OTP.

  Specifically, the vulnerability stems from improper input validation during the SSH handshake process. When an SSH client connects to an Erlang/OTP SSH server, a series of messages are exchanged to establish the connection and negotiate cryptographic parameters. The vulnerability lies in how the server handles certain messages related to key exchange algorithms. A maliciously crafted client can send a specially constructed message during this key exchange phase that bypasses the authentication checks. This allows the attacker to proceed with the connection as if they were a legitimate, authenticated user.

  Once the attacker bypasses authentication, they effectively gain control of the SSH connection. This allows them to execute commands on the server with the same privileges as the SSH service itself. The impact of successful exploitation can be severe, potentially leading to complete compromise of the affected system. An attacker could install malware, exfiltrate sensitive data, disrupt services, or gain further access to internal network resources.

  The vulnerability affects a wide range of Erlang/OTP deployments that utilize the built-in SSH server functionality. This includes various applications built on the Erlang/OTP platform, as well as systems using Erlang/OTP for distributed computing and communication.

  The recommended remediation is to upgrade to Erlang/OTP version 26.1 or 25.3.2.3, which addresses the vulnerability through improved input validation during the SSH handshake. By applying these updates, the server will correctly handle the malicious messages and prevent unauthenticated access, thus mitigating the risk of remote code execution.

  • Erlang
  • OTP
  • ssh
  • RCE
  • remote code execution
  • Unauthenticated
  • Vulnerability
  • CVE
  • CVE-2025-32433
  • Security
  • Cybersecurity
  • network security
  • software vulnerability
  • Exploit
  • NIST
  • NVD

  Summary of Comments ( 11 )
  https://news.ycombinator.com/item?id=43716526

  Verbose tl;dr

  Hacker News users discuss the severity and impact of the Erlang/OTP SSH vulnerability. Some highlight the potential for widespread exploitation given Erlang's usage in telecom infrastructure and distributed systems. Several commenters question the assigned CVSS score of 9.8, finding it surprisingly high for a vulnerability that requires non-default configuration (specifically enabling password authentication). The discussion also touches on the practical implications of the vulnerability, acknowledging that while serious, exploitation might be limited by the need for open SSH ports and enabled password logins. Others express concern about the potential for nested exploitation, as vulnerable Erlang systems might host other exploitable services. Finally, some users note the responsible disclosure and patching process.

  The Hacker News post titled "Unauthenticated Remote Code Execution in Erlang/OTP SSH" (https://news.ycombinator.com/item?id=43716526) has several comments discussing the vulnerability (CVE-2025-32433).

  Several commenters highlight the severity of the vulnerability, being an unauthenticated remote code execution flaw. One user points out the particularly dangerous combination of this being a pre-auth vulnerability and Erlang's frequent use in distributed systems, increasing the potential attack surface. They mention that distributed Erlang systems often run with minimal firewalling, making them easier targets.

  Another commenter notes that exploitation is straightforward, quoting the NIST advisory that "Successful exploitation of this vulnerability requires only sending a crafted SSH message." This emphasizes the low barrier to entry for potential attackers.

  Discussion also revolves around the practical impact. One user questions how many publicly exposed Erlang SSH servers exist, suggesting that while serious, the impact might be limited depending on the prevalence of such deployments. This prompts another commenter to mention that while direct SSH access to Erlang nodes might be less common, many systems likely use distributed Erlang for backend communication, which could be vulnerable.

  A commenter with experience in securing Erlang systems suggests that the vulnerability reinforces the importance of employing robust network security measures, like firewalls and VPNs, even within internal networks. They highlight that assuming internal networks are safe is a dangerous misconception.

  There's some discussion of the technical details. One user dives deeper into the mechanism of the vulnerability, explaining that it arises from the way the ssh_packet_set_size/1 function handles size limits before authentication, allowing malicious actors to bypass checks and execute arbitrary code.

  Finally, several commenters express concern about the vulnerability's potential to affect critical infrastructure and industrial control systems, given Erlang's presence in those sectors. One user speculates about the potential for this vulnerability to be exploited in targeted attacks.

