No, that’s not how warrantee expiration works

The NYPost Hunter Biden story has triggered a lot of sleuths obsessing on technical details trying to prove it’s a hoax. So far, these claims are wrong. The story is certainly bad journalism aiming to misinform readers, but it has not yet been shown to be a hoax.

In this post, we look at claim the timelines don’t match up with the manufacturing dates of the drives. Sleuths claim to prove the drives were manufactured after the events in question, based on serial numbers.

What this post will show is that the theory is wrong. Manufacturers pad warrantee periods. Thus, you can’t assume a date of manufacture based upon the end of a warrantee period.

The story starts with Hunter Biden (or associates) dropping off a laptop at a repair shop because of water damage. The repair shop made a copy of the laptop’s hard drive, stored on an external drive. Later, the FBI swooped in and confiscated both the laptop and that external drive.

The serial numbers of both devices are listed in the subpoena published by the NYPost:

You can enter these serial numbers in the support pages at Apple (FVFXC2MMHV29) and Western Digital (WX21A19ATFF3) to discover precisely what hardware this is, and when the warrantee periods expire — and presumably, when they started.

In the case of that external drive, the 3-year warrantee expires May 17, 2022 — meaning the drive was manufactured on May 17, 2019 (or so they claim). This is a full month after the claimed date of April 12, 2019, when the laptop was dropped off at the repair shop.

There are lots of explanations for this. One of which is that the drive subpoenaed by the government (on Dec 9, 2019) was a copy of the original drive.

But a simpler explanation is this: warrant periods are padded by the manufacturer by several months. In other words, if the warrantee ends May 17, it means the drive was probably manufactured in February.

I can prove this. Coincidentally, I purchased a Western Digital drive a few days ago. If we used the same logic as above to work backward from warrantee expiration, then it means the drive was manufactured 7 days in the future.

Here is a screenshot from Amazon.com showing I purchased the drive Oct 12.

Here is a picture of the drive itself, from which you can read the serial number:

The Date of Manufacture (DOM) is printed right on the device as July 31, 2020.

But let’s see what Western Digital reports as the end of warrantee period:

We can see that the warrantee ends on Oct 25, 2025. According to Amazon where I purchased the drive, the warrantee period is 5 years:

Thus, if we were to insist on working back from the expiration date precisely 5 years, then that means this drive was manufactured 7 days in the future. Today’s date is Oct 16, the warrantee starts Oct 23. 

The reality is that Western Digital has no idea when the drive arrives, and hence when I (as the consumer) expect the warrantee period to start. Thus, they pad the period by a few months to account for how long they expect the device to be in the sales channel, the period between manufacture and when they are likely to arrive at the customer. Computer devices rapidly depreciate so are unlikely to be in the channel more than a few months.

Thus, instead of proving the timeline wrong, the serial number and warrantee expiration shows the timeline right. This is exactly the sort of thing you’d expect if the repair shop recovered the files onto a new external drive.

Another issue in the thread is about the “recovery” of files, which the author claims is improbable. In Apple’s latest MacBooks, if the motherboard is damaged, then it’s impractical to recover the data from the drive. These days, in the year 2020, the SSD drive inside notebooks are soldered right on the motherboard, and besides, encrypted with a TPM chip on the motherboard.

But here we are talking about a 2017 MacBook Pro which apparently had a removeable SSD. Other notebooks by Apple have had special connectors for reading SSDs from dead motherboards. Thus, recovery of files for notebooks of that era is not as impossible as a it sounds.

Moreover, maybe the repair shop fixed the notebook. “Water damage” varies in extent. It may have been possible to repair the damage and boot the device, at least in some sort of recovery mode.

Conclusion

Grabbing serial numbers and looking them is exactly what hackers should be doing in stories like this. Challenging the narrative is great — especially with regards to the NYPost story, which is clearly bad journalism.

On the other hand, it goes both ways. We should be even more concerned about challenging those things that agree with us. This is a great example — it appears we’ve found conclusive evidence that the NYPost story was a hoax. We need to carefully challenge that, too.

The post No, that’s not how warrantee expiration works appeared first on Security Boulevard.

