Category Archives: Advisories

Advisories

SEC Consult SA-20220215 :: Multiple Critical Vulnerabilities in multiple Zyxel devices

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Feb 16

SEC Consult Vulnerability Lab Security Advisory < 20220215-0 >
=======================================================================
title: Multiple Critical Vulnerabilities
product: Multiple Zyxel devices
vulnerable version: For affected products see “Solution” section
fixed version: see “Solution” section
CVE number: –
impact: Critical
homepage:…

Read More

Advisories

Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder / Insecure Permissions

Read Time:20 Second

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/fe0dacbc953d4301232b386fcb3afc23.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder
Vulnerability: Insecure Permissions
Description: ZeuS Builder saves PE files to the c drive with insecure
permissions granting change (C) permissions to the authenticated user
group. Standard users can…

Read More

Advisories

Backdoor.Win32.Prosti.b / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/8201ba6b542fc91c004110b2fc5395aa.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Prosti.b
Vulnerability: Insecure Permissions
Description: The malware writes a “.dll” PE file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can…

Read More

Advisories

Email-Worm.Win32.Lama / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/1c255ef6fd44877700867f94a59875d2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Lama
Vulnerability: Insecure Permissions
Description: The malware writes a “.BAT” file with insecure permissions
under c drive granting change (C) permissions to the authenticated user
group. Standard users can rename…

Read More

Advisories

Backdoor.Win32.Prorat.lkt / Weak Hardcoded Password

Read Time:19 Second

Posted by malvuln on Feb 16

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/65a53a37843db2b86a67a9e23277c1bf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Prorat.lkt
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 2121. Authentication is
required, however the password “special” is weak and hardcoded in cleartext
at offset 0040267C.
Type:…

Read More

Advisories

Drupal core – Moderately critical – Information disclosure – SA-CORE-2022-004

Read Time:1 Minute, 21 Second
Project: 
Drupal core
Date: 
2022-February-16
Security risk: 
Moderately critical 12∕25 AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Default
Vulnerability: 
Information disclosure
CVE IDs: 
CVE-2022-25270
Description: 

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the “access in-place editing” permission viewing some content they are are not authorized to access.

Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

Also see Quick Edit – Moderately critical – Information disclosure – SA-CONTRIB-2022-025 which addresses the same vulnerability for the contributed module.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

If you are using Drupal 9.3, update to Drupal 9.3.6.
If you are using Drupal 9.2, update to Drupal 9.2.13.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Drupal 7 core does not include the QuickEdit module and therefore is not affected.

Uninstalling the QuickEdit module will also mitigate the vulnerability. Site owners may wish to consider this option as the QuickEdit module will be removed from core in Drupal 10.

Reported By: 
Samuel Mortenson
Fixed By: 
Théodore Biadala
xjm of the Drupal Security Team
Alex Bronstein of the Drupal Security Team
Adam G-H
Drew Webber of the Drupal Security Team
Wim Leers
Ted Bowman
Dave Long
Derek Wright
Lee Rowlands of the Drupal Security Team
Samuel Mortenson
Joseph Zhao

Read More

Advisories

Drupal core – Moderately critical – Improper input validation – SA-CORE-2022-003

Read Time:1 Minute, 3 Second
Project: 
Drupal core
Date: 
2022-February-16
Security risk: 
Moderately critical 14∕25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:Uncommon
Vulnerability: 
Improper input validation
CVE IDs: 
CVE-2022-25271
Description: 

Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

This advisory is not covered by Drupal Steward.

Solution: 

Install the latest version:

If you are using Drupal 9.3, update to Drupal 9.3.6.
If you are using Drupal 9.2, update to Drupal 9.2.13.
If you are using Drupal 7, update to Drupal 7.88.

All versions of Drupal 9 prior to 9.2.x are end-of-life and do not receive security coverage. Note that Drupal 8 has reached its end of life.

Reported By: 
Fabian Iwand
Fixed By: 
xjm of the Drupal Security Team
Lee Rowlands of the Drupal Security Team
Ben Dougherty of the Drupal Security Team
Drew Webber of the Drupal Security Team
Jen Lampton
Nate Lampton
Fabian Franz
Alex Bronstein of the Drupal Security Team

Read More

Advisories

DSA-5078 zsh – security update

Read Time:15 Second

It was discovered that zsh, a powerful shell and scripting language,
did not prevent recursive prompt expansion. This would allow an
attacker to execute arbitrary commands into a user’s shell, for
instance by tricking a vcs_info user into checking out a git branch
with a specially crafted name.

Read More