Security News

APPLE-SA-2021-05-03-3 watchOS 7.4.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-3 watchOS 7.4.1

watchOS 7.4.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212339.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A memory corruption issue was...

APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-4 macOS Big Sur 11.3.1

macOS Big Sur 11.3.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212335.

WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A memory corruption issue was addressed...

APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-1 iOS 14.5.1 and iPadOS 14.5.1

iOS 14.5.1 and iPadOS 14.5.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212336.

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to...

APPLE-SA-2021-05-03-2 iOS 12.5.3

Full Disclosure - 4 May, 2021 - 10:36

Posted by Apple Product Security via Fulldisclosure on May 04

APPLE-SA-2021-05-03-2 iOS 12.5.3

iOS 12.5.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212341.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been...

KSA-Dev-0012:CVE-2021-25326:Unauthenticated Sensitive information Discloser in Skyworth RN510 Mesh Extender

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

Overview
========

Title:- UnAuthenticated Sensitive information Discloser in RN510 Mesh
Extender.
CVE-ID :- CVE-2021-25326
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity:...

KSA-Dev-0011:CVE-2021-25327: Authenticated XSRF in Skyworth RN510 Mesh Extender

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

Overview
========

Title:- Authenticated XSRF in RN510 Mesh Extender.
CVE-ID :- CVE-2021-25327
Author: Kaustubh G. Padwad
Vendor: Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity: High--Critical

Advisory ID...

KSA-Dev-0010:CVE-2021-25328:Authenticated Stack Overflow in Skyworth RN510 mesh Device

Full Disclosure - 4 May, 2021 - 10:32

Posted by Kaustubh Padwad via Fulldisclosure on May 04

itle :- Authenticated  Stack Overflow in RN510 mesh Device
CVE-ID:- CVE-2021-25328
Author:  Kaustubh G. Padwad
Vendor:  Shenzhen Skyworth Digital Technology Company
Ltd.(http://www.skyworthdigital.com/products)
Products:
     1. RN510 with firmware V.3.1.0.4 (Tested and verified)
Potential
    2.RN620 with respective firmware or below
    3.RN410 With Respective firmwware or below.

Severity: High--Critical

Advisory ID
============...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20219: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the /nova/bin/igmp-proxy process. An
authenticated remote attacker can cause a Denial of Service (NULL pointer
dereference).

CVE-2020-20262: Mikrotik RouterOs before 6.47 (stable tree) suffers from an
assertion failure vulnerability in the...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] Two CVEs have been assigned to these vulnerabilities.

CVE-2020-20221: Mikrotik RouterOs before 6.44.6 (long-term tree) suffers
from an uncontrolled resource consumption vulnerability in the
/nova/bin/cerm process. An authenticated remote attacker can cause a Denial
of Service due to overloading the systems CPU.

CVE-2020-20218: Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a
memory corruption vulnerability in the...

Re: Two vulnerabilities found in MikroTik's RouterOS

Full Disclosure - 4 May, 2021 - 10:32

Posted by Q C on May 04

[Update 2021/05/04] CVE-2020-20212 and CVE-2020-20211 have been
assigned to these two vulnerabilities.

CVE-2020-20212: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from
a memory corruption vulnerability in the /nova/bin/console process. An
authenticated remote attacker can cause a Denial of Service (NULL
pointer dereference)

CVE-2020-20211: Mikrotik RouterOs 6.44.5 (long-term tree) suffers from
an assertion failure vulnerability in the...

Backdoor.Win32.Agent.oj / Unauthenticated Remote Command Execution

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.oj
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 23, upon connection to an
infected host third-party attackers get handed a remote shell.
Type: PE32
MD5:...

Backdoor.Win32.Agent.oj / Remote Stack Buffer Overflow

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c1e92e04cdb432d83ea2610ef226d4cd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.oj
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 23. Third-party attackers can
send a specially crafted payload, triggering a classic stack buffer
overflow overwriting ECX, EIP...

Backdoor.Win32.Agent.kte / Remote Stack Buffer Overflow (UDP Datagram)

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/7c92e59e776355734781bbf05571d0f0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.kte
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: The malware drops an executable named "aspimgr.exe" under
SysWOW64 dir, which listens on TCP port 80 and UDP port 53. Third-party
attackers...

Backdoor.Win32.Agent.gmug / Heap Corruption

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c7763bae3376a9f2865a1a18e84c259e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.gmug
Vulnerability: Heap Corruption
Description: The malware listens on TCP port 33308, third-party attackers
who can reach the server can send a specially crafted payload causing a
heap corruption.
Type: PE32
MD5:...

Backdoor.Win32.Agent.ggw / Authentication Bypass

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/509e3d4839688c6173980dfba22ebd55.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.ggw
Vulnerability: Authentication Bypass
Description: The malware runs a built-in FTP server listening on one of
several random TCP ports like 32335, 27227, 27942, 14223, 14988, 11092.
Third-party attackers who can reach the...

Worm.Win32.Delf.hu / Insecure Permissions

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/46e27d7bfdbda7a71dfa12a79026a88b.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Delf.hu
Vulnerability: Insecure Permissions
Description: The malware creates a hidden insecure dir named "RECYCLER"
under c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can rename...

HEUR.Trojan.Win32.Bayrob.gen / Insecure Permissions

Full Disclosure - 30 April, 2021 - 03:51

Posted by malvuln on Apr 30

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/765698ccfb033c86eea6d293235d7ed0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Bayrob.gen
Vulnerability: Insecure Permissions
Description: The malware creates a insecure dir named "rlpzeasjvgnb" under
c:\ drive and grants change (C) permissions to the authenticated user
group. Standard users can...

Defense in depth -- The Microsoft way (part 76): arbitrary code execution WITH elevation of privilege in user-writable directories below %SystemRoot%

Full Disclosure - 30 April, 2021 - 03:50

Posted by Stefan Kanthak on Apr 30

Hi @ll,

Microsoft still ships Windows with and lets it create user-writable
directories below the "Windows" directory %SystemRoot%\ -- despite
that, with exception of %SystemRoot%\Temp\, they are all used to
store DATA and SHOULD have been placed below %ProgramData% alias
%SystemDrive%\ProgramData\ instead!

JFTR: %ProgramData% was introduced with Windows Vista more than 15
(in words: FIFTEEN) years ago, but Microsoft obviously...

Defense in depth -- the Microsoft way (part 75): Bypass of SAFER alias Software Restriction Policies NOT FIXED

Full Disclosure - 30 April, 2021 - 03:50

Posted by Stefan Kanthak on Apr 30

Hi @ll,

Microsoft introduced SAFER alias Software Restriction Policies (SRP) with
Windows XP about 20 years ago.
See <https://msdn.microsoft.com/en-us/library/ms722422.aspx> for the API,
plus the TechNet articles "How Software Restriction Policies Work"
<https://technet.microsoft.com/en-us/library/cc786941.aspx> and
"Using Software Restriction Policies to Protect Against Unauthorized Software"
<...

Open-Xchange Security Advisory 2021-04-30

Full Disclosure - 30 April, 2021 - 03:50

Posted by Martin Heiland via Fulldisclosure on Apr 30

Dear subscribers,

we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX AppSuite, Dovecot and PowerDNS at HackerOne.

Yours sincerely,
Martin Heiland, Open-Xchange GmbH

Product: OX App Suite / OX Guard
Vendor: OX Software GmbH

Affected product: OX App Suite
Internal reference: OXUIB-481
Vulnerability type:...
Syndicate content