Read More

The post No, that’s not how warrantee expiration works appeared first on Malware Devil.

https://malwaredevil.com/2020/10/17/no-thats-not-how-warrantee-expiration-works/?utm_source=rss&utm_medium=rss&utm_campaign=no-thats-not-how-warrantee-expiration-works

2020-10-17 – My Patreon mistake

Read More

The post 2020-10-17 – My Patreon mistake appeared first on Malware Devil.

https://malwaredevil.com/2020/10/17/2020-10-17-my-patreon-mistake/?utm_source=rss&utm_medium=rss&utm_campaign=2020-10-17-my-patreon-mistake

CVE-2020-3991 VMWare Security Advisory for VMWare Horizon Client – https://www.vmware.com/security/advisories/VMSA-2020-0022.html, (Fri, Oct 16th)

— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post CVE-2020-3991 VMWare Security Advisory for VMWare Horizon Client – https://www.vmware.com/security/advisories/VMSA-2020-0022.html, (Fri, Oct 16th) appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/cve-2020-3991-vmware-security-advisory-for-vmware-horizon-client-https-www-vmware-com-security-advisories-vmsa-2020-0022-html-fri-oct-16th/?utm_source=rss&utm_medium=rss&utm_campaign=cve-2020-3991-vmware-security-advisory-for-vmware-horizon-client-https-www-vmware-com-security-advisories-vmsa-2020-0022-html-fri-oct-16th

Massive New Phishing Campaigns Target Microsoft, Google Cloud Users

At least three campaigns are now underway.

The post Massive New Phishing Campaigns Target Microsoft, Google Cloud Users appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/massive-new-phishing-campaigns-target-microsoft-google-cloud-users/?utm_source=rss&utm_medium=rss&utm_campaign=massive-new-phishing-campaigns-target-microsoft-google-cloud-users

No, font errors mean nothing in that NYPost article

The NYPost has an article on Hunter Biden emails. Critics claim that these don’t look like emails, and that there are errors with the fonts, thus showing they are forgeries. This is false. This is how Apple’s “Mail” app prints emails to a PDF file. The font errors are due to viewing PDF files within a web browser — you don’t see them in a PDF app.

In this blogpost, I prove this.

I’m going to do this by creating forged email. The point isn’t to prove the email wasn’t forged, it could easily have been — the NYPost didn’t do due diligence to prove they weren’t forged. The point is simply that that these inexplicable problems aren’t evidence of forgery. All emails printed by the Mail app to a PDF, then displayed with Scribd, will look the same way.

To start with, we are going to create a simple text file on the computer called “erratarob-conspire.eml”. That’s what email messages are at the core — text files. I use Apple’s “TextEdit” app on my MacBook to create the file.

The structure of an email is simple. It has a block of “metadata” consisting of fields separated by a colon “:” character. This block ends with a blank line, after which we have the contents of the email.

Clicking on the file launches Apple’s “Mail” app. It opens the email and renders it on the screen like this:

Notice how the “Mail” app has reformatted the metadata. In addition to displaying the email, it’s making it simple to click on the names to add them to your address book. That’s why there is a (VP) to the right on the screen — it creates a placeholder icon for every account in your address book. I note this because in my version of Mail, the (VP) doesn’t get printed to the PDF, but it does appear in the PDF on the NYPost site. I assume this is because their Mail app is 3 years older than mine.

One thing I can do with emails is to save them as a PDF document.

This creates a PDF file on the disk that we can view like any other PDF file. Note that yet again, the app has reformatted the metadata, different from both how it displayed it on the screen and how it appears in the original email text.

Sometimes web pages, such as this one, wants to display the PDF within the web page. The Scribd website can be used for this purpose, causing PDFs to appear like below:

Erratarob Conspire by asdfasdf

How this shows up on your screen will change depending on a lot of factors. For most people, though, they’ll see slight font problems, especially in the name “Hunter Biden”. Below is a screenshot of how it appears in my browser. You can clearly see how the ‘n’ and ‘t’ characters crowd each other in the name “Hunter”.

Again, while this is a fake email message, any real email message would show the same problems. It’s a consequence of the process of generating a PDF and using Scribd. You can just click through on Scribd to download the original PDF (either mine or the one on the NYPost site), and then use your favorite PDF viewing app. This gets rid of Scribd’s rendering errors.

Others have claimed that this isn’t how email works, that email clients always show brackets around email message, using the < and > characters. Usually, yes, but not in all cases. Here, Apple’s “Mail” app is clearly doing a lot more work to make things look pretty, not showing them.

There are some slight difference between what my 2020 MacBook produces and what the original NYPost article shows. As we can see from the metadata on their PDF, it was produced by a 2017 MacBook. My reproduction isn’t exact, but it’s pretty darn close that we don’t need to doubt it.

We would just apply Occam’s Razor here. Let’s assume that the emails were forged. Then the easiest way would be to create a text document like I’ve shown above and open it in an email client to print out the message. It took me less than a minute, including carefully typing an unfamiliar Russian name. The hardest way would be to use Photoshop or some other technique to manipulate pixels, causing those font errors. Therefore, if you see font problems, the most likely explanation is simply “something I don’t understand” and not “evidence of the conspiracy”.

