Hello and welcome to the Monday, March 20th, 2003 edition of the Sands and the Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Augusta, Georgia.

Let's start with a diary from Friday from Xavier.

Xavi looked at a back door that Juniper identified as targeting VMware ESXI servers.

This particular backdoor was injected using an vulnerability in the OpenSLP service,

very common vulnerability to be exploited in VMware ESXI.

What Xavier looked into is, it's actually a new backdoor or, well, just something old

that sort of got rehashed.

That's exactly sort of what happened here.

It just used more obfuscation with that making it past current detection rule set up for this kind of backdoor.

But in its essence, it was still the good old backdoor that has been around for a couple years now.

Well, on Friday wasn't a good day for Android device.

We have sort of two Android-related stories.

The first story here, not just Android-related, but very much sort of Android-focused.

And that's a vulnerability in the Samsung Exenus chip. This chip is the baseband chip for many phones,

not just phones made by Samsung, but apparently also used, for example, by Vivo, also by some of

the Google Pixel devices. And interestingly, this chip is also used in some of the modems that you do find in

cars, in particular the Exenus Auto T-5123 chip set.

Google's project, CERA identified 18 vulnerabilities in this chipset.

Four of these vulnerabilities do allow arbitrary remote code execution via the phone network.

So the only thing an attacker would need is the victim's phone number.

The other vulnerabilities, I wouldn't really discount them either.

...