ÐÅÏ¢°²È«Öܱ¨-2020ÄêµÚ36ÖÜ

°ä²¼¹¦·ò 2020-09-08

> ±¾Öܰ²È«Ì¬ÊÆ×ÛÊö


2020Äê08ÔÂ31ÈÕÖÁ09ÔÂ06ÈÕ¹²ÊÕ¼°²È«·ì϶56¸ö £¬ÖµµÃ¹Ø×¢µÄÊÇGigadevice GD32F103´úÂëÖ´Ðзì϶£»Gigadevice GD32F103¹Ì¼þÌáÈ¡·ì϶£»NETGEAR R8300ºÅÁî×¢Èë·ì϶£»Education openSIS SQL×¢Èë·ì϶£»Education openSIS EmailCheck.php SQL×¢Èë·ì϶¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂ簲ȫÊÂÎñÊǹ¤ÐŲ¿´«µÝ101¿îAPP¼Óº¦Óû§È¨Àû £¬ÇáËɳïµÈƽ̨Éϰñ£»Å²ÍþÒé»áÓʼþϵͳÔâ¹¥»÷ £¬¹¤µ³ºÍÖÐÐĵ³¾ùÊÜÓ°Ï죻CiscoÖÒ¸æÆäIOS XR´æÔÚ0day²¢Òѱ»ÔÚÒ°ÀûÓã»Cisco Jabber´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶ £¬ÏÖÒѱ»½¨¸´£»Ó¢Ìضû°ä²¼Î¢´úÂ밲ȫ¸üР£¬ÖØÒªºÏÓÃÓÚWin10ϵÁС£


ƾ¾ÝÒÔÉÏ×ÛÊö £¬±¾Öܰ²È«ÍþвΪÖС£


³ÁÒª°²È«·ì϶Áбí


1.Gigadevice GD32F103´úÂëÖ´Ðзì϶


Gigadevice GD32F103°²È«±£»¤´æÔÚ°²È«·ì϶ £¬ÔÊÐíÎïÀíÄܽӼû¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬³Á¶¨Ïò½ÚÔìÁ÷Ö´ÐÐËÁÒâ´úÂë¡£

https://www.usenix.org/system/files/woot20-paper-obermaier.pdf


2. Gigadevice GD32F103¹Ì¼þÌáÈ¡·ì϶


Gigadevice GD32F103ÉÁ´æ¶Á³ö±£»¤´æÔÚ°²È«·ì϶ £¬ÔÊÐíÎïÀíÄܽӼû¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬¿É´Óµ÷ÊÔ½Ó¿Ú»ñÈ¡¹Ì¼þ¡£

https://www.usenix.org/system/files/woot20-paper-obermaier.pdf


3.NETGEAR R8300ºÅÁî×¢Èë·ì϶


NETGEAR R8300´æÔÚÊäÈëÑéÖ¤·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄÒªÇó £¬Äܹ»ÀûÓ÷¨Ê½¸ßµÍÎÄÖ´ÐÐËÁÒâ´úÂë¡£


https://kb.netgear.com/000062158/Security-Advisory-for-Pre-Authentication-Command-Injection-on-R8300-PSV-2020-0211


4. Education openSIS SQL×¢Èë·ì϶


Open Solutions for Education openSIS´æÔÚSQL×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄSQLÒªÇó £¬²Ù×÷Êý¾Ý¿â £¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢»òÖ´ÐÐËÁÒâ´úÂë¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1081


5. Education openSIS EmailCheck.php SQL×¢Èë·ì϶


Open Solutions for Education EmailCheck.php´æÔÚSQL×¢Èë·ì϶ £¬ÔÊÐíÔ¶³Ì¹¥»÷ÕßÄܹ»ÀûÓ÷ì϶Ìá½»ÌØÊâµÄSQLÒªÇó £¬²Ù×÷Êý¾Ý¿â £¬¿É»ñÈ¡Ãô¸ÐÐÅÏ¢»òÖ´ÐÐËÁÒâ´úÂë¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1073


