Full Disclosure

Syndicate content
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Updated: 7 min 12 sec ago

Backdoor.Win32.Agent.bjev / Insecure Permissions

9 March, 2021 - 02:45

Posted by malvuln on Mar 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/35cf54a19efcdeaa41899647075c7ef9.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.bjev
Vulnerability: Insecure Permissions
Description: Agent.bjev creates an insecure dir named "Windupdt" under c:\
drive, granting change permissions (C) to the authenticated user group.
Standard users can rename...

Backdoor.Win32.GTbot.c / Insecure Permissions

9 March, 2021 - 02:45

Posted by malvuln on Mar 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8c2acfcc60dda52db9bd9a934284b673.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.GTbot.c
Vulnerability: Insecure Permissions
Description: GTbot creates an insecure dir called "WINNT" under c:\ drive
and grants change permissions (C) to the authenticated user group. Standard
users can rename the malware...

BACKDOOR.WIN32.ANTILAM.14.O / Unauthenticated Remote Command Execution

9 March, 2021 - 02:45

Posted by malvuln on Mar 08

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/3f3ee9dce39e816b4001bd6ae66e8f1a.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Antilam.14.o
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP ports 47891 and 29559. Third party
attackers who can reach infected systems can execute commands made
available by the...

Advisory ID: VMSA-2021-0002

9 March, 2021 - 02:45

Posted by ???????????? on Mar 08

dear all
    https://www.vmware.com/security/advisories/VMSA-2021-0002.html
    Does the above link include version vcenter6.0 and esxi6.0?

APPLE-SA-2021-03-08-4 watchOS 7.3.2

9 March, 2021 - 02:44

Posted by Apple Product Security via Fulldisclosure on Mar 08

APPLE-SA-2021-03-08-4 watchOS 7.3.2

watchOS 7.3.2 addresses the following issue.

Information about the security content is also available
at https://support.apple.com/HT212223.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with
improved validation.
CVE-2021-1844: Clément Lecigne of Googleʼs...

APPLE-SA-2021-03-08-3 Safari 14.0.3

9 March, 2021 - 02:44

Posted by Apple Product Security via Fulldisclosure on Mar 08

APPLE-SA-2021-03-08-3 Safari 14.0.3

Safari 14.0.3* addresses the following issue.

Information about the security content is also available
at https://support.apple.com/HT212222.

WebKit
Available for: macOS Catalina and macOS Mojave
Impact: Processing maliciously crafted web content may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with
improved validation.
CVE-2021-1844: Clément Lecigne of Googleʼs...

APPLE-SA-2021-03-08-2 macOS Big Sur 11.2.3

9 March, 2021 - 02:44

Posted by Apple Product Security via Fulldisclosure on Mar 08

APPLE-SA-2021-03-08-2 macOS Big Sur 11.2.3

macOS Big Sur 11.2.3 addresses the following issue.

Information about the security content is also available
at https://support.apple.com/HT212220.

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead
to arbitrary code execution
Description: A memory corruption issue was addressed with
improved validation.
CVE-2021-1844: Clément Lecigne of Googleʼs Threat...

APPLE-SA-2021-03-08-1 iOS 14.4.1 and iPadOS 14.4.1

9 March, 2021 - 02:44

Posted by Apple Product Security via Fulldisclosure on Mar 08

APPLE-SA-2021-03-08-1 iOS 14.4.1 and iPadOS 14.4.1

iOS 14.4.1 and iPadOS 14.4.1 addresses the following issue.

Information about the security content is also available
at https://support.apple.com/HT212221.

WebKit
Available for: iPhone 6s and later, iPad Air 2 and later,
iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution Description: A memory corruption...

Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 Administrator Console

9 March, 2021 - 02:44

Posted by Harsha Bhat on Mar 08

Title: Missing access controls
Product: Emerson Smart Wireless Gateway
Vendor Homepage: http://emerson.com
Vulnerable Version: 1420 4.6.59
CVE Number: CVE-2020-19419
Authors: Harsha Bhat, Anish Mitra and Unmesh Guragol
Timeline:
2019-08-02 Disclosed to the vendor
2019-08-22 Vendor confirmed that the vulnerability was identified
internally and a fix was released in the latest version of firmware

1. Vulnerability Description

Incorrect Access...

Privilege Escalation in Emerson Smart Wireless Gateway 1420 4.6.59 Administrator Console

9 March, 2021 - 02:44

Posted by Harsha Bhat on Mar 08

Title: Privilege Escalation
Product: Emerson Smart Wireless Gateway
Vendor Homepage: http://emerson.com
Vulnerable Version: 1420 4.6.59
CVE Number: CVE-2020-19417
Authors: Harsha Bhat Anish Mitra and Unmesh Guragol
Timeline:
2019-08-02 Disclosed to the vendor
2019-08-22 Vendor confirmed that the vulnerability was identified
internally and a fix was released in the latest version of firmware

1. Vulnerability Description

Emerson Smart Wireless...

