Malware Devil

Wednesday, July 14, 2021

ESB-2021.2380 – FortiMail: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2380
FortiMail Increased Privileges – Remote With User Interaction
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiMail
Publisher: Fortinet
Operating System: Appliance
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Increased Privileges — Remote with User Interaction
Denial of Service — Remote/Unauthenticated
Provide Misleading Information — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26099 CVE-2021-26095 CVE-2021-26091
CVE-2021-26090 CVE-2021-22129 CVE-2021-24015
CVE-2021-24007 CVE-2021-24020 CVE-2021-26100

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-21-019
https://fortiguard.com/psirt/FG-IR-20-244
https://fortiguard.com/psirt/FG-IR-21-031
https://fortiguard.com/psirt/FG-IR-21-042
https://fortiguard.com/psirt/FG-IR-21-023
https://fortiguard.com/psirt/FG-IR-21-021
https://fortiguard.com/psirt/FG-IR-21-012
https://fortiguard.com/psirt/FG-IR-21-027
https://fortiguard.com/psirt/FG-IR-21-003

Comment: This bulletin contains nine (9) Fortinet security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

FortiMail – Unauthenticated encryption in IBE leads to email plaintext recovery

IR Number : FG-IR-21-003
Date : Jul 02, 2021
Risk : 3/5
CVSSv3 Score : 5.6
CVE ID : CVE-2021-26100
Affected Products: FortiMail: 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

A missing cryptographic step in FortiMail IBE may allow an unauthenticated
attacker who intercepts the encrypted messages to manipulate them in such a way
that makes the tampering and the recovery of the plaintexts possible.

Affected Products

FortiMail version 6.4.4 and below.
FortiMail version 6.2.6 and below.

Solutions

Upgrade to FortiMail version 7.0.0.

Fix for version 6.4 to be confirmed.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.

– ——————————————————————————–

FortiMail – Improper cryptographic operations in cookie encryption potentially prone to forgery

IR Number : FG-IR-21-019
Date : Jun 16, 2021
Risk : 3/5
CVSSv3 Score : 6.9
Impact : Elevation of privilege
CVE ID : CVE-2021-26095
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Summary

The combination of various cryptographic issues in the session management of
FortiMail, including the encryption construction of the session cookie, may
allow a remote attacker already in possession of a cookie to possibly reveal
and alter or forge its content, thereby escalating privileges.

Impact

Elevation of privilege

Affected Products

FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.

Solutions

Upgrade to FortiMail 7.0.0.
Upgrade to FortiMail 6.4.5.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ——————————————————————————–

FortiMail – Improper use of cryptographic primitives in IBE KeyStore

IR Number : FG-IR-20-244
Date : Jul 02, 2021
Risk : 3/5
CVSSv3 Score : 4.2
Impact : Information disclosure
CVE ID : CVE-2021-26099
Affected Products: FortiMail: 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

Missing cryptographic steps in FortiMail IBE may allow an attacker who comes in
possession of the encrypted master keys to compromise their confidentiality by
observing a few invariant properties of the ciphertext.

Impact

Information disclosure

Affected Products

FortiMail version 6.4.4 and below.
FortiMail version 6.2.6 and below.

Solutions

Upgrade to FortiMail version 7.0.0.

Fix for version 6.4 to be confirmed.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.

– ——————————————————————————–

FortiMail – Insecure PRNG in password and token generation scheme of IBE authentication

IR Number : FG-IR-21-031
Date : Jun 21, 2021
Risk : 3/5
CVSSv3 Score : 6.9
Impact : Information disclosure
CVE ID : CVE-2021-26091
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Summary

A use of a cryptographically weak pseudo-random number generator vulnerability
in the authenticator of FortiMail Identity Based Encryption service may allow
an unauthenticated attacker to infer parts of users authentication tokens and
reset their credentials.

Impact

Information disclosure

Affected Products

FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.

Solutions

Upgrade to FortiMail 7.0.0.

Upgrade to FortiMail 6.4.5.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ——————————————————————————–

FortiMail – Memory leak in Webmail

IR Number : FG-IR-21-042
Date : Jun 16, 2021
Risk : 3/5
CVSSv3 Score : 5.3
Impact : Denial of service
CVE ID : CVE-2021-26090
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

Summary

A missing release of memory after its effective lifetime vulnerability
(CWE-401) in FortiMail Webmail may allow an unauthenticated remote attacker to
exhaust available memory via specifically crafted login requests.

Impact

Denial of service

Affected Products

FortiMail 6.4.4 and below,
FortiMail 6.2.6 and below.

Solutions

Upgrade to FortiMail 7.0.0.
Upgrade to FortiMail 6.4.5.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ——————————————————————————–

FortiMail – Multiple buffer overflows

IR Number : FG-IR-21-023
Date : Jun 16, 2021
Risk : 4/5
CVSSv3 Score : 8.3
Impact : Remote code execution
CVE ID : CVE-2021-22129
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

Multiple instances of incorrect calculation of buffer size in FortiMail Webmail
and Administrative interface may allow an authenticated attacker with regular
webmail access to trigger a buffer overflow and to possibly execute
unauthorized code or commands via specifically crafted HTTP requests.

Impact

Remote code execution

Affected Products

FortiMail 6.4.4 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.

Solutions

Upgrade to FortiMail 6.4.5 or above.
Upgrade to FortiMail 6.2.7 or above.
Upgrade to FortiMail 6.0.11 or above.
5.4 Fix to be confirmed.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ——————————————————————————–

FortiMail – OS Command injection

IR Number : FG-IR-21-021
Date : Jun 16, 2021
Risk : 4/5
CVSSv3 Score : 7
Impact : Execute unauthorized code or commands
CVE ID : CVE-2021-24015
Affected Products: FortiMail: 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

An improper neutralization of special elementsused in an OS Command
vulnerability (CWE-78) in FortiMail’s administrative interface may allow an
authenticated attacker to execute unauthorized commands via specifically
crafted HTTP requests.

Impact

Execute unauthorized code or commands

Affected Products

FortiMail 6.4.3
FortiMail 6.2.6
FortiMail 6.0.10
FortiMail 5.4.12

Solutions

Upgrade to FortiMail 7.0.0.

Upgrade to FortiMail 6.4.4.

Upgrade to FortiMail 6.2.7.

Upgrade to FortiMail 6.0.11.

5.4 Fix to be confirmed.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet PSIRT.

– ——————————————————————————–

FortiMail – SQL Injection vulnerabilities

IR Number : FG-IR-21-012
Date : Jun 21, 2021
Risk : 5/5
CVSSv3 Score : 9.3
Impact : Execute unauthorized code or commands
CVE ID : CVE-2021-24007
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

Multiple improper neutralization of special elements of SQL commands
vulnerabilities in FortiMail may allow a non-authenticated attacker to execute
unauthorized code or commands via specifically crafted HTTP requests.

Impact

Execute unauthorized code or commands

Affected Products

FortiMail version 6.4.3 and below.
FortiMail version 6.2.6 and below.
FortiMail version 6.0.10 an below.
FortiMail version 5.4.12 and below.

Solutions

Upgrade to version 6.4.4 or higher.

Upgrade to version 6.2.7 or higher.

Upgrade to version 6.0.11 or higher.

