3 Hiking Principles That Made Me a Better CISO

When I am not studying the newest cybersecurity threat or preparing an enterprise and its employees for the next inevitable cyberattack, I can be found traipsing through California’s Sierra Nevada or in the depths of Death Valley. It was during these adventures that I developed both my mountain sense and found the quiet solitude to..

The post 3 Hiking Principles That Made Me a Better CISO appeared first on Security Boulevard.

Read More

The post 3 Hiking Principles That Made Me a Better CISO appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/3-hiking-principles-that-made-me-a-better-ciso/?utm_source=rss&utm_medium=rss&utm_campaign=3-hiking-principles-that-made-me-a-better-ciso

Diversifying the Cybersecurity Workforce this International Women’s Day

Fortinet is committed to promoting gender diversity inside the company and within the cybersecurity industry. Learn more.

The post Diversifying the Cybersecurity Workforce this International Women’s Day appeared first on Security Boulevard.

Read More

The post Diversifying the Cybersecurity Workforce this International Women’s Day appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/diversifying-the-cybersecurity-workforce-this-international-womens-day/?utm_source=rss&utm_medium=rss&utm_campaign=diversifying-the-cybersecurity-workforce-this-international-womens-day

280 Days to Fix a Vulnerability in Production

IBM’s 2020 report on the Cost of a Data Breach found that on average it takes 280 days to fix a vulnerability in production once a breach is discovered.  If you’ve got an application in production you may be wondering how you can protect the application once a vulnerability is identified, and before that vulnerability is fixed.

The post 280 Days to Fix a Vulnerability in Production appeared first on K2io.

The post 280 Days to Fix a Vulnerability in Production appeared first on Security Boulevard.

Read More

The post 280 Days to Fix a Vulnerability in Production appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/280-days-to-fix-a-vulnerability-in-production/?utm_source=rss&utm_medium=rss&utm_campaign=280-days-to-fix-a-vulnerability-in-production

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly.

New research released by Cisco Talos reveals an active malware campaign targeting organizations in South Asia that utilize malicious Microsoft Office documents forged with macros to spread a RAT that goes by the name of ObliqueRAT.

First documented in February 2020, the malware has been linked to a threat actor tracked as Transparent Tribe (aka Operation C-Major, Mythic Leopard, or APT36), a highly prolific group allegedly of Pakistani origin known for its attacks against human rights activists in the country as well as military and government personnel in India.

While the ObliqueRAT modus operandi previously overlapped with another Transparent Tribe campaign in December 2019 to disseminate CrimsonRAT, the new wave of attacks differs in two crucial ways.

In addition to making use of a completely different macro code to download and deploy the RAT payload, the operators of the campaign have also updated the delivery mechanism by cloaking the malware in seemingly benign bitmap image files (.BMP files) on a network of adversary-controlled websites.

“Another instance of a maldoc uses a similar technique with the difference being that the payload hosted on the compromised website is a BMP image containing a ZIP file that contains ObliqueRAT payload,” Talos researcher Asheer Malhotra said. “The malicious macros are responsible for extracting the ZIP and subsequently the ObliqueRAT payload on the endpoint.”

Regardless of the infection chain, the goal is to trick victims into opening emails containing the weaponized documents, which, once opened, direct victims to the ObliqueRAT payload (version 6.3.5 as of November 2020) via malicious URLs and ultimately export sensitive data from the target system.

But it’s not just the distribution chain that has received an upgrade. At least four different versions of ObliqueRAT have been discovered since its discovery, which Talos suspects are changes likely made in response to previous public disclosures, while also expanding on its information-stealing capabilities to include a screenshot and webcam recording features and execute arbitrary commands.

The use of steganography to deliver malicious payloads is not new, as is the abuse of hacked websites to host malware.

In June 2020, Magecart groups were previously found to hide web skimmer code in the EXIF metadata for a website’s favicon image. Earlier this week, researchers from Sophos uncovered a Gootkit campaign that leverages Search Engine Optimization (SEO) poisoning in hopes of infecting users with malware by directing them to fake pages on legitimate but compromised websites.

But this technique of using poisoned documents to point users to malware hidden in image files presents a shift in infection capabilities with an aim to slip through without attracting too much scrutiny and stay under the radar.