> ³ÁÒª°²È«ÊÂÎñ×ÛÊö


1¡¢¹¤ÐŲ¿´«µÝ101¿îAPP¼Óº¦Óû§È¨Àû £¬ÇáËɳïµÈƽ̨Éϰñ


1.jpg


¹¤ÒµºÍÐÅÏ¢»¯²¿¹ÙÍø°ä²¼¹ØÓÚÇÖº¦Óû§È¨ÀûÐÐΪµÄAPP´«µÝ¡£µ°¿Ç¹«Ô¢¡¢ÇáËɳ±¦±¦Ê÷Éú³¤¡¢ZAKERÐÂÎÅ¡¢ÍøÒ×¹«¿ª¿Î¡¢¼Ý¿¼±¦µä¡¢ÇÎÀö˵¡¢ÂìÒ϶Ì×â¡¢¿ì¼ô¼­¡¢360ËãÕÊ´ó¼Ò¡¢µÃÎï¡¢ËѺüÊÓÆµ¡¢Ó³¿ÍÖ±²¥µÈ101¿îAPP´æÔÚÇÖº¦Óû§È¨ÀûÐÐΪ¡£ÕâЩÀûÓÃÈí¼þÖØÒªÉæ¼°ÎÊÌâÊÇÎ¥¹æÍøÂçÓ×ÎÒÐÅÏ¢ £¬Áí±í»¹Éæ¼°APPÇ¿Ô졢ƵÈÔ¡¢¹ý¶ÈË÷ȡȨÏÞ £¬Ç¿ÔìÓû§Ê¹Óö¨ÏòÍÆËÍÖ°ÄÜ £¬³¬ÁìÓòÍøÂçÓ×ÎÒÐÅÏ¢µÈÎÊÌâ¡£


Ô­ÎÄÁ´½Ó£º

http://tech.cnr.cn/techgd/20200831/t20200831_525234083.shtml


2¡¢Å²ÍþÒé»áÓʼþϵͳÔâ¹¥»÷ £¬¹¤µ³ºÍÖÐÐĵ³¾ùÊÜÓ°Ïì


2.jpg


ŲÍþÒé»á£¨Storting£©°ä²¼ÉêÃ÷ £¬°µÊ¾Óкڿ͹¥»÷Æä³ÉÔ±µÄµç×ÓÓʼþÕÊ»§²¢ÇÔÈ¡Êý¾Ý¡£¸ÃÊÂÎñÔÚµ÷²éÖÐ £¬Ä¿Ç°Éв»Ã÷ÏÔ±»µÁÊý¾ÝµÄÊýÁ¿¡¢ÖÖÀàÒÔ¼°¹¥»÷µÄ·ÛËéˮƽ¡£Å²Íþ¹¤µ³µÄJarle RoheimH?konsen֤ʵ £¬¹¤µ³³ÉÔ±ºÍÕþ¿ÍÔÚÕâ´Î¹¥»÷ÖоùÊܵ½Ó°Ïì £¬Í¬Ê±ÖÐÐĵ³Ò²È·ÈÏÆä´ú±íºÍÔ±¹¤Êܵ½ÁËÓ°Ïì¡£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/hackers-breached-norwegian-parliament-emails-to-steal-data/


