Gang tricked an estimated 70,000 victims
Monthly Archives: February 2022
libreoffice-7.1.8.1-4.fc34
FEDORA-2022-3bbe89c20f
Packages in this update:
libreoffice-7.1.8.1-4.fc34
Update description:
CVE-2021-25636 Incorrect trust validation of signature with ambiguous KeyInfo children
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
changing text color of list changes vertical spacing https://bugs.documentfoundation.org/show_bug.cgi?id=147166
firefox-stable-3520220222133031.1
FEDORA-FLATPAK-2022-b071b4e88e
Packages in this update:
firefox-stable-3520220222133031.1
Update description:
Update to latest upstream version
DSA-5086 thunderbird – security update
An out-of-bounds write was discovered in Thunderbird, which could
be triggered via a malformed email message.
USN-5302-1: Linux kernel (OEM) vulnerabilities
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device driver
in the Linux kernel did not properly handle some error conditions. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2021-43976)
Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing garbage
collection. An attacker could use this to construct a malicious f2fs image
that, when mounted and operated on, could cause a denial of service (system
crash). (CVE-2021-44879)
Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a stack-based
buffer overflow. A remote attacker could use this to cause a denial of
service (system crash) for systems that have a TIPC bearer configured.
(CVE-2022-0435)
Lyu Tao discovered that the NFS implementation in the Linux kernel did not
properly handle requests to open a directory on a regular file. A local
attacker could use this to expose sensitive information (kernel memory).
(CVE-2022-24448)
It was discovered that the YAM AX.25 device driver in the Linux kernel did
not properly deallocate memory in some error conditions. A local privileged
attacker could use this to cause a denial of service (kernel memory
exhaustion). (CVE-2022-24959)
USN-5301-2: Cyrus SASL vulnerability
USN-5301-1 fixed a vulnerability in Cyrus. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.
USN-5300-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)
It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)
Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password
Posted by malvuln on Feb 22
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3a505e7ea1beee556860488e34db8da6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Dsocks.10
Vulnerability: Hardcoded Cleartext Password
Description: The malware Coded by Drocon builds and creates backdoor
servers, the supplied password is then hardcoded in cleartext in the PE
file.
Type: PE32
MD5:…
Backdoor.Win32.Dsocks.10 / Hardcoded Cleartext Password
Posted by malvuln on Feb 22
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/3a505e7ea1beee556860488e34db8da6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Dsocks.10
Vulnerability: Hardcoded Cleartext Password
Description: The malware Coded by Drocon builds and creates backdoor
servers, the supplied password is then hardcoded in cleartext in the PE
file.
Type: PE32
MD5:…
Backdoor.Win32.Agent.baol / Insecure Permissions
Posted by malvuln on Feb 22
Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/1f84a5305b65d7f6aa3afa7e2f2bda0e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Agent.baol
Vulnerability: Insecure Permissions
Description: The malware writes several PE files with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename the…