Lucene search
UbuntuUSN-6006-1HistoryApr 11, 2023 - 12:00 a.m.
.NET vulnerability
2023-04-1100:00:00
ubuntu.com
28
.net
ubuntu
security
vulnerability
dotnet6
dotnet7
arbitrary code
dll files
execution
unix
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%
Releases
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Packages
- dotnet6 - dotNET CLI tools and runtime
- dotnet7 - dotNET CLI tools and runtime
Details
It was discovered that .NET did not properly manage dll files. An
attacker could potentially use this issue to execute arbitrary code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 22.10 | noarch | aspnetcore-runtime-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | aspnetcore-targeting-pack-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-apphost-pack-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-apphost-pack-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-host | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-host-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-hostfxr-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-hostfxr-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-runtime-6.0 | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
| Ubuntu | 22.10 | noarch | dotnet-runtime-6.0-dbgsym | < 6.0.116-0ubuntu1~22.10.1 | UNKNOWN |
References
Related
redhatcve
redhatcve
CVE-2023-28260
2023-04-11 16:58:25
cgr
cgr
CVE-2023-28260 vulnerabilities
2024-05-19 03:07:16
osv
osv
CVE-2023-28260
2023-04-11 21:15:25
dotnet6, dotnet7 vulnerability
2023-04-11 21:09:16
BIT-dotnet-2023-28260
2024-03-06 10:56:02
veracode
veracode
Remote Code Execution
2023-04-18 05:41:50
mskb
mskb
.NET 7.0 Update - April 11, 2023 (KB5025916)
2023-04-11 07:00:00
.NET 6.0 Update - April 11, 2023 (KB5025915)
2023-04-11 07:00:00
mscve
mscve
.NET DLL Hijacking Remote Code Execution Vulnerability
2023-04-11 07:00:00
ubuntucve
ubuntucve
CVE-2023-28260
2023-04-11 00:00:00
nessus
nessus
Ubuntu 22.04 LTS : .NET vulnerability (USN-6006-1)
2023-04-12 00:00:00
Security Updates for Microsoft .NET core (April 2023)
2023-04-13 00:00:00
Security Updates for Microsoft Visual Studio Products (April 2023)
2023-04-12 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6006-1)
2023-04-13 00:00:00
.NET Core SDK Remote Code Execution Vulnerability (Apr 2023)
2023-04-12 00:00:00
nvd
nvd
CVE-2023-28260
2023-04-11 21:15:25
cve
cve
CVE-2023-28260
2023-04-11 21:15:25
cnvd
cnvd
Microsoft .NET DLL Hijacking Remote Code Execution Vulnerability
2023-11-15 00:00:00
github
github
.NET Remote Code Execution vulnerability
2023-04-11 22:02:15
wolfi
wolfi
CVE-2023-28260 vulnerabilities
2024-06-26 15:33:03
alpinelinux
alpinelinux
CVE-2023-28260
2023-04-11 21:15:25
prion
prion
Remote code execution
2023-04-11 21:15:00
cvelist
cvelist
CVE-2023-28260 .NET DLL Hijacking Remote Code Execution Vulnerability
2023-04-11 19:13:56
kaspersky
kaspersky
KLA48843 Multiple vulnerabilities in Microsoft Developer Tools
2023-04-11 00:00:00
ics
ics
Siemens PNI
2023-11-16 12:00:00
Siemens ST7 ScadaConnect
2024-06-13 12:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
55.8%
Related for USN-6006-1