Read Time:6 Second
It was discovered that OpenSSH incorrectly handled certain helper programs.
An attacker could possibly use this issue to arbitrary code execution.
Category Archives: Advisories
CVE-2021-44171
Read Time:20 Second
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.3 allows attacker to execute privileged commands on a linked FortiSwitch via diagnostic CLI commands.
dhcp-4.4.3-4.P1.fc37
Read Time:12 Second
FEDORA-2022-9ca9a94e28
Packages in this update:
dhcp-4.4.3-4.P1.fc37
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)
dhcp-4.4.3-4.P1.fc38
Read Time:20 Second
FEDORA-2022-5c58ef733f
Packages in this update:
dhcp-4.4.3-4.P1.fc38
Update description:
Automatic update for dhcp-4.4.3-4.P1.fc38.
Changelog
* Wed Oct 5 2022 Martin Osvald <mosvald@redhat.com> – 12:4.4.3-4.P1
– New version 4.4.3-P1 (rhbz#2132240)
– Fix for CVE-2022-2928 (rhbz#2132429)
– Fix for CVE-2022-2929 (rhbz#2132430)
[SYSS-2022-046]: Verbatim Store ‘n’ Go Secure Portable SSD – Expected Behavior Violation (CWE-440) (CVE-2022-28386)
Read Time:18 Second
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-046
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Expected Behavior Violation (CWE-440)
Risk Level: Low
Solution Status: Open
Manufacturer Notification: 2022-06-29
Solution Date:…
[SYSS-2022-045]: Verbatim Store ‘n’ Go Secure Portable SSD – Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Read Time:18 Second
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-045
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Missing Immutable Root of Trust in Hardware
(CWE-1326)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification:…
[SYSS-2022-044]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Read Time:17 Second
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-044
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: Low
Solution Status:…
[SYSS-2022-043]: Verbatim Store ‘n’ Go Secure Portable SSD – Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)
Read Time:17 Second
Posted by Matthias Deeg on Oct 08
Advisory ID: SYSS-2022-043
Product: Store ‘n’ Go Secure Portable SSD
Manufacturer: Verbatim
Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1)
Vulnerability Type: Use of a Cryptographic Primitive with a Risky
Implementation (CWE-1240)
Risk Level: High
Solution Status:…
llhttp-6.0.10-1.fc37
Read Time:13 Second
FEDORA-2022-9e7f967d20
Packages in this update:
llhttp-6.0.10-1.fc37
Update description:
Update to v6.0.10
Disable chunked on obs (https://github.com/nodejs/llhttp/pull/196)
Maggie: New Backdoor Targeting Microsoft SQL Servers
Read Time:1 Minute, 20 Second
FortiGuard Labs is aware of reports that a new backdoor called “Maggie” targets Microsoft SQL servers. Maggie connects to Command and Control (C2) servers for remote commands and supports a variety of commands such as downloading, executing,and deleting files and propagates to other SQL servers through bruteforcing as well as unknown exploit commands. Based on external reports, most infected Microsoft SQL servers are in Asia.Why is this Significant?This is significant because Maggie is a new backdoor malware that has reportedly infected Microsoft SQL servers around the globe, with heavy concentration in Asia. The backdoor allows a remote attacker to control infected SQL servers. Maggie also supports commands to propagate to other SQL servers through bruteforcing.What is Maggie malware?Maggie is a backdoor malware that targets Microsoft SQL servers. The backdoor allows a remote attacker to control infected servers and supports commands such as downloading, executing and deleting files, turning on and off remote desktop services (TermService) as well as propagating to other SQL servers through bruteforcing. Reportedly, Maggie is also capable of accepting unidentified exploit related commands.The attacker disguised Maggie as “sqlmaggieAntiVirus_64.dll” signed with a digital certificate belonging to a company in South Korea. The file is an Extended Stored Procedure (ESP) DLL that the malware abuses for backdoor activities.At the time of this writing, an initial infection vector has not been identified.What is the Status of Protection?FortiGuard Labs provides the following AV signatures for Maggie malware and relevant files:W64/JuicyPotato.AI!trRiskware/Inject.HEUR!tr.pwsAll network IOCs are blocked by the WebFiltering client.