5.4 Fix to be confirmed.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ——————————————————————————–

FortiMail – Salted Digest vulnerable to length extension attacks

IR Number : FG-IR-21-027
Date : Jun 21, 2021
Risk : 3/5
CVSSv3 Score : 6.9
Impact : Elevation of privileges
CVE ID : CVE-2021-24020
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

Summary

A missing cryptographic step in the implementation of the hash digest algorithm
in FortiMail may allow an unauthenticated attacker to tamper with signed URLs
by appending further data which allows bypass of signature verification.

Impact

Elevation of privileges

Affected Products

FortiMail 6.4.4 and below,
FortiMail 6.2.6 and below.

Solutions

Upgrade to FortiMail version 7.0.0.
Upgrade to FortiMail version 6.4.5.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYO5vquNLKJtyKPYoAQj29RAAsE64/NVz5fyHOo6qi+ObxkdSKPYMP6O4
+p7bToNspT4kQYc+c0r+dRHgrlnhcWU6EOjMQlXx0xyAXxjrDPL3GUad1ylxjLgG
iBzot2NuuEadwZMr8yVfU8NlzxRJG3rbPnA7XzMDgn6fBfKdUhgevk7rI09qmr7v
ZhI8Os1hyFbNyU7EvGg2PjbokUcsCnoli5fED7G6+kDr/2PYHymrUjVbsqnWxW/H
osbE9cGRXOAqq2plfXwrUhu9Nlf8tqzTcct2ZAJXWkLOSHepBSOxCJ0XuL42ERS7
cls+wxtjBvtmNjMQevZ3BLadKsMuVYHaUzlQqMLxSsXKWcfZfu/lolO8iboKz4HF
Sq9N9WFNpM13dhhsdEl9k52t091fe0HJ0PSKPREqewn3kNNGXFx9asv/lK08DtyY
nOLjJyeE2WVY1Yy03idXDcXbEZ913xPV+e3osUZLhvhdwmswXmFV11gXqR4JCF6V
2hzxEIPmUpKbR3ljxrYeftvNTqnzlhQpLHNay+Hs8Uji/Apdev4vsLtKqZSYSgbN
RqqDid7/ja4y5Ej2oqpnyuBaUtOkedYOUY09pz5qou+tg2WxF3SIhHPCZraNnIU8
fYws2vnn7qkLZJ32tmrWWeKnj3OWE4eCAgisUzRAd2yLi4LunshINfyRoUtih7GG
47REIda0Be8=
=nTeS
—–END PGP SIGNATURE—–

The post ESB-2021.2380 – FortiMail: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2380-fortimail-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2380-fortimail-multiple-vulnerabilities

ESB-2021.2381 – [Appliance] Fortinet: Multiple Vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2381
FortiManager and FortiAnalyzer Multiple Vulnerabilities
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiManager
FortiAnalyzer
Publisher: Fortinet
Operating System: Network Appliance
Impact/Access: Denial of Service — Existing Account
Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-24022

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-20-194

– ————————–BEGIN INCLUDED TEXT——————–

FortiManager and FortiAnalyzer – Buffer overflow vulnerability through the diagnose system geoip-city command

IR Number : FG-IR-20-194
Date : Jun 30, 2021
Risk : 3/5
CVSSv3 Score : 6.1
Impact : denial of service, Remote Code Execution
CVE ID : CVE-2021-24022
Affected Products: FortiManager: 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiAnalyzer: 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Summary

A buffer overflow vulnerability in FortiAnalyzer and FortiManager CLI may allow
an authenticated, local attacker to perform a Denial of Service attack by
running the `diagnose system geoip-city` command with a large ip value.
Fortinet is not aware of any successful exploitation of this vulnerability that
would lead to code execution.

Impact

denial of service, Remote Code Execution

Affected Products

FortiAnalyzer versions 6.4.5 and below.
FortiAnalyzer versions 6.2.7 and below.
FortiAnalyzer versions 6.0.x
FortiManager versions 6.4.5 and below.
FortiManager versions 6.2.7 and below.
FortiManager versions 6.0.x

Solutions

Please upgrade to FortiAnalyzer version 7.0.0 or above.

Please upgrade to FortiAnalyzer version 6.4.6 or above.

Please upgrade to FortiAnalyzer version 6.2.8 or above.

Please upgrade to FortiManager version 7.0.0 or above.

Please upgrade to FortiManager version 6.4.6 or above.

Please upgrade to FortiManager version 6.2.8 or above.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5vyuNLKJtyKPYoAQgrtA//WQZPFjlhZsow0tYAe5v82Wb9fEJYT7q7
lzq/dAib876X48yXbQn8UQqY8g7NMVOuF5KCQLIkwby71GEP0t209uXzCX0YU6KI
9uMpizdpV8YA4IYFgxsQhod+3gBzzG4PniCMgP7wXCjTTrGWx6hAbRI1wSIAZj7B
MZJjnAleEMNy6jBl+bFXBp8hhRZE+F7sKkIBJKN2GV4J3RyWR/tYiP5zYtIMCIfA
GPJyZUWxUL55heHHk2ycGRiiuJvUjl+3amhlnCG33R/f9dTnKlAxYemQvWvS+XZQ
hG4+uP1oQkewAX6PdCQo/sNCKQ/C0AQnhfD77GScLPGD+ede7QwCspAbyvNoAyAs
2nA5/N8IET/0V956kZpBk+k0nLZHxZTo5qQNSNn5t+p2EVLmzL4dzsJCxLr2v1n1
nGF4h87NbHqPR0cL5Gm2inqP/8NKQGVQqalwHJwkmAzcrOivaAY+uswanO/CNNGL
09AUlUXGhwnhomM3JqASLLmMZiuw4uzp6LLYfP8pOMKDy60OWk19U3WFK10kv7Nj
ahaapNa44Mr8r/fZEH2ogYpBVwrp8p0FeZoiXDyRvEQyE5BEWVXAP4M3W/D4SsrZ
0nw2e9TQ6a9JkGjeObVED294CLAnQejo+96ENoxidMnDoDsWCMThaBJ5w6mc04aS
gjrHW4qQZUk=
=3ppf
—–END PGP SIGNATURE—–

The post ESB-2021.2381 – [Appliance] Fortinet: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2381-appliance-fortinet-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2381-appliance-fortinet-multiple-vulnerabilities

ESB-2021.2382 – [Appliance] FortiWAN: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2382
FortiWAN Local Increase Privilege Vulnerability
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiWAN
Publisher: Fortinet
Operating System: Network Appliance
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26115

Original Bulletin:
https://www.fortiguard.com/psirt/FG-IR-21-069

– ————————–BEGIN INCLUDED TEXT——————–

FortiWAN – OS command injection leads to privilege escalation

IR Number : FG-IR-21-069
Date : Jul 07, 2021
Risk : 4/5
CVSSv3 Score : 7.6
Impact : Privilege escalation
CVE ID : CVE-2021-26115
Affected Products: FortiWAN: 4.5.7, 4.5.6, 4.5.5, 4.5.4, 4.5.3, 4.5.2, 4.5.1, 4.5.0, 4.4.1, 4.4.0, 4.3.1, 4.3.0, 4.2.7, 4.2.6, 4.2.5, 4.2.2, 4.2.1, 4.1.3, 4.1.2, 4.1.1, 4.0.6, 4.0.5, 4.0.4, 4.0.3, 4.0.2, 4.0.1, 4.0.0

Summary

An OS command injection (CWE-78) vulnerability in FortiWAN Command Line
Interface may allow a local, authenticated and unprivileged attacker to
escalate their privileges to root via executing a specially-crafted command.

Impact

Privilege escalation

Affected Products

FortiWAN versions 4.5.7 and below.

