ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ23ÖÜ

°ä²¼¹¦·ò 2020-06-09

> ±¾ÖÜ°²È«Ì¬ÊÆ×ÛÊö


2020Äê06ÔÂ01ÈÕÖÁ06ÔÂ07ÈÕ¹²ÊÕ¼°²È«·ì϶79¸ö£¬ÖµµÃ¹Ø×¢µÄÊÇZoom Client´¦Öö¯»­GIFÐÂÎÅõ辶±éÀú·ì϶£»Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç¶Âí½Å£»NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´Ðзì϶£»IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´Ðзì϶£»Docker EngineÖÐÑëÈ˹¥»÷·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊǶíÂÞ˹ºÚ¿Í¹¥»÷²¨À¼µ±¾Ö»ú¹¹£¬°ä²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢£»ÊÓƵ¼ô¼­ÀûÓÃVivaVideo»òΪ¼äµýÈí¼þ£¬Ó°Ï쳬¹ý1.57ÒÚÓû§£»Ó¡¶ÈÖ§¸¶ÀûÓÃBHIMÒòÅäÖÃÃýÎó£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢£»DopplePaymer°µÊ¾Òѳɹ¦ÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÓйØÎļþ£»Mozilla°ä²¼Firefox°²È«¸üУ¬½¨¸´¶à¸öËÁÒâ´úÂëÖ´Ðзì϶¡£


ƾ¾ÝÒÔÉÏ×ÛÊö£¬±¾ÖÜ°²È«ÍþвΪÖС£



>³ÁÒª°²È«·ì϶Áбí


1.Zoom Client´¦Öö¯»­GIFÐÂÎÅõ辶±éÀú·ì϶


Zoom Client´¦ÖÃÔ̺¬¶¯»­GIFµÄÐÂÎÅ´æÔÚĿ¼±éÀú·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÐÂÎÅÒªÇó£¬Äܹ»Ö¸±êÓû§¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂ룬»òÕû¸ö×éÓû§ÊÜÓ°Ïì¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055


2. Cisco 829 Industrial Integrated Services Routers»º³åÇøÒç¶Âí½Å


Cisco 829 Industrial Integrated Services RoutersÖÎÀíinter-VMÐźŴæÔÚ°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ÉʹÀûÓ÷¨Ê½±ÀÀ£»òÕßÄܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-iot-rce-xYRSeMNH


3. NEC ESMPRO Manager RMI·´ÐòÁл¯´úÂëÖ´Ðзì϶


NEC ESMPRO Manager RMI·þÎñ´æÔÚÊäÈëÑéÖ¤·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó£¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.zerodayinitiative.com/advisories/ZDI-20-684/


4. IBM WebSphere Application Server Network DeploymentÔ¶³Ì´úÂëÖ´Ðзì϶


IBM WebSphere Application Server Network Deployment´æÔÚδÃ÷°²È«·ì϶£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó£¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£

https://www.ibm.com/blogs/psirt/security-bulletin-remote-code-execution-vulnerability-in-websphere-application-server-nd-cve-2020-4448/


5. Docker EngineÖÐÑëÈ˹¥»÷·ì϶


Docker EngineËù´´½¨µÄÍøÂçÏνӻáĬÈϽӹÜIPv6·ÓÉÆ÷¹«¸æ£¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇ󣬿ɽøÐÐÖÐÑëÈ˹¥»÷£¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢¡£

https://github.com/docker/docker-ce/releases/v19.03.11



> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢¶íÂÞ˹ºÚ¿Í¹¥»÷²¨À¼µ±¾Ö»ú¹¹£¬°ä²¼Óйر±Ô¼ÑÝÏ°ÐéαÐÅÏ¢


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.ehackingnews.com/2020/05/russian-hackers-attacked-poland-due-to.html


2¡¢ÊÓƵ¼ô¼­ÀûÓÃVivaVideo»òΪ¼äµýÈí¼þ£¬Ó°Ï쳬¹ý1.57ÒÚÓû§


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://latesthackingnews.com/2020/05/31/vivavideo-and-other-apps-with-over-157-million-installs-spy-on-users/


3¡¢Ó¡¶ÈÖ§¸¶ÀûÓÃBHIMÒòÅäÖÃÃýÎó£¬Ð¹Â¶Êý°ÙÍòÓû§ÐÅÏ¢


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.infosecurity-magazine.com/news/indian-payment-app-bhim-data-breach/


4¡¢DopplePaymer°µÊ¾Òѳɹ¦ÈëÇÖDMI²¢ÇÔÈ¡NASAµÄÓйØÎļþ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/ransomware-gang-says-it-breached-one-of-nasas-it-contractors/


5¡¢Mozilla°ä²¼Firefox°²È«¸üУ¬½¨¸´¶à¸öËÁÒâ´úÂëÖ´Ðзì϶


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾


Ô­ÎÄÁ´½Ó£º

https://www.theregister.com/2020/06/04/firefox_77_security_fixes/