Conclusion

The problem with conspiracy theories is that everything not explained is used to “prove” the conspiracy.

We see that happening here. If there are unexplained formatting errors in the information the NYPost published, and the only known theory that explains them is a conspiracy, then they prove the conspiracy.

That’s stupid. Unknown things may simply be unknown, that while you can’t explain them doesn’t mean they are unexplainable. That’s what we see here: people are have convinced themselves they have “proof” because of unexplainable formatting errors, when in fact, such formatting can be explained.

The NYPost story has many problems. It is data taken out of context in an attempt to misinform the reader. We know it’s a garbage story, even if all the emails are authentic. We don’t need to invent conspiracy theories to explain it.

The post No, font errors mean nothing in that NYPost article appeared first on Security Boulevard.

Read More

The post No, font errors mean nothing in that NYPost article appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/no-font-errors-mean-nothing-in-that-nypost-article/?utm_source=rss&utm_medium=rss&utm_campaign=no-font-errors-mean-nothing-in-that-nypost-article

Phishers Capitalize on Headlines with Breakneck Speed

Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure.
Read More

The post Phishers Capitalize on Headlines with Breakneck Speed appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/phishers-capitalize-on-headlines-with-breakneck-speed/?utm_source=rss&utm_medium=rss&utm_campaign=phishers-capitalize-on-headlines-with-breakneck-speed

2020-10-16 – TA551 (Shathak) Word docs push IcedID

Read More

The post 2020-10-16 – TA551 (Shathak) Word docs push IcedID appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/2020-10-16-ta551-shathak-word-docs-push-icedid/?utm_source=rss&utm_medium=rss&utm_campaign=2020-10-16-ta551-shathak-word-docs-push-icedid

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Read More

The post Microsoft Fixes RCE Flaws in Out-of-Band Windows Update appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/microsoft-fixes-rce-flaws-in-out-of-band-windows-update/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-fixes-rce-flaws-in-out-of-band-windows-update

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign.
Read More

The post Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/biden-campaign-staffers-targeted-in-cyberattack-leveraging-antivirus-lure-dropbox-ploy/?utm_source=rss&utm_medium=rss&utm_campaign=biden-campaign-staffers-targeted-in-cyberattack-leveraging-antivirus-lure-dropbox-ploy

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

The post US Counterintelligence Director & Fmr. Europol Leader Talk Election Security appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/us-counterintelligence-director-fmr-europol-leader-talk-election-security/?utm_source=rss&utm_medium=rss&utm_campaign=us-counterintelligence-director-fmr-europol-leader-talk-election-security

An Uncommon 20 Years of Commonly Enumerating Vulns

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre’s list).

The post An Uncommon 20 Years of Commonly Enumerating Vulns appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/an-uncommon-20-years-of-commonly-enumerating-vulns/?utm_source=rss&utm_medium=rss&utm_campaign=an-uncommon-20-years-of-commonly-enumerating-vulns

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
Read More

The post Phishing Lures Shift from COVID-19 to Job Opportunities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/phishing-lures-shift-from-covid-19-to-job-opportunities/?utm_source=rss&utm_medium=rss&utm_campaign=phishing-lures-shift-from-covid-19-to-job-opportunities

What I Learned from DevSecOps Leaders in a High Tech World

Last week, we hosted our second virtual DevSecOps Leadership Series, focusing on DevSecOps in a High Tech World. With over 300 attendees, the afternoon featured an opening keynote from FISERV followed by two panel discussions with leaders from Sirius XM, NBC Universal, OneTrust, Estée Lauder, PointClickCare, and Micro Focus, all moderated by Michelle Dufty, SVP of Marketing here at Sonatype. Throughout the event, these leaders shared their experiences in DevSecOps and how they were specifically able to add value to their organizations through its adoption. 

The post What I Learned from DevSecOps Leaders in a High Tech World appeared first on Security Boulevard.

Read More

The post What I Learned from DevSecOps Leaders in a High Tech World appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/what-i-learned-from-devsecops-leaders-in-a-high-tech-world/?utm_source=rss&utm_medium=rss&utm_campaign=what-i-learned-from-devsecops-leaders-in-a-high-tech-world

Transform Logs into Knowledge with Directory Insights

Directory Insights™ schema helps IT admins find an event’s root cause and take action to secure their environments. Try the feature for free here.

