Category Archives: Advisories

xen-4.14.5-1.fc34

Read Time:22 Second

FEDORA-2022-64b2c02d29

Packages in this update:

xen-4.14.5-1.fc34

Update description:

update to xen-4.14.5

Racy interactions between dirty vram tracking and paging log dirty
hypercalls [XSA-397, CVE-2022-26356]
race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357]
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400,
CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361]

Read More

Microsoft Released Advisory on a Critical Remote Code Execution Vulnerability in RPC (CVE-2022-26809)

Read Time:2 Minute, 32 Second

FortiGuard Labs is aware that Microsoft released a patch and advisory for a critical remote code execution vulnerability in Remote Procedure Call Runtime Library as part of the April Patch Tuesday. Assigned CVE-2022-26809 and a CVSS score of 9.8, successfully exploiting the vulnerability allows an attacker to execute remote code with high privileges on a vulnerable system, leading to a full compromise.Why is this Significant?This is significant because CVE-2022-26809 is rated by Microsoft as “critical” and “Exploitation More Likely” because of its impacts on all supported Windows products and due to the trivial nature of the vulnerability. Because of the potential impact that the vulnerability has, Microsoft released security updates for Windows 7, which reached end-of-life in January 2020. Also, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory urging users and administrators to apply the patch or apply the recommended mitigations.What is CVE-2022-26809?CVE-2022-26809 is a critical remote code execution vulnerability in Remote Procedure Call Runtime Library. The Microsoft advisory states “To exploit this vulnerability, an attacker would need to send a specially crafted RPC call to an RPC host. This could result in remote code execution on the server side with the same permissions as the RPC service,” which allows the attacker to take control of an affected system.Is CVE-2022-26809 being Exploited in the Wild?At the time of this writing, the vulnerability is not reported nor observed to have been exploited in the wild.Has Microsoft Released a Patch for CVE-2022-26809?Yes, Microsoft released a patch on April 12th, 2022 as part of the April MS Tuesday. Due to the potential impact the vulnerability has, Microsoft also released security updates for Windows 7, which is no longer supported.What is the Status of Coverage?FortiGuard Labs has released the following IPS signature in version 20.297:MS.Windows.RPC.CVE-2022-26809.Remote.Code.Execution (default action is set to pass)What Mitigation Steps are Available?Microsoft has provided the following mitigation steps in the advisory:Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:1. Block TCP port 445 at the enterprise perimeter firewallTCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter.2. Follow Microsoft guidelines to secure SMB trafficFor the Microsoft guidelines on how to secure SMB traffic, see the Appendix for a link to “Secure SMB Traffic in Windows Server”.

Read More

python-ujson-5.2.0-1.fc36

Read Time:31 Second

FEDORA-2022-569b6b45e2

Packages in this update:

python-ujson-5.2.0-1.fc36

Update description:

Update to 5.2.0 (close RHBZ#2072241, fix CVE-2021-45958)

Added

Support parsing NaN, Infinity and -Infinity
Support dynamically linking against system double-conversion library
Add env var to control stripping debug info
Add JSONDecodeError

Fixed

Fix buffer overflows (CVE-2021-45958)
Upgrade Black to fix Click
simplify exception handling on integer overflow
Remove dead code that used to handle the separate int type in Python 2
Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced

Read More

Email-Worm.Win32.Pluto.b / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/60a7d5e2d446110d84ef65f6a37af0eb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Pluto.b
Vulnerability: Insecure Permissions
Description: The malware writes a dir and PE files with insecure
permissions to c drive granting change (C) permissions to the authenticated
user group. Standard users can rename the…

Read More

Backdoor.Win32.Kilo.016 / Denial of Service (UDP Datagram)

Read Time:21 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9ede6951ea527f96a785c5e32b5079e6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kilo.016
Vulnerability: Denial of Service (UDP Datagram)
Description: The malware listens on TCP ports 6712, 6713, 6714, 6715, 7722,
15206, 15207, 16712 and UDP 6666. Attackers who can reach an infected host
can send a large payload…

Read More

Backdoor.Win32.NinjaSpy.c / Authentication Bypass

Read Time:20 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9f39606d9e19771af5acc6811ccf557f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NinjaSpy.c
Vulnerability: Authentication Bypass
Description: The malware listens on TCP ports 2003, 2004 and drops a PE
file named “cmd.dll” under Windows dir. Connecting to port 2003, you will
get back a number…

Read More

Backdoor.Win32.NetSpy.10 / Unauthenticated Remote Command Execution

Read Time:20 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/45d413b46f1d14a45e8fd36921813d62.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7306. Attackers who can reach
infected hosts can run commands made available by the backdoor. Sending
commands using Ncat…

Read More

Backdoor.Win32.NetCat32.10 / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/dcf16aed5ad4e0058a6cfcc7593dd9e3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetCat32.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 6666. Attackers who can reach
infected systems can run commands made available by the backdoor using
TELNET.
Family:…

Read More

HackTool.Win32.IpcScan.c / Local Stack Buffer Overflow

Read Time:19 Second

Posted by malvuln on Apr 14

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8f44374d587eb1657d25da9628cb2b87.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HackTool.Win32.IpcScan.c
Vulnerability: Local Stack Buffer Overflow
Description: Loading a specially crafted PE file will cause a stack buffer
overflow overwriting the ECX and EIP registers.
Family: IpcScan
Type: PE32
MD5:…

Read More