1. Ubuntu Security Notices
  2. USN-6217-1

USN-6217-1: .NET vulnerability

Publication date

11 July 2023

Overview

The maximum failed attempts security feature for .NET could be bypassed.

Releases

Packages

  • dotnet6 - dotNET CLI tools and runtime
  • dotnet7 - dotNET CLI tools and runtime

Details

McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did
not properly update account lockout maximum failed attempts. An
attacker could possibly use this issue to bypass the security feature
and attempt to guess more passwords for an account.

McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did
not properly update account lockout maximum failed attempts. An
attacker could possibly use this issue to bypass the security feature
and attempt to guess more passwords for an account.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
23.04 lunar aspnetcore-runtime-6.0 –  6.0.120-0ubuntu1~23.04.1
dotnet-hostfxr-7.0 –  7.0.109-0ubuntu1~23.04.1
dotnet-hostfxr-6.0 –  6.0.120-0ubuntu1~23.04.1
dotnet-host –  6.0.120-0ubuntu1~23.04.1
aspnetcore-runtime-7.0 –  7.0.109-0ubuntu1~23.04.1
dotnet-sdk-6.0 –  6.0.120-0ubuntu1~23.04.1
dotnet-sdk-7.0 –  7.0.109-0ubuntu1~23.04.1
dotnet6 –  6.0.120-0ubuntu1~23.04.1
dotnet7 –  7.0.109-0ubuntu1~23.04.1
dotnet-runtime-7.0 –  7.0.109-0ubuntu1~23.04.1
dotnet-runtime-6.0 –  6.0.120-0ubuntu1~23.04.1
dotnet-host-7.0 –  7.0.109-0ubuntu1~23.04.1
22.10 kinetic aspnetcore-runtime-6.0 –  6.0.120-0ubuntu1~22.10.1
dotnet-hostfxr-7.0 –  7.0.109-0ubuntu1~22.10.1
dotnet-hostfxr-6.0 –  6.0.120-0ubuntu1~22.10.1
dotnet-host –  6.0.120-0ubuntu1~22.10.1
aspnetcore-runtime-7.0 –  7.0.109-0ubuntu1~22.10.1
dotnet-sdk-6.0 –  6.0.120-0ubuntu1~22.10.1
dotnet-sdk-7.0 –  7.0.109-0ubuntu1~22.10.1
dotnet6 –  6.0.120-0ubuntu1~22.10.1
dotnet7 –  7.0.109-0ubuntu1~22.10.1
dotnet-runtime-7.0 –  7.0.109-0ubuntu1~22.10.1
dotnet-runtime-6.0 –  6.0.120-0ubuntu1~22.10.1
dotnet-host-7.0 –  7.0.109-0ubuntu1~22.10.1
22.04 jammy aspnetcore-runtime-6.0 –  6.0.120-0ubuntu1~22.04.1
dotnet-hostfxr-7.0 –  7.0.109-0ubuntu1~22.04.1
dotnet-hostfxr-6.0 –  6.0.120-0ubuntu1~22.04.1
dotnet-host –  6.0.120-0ubuntu1~22.04.1
aspnetcore-runtime-7.0 –  7.0.109-0ubuntu1~22.04.1
dotnet-sdk-6.0 –  6.0.120-0ubuntu1~22.04.1
dotnet-sdk-7.0 –  7.0.109-0ubuntu1~22.04.1
dotnet6 –  6.0.120-0ubuntu1~22.04.1
dotnet7 –  7.0.109-0ubuntu1~22.04.1
dotnet-runtime-7.0 –  7.0.109-0ubuntu1~22.04.1
dotnet-runtime-6.0 –  6.0.120-0ubuntu1~22.04.1
dotnet-host-7.0 –  7.0.109-0ubuntu1~22.04.1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›