The post Transform Logs into Knowledge with Directory Insights appeared first on JumpCloud.

The post Transform Logs into Knowledge with Directory Insights appeared first on Security Boulevard.

Read More

The post Transform Logs into Knowledge with Directory Insights appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/transform-logs-into-knowledge-with-directory-insights/?utm_source=rss&utm_medium=rss&utm_campaign=transform-logs-into-knowledge-with-directory-insights

ESB-2020.3518.2 – UPDATE [Linux] BlueZ: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3518.2
                       INTEL-SA-00435 BlueZ Advisory
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BlueZ
Publisher:         Intel
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-24490 CVE-2020-12352 CVE-2020-12351

Original Bulletin: 
   https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html

Revision History:  October 16 2020: Vendor updated advisory to remove reference to Linux kernel version
                   October 14 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Intel ID:                         INTEL-SA-00435
Advisory Category:        Software
Impact of vulnerability : Escalation of Privilege, Information Disclosure
Severity rating :         HIGH
Original release:         10/13/2020
Last revised:             10/15/2020

Summary:

Potential security vulnerabilities in BlueZ may allow escalation of privilege
or information disclosure. BlueZ is releasing Linux kernel fixes to address
these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2020-12351

Description: Improper input validation in BlueZ may allow an unauthenticated
user to potentially enable escalation of privilege via adjacent access.

CVSS Base Score: 8.3 High

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2020-12352

Description: Improper access control in BlueZ may allow an unauthenticated user
to potentially enable information disclosure via adjacent access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2020-24490

Description: Improper buffer restrictions in BlueZ may allow an unauthenticated
user to potentially enable denial of service via adjacent access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

All Linux kernel versions that support BlueZ.

Recommendations:

Intel recommends installing the following kernel fixes to address these issues:

https://lore.kernel.org/linux-bluetooth/
20200806181714.3216076-1-luiz.dentz@gmail.com/

https://lore.kernel.org/linux-bluetooth/
20200806181714.3216076-2-luiz.dentz@gmail.com/

https://lore.kernel.org/linux-bluetooth/
20200806181714.3216076-3-luiz.dentz@gmail.com/

https://lore.kernel.org/linux-bluetooth/
20200806181714.3216076-4-luiz.dentz@gmail.com/

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/
commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e

Acknowledgements:

Intel would like to thank Andy Nguyen, security engineer from Google for
reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice
called Coordinated Disclosure, under which a cybersecurity vulnerability is
generally publicly disclosed only after mitigations are available.

Revision History

Revision    Date                   Description
1.0      10/13/2020 Initial Release
1.1      10/15/2020 Removed reference to Linux kernel version

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4kIeONLKJtyKPYoAQjHOw//Vy26Se3bygcKlBsMF05yfGRdgpx/mwyB
Dirzzixo9PQEyhlLkW1zixBpCq3BG+0KiqlXyY9vuLYYiLnWuWq5ZibvWfp3/JBc
xZe/GA2gdysONbUZ4oXsyBgBCW8RNumB2TdcGDyphhJG8u1JZFRvQKtBRrjSTTjE
LzCtHe5hmYFeYHcOlEkzrgpUdV24zKkOYHYE2j9xrZGY5lbpxH3ntGoHjhLwkboO
GVovBUxk9Pxb0ybbHWZWQ9H+u6mf6TLcAm1AO9zdDQ4sx3M/+KMzieChRK4S6giz
tY1f+3w2cTGR023TBLpFchAoOmciUgRZd5iVDW9y6f+emTT48O0JMA3AS5bFb9l8
f+qd3thqdW2n73LZtr0r+nwRE5kYu9l2gtfwDPtKPtUOiSUkTGFQZwivPscKB0V0
M7QeNO5m+PJPtfJ++XW57H7XqsV4DOFaEZ84v6osksx8nRkOpx8S0P3T+uBTcJNp
BRsi7JUm5l9twTuH0kxC3nE4WT/dRujDwde14Q8c/s8+U1jD7QZmJTXAzpLwJcxs
ZMHhHsOQ/71S/fnXCnjRNXl9+M/qCg0r/RtF3Y6iT5fkaPyT0b4/1YzxAYMnnYEq
yeVWdi2VArhTVg/2NrjYJJopWKsKl65fpOVtsVHpcJzzkF6GmgBx/tAKbrGu0Y53
779ramNuk4g=
=/68E
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3518.2 – UPDATE [Linux] BlueZ: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3518-2-update-linux-bluez-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3518-2-update-linux-bluez-multiple-vulnerabilities