Solutions

Please upgrade to FortiWAN version 4.5.8 or above.

Acknowledgement

Fortinet is pleased to thank Resecurity, Inc for bringing this issue to our
attention under responsible disclosure.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5v8ONLKJtyKPYoAQivTBAAqoRIKkNkNCPjNNmSMn2p3+bBbwyJn47t
yyA5cXcrbK1YBn05gcaz1LSmd3ZgWOHKwz3EP4bfsM0YQV+2rhynj0fhYpWK/VpU
Ci+UJFFmhMALKKIFy/S3jRPvwGvq4ceEVeUf4RQwx8PTnYL9MhC3sMy4UNCd6QY5
/9S/369bMGoKOIJk4gynt+AwoLOxXEatbaqoB+bpUEYFjFp7ySPZCkezbKsaR8zO
CPItsyevZZseGJjRzCYrP5XM9DDgN8Djmwab5wYPTUOEzCtTZyCIV7I/oBnzGig1
cclOSujll7VqXTRgk8JLvwrLAuVW4CdCe9qPmfgcvYemlImbYOn9/7ZoSOR8k3Oa
CTFnGCC9sHobJ+wFn3zRTUvqktLVLR4ZDGebO1NZ1mpxW5WgcnuzQTszxgQJksie
w5fA+QuGy5Qgbb+wtYslU8/W5UKCz+xm8wj9dbP5B2UXjBM+dsBi2ZUVaMh+ues/
B9WC+ErjJ2SYXk1cVkWb+Docp3SxPVqh0cJFTwPv4teXAKRWwbgbD2KEtc/Et1Wj
xu23Z8apEoyK17EA34XggHfNw9zDvrShhREGLBvG+1l4VWic3DZh+xtLrRGy9gFy
PSnbnKTjYO4lWAbRdaGQ7KTZ2iBTX0sUnMvyYAOMoaApXrKWztHTGSR25mEZvvhz
cy297RCX3V0=
=cIYC
—–END PGP SIGNATURE—–

The post ESB-2021.2382 – [Appliance] FortiWAN: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2382-appliance-fortiwan-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2382-appliance-fortiwan-increased-privileges-existing-account

ESB-2021.2383 – [Appliance] FortiAP: Execute arbitrary code/commands – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2383
FortiAP – Execute Arbitrary Code/Commands
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiAP
Publisher: Fortinet
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26106

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-20-210

– ————————–BEGIN INCLUDED TEXT——————–

FortiAP – OS command Injection through kdbg CLI command

IR Number : FG-IR-20-210
Date : Jun 30, 2021
Risk : 4/5
CVSSv3 Score : 7.6
Impact : Execute unauthorized code or commands
CVE ID : CVE-2021-26106
Affected Products: FortiAP: 6.4.5, 6.4.4, 6.4.3, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
FortiAP-S
FortiAP-W2

Summary

An instance of improper neutralization of special elements used in an OS
Command found in FortiAP’s console may allow an authenticated attacker to
execute unauthorized commands by running the kdbg CLI command with specifically
crafted arguments.

Impact

Execute unauthorized code or commands

Affected Products

FAP 6.4.1 through 6.4.5
FAP-S 6.2.4 through 6.2.5
FAP-W2 6.2.4 through 6.2.5

Solutions

Please upgrade to FortiAP 7.0.0 or above.
Please upgrade to FortiAP 6.4.6 or above.

Please upgrade to FortiAP-S 6.4.6 or above.
Please upgrade to FortiAP-S 6.2.6 or above.

Please upgrade to FortiAP-W2 7.0.0 or above.
Please upgrade to FortiAP-W2 6.4.6 or above.
Please upgrade to FortiAP-W2 6.2.6 or above.

Acknowledgement

Fortinet is pleased to thank Martin Meredith from kiwibank for reporting this
vulnerability under responsible disclosure

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5wC+NLKJtyKPYoAQjHAhAAkeLF/Kp1p/RSCJRsWIxl1dU0A8pVlc1U
dDQ6rFSADwNB7BpStkfSzVlNEmp4zBov8s6yYzLa4wjIsRt7vvHHdCJtx41kLiiy
nPslLjIe2kqtjzxvO8Fn/ll+Cq6Jy4fqAB+3/kiynhsW4rp68FCv9J3IL6BPZea7
R0QWbl4zqLdvml3Q3mGIWlsbN4jwJDkG/szsbOKgEXqyvvMVRu/LFn50niKrqWkY
zSJYx30mUs+bfx2FZoCawrl9XaEF7xkmb1KR242sJmOQdNHsbAWbW6CqTrIJRIqq
h2Otx1F//VBZjrdpqT8NJPax/SKK/3wZkYsOizfP8NxiyMeyescSTenwb7d2iMqL
PTBaWxTYQoLNiN3OzokiibaoLN0vf8cQn4w6lLvmBIbPynrHGB14+O22Jgdm/REb
PkcW5+gLLVwL17LKGQbFUbRDyOdyKpJh3xAOsl8uJQOn8w+q6bSn3684otQyHPhJ
N803NrvTo7uLVakKJYdza1I2tNtgC3caIRUjfShbETlyW4jZESpcra1o3ta9R7zO
pKZMl7KZSp2sLHhQQroD4HaDaIwWno/WahWlohQcYgkoYH4bD9k4sWQ/3j00xeGc
UkyCgEdWb3PwZY3ybORv/rHm8w93ite73jq8e4v+QvlhQeyn7cESIvjQuCV4YJiJ
ciTaR5PLxFY=
=Qnw/
—–END PGP SIGNATURE—–

The post ESB-2021.2383 – [Appliance] FortiAP: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2383-appliance-fortiap-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2383-appliance-fortiap-execute-arbitrary-code-commands-existing-account

ESB-2021.2384 – [Appliance] FSSO Windows DC Agent: Access confidential data – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2384
FSSO Windows DC Agent – Access Confidential Data
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FSSO Windows DC Agent
Publisher: Fortinet
Operating System: Network Appliance
Impact/Access: Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26088

Original Bulletin:
https://www.fortiguard.com/psirt/FG-IR-20-191

– ————————–BEGIN INCLUDED TEXT——————–

FSSO Windows DC Agent [FSSO] Insecure communication between DC agent and Collector

IR Number : FG-IR-20-191
Date : Jul 05, 2021
Risk : 3/5
CVSSv3 Score : 6.7
Impact : Unauthorized Access
CVE ID : CVE-2021-26088
Affected Products: FSSO Windows CA
FSSO Windows DC Agent

Summary

An improper authentication vulnerability [CWE-287] in FSSO Collector may allow
an unauthenticated user to bypass any firewall authentication rule and access
the protected network via sending specifically crafted UDP login notification
packets.

Impact

Unauthorized Access

Affected Products

Any FSSO DC Agent and Collector released with FOS 7.0.0 or below is impacted.
Any FSSO DC Agent and Collector released with FOS 6.4.5 or below is impacted.

Solutions

Upgrade the FSSO DC Agent and Collector with any version released with FOS
7.0.1 or above.
Upgrade the FSSO DC Agent and Collector with any version released with FOS
6.4.6 or above.

