Security Wrap-Up (February 2nd, 2021)

We’re back this week with another Security Wrap-Up! And what would a wrap-up be without another mention of SolarWinds? We also revisit a topic from last week’s post and some interesting bugs you might want to know about -

Follow-Up: SonicWall confirms zero-day vulnerability
Last week, we mentioned a SonicWall breach that was thought to have originated from zero-day vulnerabilities. SonicWall has now confirmed that zero-day vulnerability affecting its SMA 100 Series. They have identified the vulnerable code and are developing a patch to be available by the end of day today, February 2nd. This vulnerability affects physical and virtual SMA 100 10.x devices (SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v). SMA firmware prior to 10.x is not affected.

Mimecast the latest vendor victim in the SolarWinds hack
A growing number of cybersecurity vendors have been targeted as part of the SolarWinds hack. The Mimecast certificate compromise reported earlier in January is now confirmed as part of the sprawling SolarWinds supply-chain attack, joining vendors like Fidelis, FireEye, Malwarebytes, and more. A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services had been “compromised by a sophisticated threat actor,” Mimecast announced in mid-January. Speculation was already brewing that this breach was related to SolarWinds, which was confirmed last week.

Libgcrypt developers release urgent update to tackle severe vulnerability
Libgcrypt is an open source cryptographic library and GNU Privacy Guard (GnuPG) module. While the code can be used independently, libgcrypt relies on the library GnuPG ‘libgpg-error.’ After Version 1.9.0 of the software was released, Google Project Zero researcher Tavis Ormandy publicly disclosed the existence of a “heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code.” Fortunately, a new version of libgcrypt, Version 1.9.1, was released in a matter of hours that addressed the severe vulnerability. If you use Libgcrypt, users are urged to download the patched version as quickly as possible.

Sudo bug gives root access to mass numbers of Linux systems
This major bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without security privileges access and run a program with the credentials of another user. Qualys researchers named the vulnerability “Baron Samedit,” tracked as CVE-2021-3156. This vulnerability is a heap-based buffer overflow in Sudo, allowing privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. The only caveat is that the attacker must already be able to run programs on the vulnerable computer before this vulnerability an be used. If you need to patch, Sudo developers have already released a patched update, Sudo version 1.9.5p2.

What interesting security news did you come across this past week?