ESB-2020.3570 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3570
  JSA11076 - 2020-10 Security Bulletin: Junos OS: PTX/QFX Series: Kernel
 Routing Table (KRT) queue stuck after packet sampling a malformed packet
        when the tunnel-observation mpls-over-udp configuration is
                         enabled. (CVE-2020-1679)
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1679  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11076

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: Junos OS: PTX/QFX Series: Kernel Routing Table (KRT) queue stuck after packet sampling a malformed packet when the tunnel-observation mpls-over-udp configuration is enabled. (CVE-2020-1679)

Article ID  : JSA11076
Last Updated: 15 Oct 2020
Version     : 3.0

Product Affected:
This issue affects Junos OS 17.2X75, 18.1, 18.2, 18.2X75, 18.3, 18.4, 19.1,
19.2, 19.3, 19.4, 20.1. Affected platforms: PTX, QFX.
Problem:

On Juniper Networks PTX and QFX Series devices with packet sampling configured
using tunnel-observation mpls-over-udp , sampling of a malformed packet can
cause the Kernel Routing Table (KRT) queue to become stuck.

KRT is the module within the Routing Process Daemon (RPD) that synchronized the
routing tables with the forwarding tables in the kernel. This table is then
synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus,
when KRT queue become stuck, it can lead to unexpected packet forwarding
issues.

An administrator can monitor the following command to check if there is the KRT
queue is stuck:

user@device > show krt state
...
Number of async queue entries: 65007  tunnel-observation
mpls-over-udp]

or

[services flow-monitoring version-ipfix template 
tunnel-observation mpls-over-udp]

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2020-1679 .

Solution:

The following software releases have been updated to resolve this specific
issue: Junos OS 17.2X75-D105, 18.1R3-S11, 18.2R3-S5, 18.2X75-D420, 18.2X75-D53,
18.2X75-D65, 18.3R2-S4, 18.3R3-S3, 18.4R1-S7, 18.4R2-S5, 18.4R3-S4, 19.1R2-S2,
19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R2-S3, 19.3R3, 19.4R1-S2, 19.4R2-S1, 19.4R3,
20.1R1-S2, 20.1R2, 20.2R1, 20.3X75-D10, and all subsequent releases.

This issue is being tracked as 1495788 .

Workaround:

Disable sampling on all the interfaces will prevent the issue from occurring.

If the device is experiencing the issue, the administrator can perform the
follow steps to restore KRT queue:

1. Disable sampling configuration on this FPC

user@device> deactivate chassis fpc  sampling-instance 

2. Restart multi-svcs process on this FPC by killing the process. The
multi-svcs will get stared automatically once it gets killed and resume normal
processing.

Implementation:
Software releases or updates are available for download at https://
www.juniper.net/support/downloads/ .
Modification History:
2020-10-14: Initial Publication.
2020-10-15: Update related to "tunnel-observation mpls-over-udp" configuration
requirement.
CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4kMx+NLKJtyKPYoAQjMkg//SuRZNUkbw8IiW+aFyiL/3mD/wSk0gv08
59EJ4QuUCFrEK5LVMOFeEAvl+YkSDjPNcvfms45XW5y0fUBXIeAQKs2Bom68VbgL
ZAOOLic5WkLPuBGwAB8owzCaDaTiodbYDcIHTxNfkkDT9/zT+9htHxwSCJV59Sae
enELmdIqbwgJQ4YPblP896rsOLb7I5UK9ddGVxUcb4SL4K73EpaQfzokpjQ5XUIP
BDejdM79G8aVE3DBhHUYLcGE7HB4DWL68LMqkZWjg14g0aYvaHJcox2alqNJcjuX
hiTZ7BtBZuN3MOTNCRXLB+5Ij/G4zkZpEnovQ62qSZiUIDhL0q3GewLKOanWr67k
PNOPZZHvolUMT7BpC2PGvVpw1vk52SDHRKU2/jhq1vxDrOKwg9nPXTWKgsbiGkR+
ZttjzvuFPGEK96EWl8h0g4OCfkulO9roLipmwK3eifDqRgehuCb/8KLcQqPlcroD
Ml6tuPxams2nb9UBBSFi/t2a/0a4YdaFcsS2Xh8JOJQxNxbLcSdNKPNLfaC37ROH
6DOS6/bNJ99C/lq4a0FaQrm3EaXsxzf8XtFWXGi01hVHkG0m/ecPhHdsfOMiMXx+
2Z6mNCR6m0b89wMsnYm5k9YH2icgEsFMMjjFUsPTA7KHM0DX1cI8M6isnka+Y7Pe
b/7pBodlnzU=
=nVBd
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3570 – [Juniper] Junos OS: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3570-juniper-junos-os-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3570-juniper-junos-os-denial-of-service-remote-unauthenticated