Acknowledgement

Fortinet is pleased to thank Jerome Dupuis for reporting this issue under
responsible disclosure.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5wJONLKJtyKPYoAQjJUQ//dAuSjfwwWSGo0tmDdzW23s3o6KgU4ARW
qCaKv9ZvqJK5KsyaYQDlC8AgmtsPR9TwNf2VWk7pwc1SlF6WD0SKmm+kfNpeGEY3
v3dAxrIpyQxqgn//J66E1lnGvgBYbq2apEBe0DKpc53shJb+awdxtmdttw71TH4i
DbNlY+8MWcC8dViz4tkbwcM0I8VCS7v/zZDBBmpUAr3UaY6hwk1rRjh2KFGegi+r
gogcR9itFRylAzVcg9zVPjBfocuwqQXw95lw8/ujamoIROQOsbs5kW/j+P7HzD3B
J1IVRbsQd4uUezjRe2nfgW5VzT3neiMa5nx5Y7kVWbNHtFf22vErh6V87zXAUynE
LYsLV8oq3W2xaDUmShO9VFhRj0knML7ppNQ7NyR/oJW2X37JpEA6A0yN16g/SdHs
o31mOYERiKUfImBbKfPHGiujUWSEK0HMMsXZfxAZO2KId4ruk5ZMBS9ejsa1AtEG
JzJS2C9u2ROVkDTKPnxTOgb2c3tDbgB8SMBfgPhOWnfSe+GAXt8unie5/vuqdTYy
X4D4vygzmUOBk2kfa3gMofZLATX/e6bOCGZih2LwTptV6FAGDzio9qjcx+0lHpwk
sOGbizfpju98NeIPVtQ5dR1SWVozex4qZl/XrpnyAhN2w09AaTIlczs3VU21uP50
f9Ob76O27J0=
=uR+m
—–END PGP SIGNATURE—–

The post ESB-2021.2384 – [Appliance] FSSO Windows DC Agent: Access confidential data – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2384-appliance-fsso-windows-dc-agent-access-confidential-data-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2384-appliance-fsso-windows-dc-agent-access-confidential-data-remote-unauthenticated

ESB-2021.2385 – [Appliance] FortiSandbox: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2385
FortiSandbox Multiple Vulnerabilities
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiSandbox
Publisher: Fortinet
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Denial of Service — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22125 CVE-2021-29014

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-21-005
https://fortiguard.com/psirt/FG-IR-20-185

Comment: This bulletin contains two (2) Fortinet security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

FortiSandbox – Command Injection in sniffer module

IR Number : FG-IR-21-005
Date : Jun 02, 2021
Risk : 3/5
CVSSv3 Score : 6.2
Impact : Execute unauthorized code or commands
CVE ID : CVE-2021-22125
Affected Products: FortiSandbox: 3.2.2, 3.2.1, 3.2.0

Summary

An instance of improper neutralization of special elements in FortiSandbox’s
sniffer module may allow an authenticated administrator to execute commands on
the underlying system’s shell via altering the content of its configuration
file.

Impact

Execute unauthorized code or commands

Affected Products

FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 4.0.0 or above. Upgrade to version 3.2.2 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.
– ——————————————————————————–
FortiSandbox – Race condition vulnerability in command shell

IR Number : FG-IR-20-185
Date : Jun 02, 2021
Risk : 3/5
CVSSv3 Score : 6.3
Impact : Memory corruption
CVE ID : CVE-2020-29014
Affected Products: FortiSandbox: 3.2.1, 3.2.0

Summary

A concurrent execution using shared resource with improper synchronization
(‘race condition’) in the command shell of FortiSandbox may allow an
authenticated attacker to bring the system into an unresponsive state via
specifically orchestrated sequences of commands.

Impact

Memory corruption

Affected Products

FortiSandbox 3.2.1 and below. FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 4.0.0. or above. Upgrade to version 3.2.2 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT
Team.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5wQONLKJtyKPYoAQg0NA//dEr/rEUhyTJ838SI8il/vJDsMoYiVkeW
CxYmw9FVwgFyh/hmrmP+wRHQach+usJxPgY2mlK1nxbyNFX6j9629zPQd/MuBdZF
9542AcG/87Nk6ElX2VjMqr4Vx/XKoAFUZTpoUFvRM4zCLy6mAqTNtwOOpwRl/nno
2ECkhyCu6MuMTWLwyPNx8yM+jcIlHnz23tsWM+iaqqPgjYcshk873aq/tnUrqDBr
B0/O6L4aJxuPIm5jDxDOEXoL6ykT65/aVsjf0vTyqyRL90tYrkJqBaMEof8FbqsF
B16T+sEyuj2+mx8ZlOh+9y5cyQxrFVEXf/CVPRVKKAw/lgZwcZpl4kdZxVBsoclp
jpWthUoeOuj2ywrENR+SqvrmL82mY+EB/AiDzsHM+Dsp1P33csJiJiqkV9xno2oo
DUtcv0NmT494EDvo0336rXcFpPqBZu/f1taB++woD7uDqWQ1dM+2Hh2bjkqG7JF8
o10QlixoEAOk4Pj6WhRyHqXWZr71X4+9Xx9YYl7NnpQJ295rfsGhQguYjsDL4CdO
2E/+YU/tZ9tw3W3MstUNosNg9EtNxqWh9ZjlsFRYyhr34MhiLuaM+yUd3JGRNq9j
5b7vcReABvIFB9VIQm9Jxla0Vu0SZbFjfdpfcMYoqxJbsMKT/hvgzf520mZhbyTq
zqq2722U6IQ=
=ygkL
—–END PGP SIGNATURE—–

The post ESB-2021.2385 – [Appliance] FortiSandbox: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2385-appliance-fortisandbox-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2385-appliance-fortisandbox-multiple-vulnerabilities

ESB-2021.2386 – [Win] VMware ThinApp: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2386
VMWare ThinApp – Increased Privileges
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: VMware ThinApp
Publisher: VMWare
Operating System: Windows
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-22000

Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2021-0015.html

– ————————–BEGIN INCLUDED TEXT——————–

1. Impacted Products

VMware ThinApp

2. Introduction

A DLL hijacking vulnerability in VMware ThinApp was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. VMware ThinApp update addresses a DLL hijacking vulnerability (CVE-2021-22000)

Description

VMware ThinApp contains a DLL hijacking vulnerability due to insecure loading of DLLs. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

Known Attack Vectors

A malicious actor with non-administrative privileges may exploit this vulnerability to elevate privileges to administrator level on the Windows operating system having VMware ThinApp installed on it

Resolution

To remediate CVE-2021-22000, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Hou JingYi (@hjy79425575) of Qihoo 360 for reporting this issue to us.

Response Matrix
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware ThinApp 5.x Windows CVE-2021-22000 6.8 moderate 5.2.10 None None

4. References

Fixed Version(s) and Release Notes:

https://my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_thinapp/5_0

https://docs.vmware.com/en/VMware-ThinApp/5.2.10/rn/vmware_thinapp_5210_release_notes/index.html

