(Un)official home of Team RunCMD

This vulnerability, CVE-2021-41773, affect Apache web servers running v2.4.49 (current release is v2.4.51) appeared to be only a directory traversal vulnerability however if “mod_cgi” is enabled, and the default “Require all denied” option is missing from the configuration it can lead to an attacker gaining remote code execution running at the same privilege level as the web server, which is the “www-data”  account in most cases).

Links:

• • Bleeping Computers Article: https://t.ly/u9o5
  • MITRE CVE: https://t.ly/joVe

“Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.

The vulnerabilities are tracked as CVE-2021-30860 and CVE-2021-30858, and both allow maliciously crafted documents to execute commands when opened on vulnerable devices.

The CVE-2021-30860 CoreGraphics vulnerability is an integer overflow bug discovered by Citizen Lab that allows threat actors to create malicious PDF documents that execute commands when opened in iOS and macOS.

CVE-2021-30858 is a WebKit use after free vulnerability allowing hackers to create maliciously crafted web page that execute commands when visiting them on iPhones and macOS. Apple states that this vulnerability was disclosed anonymously.

“Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories published today regarding both vulnerabilities.

While Apple did not release any further information on how the vulnerabilities were used in attacks, Citizen Lab has confirmed that CVE-2021-30860 is a zero-day zero-click iMessage exploit named ‘FORCEDENTRY.’

The FORCEDENTRY exploit was discovered to be used to bypass the iOS BlastDoor security feature to deploy the NSO Pegasus spyware on devices belonging to Bahraini activists.”

Links:

• • Bleeping Computers Article: https://t.ly/HFax

“Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML (CVE-2021-40444) that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim’s computer remotely..

Even though there are no security updates available for the CVE-2021-40444 vulnerability, as it was discovered used in active attacks by EXPMON and Mandiant, Microsoft decided to disclose the vulnerability and provide mitigations to help prevent its exploitation.

These mitigations work by blocking ActiveX controls and Word/RTF document previews in Windows Explorer.”

Links

• • Bleeping Computers Article: https://bit.ly/3kal735
  • MITRE CVE: https://t.ly/tvA1

GitHub recent published their findings on a vulnerability that has been in Linux for at least 7 years. This vulnerability is a local privilege escalation and may be the first of it’s kind found in what is a new class of vulnerabilities affecting all Linux systems using dbus.  From a user shell and attacker can gain root privileges through dbus using polkit. This affects the following popular Linux distros: Ubuntu 20.04 and Debian “Bullseye”, and RHEL 8.

Links

• • GitHub’s Writeup: t.ly/4F0U