ESB-2020.3569 – [Juniper] Junos OS: Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3569
   JSA11079 - 2020-10 Security Bulletin: Junos OS: SRX1500, vSRX, SRX4K,
        NFX150: Denial of service vulnerability executing local CLI
                          command (CVE-2020-1682)
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-1682  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11079

- --------------------------BEGIN INCLUDED TEXT--------------------

2020-10 Security Bulletin: Junos OS: SRX1500, vSRX, SRX4K, NFX150: Denial of service vulnerability executing local CLI command (CVE-2020-1682)

Article ID  : JSA11079
Last Updated: 14 Oct 2020
Version     : 3.0

Product Affected:
This issue affects Junos OS 15.1X49, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2.
Affected platforms: NFX150, SRX1500, SRX4100, SRX4200, vSRX.
Problem:

An input validation vulnerability exists in Juniper Networks Junos OS, allowing
an attacker to crash the srxpfe process, causing a Denial of Service (DoS)
through the use of specific maintenance commands. The srxpfe process restarts
automatically, but continuous execution of the commands could lead to an
extended Denial of Service condition.

This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, and vSRX-based
platforms. No other products or platforms are affected by this vulnerability.

This issue affects the following versions of Juniper Networks Junos OS:

  o 15.1X49 versions prior to 15.1X49-D220;
  o 17.4 versions prior to 17.4R3-S3;
  o 18.1 versions prior to 18.1R3-S11;
  o 18.2 versions prior to 18.2R3-S5;
  o 18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
  o 18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
  o 19.1 versions prior to 19.1R3-S2;
  o 19.2 versions prior to 19.2R1-S5, 19.2R3.

This issue does not affect Junos OS 19.3 or any subsequent version.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was discovered during external security research.

This issue has been assigned CVE-2020-1682 .

Solution:

The following software releases have been updated to resolve this specific
issue: Junos OS 15.1X49-D220, 17.4R3-S3, 18.1R3-S11, 18.2R3-S5, 18.3R2-S4,
18.3R3-S3, 18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, and 19.2R3.
Note: This fix has also been proactively committed into other releases that
might not be vulnerable to this issue.

This issue is being tracked as 1486905 .

Workaround:
Use access lists or firewall filters to limit access to the device only from
trusted hosts.
Implementation:
Software releases or updates are available for download at https://
www.juniper.net/support/downloads/ .
Modification History:

2020-10-14: Initial Publication

CVSS Score:
5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
Medium
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."
Acknowledgements:
Juniper SIRT would like to acknowledge and thank The UK's National Cyber
Security Centre (NCSC) for responsibly reporting this vulnerability.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4kMbuNLKJtyKPYoAQhImg//S96T2SYO9hWKDVcngoKTe0XLwfmnE2XR
MbeICmfEmTDFxANQdercbzSvJGaumUJ3pMuKTA7ZAGe2G4qNOyndz50eXDJLF+zn
bRJQ970xg3Jek+tUB3trPAHW+vjBCo/DkASmEf9nq5PYukVpawJfpnNr4uULQEbU
cWBiG0O2POHyCWWXlHjq8mw8Vq+s4p4Gvn7SCH7wixEG19R5uxAZL4ojMB+x0zRu
9iUqi3fJoukiFbrWq5nO2uMp9gARCipFsl+zkg/hIIZXW/X5RcTaSlfwhCfAZGno
cPzf7JYlYjToqc76ER5coyWcCTe42l7vpxBl+TnG4Yv55Gn5/TBR/5Ap8b7Q0Vag
9JTs3l5OWQjnjbTOzrTyqldk5oVpgEn2rhOOeOsdrDjuIifBRMUdvtIKwKPefBCI
laWWjzhxosxCzL/+a3aHYvwUd2PDuttmj7iln1BtbUVtiiOCruPz1ZbL321gb6ry
5Nw0kTZkDHvgLHwxhkzPZcqHUkBTble3tvBWpWKTSnSKu3cOLbiBLf4p00cuHp+i
F6HbaFBoT2dJ4zj7alz6c8WQ+FXtkX2hL6gE/zaQwPGZJd1yoYXiI1ieDIUdFInV
F66YebIymCOxho+GQVadJCUWtSyJ0rvYoZRHknZzbIbzujj1nsGpe1et0sGxfILj
vxOuinQz6R0=
=UyhF
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3569 – [Juniper] Junos OS: Multiple Vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3569-juniper-junos-os-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3569-juniper-junos-os-multiple-vulnerabilities