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22000

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

5. Change Log

2021-07-13: VMSA-2021-0015

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5wW+NLKJtyKPYoAQhn8A//a1pgntVIdjWRFrn+opg+zP2gJrc2YDTt
FWOsiaCBp0BAkT8idCdlexBWVtgrDq/xgIGhXhSjS9sjgmY/0vAlUHPIy1YGItHq
8Tcd8QGkH4qtV9wtw3HbI/wJ4/0sTFUWyZexhjDWJaEXRJgKLw110EFktGV3iu8k
qpyxcDv2i5IjawNwr0Xaq0JMcMonjmUA9tTqY4m0PUG1OpZgcZ72kFzo2FWDO2nE
OP2C2p9IXPFKednXY50lQkxMf2tvI+bz6qCRQq3RFPR6gDmg0C25P13jnr0V8Ykv
34+vnFlbrevjfAvezg+0S3TKzZGCNRHE1OETkuYJC1z8uMHIyxFpzZNBW3qh+BGc
bKG4V0ONpfOvmqZY7uwM4yIvVsB+//XYOnYcmxIcfiItjjUchVDiaeIckgE6vQPu
px4BXbeSXgba8ILlbvB53y4U7zhUqNa7nDBB0DilrH/IIS6oQjJyjQynZcsGgUmD
FNZ7WB8X2xl4OADd9+XCLZFTxKG/iVdkWtH6nW3MuF538VfN7/t8kcApM76d1+Ta
bVW9SZLzD9NJg6ZiujfFR1zHYq+yvfnMRBeXMuCmpYJ2HQtcdzJZfSImka0/EgZ6
jEjUHGZn6xe7rQujhNOeZc8ILRcjjHtF9QCWp/C2/UcGaVbcPwVg+MRAy8JkAFum
wtASNnh4ZDc=
=W1W8
—–END PGP SIGNATURE—–

The post ESB-2021.2386 – [Win] VMware ThinApp: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2386-win-vmware-thinapp-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2386-win-vmware-thinapp-increased-privileges-existing-account

ASB-2021.0127 – [Win] Microsoft Exchange Server Products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT Security Bulletin

ASB-2021.0127
Microsoft Patch Tuesday update for Microsoft Exchange Server for July 2021
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Microsoft Exchange Server Products
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands — Remote/Unauthenticated
Increased Privileges — Existing Account
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34523 CVE-2021-34473 CVE-2021-34470
CVE-2021-33768 CVE-2021-33766 CVE-2021-31206
CVE-2021-31196

OVERVIEW

Microsoft has released its monthly security patch update for the
month of July 2021.

This update resolves 7 vulnerabilities across the following products:
[1]

Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 19
Microsoft Exchange Server 2016 Cumulative Update 20
Microsoft Exchange Server 2016 Cumulative Update 21
Microsoft Exchange Server 2019 Cumulative Update 10
Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2019 Cumulative Update 9

IMPACT

Microsoft has given the following details regarding these vulnerabilities.

Details Impact Severity
CVE-2021-31196 Remote Code Execution Important
CVE-2021-31206 Remote Code Execution Important
CVE-2021-33766 Information Disclosure Important
CVE-2021-33768 Elevation of Privilege Important
CVE-2021-34470 Elevation of Privilege Important
CVE-2021-34473 Remote Code Execution Critical
CVE-2021-34523 Elevation of Privilege Important

MITIGATION

Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].

KB5001779, KB5003611, KB5003612, KB5004778, KB5004779
KB5004780

REFERENCES

[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation’s site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5YEeNLKJtyKPYoAQhGPw/+IOqx1mP0Pgo4LZPQtpm2PWUKWg24MM99
jaqYm58mBL0YEwXaTlF4wSK6hiDfYlD7KB7QuHkUsbdHlmjZ7t7CwOCbPezRVIg0
42b54PJjgIM3RXU4utBpVFcb5OfaC0qW9Wp5WQ9PoLWsd6J5UnFQHGRQEIxHgHKt
QY46+F/xPZO06sE/PlD1/Gu2DCOMzqE8oc0DFks/qpZqHTZ/HyJKb2j3nIk3gYkb
qZE65V+HlrwqFcktWrf49miZb3zvGJS5noFoQxrrI19musBxprlS+wjIwsu+h6h2
G6R7EEd01Xj/iXRJCgYJP0BL0jV4TFMT22IjthdAHu9vBHEyPV5FK4QB5xFIcqZb
bTlE7/vLgLrU1ywnjy7lZZDXJACi8/OxComEnoTIeLdE4Xmomv06jIVwHJ9/8aAh
25NeB+CtTEgACMYWXFUcUYNoUXk/ZCUcjQESLbN8KleulJYe3Y199/naN7i3wDjK
kifFxorAzu0E8FNCF7ezNWgWWDQk9mh+KhmVTAXm6SdFT1UCd/zOVx8mOcVOYtrf
J+u5SgwAzR2jlpVMG5aTCQm8bNzAAMZ9A6N9qO3dfWnYOVA1vORXCTEDu2hgWigT
gSz5Pdehgc7qWMGv23vjBQb++E2FzYysXC+pJU1bxOkjd4ulDYrarDFYSGNAGpcA
L66IMavwz6Q=
=bw49
—–END PGP SIGNATURE—–

The post ASB-2021.0127 – [Win] Microsoft Exchange Server Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/asb-2021-0127-win-microsoft-exchange-server-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2021-0127-win-microsoft-exchange-server-products-multiple-vulnerabilities

ASB-2021.0135 – ALERT [Win] Microsoft Extended Security Update products: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT Security Bulletin

ASB-2021.0135
Microsoft Patch Tuesday update for Microsoft Extended
Security Update (ESU) for July 2021
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Windows 7
Windows Server 2008
Windows Server 2008 R2
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Increased Privileges — Existing Account
Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Provide Misleading Information — Remote with User Interaction
Unauthorised Access — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34516 CVE-2021-34514 CVE-2021-34511
CVE-2021-34507 CVE-2021-34504 CVE-2021-34500
CVE-2021-34499 CVE-2021-34498 CVE-2021-34497
CVE-2021-34496 CVE-2021-34494 CVE-2021-34492
CVE-2021-34476 CVE-2021-34457 CVE-2021-34456
CVE-2021-34448 CVE-2021-34447 CVE-2021-34446
CVE-2021-34444 CVE-2021-34442 CVE-2021-34441
CVE-2021-34440 CVE-2021-33788 CVE-2021-33786
CVE-2021-33783 CVE-2021-33782 CVE-2021-33780
CVE-2021-33765 CVE-2021-33764 CVE-2021-33757
CVE-2021-33756 CVE-2021-33754 CVE-2021-33752
CVE-2021-33750 CVE-2021-33749 CVE-2021-33746
CVE-2021-33745 CVE-2021-31979 CVE-2021-31183
Reference: ASB-2021.0134

OVERVIEW

Microsoft has released its monthly security patch update for the
month of July 2021.

This update resolves 39 vulnerabilities across the following
products: [1]

Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

IMPACT

Microsoft has given the following details regarding these vulnerabilities.

Details Impact Severity
CVE-2021-31183 Denial of Service Important
CVE-2021-31979 Elevation of Privilege Important
CVE-2021-33745 Denial of Service Important
CVE-2021-33746 Remote Code Execution Important
CVE-2021-33749 Remote Code Execution Important
CVE-2021-33750 Remote Code Execution Important
CVE-2021-33752 Remote Code Execution Important
CVE-2021-33754 Remote Code Execution Important
CVE-2021-33756 Remote Code Execution Important
CVE-2021-33757 Security Feature Bypass Important
CVE-2021-33764 Information Disclosure Important
CVE-2021-33765 Spoofing Important
CVE-2021-33780 Remote Code Execution Important
CVE-2021-33782 Spoofing Important
CVE-2021-33783 Information Disclosure Important
CVE-2021-33786 Security Feature Bypass Important
CVE-2021-33788 Denial of Service Important
CVE-2021-34440 Information Disclosure Important
CVE-2021-34441 Remote Code Execution Important
CVE-2021-34442 Denial of Service Important
CVE-2021-34444 Denial of Service Important
CVE-2021-34446 Security Feature Bypass Important
CVE-2021-34447 Remote Code Execution Important
CVE-2021-34448 Remote Code Execution Critical
CVE-2021-34456 Elevation of Privilege Important
CVE-2021-34457 Information Disclosure Important
CVE-2021-34476 Denial of Service Important
CVE-2021-34492 Spoofing Important
CVE-2021-34494 Remote Code Execution Critical
CVE-2021-34496 Information Disclosure Important
CVE-2021-34497 Remote Code Execution Critical
CVE-2021-34498 Elevation of Privilege Important
CVE-2021-34499 Denial of Service Important
CVE-2021-34500 Information Disclosure Important
CVE-2021-34504 Remote Code Execution Important
CVE-2021-34507 Information Disclosure Important
CVE-2021-34511 Elevation of Privilege Important
CVE-2021-34514 Elevation of Privilege Important
CVE-2021-34516 Elevation of Privilege Important

MITIGATION

Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].