3¡¢CiscoÖÒ¸æÆäIOS XR´æÔÚ0day²¢Òѱ»ÔÚÒ°ÀûÓÃ


3.jpg


˼¿ÆÉÏÖÜÁùÖÒ¸æËµ £¬ÆäIOS XR´æÔÚÒ»¸öеÄ0day £¬Ä¿Ç°Òѱ»ºÚ¿ÍÔÚÒ°ÀûÓ᣸÷ì϶±»¸ú×ÙCVE-2020-3566 £¬Ó°ÏìÁ˲Ù×÷ϵͳIOS XR°æ±¾¸½´øµÄ¾àÀëʸÁ¿×鲥·ÓɺÍ̸(DVMRP)Ö°ÄÜ £¬¸Ã°æ±¾µÄ²Ù×÷ϵͳͨ³£×°ÖÃÔÚµçÐż¶ºÍÊý¾ÝÖÐÐÄ·ÓÉÆ÷ÉÏ¡£Ë¼¿Æ°µÊ¾ £¬¸Ã·ì϶ÊÇÓÉÓÚInternet×éÖÎÀíºÍ̸£¨IGMP£©Êý¾Ý°üµÄ¶ÓÁÐÖÎÀí²»¼°ËùÖ £¬¹¥»÷ÕßÄܹ»Í¨¹ý·¢ËÍÌØÔìµÄIGMPÁ÷Á¿À´ÀûÓô˷ì϶¡£³É¹¦ÀûÓø÷ì϶¿Éµ¼ÖÂÄÚ´æºÄ¾¡ £¬´Ó¶øµ¼ÖÂÆäËû¹ý³Ì£¨ÈçÄÚ²¿ºÍ±í²¿Â·ÓɺÍ̸£©²»²»±ä¡£


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/cisco-warns-of-actively-exploited-ios-xr-zero-day/


4¡¢Cisco Jabber´æÔÚÔ¶³ÌÖ´ÐдúÂë·ì϶ £¬ÏÖÒѱ»½¨¸´


4.jpg


WatchcomµÄOlav Sortland Thoresen·¢ÏÖWindows°æCisco JabberÖдæÔÚÑϳÁµÄ´úÂëÖ´Ðзì϶ £¬ÏÖÒѱ»½¨¸´¡£¸Ã·ì϶±»¸ú×ÙΪCVE-2020-3495 £¬ CVSSΪ9.9·Ö £¬ÊÇÓÉÓÚ´«ÈëÐÂÎÅÄÚÈݵÄÊäÈëÑéÖ¤²»ÕýÈ·ÒýÆðµÄ¡£¾­¹ýÉí·ÝÑéÖ¤µÄÔ¶³Ì¹¥»÷ÕßÄܹ»Ê¹ÓöñÒâµÄ¿ÉÀ©´óÐÂÎźÍ״̬ºÍ̸£¨XMPP£©ÐÂÎÅÀûÓø÷ì϶ £¬³É¹¦ÀûÓú󹥻÷Õß¿ÉÔÚÖ¸±êϵͳÉÏÖ´ÐÐËÁÒⷨʽ¡£Ë¼¿Æ²úÆ·°²È«ÊÂÎñÏìÓ¦Ó××飨PSIRT£©°µÊ¾ £¬¸Ã·ì϶ĿǰÉÐδ±»¿í·ºÀûÓá£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-code-execution-bug-in-jabber-for-windows/


5¡¢Ó¢Ìضû°ä²¼Î¢´úÂ밲ȫ¸üР£¬ÖØÒªºÏÓÃÓÚWin10ϵÁÐ


5.jpg


Microsoft°ä²¼ÁËIntel΢´úÂë¸üР£¬ÒÔ½¨¸´Intel CPUÖеÄÓ²¼þ·ì϶¡£Õâ´Î¸üа䲼Á˰˸ö¿ÉÑ¡¸üР£¬ÖØÒªÕë¶ÔWindows 10 2004¡¢1909¡¢1903¡¢1809¡¢1803¡¢1709¡¢1703ºÍ1607µÈ°æ±¾ £¬½¨¸´ÁËAmber Lake¡¢Avoton¡¢BroadwellºÍCascade LakeµÈ56¿îCPUÖзì϶¡£´Ë±í £¬Ó¢Ìضû΢Âë¸üв¢²»ÄÜͨ¹ýWindows Update×°Öà £¬±ØÐëÊÖ¶¯×°Öá£


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/microsoft/new-intel-microcode-updates-for-windows-10-fix-cpu-hardware-bugs/