ESB-2020.3568 – [Ubuntu] Newsbeuter: Execute arbitrary code/commands – Remote with user interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3568
                  USN-4585-1: Newsbeuter vulnerabilities
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Newsbeuter
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-14500 CVE-2017-12904 

Reference:         ESB-2017.2363
                   ESB-2017.2084

Original Bulletin: 
   https://usn.ubuntu.com/4585-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4585-1: Newsbeuter vulnerabilities
15 October 2020

Newsbeuter could be made to crash or run programs as your login if it
opened a malicious file.
Releases

  o Ubuntu 16.04 LTS

Packages

  o newsbeuter - open-source RSS/Atom feed reader for text terminals

Details

It was discovered that Newsbeuter didn't handle the command line input
properly. An remote attacker could use it to ran remote code by crafting
a special input file. (CVE-2017-12904)

It was discovered that Newsbeuter didn't handle metacharacters in its
filename properly. An remote attacker could use it to ran remote code by
crafting a special filename. (CVE-2017-14500)

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o newsbeuter - 2.9-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

  o CVE-2017-12904
  o CVE-2017-14500

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBX4kL4ONLKJtyKPYoAQg+1g/2L/txht3zGf1mQaLuf9fzke7n1lNTzTUR
zIkXxJ9cgP/Tgg6DVYNqrvP2wqMFjsGOoypVkf7k+k1iryl6wxSrtZcXfxbGD06l
7YmjuHAIRpzMzDeq9UKACgXeQOW+fJ0l/W6WIQt/Kjbn5s0k0N0SlfwVsiSXOIUV
Ga+zLTmc1OWQxewan0w1eoc2t2n8OaRh7a9kXPp8Rl9HTaz0gfROSleMCfaYJOv3
z/OKFwOz5VXa8B1c+Wej7AxTKf9GbC6umpgq8ntoEK3JZ4OJzM4ltrkClE4VANEN
qsxCeb/fTFlbHfvpRUVg6P2/bsVOetYWz4AnfwjKzWMhYD9G/1CiNCzJPn/gPYyi
FmVG9urIQgMP10Iv4SAkMunisnxQc3h1FBfugzOnP9WXSxSvfkz1WypTWhdS1mJO
lpzZHDB6mRY6d974FwUlljkQsptAENQWVG7zrYRI/YK56HYzaCpmGj6fFqpILB6k
2kzz38NpkSJ83pMj6p7RpabwNlUj17J5btjvIPHACUBjIVvdo7EV0c8juwDvqj2z
Zb+eNhKnyQ5EELFFwqGCmWy5HGABvRw1WHaGlFp+1/+RoYd8EQu18x8YKgBiML4k
JyCYSDArDx1JyDcW6D5Gppvu27u/aKsTdccQbwkdVI687U1qr2LablalhMrYmS+d
j6tZPuOsAA==
=J3x2
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3568 – [Ubuntu] Newsbeuter: Execute arbitrary code/commands – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3568-ubuntu-newsbeuter-execute-arbitrary-code-commands-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3568-ubuntu-newsbeuter-execute-arbitrary-code-commands-remote-with-user-interaction

ESB-2020.3566 – [Ubuntu] containerd: Access confidential data – Remote with user interaction

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3566
                   USN-4589-1: containerd vulnerability
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           containerd
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Access Confidential Data -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-15157  

Reference:         ESB-2020.3565

Original Bulletin: 
   https://usn.ubuntu.com/4589-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4589-1: containerd vulnerability
15 October 2020

containerd could be made to expose sensitive information over the
network.
Releases

  o Ubuntu 16.04 LTS

Packages

  o containerd - daemon to control containers

Details

It was discovered that containerd could be made to expose sensitive
information when processing URLs in container image manifests. A
remote attacker could use this to trick the user and obtain the
user's registry credentials.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o containerd - 1.2.6-0ubuntu1~16.04.4

After a standard system update you need to restart containerd to make
all the necessary changes.