KB5004233, KB5004289, KB5004299, KB5004305, KB5004307

REFERENCES

[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO5hWuNLKJtyKPYoAQjBGw//VKASobBemWbwne4Szywy84S1XdQrcFS0
vxJP5mL/x4mTPBSFvvHqFQwQlPPUqSh6qhMxDI1ien8ZKPqRIEZRjQ2i8dHSg5ug
XMpLTKYGzL0aKIkpe32RKLQ0kkaqGXlmo/bkZm9ObcPzPqYwkhzm9X6DgbRp89yT
SWJY2NsKPv32gRtY/f44oufnojQLtfGZJA6RBA7RCAJTr3F2Jocz/JZ5iqZKgUSU
UQO5MdhSFozjkqmyS3qWkaL+kWryRdrQ4EDCAT49kXjyVbc0l8zNjsF5/MlrKTRY
IsDzPeUnHYhdGhE8SEW4uWOGT1p5Ijc0EXZK0FUpHmW2rs9wZRK6tT2q9+AVwxLe
CnL2+YrteVsvoN8cfJ27c9acnrvEPm0jH3XsRyhBMC1cWiq/jR1VH1i++waHY3ys
pB/OdMqswQuTZOqoDCKiunGdY6K77hc9qisFYxpkZ3ylpgA3brf2RSdoT+dRqYLk
5mvKbLxzqvczbD536ppuD740o1y8AyXCKzsQTF1qcLDP0rFkmThBmJmaJ/J5buSR
TcX88QrOR5qz5VMS84dzwkD0+frLbwimmUUE3erX2KzCp+r0iGdDD8u654f2sCnW
GYnZJjBwz3kIL/3Y6Y6snLqPGusOLLw7SIJhOSY+zUHt2LZahuTAHWXGrsZchNyp
IEaNHRS+dt0=
=WiIc
—–END PGP SIGNATURE—–

The post ASB-2021.0135 – ALERT [Win] Microsoft Extended Security Update products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/asb-2021-0135-alert-win-microsoft-extended-security-update-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=asb-2021-0135-alert-win-microsoft-extended-security-update-products-multiple-vulnerabilities

ESB-2021.2376 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2376
MFSA 2021-30 Security Vulnerabilities fixed in Thunderbird 78.12
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Thunderbird
Publisher: Mozilla
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Denial of Service — Remote with User Interaction
Provide Misleading Information — Remote with User Interaction
Reduced Security — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30547 CVE-2021-29976 CVE-2021-29970
CVE-2021-29969

Reference: ASB-2021.0120
ESB-2021.2119

Original Bulletin:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/

– ————————–BEGIN INCLUDED TEXT——————–

Mozilla Foundation Security Advisory 2021-30

Security Vulnerabilities fixed in Thunderbird 78.12

Announced: July 13, 2021
Impact: high
Products: Thunderbird
Fixed in: Thunderbird 78.12

# CVE-2021-29969: IMAP server responses sent by a MITM prior to STARTTLS could
be processed

Reporter: Damian Poddebniak and Fabian Ising
Impact: high

Description

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an
attacker injected IMAP server responses prior to the completion of the STARTTLS
handshake, then Thunderbird didn’t ignore the injected data. This could have
resulted in Thunderbird showing incorrect information, for example the attacker
could have tricked Thunderbird to show folders that didn’t exist on the IMAP
server.

References

o Bug 1682370

# CVE-2021-29970: Use-after-free in accessibility features of a document

Reporter: Irvan Kurniawan
Impact: high

Description

A malicious webpage could have triggered a use-after-free, memory corruption,
and a potentially exploitable crash.
This bug only affected Thunderbird when accessibility was enabled.

References

o Bug 1709976

# CVE-2021-30547: Out of bounds write in ANGLE

Reporter: (Unknown)
Impact: high

Description

An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash.

References

o Bug 1715766

# CVE-2021-29976: Memory safety bugs fixed in Thunderbird 78.12

Reporter: Mozilla developers
Impact: high

Description

Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and
Olli Pettay reported memory safety bugs present in Thunderbird 78.11. Some of
these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.

References

o Memory safety bugs fixed in Thunderbird 78.12

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO47muNLKJtyKPYoAQhhgw//RZXfL3wzX/27seRsj211nRNKsWS1adsN
snmd3t3w0b1Ijdbwd1PxbKAdiw62Lfer3b6LVt932+mnMiu6bDxnUoRZz5khEV6h
yPuksv26LVXhBy8KB6NRHD8UL2BGDDS9US8D4XXIcYrsnr+YgHNbJ0yI2bmcJLJ4
deXA1+CoR2IVFVtIDv93GdmhYPCOMsCD2wTXRyFRSRsVT89Fhw+oTmMIoi1tF13j
xZan2xmeoY99S2OzjFh9DaZejrVBwRh0Nnna0mg1dioKXx9QCUW9wl0Z3U/sulAB
VzDnct/ekfXArX/0CbGxeWUcX+fYBZzL3IDRyH85P1q9kyejFo5HW0movCzZtWpB
5Ng406ohHJJ2AqkVqnEktR0ycqhA4tN1HgxiQ83U2HWUfDZBA99Pyrs/AozQPzfG
5pK0cpzxOs2v0qkrKnF3RTbm8WPzAfD2aWLu4XOpx8MF2T4gXb1dpH8wxJdWHb8e
HIWvpywhEA+Q0s2KqfnDjGXoLHZXOC9bEmkn8g3VgV++UIzUkiNZ3FNQj1JKuIKq
nc9OKYWq+SLuaShqrIf6aQPjGom6QR4i7ilFXXkb+arC39ES6vDSguPt401T3XYo
hIrCjSMha7SdF8zELH47Ex7UC5HA2bL+izHhEgHhLM+L5TgzjvvJ9mqAFfilEub9
BYxeVn4gXLs=
=UTY3
—–END PGP SIGNATURE—–

The post ESB-2021.2376 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2376-winunix-linux-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2376-winunix-linux-thunderbird-multiple-vulnerabilities

ESB-2021.2377 – Firefox and Firefox ESR: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2377
Security Vulnerabilities fixed in Firefox 90 (MFSA 2021-28)
and Firefox ESR 78.12 (MFSA 2021-29)
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Firefox
Firefox ESR
Publisher: Mozilla
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Denial of Service — Remote with User Interaction
Provide Misleading Information — Remote with User Interaction
Access Confidential Data — Remote with User Interaction
Reduced Security — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30547 CVE-2021-29977 CVE-2021-29976
CVE-2021-29975 CVE-2021-29974 CVE-2021-29973
CVE-2021-29972 CVE-2021-29971 CVE-2021-29970

Reference: ASB-2021.0120
ESB-2021.2376
ESB-2021.2119

Original Bulletin:
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/

– ————————–BEGIN INCLUDED TEXT——————–

Mozilla Foundation Security Advisory 2021-28

Security Vulnerabilities fixed in Firefox 90

Announced: July 13, 2021
Impact: high
Products: Firefox
Fixed in: Firefox 90

# CVE-2021-29970: Use-after-free in accessibility features of a document

Reporter: Irvan Kurniawan
Impact: high

Description

A malicious webpage could have triggered a use-after-free, memory corruption,
and a potentially exploitable crash.
This bug only affected Firefox when accessibility was enabled.

