Security vulnerability: CVE-2020-28188, CVE-2021-3007 and CVE-2020-7961 aka FreakOut

This document (000019844) is provided subject to the disclaimer at the end of this document.

Situation

Security researchers from Check Point disclosed a new report, called "FreakOut goal was to create an IRC botnet which could be used for Distributed Denial of Service (DDOS) or crypto-mining. There are multiple variants of this attack.

A successful attack requires at least one of the following software/packages/framework install:

TerraMaster TOS(TerraMaster Operating System): The operating system used for managing TerraMaster NAS (Network Attached Storage) servers (CVE-2020-28188)
Liferay Portal: A web application platform that offers features relevant for the development of portals and websites (CVE-2020-7961)
Zend Framework: a collection of packages used in building web application and services using PHP (CVE-2021-3007)

Resolution

SUSE does not ship any of the above in it's supported products and thus is not affected by any of the above vulnerabilities.

Status

Security Alert

Additional Information

References:

https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.