FortiGuard Labs is aware of a report that a new malware named “Redigo” was observed to have been installed on Redis honeypot servers vulnerable to CVE-2022-0543. The compromised Redis servers are likely used to perform Distributed Denial of Service (DDoS) attacks and cryptomining.Why is this Significant?This is significant because Redigo was installed on vulnerable Redis servers. Redis is an in-memory key-value store that can act as a high-performance database and cache server. Compromised servers are in control by remote attackers and are likely used for malicious activities.Created by Google, the Go programming language is platform independent and can run on various operating systems. Once considered novel, Golang malware is on the rise. FortiGuard Labs has recently published Zerobot, a new IoT botnet written in Golang.What is Redigo Malware?Redigo is a new Golang-based malware that was found to be installed on Redis servers vulnerable to CVE-2022-0543. Compromised Redis servers will be connected to malicious Command-and-Control (C2) servers that are likely used for DDoS attacks and cryptomining.What is CVE-2022-0543?CVE-2022-0543 is a vulnerability in Redis Debian packages disclosed in February 2022. Successful exploitation of the vulnerability allows remote attackers to execute arbitrary code on vulnerable Redis servers. CVE-2022-0543 has a CVSS score of 10.0.Is a Patch Available for CVE-2022-0543?Yes, a patch is available.What is the Status of Coverage?FortiGuard Labs provides the following AV signatures for Redigo:Linux/Redis.A!trPossibleThreatThe reported C2 server is blocked by Webfiltering.FortiGuard Labs provides the following IPS signature for CVE-2022-0543:Redis.Lua.Sandbox.Remote.Code.Execution
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606
Selected notes from packaging changes and improvements:
3.19.6 fixes CVE-2022-3171
3.19.5 fixes CVE-2022-1941
License updated to SPDX
Unnecessary dependency on python3-six removed
Python extension is now the compiled C++ version, improving performance
All subpackages now have the license file or depend on something that does
The -vim subpackage now depends on vim-filesystem, no longer on vim-enhanced
Added a man page for protoc
EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.
It was discovered that Pillow incorrectly handled the deletion of temporary
files when using a temporary directory that contains spaces. An attacker could
possibly use this issue to delete arbitrary files. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-24303)
It was discovered that Pillow incorrectly handled the decompression of highly
compressed GIF data. An attacker could possibly use this issue to cause Pillow
to crash, resulting in a denial of service. (CVE-2022-45198)
It was discovered that containerd incorrectly handled memory
when receiving certain faulty Exec or ExecSync commands. A remote
attacker could possibly use this issue to cause a denial of service
or crash containerd. (CVE-2022-23471, CVE-2022-31030)
It was discovered that containerd incorrectly set up inheritable file
capabilities. An attacker could possibly use this issue to escalate
privileges inside a container. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24769)
It was discovered that containerd incorrectly handled access to encrypted
container images when using imgcrypt library. A remote attacker could
possibly use this issue to access encrypted images from other users.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-24778)
A vulnerability has been discovered in Fortinet’s FortiOS, which could allow for arbitrary code Execution. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field.