References

o Bug 1709976

# CVE-2021-29971: Granted permissions only compared host; omitting scheme and
port on Android

Reporter: Arturo Mejia
Impact: high

Description

If a user had granted a permission to a webpage and saved that grant, any
webpage running on the same host – irrespective of scheme or port – would be
granted that permission.
This bug only affects Firefox for Android. Other operating systems are
unaffected.

References

o Bug 1713638

# CVE-2021-30547: Out of bounds write in ANGLE

Reporter: (Unknown)
Impact: high

Description

An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash.

References

o Bug 1715766

# CVE-2021-29972: Use of out-of-date library included use-after-free
vulnerability

Reporter: Irvan Kurniawan
Impact: moderate

Description

A user-after-free vulnerability was found via testing, and traced to an
out-of-date Cairo library. Updating the library resolved the issue, and may
have remediated other, unknown security vulnerabilities as well.

References

o Bug 1696816

# CVE-2021-29973: Password autofill on HTTP websites was enabled without user
interaction on Android

Reporter: Wladimir Palant working with Include Security
Impact: moderate

Description

Password autofill was enabled without user interaction on insecure websites on
Firefox for Android. This was corrected to require user interaction with the
page before a user’s password would be entered by the browser’s autofill
functionality.
This bug only affects Firefox for Android. Other operating systems are
unaffected.

References

o Bug 1701932

# CVE-2021-29974: HSTS errors could be overridden when network partitioning was
enabled

Reporter: Peter Gerber
Impact: moderate

Description

When network partitioning was enabled, e.g. as a result of Enhanced Tracking
Protection settings, a TLS error page would allow the user to override an error
on a domain which had specified HTTP Strict Transport Security (which implies
that the error should not be override-able.) This issue did not affect the
network connections, and they were correctly upgraded to HTTPS automatically.

References

o Bug 1704843

# CVE-2021-29975: Text message could be overlaid on top of another website

Reporter: Irvan Kurniawan
Impact: moderate

Description

Through a series of DOM manipulations, a message, over which the attacker had
control of the text but not HTML or formatting, could be overlaid on top of
another domain (with the new domain correctly shown in the address bar)
resulting in possible user confusion.

References

o Bug 1713259

# CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

Reporter: Mozilla developers
Impact: high

Description

Mozilla developers Emil Ghitta, Tyson Smith, Valentin Gosu, Olli Pettay, and
Randell Jesup reported memory safety bugs present in Firefox 89 and Firefox ESR
78.11. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run
arbitrary code.

References

o Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

# CVE-2021-29977: Memory safety bugs fixed in Firefox 90

Reporter: Mozilla developers
Impact: high

Description

Mozilla developers Andrew McCreight, Tyson Smith, Christian Holler, and
Gabriele Svelto reported memory safety bugs present in Firefox 89. Some of
these bugs showed evidence of memory corruption and we presume that with enough
effort some of these could have been exploited to run arbitrary code.

References

o Memory safety bugs fixed in Firefox 90

– ——————————————————————————-

Mozilla Foundation Security Advisory 2021-29

Security Vulnerabilities fixed in Firefox ESR 78.12

Announced: July 13, 2021
Impact: high
Products: Firefox ESR
Fixed in: Firefox ESR 78.12

# CVE-2021-29970: Use-after-free in accessibility features of a document

Reporter: Irvan Kurniawan
Impact: high

Description

A malicious webpage could have triggered a use-after-free, memory corruption,
and a potentially exploitable crash.
This bug only affected Firefox when accessibility was enabled.

References

o Bug 1709976

# CVE-2021-30547: Out of bounds write in ANGLE

Reporter: (Unknown)
Impact: high

Description

An out of bounds write in ANGLE could have allowed an attacker to corrupt
memory leading to a potentially exploitable crash.

References

o Bug 1715766

# CVE-2021-29976: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

Reporter: Mozilla developers
Impact: high

Description

Mozilla developers Valentin Gosu, Randell Jesup, Emil Ghitta, Tyson Smith, and
Olli Pettay reported memory safety bugs present in Firefox 89 and Firefox ESR
78.11. Some of these bugs showed evidence of memory corruption and we presume
that with enough effort some of these could have been exploited to run
arbitrary code.

References

o Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO47teNLKJtyKPYoAQjMMg//d3DjI7uUI6rrnjoblGK0m21vorUrZQ1v
f5UAz/CPQ65pDPj/ui7QOM6FctKPr3yoqQQBWomtBfaatTaYHNpXgPkF9lrnGSJU
uFe39ETI1nGRJNz2ExxJ/C8TN1gfHwsJNs9BsGyj/cskmsl+FiNEvVmaXWuFiLUB
8gmu3YU27cLY5kd3bWJKIuUuqyKesxfakjHu3PFhe6WPXSmPujDrSb4fknuxtvrt
OEfS9IX6UlOlKaojc3Q7bPpe1Tx4Z3fIHyBqgtPFee/s0HPu2PNpPf8kX4asTMFJ
1GlvqLAN64sn4Bgp2iobu8eFu0IlmjvvLLf5vJmSZGWzIcRpA1YXI+JeT6gZXt6b
azFNW0btcPIVS38lAtsVCkBqPOM0BDzHcEcS+2VDxvjmeJTYzLFav3Z/BUj3yQKt
nsy8/J2fexeGoy/ZBMDnAn9mXUHR4KmKBYngq6K220Iacaz+mvxKRLxPZFOSOJkU
BoTXuhfJIDtwW3sZDnSiUCLugsrbDmBZO0KkeCqQxtLf0/VMNlA5DiZsk0acPfu7
nzbJg3xBpZCbT45vE7YDnHG/VCrxCghBC6mFEG3A21wNVc0pNfFMEEUs8IUpRlcs
JHBlSVH+ySiFeujXkqmdaxr3E+BVoQXHOpYRaMwSOVlwADTqjee2gnt4HXxU8Cw7
tDuoeYhk/a8=
=5i/D
—–END PGP SIGNATURE—–

The post ESB-2021.2377 – Firefox and Firefox ESR: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2377-firefox-and-firefox-esr-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2377-firefox-and-firefox-esr-multiple-vulnerabilities

ESB-2021.2378 – [Mac] FortiClient: Execute arbitrary code/commands – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2378
FortiClient for Max Execute Arbitrary Code/Commands Vulnerability
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiClient
Publisher: FortiGuard
Operating System: Mac OS
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-26089

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-21-022

– ————————–BEGIN INCLUDED TEXT——————–

FortiClientMac – Privilege escalation by abusing a Symlink following vulnerability

IR Number : FG-IR-21-022
Date : Jul 05, 2021
Risk : 3/5
CVSSv3 Score : 6.3
Impact : Arbitrary code execution
CVE ID : CVE-2021-26089
Affected Products: FortiClientMac

Summary

A UNIX symbolic link (Symlink) Following (CWE-61) vulnerability in FortiClient
for MacOS may allow a local and unprivileged user to overwrite privileged shell
scripts executed during the installation phase via escalating their privileges
to root.