• Vulnerability in partner.microsoft.com allows unauthenticated access

  permalink

  Posted: 2025-03-05 13:58:12

  Verbose tl;dr

  A vulnerability in Microsoft Partner Center (partner.microsoft.com) allowed unauthenticated users to access internal resources. Specifically, improperly configured Azure Active Directory (Azure AD) application and service principal permissions enabled unauthorized access to certain Partner Center APIs. This misconfiguration potentially exposed sensitive business information related to Microsoft partners. Microsoft addressed the vulnerability by correcting the Azure AD application and service principal permissions to prevent unauthorized access.

  A critical vulnerability, identified as CVE-2024-49035, has been discovered within the partner.microsoft.com website. This flaw allows unauthenticated, remote attackers to gain unauthorized access to sensitive information. The vulnerability stems from an improperly implemented access control mechanism on the website. Due to this faulty implementation, restrictions intended to limit access to specific resources or functionalities are bypassed. Consequently, an attacker, without needing any valid credentials or authentication, can exploit this weakness to retrieve information that should be protected and restricted to authorized users only. The potential impact of this vulnerability is significant. The compromised data could range from confidential partner information, potentially including business strategies, financial data, and customer details, to internal Microsoft resources. This unauthorized access not only poses a serious risk to Microsoft and its partners but also potentially to the customers of those partners. The exact nature of the exploitable information isn't explicitly defined in the CVE description, but the severity assessment underscores the potential for significant damage. Microsoft has addressed this vulnerability, highlighting the importance of updating affected systems to mitigate the risk of exploitation. While the CVE entry doesn't detail the specific remediation steps, it implies that the fix likely involves correcting the faulty access control implementation on the partner.microsoft.com platform to enforce proper authentication and authorization checks. The severity assigned to this vulnerability, classified as critical, indicates a high likelihood of successful exploitation and a potentially substantial negative impact. The vulnerability existed within the "Partner Center" portion of the website, a portal used by Microsoft partners to manage their relationship with Microsoft.

  • Microsoft
  • Vulnerability
  • CVE-2024-49035
  • partner.microsoft.com
  • Unauthenticated Access
  • Security
  • Cybersecurity
  • NVD
  • NIST
  • Access Control
  • Authorization Bypass

  Summary of Comments ( 0 )
  https://news.ycombinator.com/item?id=43266429

  Verbose tl;dr

  HN users discuss the lack of detail in the CVE report for CVE-2024-49035, making it difficult to assess the actual impact. Some speculate about the potential severity, ranging from trivial to highly impactful depending on the specific exposed data and functionality. The vagueness also raises questions about Microsoft's disclosure process and the potential for more serious underlying issues. Several commenters note the irony of a vulnerability on a partner security portal, highlighting the difficulty of maintaining perfect security even for organizations focused on it. One user questions the use of "unauthenticated access" in the title, suggesting it might be misleading without knowing what level of access was granted.

  The Hacker News post titled "Vulnerability in partner.microsoft.com allows unauthenticated access" linking to a NIST vulnerability disclosure (CVE-2024-49035) has a modest number of comments, generating a brief discussion around the nature of the vulnerability and its potential impact.

  Several commenters focused on the ambiguity surrounding the actual impact of the vulnerability. The NIST disclosure provides limited technical detail, stating only that it allows "unauthenticated access." Commenters questioned what exactly an attacker could do with this unauthenticated access. Could they retrieve sensitive data? Modify information? Or was it simply access to a publicly available area that didn't require authentication in the first place? This lack of clarity was a central theme in the discussion.

  One commenter pointed out the apparent irony of a vulnerability existing on a partner portal specifically designed for managing security products. They highlighted the potential reputational damage this could cause Microsoft, especially given its focus on security.

  There's also a brief exchange regarding the use of "unauthenticated access" versus "unauthorized access." One commenter suggests the former is a subset of the latter, arguing that all unauthenticated access is unauthorized, but not all unauthorized access is necessarily unauthenticated. This spurred a short discussion about the nuances of these terms in a security context.

  Finally, some comments speculated on the root cause of the vulnerability, suggesting possibilities like misconfigured access control lists (ACLs) or an internal tool inadvertently exposed to the public. However, these remained speculations due to the limited information available in the NIST disclosure. No commenter claimed definitive knowledge of the vulnerability's technical details beyond what was publicly disclosed.

  Overall, the discussion reflects a cautious interest in the vulnerability, tempered by the lack of detailed information. Commenters clearly recognize the potential seriousness of an unauthenticated access vulnerability on a Microsoft partner portal, but the limited disclosure prevents a deeper analysis of the issue.