Backdoor.Win32.BO2K.09.b / Unauthenticated Remote Command Execution

5 March, 2021 - 04:19

Posted by malvuln on Mar 05

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/90894ac48059687ea80e565f7529e53f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BO2K.09.b
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor BO2K.09.b listens on TCP ports 707 and 808. Third
party adversarys who can reach the system, can execute any command on the
infected host using...

Backdoor.Win32.BO2K.ab / Local File Buffer Overflow

5 March, 2021 - 04:18

Posted by malvuln on Mar 05

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ca4e5a6ff033b62fa59de5a5dd24c7f9.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BO2K.ab
Vulnerability: Local File Buffer Overflow
Description: PsyConf - Program configuration tool doesnt properly check the
executables it parses. Loading a specially crafted file triggers a buffer
overflow overwriting ECX...

Backdoor.Win32.DarkKomet.irv / Insecure Permissions

5 March, 2021 - 04:18

Posted by malvuln on Mar 05

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/341b2c3222122bd25c8509fc09534dec.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.irv
Vulnerability: Insecure Permissions
Description: DarkKomet.irv creates an insecure hidden dir named "updter"
under c:\ drive and drops executable "updt.exe". The backdoor grants change
(C)...

Defense in depth -- the Microsof way (part 72): "compatibility" trumps security

5 March, 2021 - 04:18

Posted by Stefan Kanthak on Mar 05

Hi @ll,

the following is a shortened version of
<https://skanthak.homepage.t-online.de/tempest.html>

With Windows 10 20H1, Microsoft moved the function to install and update
device drivers available online, i.e. on Windows Update, from Device Manager
to Windows Update.

Device Manager runs under arbitrary "Administrator" accounts: device driver
installation started from its GUI (MMC.exe DevMgmt.msc) or CLI (PnPUtil.exe,...

New BlackArch Linux Slim ISO released!

5 March, 2021 - 04:14

Posted by Black Arch on Mar 05

Dear List,

We are proud to present the newest BlackArch ISO; The Slim-ISO
(v2021.03.01) which has a brand new graphical installer as well as
some new things, such as:

- XFCE desktop environment
- stable tools only
- default zsh shell
- awesome theme and BlackArch customized menus
- performance optimizations
- Linux Kernel 5.11.2

You can only find out more by downloading the ISO. Make sure to check
our website for the download...

AST-2021-006: Crash when negotiating T.38 with a zero port

4 March, 2021 - 13:20

Posted by Asterisk Security Team on Mar 04

Asterisk Project Security Advisory - AST-2021-006

Product Asterisk
Summary Crash when negotiating T.38 with a zero port
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Minor...

Trojan-Spy.Win32.Stealer.osh / Insecure Permissions

2 March, 2021 - 12:12

Posted by malvuln on Mar 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d58b1c2f540268bd9dd920455568d45f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Stealer.osh
Vulnerability: Insecure Permissions
Description: The malware creates an insecure dir named "DESKTOP-2C3IQHO"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users...

Backdoor.Win32.RemoteManipulator.fdo / Insecure Permissions

2 March, 2021 - 12:12

Posted by malvuln on Mar 02

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/66ef21e8d1cf30dce6e084a9e306c18f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.RemoteManipulator.fdo
Vulnerability: Insecure Permissions
Description: The backdoor creates an insecure randomly named hidden dir
with a .tmp ext E.g. 8RK86.tmp and grants change (C) permissions to the
authenticated user group....

Multiple Vulnerabilities in jpeg-xl (CVE-2021-27804)

2 March, 2021 - 12:11

Posted by Marc on Mar 02

Multiple Vulnerabilities in jpeg-xl
===================================
CVE: CVE-2021-27804
Highest Severity Rating: High
Confirmed Affected Versions: jpeg-xl v0.3.1 and earlier
Vendor: Joint Photographic Experts Group (JPEG)
Vendor URL: https://gitlab.com/wg1/jpeg-xl

Summary and Impact
------------------
jpeg-xl is the reference implementation by the Joint Photographic
Experts Group (JPEG) of the new JPEG XL standard.
Multiple memory corruption...

SEC Consult SA-20210301-0 :: Authentication bypass vulnerability in Genua GenuGate High Resistance Firewall

1 March, 2021 - 08:59

Posted by SEC Consult Vulnerability Lab on Mar 01

seems we had some newline issues before, sorry for the inconvenience. Here is our advisory again:

SEC Consult Vulnerability Lab Security Advisory < 20210301-0 >
=======================================================================
title: Authentication bypass vulnerability
product: Genua GenuGate High Resistance Firewall
vulnerable version: GenuGate <10.1 p4, <9.6 p7, <9.0/9.0 Z p19
fixed version:...