Impact

Arbitrary code execution

Affected Products

FortiClient for MacOS versions 6.4.3 and below.

Solutions

Please upgrade to FortiClient for MacOS version 6.4.4 or above.
Please upgrade to FortiClient for MacOS version 7.0.0 or above.

Acknowledgement

Fortinet is pleased to thank Csaba Fitzl and Trend Micro Zero Day Initiative
for bringing this issue to our attention under responsible disclosure.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO48a+NLKJtyKPYoAQjW6A//UeP07kPIFsM1aolGzNz699CQ8cgyRVNy
qtLZQF/X6ivuUnmcsJp90e3IMcl23CLf1jCqTtDb4kKbpc61aIBhvYwV4xAXNOH6
+1LVUfDS366M2fYow9aOH/U/Cwt4g7sZ97LZuSNk28X4/WD85+7/sjyPYmy81fIR
ZXlkzRJ3uqHa+8qWtzrqmIsnLNT6XXQpPgN1cK4cVkHUlBMxw3yRw+notHmXoZl1
J5Y1WGirgpvq/1uleszU0Ql/9ur5O+Uki41nuPZsd9YvPj+tHcdwpUKXquutWsX8
OT377/FYWE6XDmBICsk8Qb+LNrvksmmwUwqhEqNeej9MBx/0wS7WL6cSoZH344Vf
2mQ4BlfcUKJVSIQMIfgLY02flN9Mv76jICYGP63Z1KJrbOwRiQQz2AHJuKdaG+ND
xn0gLAErq6uTjzF/SXB2/11nEdo7hQwPb3dgFhyqGk7xbEq3Y5MHr3/1EPvIR9T1
SXjam4drEmwddtG4Kqul6OP5nZ4+nSzKl7r09yP4FQM5Re3lRJoTB+LKKgs/8upN
WlefQKssWZPAJkt3iIsMrN1iBVc6Guy4tjK5zl8/xzpmkpxoR9uWTKeUo19wySg7
gEAJNi0xDS43vQ84N4WDApJ+2hw3Ye5hGw8D3d7ZmbNxcsA48aDrr2XVyQSHE0tJ
FHfUIJftY4o=
=Dlpq
—–END PGP SIGNATURE—–

The post ESB-2021.2378 – [Mac] FortiClient: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2378-mac-forticlient-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2378-mac-forticlient-execute-arbitrary-code-commands-existing-account

ESB-2021.2379 – FortiMail: Access confidential data – Remote with user interaction

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2379
FortiMail Access Confidential Data – Remote With User Interaction
14 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: FortiMail
Publisher: Fortinet
Operating System: Appliance
Impact/Access: Access Confidential Data — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-24013

Original Bulletin:
https://fortiguard.com/psirt/FG-IR-21-014

– ————————–BEGIN INCLUDED TEXT——————–

FortiMail – path traversal vulnerabilities

IR Number : FG-IR-21-014
Date : Jun 21, 2021
Risk : 4/5
CVSSv3 Score : 8.3
Impact : Unauthorized access to files.
CVE ID : CVE-2021-24013
Affected Products: FortiMail: 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0, 5.4.12, 5.4.11, 5.4.10, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.13, 5.3.12, 5.3.10, 5.3.9, 5.3.8, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.11, 5.0.10, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0

Summary

Multiple Path traversal vulnerabilities in FortiMail Webmail may allow a
regular user to obtain unauthorized access to files and data via specifically
crafted web requests.

Impact

Unauthorized access to files.

Affected Products

FortiMail 6.4.3 and below.
FortiMail 6.2.6 and below.
FortiMail 6.0.10 and below.
FortiMail 5.4.12 and below.

Solutions

Upgrade to FortiMail 7.0.0.

Upgrade to FortiMail 6.4.4.

Upgrade to FortiMail 6.2.7.

Upgrade to FortiMail 6.0.11.

Fix for version 5.4 to be confirmed.

Acknowledgement

This issue was discovered by Giuseppe Cocomazzi of the Fortinet PSIRT Team
during an internal security assessment.

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO48eeNLKJtyKPYoAQidLhAArvUxs0Xl6+WHDrAY30LYwQw/AfDOVNDo
yBOa34+VKF4w5KByfOeslgitiR50+dsFarftNvY2n8tLOTyyhNX8mxGYp/QsMZ9F
cOdbJIm5c56Ac2CrqkHK3e4xwexyLDcLbdgrtDdF0xenS8mGpfqgZgFJA6sb3Ro1
NEY0ybItSOYLLFBEsjv/K/Vs2wnyiYBv3jZf8QhkWBkkzcVvdlWV8ZR7JpcjDeX1
XLb804i1FuYrrIInzLrIZ/DEpTjoaJieyLHaRPuao6ySJj4wWQYC9RZrmJ3Negw7
kLCkdHUU4GT9Jtke5zkG1aG1HOyAxZ62lgy09lm+3olysFqTCBT3fazusDCN4zCN
X6xe2EVQQxQN8c87ILIt4oeeKdw2aj8msIeOH9cMbaTltbSnNdW+aTcZdwaC5dfR
OKCu/fDCNBVoyXwF9Fu3tDAhGJEVVbxETAdeMA/kYCwjQ0Dfrab8vuw9yQmSG/Q/
D++XRAZBRWltog+xE8SCZ/bV+jRnaEwXRP4riiAQdjBjGN64m9mBHUignnQxqIdy
WQRKFGI4saTCR0maRGj8DGMOSO//Ipm7T8EHUfu7T3mVCRx9xp4b4du3DzaTGGEc
SUn9ES2YWCTsbSBaJiGEkIM491Uvuh7VoLRBPzMTjzALJiVM/F+UkQO8wja25FZZ
xDOJxbwerig=
=bZf+
—–END PGP SIGNATURE—–

The post ESB-2021.2379 – FortiMail: Access confidential data – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2021/07/14/esb-2021-2379-fortimail-access-confidential-data-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2379-fortimail-access-confidential-data-remote-with-user-interaction

Malware Devil

Malware Devil

Wednesday, July 14, 2021

ESB-2021.2380 – FortiMail: Multiple vulnerabilities

ESB-2021.2381 – [Appliance] Fortinet: Multiple Vulnerabilities

ESB-2021.2382 – [Appliance] FortiWAN: Increased privileges – Existing account

ESB-2021.2383 – [Appliance] FortiAP: Execute arbitrary code/commands – Existing account

ESB-2021.2384 – [Appliance] FSSO Windows DC Agent: Access confidential data – Remote/unauthenticated

ESB-2021.2385 – [Appliance] FortiSandbox: Multiple vulnerabilities

ESB-2021.2386 – [Win] VMware ThinApp: Increased privileges – Existing account

ASB-2021.0127 – [Win] Microsoft Exchange Server Products: Multiple vulnerabilities

ASB-2021.0135 – ALERT [Win] Microsoft Extended Security Update products: Multiple vulnerabilities

ESB-2021.2376 – [Win][UNIX/Linux] Thunderbird: Multiple vulnerabilities

ESB-2021.2377 – Firefox and Firefox ESR: Multiple vulnerabilities

ESB-2021.2378 – [Mac] FortiClient: Execute arbitrary code/commands – Existing account

ESB-2021.2379 – FortiMail: Access confidential data – Remote with user interaction

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me