Category Archives: Advisories

unrealircd-6.0.3-1.el9

Read Time:1 Minute, 59 Second

FEDORA-EPEL-2022-e43d93b6a0

Packages in this update:

unrealircd-6.0.3-1.el9

Update description:

UnrealIRCd 6.0.3

A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you /REHASH with any active clients connected.

Fixes

Crash in WATCH if the IRCd has been rehashed at least once. After doing a REHASH with active clients it will likely corrupt memory. It may take several days until after the rehash for the crash to occur, or even weeks/months on smaller networks (accidental triggering, that is).
A REHASH with certain remote includes setups could cause a crash or other weird and confusing problems such as complaining about unable to open an ipv6-database or missing snomask configuration. This only affected some people with remote includes, not all.
Potential out-of-bounds write in sending code. In practice it seems harmless on most servers but this cannot be 100% guaranteed.
Unlikely triggered log message would log uninitialized stack data to the log file or send it to ircops.
Channel ops could not remove halfops from a user (-h).
After using the RESTART command (not recommended) the new IRCd was often no longer writing to log files.
Fix compile problem if you choose to use cURL remote includes but don’t have cURL on the system and ask UnrealIRCd to compile cURL.

Enhancements

The default text log format on disk changed. It now includes the server name where the event was generated. Without this, it was sometimes difficult to trace problems, since previously it sometimes looked like there was a problem on your server when it was actually another server on the network.
Old log format: [DATE TIME] subsystem.EVENT_ID loglevel: ……..
New log format: [DATE TIME] servername subsystem.EVENT_ID loglevel: ……..

Changes

Any MOTD lines added by services via SVSMOTD are now shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously the lines were only shown if you manually ran the MOTD command.

Protocol

LIST C<xx now means: filter on channels that are created less than xx minutes ago. This is the opposite of what we had earlier. LIST T<xx is now supported as well (topic changed in last xx minutes), it was already advertised in ELIST but support was not enabled previously.

Read More

Post Title

Read Time:19 Second

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for local code execution. Successful exploitation of the most severe vulnerability could allow an attacker to execute code in the context of the kernel. Malicious actors with administrative access may be able to install programs; view, change, or delete data; or create new accounts with full user rights.

Read More

CVE-2019-14839

Read Time:9 Second

It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

Read More

CVE-2020-14479

Read Time:8 Second

Sensitive information can be obtained through the handling of serialized data. The issue results from the lack of proper authentication required to query the server

Read More

CVE-2020-25691

Read Time:11 Second

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.

Read More

CVE-2021-20238

Read Time:41 Second

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint (port 22623) provides ignition configuration used for bootstrapping Nodes and can include some sensitive data, e.g. registry pull secrets. There are two scenarios where this data can be accessed. The first is on Baremetal, OpenStack, Ovirt, Vsphere and KubeVirt deployments which do not have a separate internal API endpoint and allow access from outside the cluster to port 22623 from the standard OpenShift API Virtual IP address. The second is on cloud deployments when using unsupported network plugins, which do not create iptables rules that prevent to port 22623. In this scenario, the ignition config is exposed to all pods within the cluster and cannot be accessed externally.

Read More

CVE-2021-20295

Read Time:33 Second

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.

Read More

CVE-2021-22277

Read Time:11 Second

Improper Input Validation vulnerability in ABB 800xA, Control Software for AC 800M, Control Builder Safe, Compact Product Suite – Control and I/O, ABB Base Software for SoftControl allows an attacker to cause the denial of service.

Read More

CVE-2022-26233: Barco Control Room Management Suite File Path Traversal Vulnerability

Read Time:21 Second

Posted by Murat Aydemir on Apr 01

*I. SUMMARY*
Title: [CVE-2022-2623] Barco Control Room Management Suite File Path
Traversal Vulnerability
Product: Barco Control Room Management Suite before 2.9 build 0275 and all
prior versions
Vulnerability Type: File Path Traversal
Credit by/Researcher: Murat Aydemir from Accenture Cyber Security Team
(Prague CFC)
Contact: https://twitter.com/mrtydmr75
Github: https://github.com/murataydemir

*II. CVE REFERENCE, CVSS SCORES &…

Read More

AcidRain Wiper Suspected in Satellite Broadband Outage in Europe

Read Time:3 Minute, 0 Second

FortiGuard Labs is aware a report that a new wiper malware was deployed and destroyed data on modems and routers for KA-SAT satellite broadband services, resulting in service outages across Europe on February 24th, 2022. The service interruption also caused the disconnection of remote access to 5,800 wind turbines in Europe. According to security vendor SentinelOne, AcidRain wiper shares similarities with a VPNFilter stage 3 destructive plugin. The Federal Bureau of Investigation (FBI) and Department of Justice disrupted the VPNFilter botnet by seizing a domain that was part of the Command-and-Control (C2) infrastructure. The Russian-connected the Sofacy threat actor (also known as APT28, Sednit, Pawn Storm, Fancy Bear, and Tsar) is believed to have operated the VPNFilter botnet. Why is this Significant?This is significant not only because a new wiper malware was used in the attack but also because the attack caused service interruption for satellite broadband services in Europe, including Ukraine, and 5,800 wind turbines in Europe were knocked offline.Also, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a joint advisory on March 17th, 2022, warning of cyberattacks on U.S. and international satellite communication (SATCOM) networks. What Happened?According to the statement released by Viasat, a provider of KA-SAT satellite broadband services, the attack occurred in two phases.1. On February 24th, 2022, “malicious traffic were detected emanating from several SurfBeam2 and SurfBeam 2+ modems and/or associated customer premise equipment (CPE) physically located within Ukraine and serviced by one of the KA-SAT consumer-oriented network partitions. This targeted denial of service attack made it difficult for many modems to remain online.” 2. Then, the company started to observe a gradual decline of the connected modems. Subsequently, a large number of additional modems across much of Europe exited the network and they did not re-enter to the network. The statement continues as saying that the attacker gained remote access to the trusted management segment of the KA-SAT network through a misconfigured VPN appliance. The threat actor moved laterally through the network and ultimately sent “legitimate, targeted management commands on a large number of residential modems simultaneously. Specifically, these destructive commands overwrote key data in flash memory on the modems, rendering the modems unable to access the network, but not permanently unusable.”The belief is that “these destructive commands” refer to AcidRain wiper malware.What is VPNFilter malware?VPNFilter is a IoT malware that was first reported in mid-2018 and targeted home and Small Office/Home Office (SOHO) routers and Network Attached Storage (NAS) devices. The malware is not only capable of performing data exfiltration but also rendering devices completely inoperable.FortiGuard Labs published a research blog series on VPNFilter malware in 2018. See the Appendix for a link to “VPNFilter Malware – Critical Update” and “VPNFilter Update – New Attack Modules Documented”.What is the threat actor Sofacy?Sofacy is a threat actor who is believed to operate for Russian interests. The threat actor has been in operation since at least 2007 and targets a wide range of sectors including government, military and security organizations.One of the most infamous activities carried out by the Sofacy group is their alleged involvement in hacking “networks and endpoints associated with the U.S. election” in 2016, in which the FBI the US Department of Homeland Security (DHS) released a join advisory on December 29th, 2016.What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against AcidRain wiper malware believed to have been used in the attack:ELF/AcidRain.A!tr

Read More