References

  o CVE-2020-15157

Related notices

  o USN-4589-2 : docker.io

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4kLDeNLKJtyKPYoAQgs0w//S7SPaX5fs+UuKvd2nrBCUmUR7uJ552t5
7oxSNGdRT5HeRO+4Kd7Yka+YOqtXb5D/n0Ct1DAyVzJSI0jfkrmzsBFenjftHsxv
GiH/28y7RcNALPbts1k97oFgj7SWrWMlSGfyndHySNr3Dv7eleJF/WfbN/M6wcBu
gy5TXkwPzzrOOpAlVfY8N+aFnZtNCB0DdUsLIlvZSUDBPVoEa8psU9WRTNVpeBYx
xKluux2+5ECJOldDz9GV76+LyDE5hM8xbd1zRJ1EiQITz4OYUg6zH08FUAUWvdD+
TtKF3BC/d/PZQ7WMuJMm9DBTQ1y4Mw+Cnm35sMCMxtpAQEH+qJe35i61PZ+GW0P/
iZIW6BKKFIeKJQBsvXBnnACOGwWBeKex+ALK+59rqjkUzqqNpDVPrFFLkIrK5ly/
8DTgnUC7m+ss+Q9ufLbRhh7VQmHkWWRBkT1Xrjob1/I6XTIw9U3PUkTKjRR5UvBs
HSmQ9OJbmtvLn1CGSEMDeuF2eOmaRE9TAaZNF9HLoH9fS1XgGew1xlCk5k+u4tIl
khM/t8heezULY60A9v+DRiwv1MsRi/9+Y0xJmrkdrgthqTDZT4YSk3b34WV3RgTE
uMAjyQOkMkafwEkjpeUCMHY72PNbFrhWyfpN1sZoqsQHEgC83CIkRSN5Dmndc1M+
AiJan7JK9jQ=
=MiVs
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3566 – [Ubuntu] containerd: Access confidential data – Remote with user interaction appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3566-ubuntu-containerd-access-confidential-data-remote-with-user-interaction/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3566-ubuntu-containerd-access-confidential-data-remote-with-user-interaction

ESB-2020.3567 – [Ubuntu] HtmlUnit: Execute arbitrary code/commands – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3567
                    USN-4584-1: HtmlUnit vulnerability
                              16 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           HtmlUnit
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-5529  

Reference:         ESB-2020.2819

Original Bulletin: 
   https://usn.ubuntu.com/4584-1/

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4584-1: HtmlUnit vulnerability
15 October 2020

HtmlUnit could be made to crash or run programs as an administrator
if it opened a specially crafted file.
Releases

  o Ubuntu 16.04 LTS

Packages

  o htmlunit - headless web browser written in Java

Details

It was discovered that HtmlUnit incorrectly initialized Rhino engine. An
Attacker could possibly use this issue to execute arbitrary Java code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 16.04

  o libhtmlunit-java - 2.8-1ubuntu2.1

In general, a standard system update will make all the necessary changes.

References

  o CVE-2020-5529

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4kLXONLKJtyKPYoAQgnQw/9E3m/4IeSLvCvHzu5k1kYl76bSE0015tq
ux0mhgi9Y/HOu5HbMgb7vs5WFyXSZLPhcGQdnCXVtC+ufro3eidoNgi0RuFMU2ye
wtFlbHsG5muG6FS0MMEajRHVjvP+v4qt2zorHOzFJL0rvQAyA8gbxlFUROtVdFtS
hN1RWY3z7nqatEEGaBf9po+iySpsS+mku7rUfLlv+xP94OqRUWZGqPy8DiJTqN59
RHO+BhLdW81p5ChnlcNUM3KygvvPv44KSS3Ob+uV2M5DJ3W5M2eITVp/dgrezvax
z46y19fsJz/B5BIuPY/vpVt4uY5BOXJ5yvcNgipFzo7CSQL8r7O0ZB+dJrZwU84i
5ClBl8o9Dx2l4MQ+P8eLeeaRydR8LElM2qNUT/p1HvQyYHxaUmNpjRSuCueRj9rF
dxYLHtMSNvQ17TuEBYDeQubY4Cd1gdME3mLPWF5R0mA9G2MJnY5gEkStkiNjpIO+
xZHp/sgECR20PnGAq1yPXWO/gTsfXWXhwh8vowJ1H+Y9bDeVgF9c5BlGDHwNbsS8
qk2jeEEkjaNy27f+l4+2JstErJ5nrNAB17XjBL4kz7OGFG7ip1vtJdUyptUJ/f6B
OoK3JfkSgE5Od3tpk0+i1/QGJ+BM09aRejel+yN/B4pd1OM72K1wTvo4s4GLxs00
F2YoFj4XKx8=
=IjIt
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3567 – [Ubuntu] HtmlUnit: Execute arbitrary code/commands – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2020/10/16/esb-2020-3567-ubuntu-htmlunit-execute-arbitrary-code-commands-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3567-ubuntu-htmlunit-execute-arbitrary-code-commands-remote-unauthenticated