Back to bug 2221853
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| TEJ RATHI | 2023-07-11 05:28:16 UTC | CC | security-response-team | |
| TEJ RATHI | 2023-07-11 05:28:55 UTC | Deadline | 2023-07-11 | |
| TEJ RATHI | 2023-07-11 05:29:32 UTC | CC | andrew.slice, bodavis, dbhole, kanderso, lvaleeva, omajid, rwagner | |
| TEJ RATHI | 2023-07-11 05:34:16 UTC | Blocks | 2221855 | |
| TEJ RATHI | 2023-07-11 16:42:49 UTC | Deadline | 2023-07-11 | |
| Summary | EMBARGOED CVE-2023-33127 dotnet: elevation of privilege and code execution by taking control of the diagnostic port | CVE-2023-33127 dotnet: elevation of privilege and code execution by taking control of the diagnostic port | ||
| Group | qe_staff, security | |||
| Product Security DevOps Team | 2023-07-11 21:40:11 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2023-07-11 21:40:11 UTC | |||
| TEJ RATHI | 2023-07-12 06:05:34 UTC | Doc Text | A vulnerability was found in dotNET applications where, the Windows .NET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. DCOM applications that expose a diagnostic port can be exploited by a remote attacker to achieve cross-session/cross-user elevation of privilege (EoP) and code execution by taking control of the diagnostic port. | |
| TEJ RATHI | 2023-07-12 06:06:10 UTC | Doc Text | A vulnerability was found in dotNET applications where, the Windows .NET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. DCOM applications that expose a diagnostic port can be exploited by a remote attacker to achieve cross-session/cross-user elevation of privilege (EoP) and code execution by taking control of the diagnostic port. | A vulnerability was found in dotNET applications where, the Windows dotNET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. DCOM applications that expose a diagnostic port can be exploited by a remote attacker to achieve cross-session/cross-user elevation of privilege (EoP) and code execution by taking control of the diagnostic port. |
| TEJ RATHI | 2023-07-12 06:20:21 UTC | Fixed In Version | dotnet 6.0.20, dotnet 7.0.9 | |
| RaTasha Tillery-Smith | 2023-07-12 14:09:40 UTC | Doc Text | A vulnerability was found in dotNET applications where, the Windows dotNET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. DCOM applications that expose a diagnostic port can be exploited by a remote attacker to achieve cross-session/cross-user elevation of privilege (EoP) and code execution by taking control of the diagnostic port. | A vulnerability was found in dotNET applications where the Windows dotNET runtime exposes an IPC diagnostic endpoint named pipe for collecting diagnostic information and debugging. A remote attacker can exploit DCOM applications that expose a diagnostic port to achieve cross-session/cross-user elevation of privilege (EoP) and code execution by taking control of the diagnostic port. |
Back to bug 2221853