“This new campaign is a typical example of how adversaries react to attack disclosures and evolve their infection chains to evade detections,” the researchers said. “Modifications in the ObliqueRAT payloads also highlight the usage of obfuscation techniques that can be used to evade traditional signature-based detection mechanisms.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Read More

The post Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/hackers-now-hiding-obliquerat-payload-in-images-to-evade-detection-3/?utm_source=rss&utm_medium=rss&utm_campaign=hackers-now-hiding-obliquerat-payload-in-images-to-evade-detection-3

Keep Your Eye on the Camera

Organizations have finally realized that mobile devices are a productivity tool. It became abundantly clear with the sudden necessity of work from home (WFH) that employees work best when they can access a mobile smartphone. One major reason mobile phones are so useful is their integrated camera. The addition of a camera to a smart..

The post Keep Your Eye on the Camera appeared first on Security Boulevard.

Read More

The post Keep Your Eye on the Camera appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/keep-your-eye-on-the-camera/?utm_source=rss&utm_medium=rss&utm_campaign=keep-your-eye-on-the-camera

The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments

Deepfake video and audio has really advanced in recent years. Will this technology start to erode trust in the media we consume? Microsoft Exchange zero-days in the wild, and why is it that IT security investment on cybersecurity is at an all time high, yet we continue to see more data breaches? ** Links mentioned […]

The post The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments appeared first on The Shared Security Show.

The post The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments appeared first on Security Boulevard.

Read More

The post The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/the-deepfake-dilemma-microsoft-exchange-zero-days-it-security-investments/?utm_source=rss&utm_medium=rss&utm_campaign=the-deepfake-dilemma-microsoft-exchange-zero-days-it-security-investments

Security Alert: [Updated] Alert Regarding Vulnerabilities in Microsoft Exchange Server

JPCERT-AT-2021-0012
JPCERT/CC
2021-03-03(Initial)
2021-03-08(Update)

I. Overview

On March 2, 2021 (US Time), Microsoft has released information regarding multiple vulnerabilities in Microsoft Exchange Server. A remote attacker may execute arbitrary code with SYSTEM privileges by leveraging these vulnerabilities. According to Microsoft, four of these vulnerabilities have already been exploited in limited targeted attacks, and it is recommended to take measures as soon as possible. For more information,please refer to the information provided by Microsoft.

Microsoft The_Exchange_Team
Released: March 2021 Exchange Server Security Updates
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

Microsoft Security Response Center
Multiple Security Updates Released for Exchange Server
https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

II. Affected Products and Versions

Affected products and versions are as follows. Microsoft Exchange Online is not affected.

– Microsoft Exchange Server 2019
– Microsoft Exchange Server 2016
– Microsoft Exchange Server 2013

III. Solution

Microsoft has released versions that address these vulnerabilities.Microsoft recommends prioritizing installing updates on Exchange Servers that are externally facing. Please consider to take measures as soon as possible by referring to the information provided by Microsoft.

– Microsoft Exchange Server 2019 (CU 8, CU 7)
– Microsoft Exchange Server 2016 (CU 19, CU 18)
– Microsoft Exchange Server 2013 (CU 23)

In addition, the security updates are also available for Microsoft Exchange Server 2010, which is no longer supported.

IV. Related Information

Information that explains the details of the observed attacks has been released by Microsoft and others. In addition to the details of the exploited vulnerabilities, the Microsoft’s blog provides information on activities confirmed in the attack, investigation methods and indicator information for confirming the presence of damage from the attack.Please check the information as a reference for your investigation.

Microsoft
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Microsoft released a new blog and recommended to promptly apply countermeasures as well as to investigate if attacks exploiting these vulnerabilities have already been conducted. Microsoft also released PowerShell scripts on Github to investigate the evidence of compromise.In addition, other parties such as Volexity, FireEye and CISA have also released information on indicators and investigation methods for attacks that exploit these vulnerabilities. It is recommended to take measures and investigate as soon as possible by referring to the information by Microsoft and others.

Microsoft
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021
https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/

Microsoft
microsoft / CSS-Exchange
https://github.com/microsoft/CSS-Exchange/tree/main/Security

CISA
Alert (AA21-062A) Mitigate Microsoft Exchange Server Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-062a

Volexity
Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities
https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

FireEye
Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities
https://www.fireeye.com/blog/threat-research/2021/03/detection-response-to-exploitation-of-microsoft-exchange-zero-day-vulnerabilities.html

V. References

Microsoft
New nation-state cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/

Microsoft
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855

Microsoft
CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

Microsoft
CVE-2021-26858 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858

Microsoft
CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065

If you have any information regarding this alert, please contact JPCERT/CC.

2021-03-03 First edition
2021-03-08 Updated “IV. Related Information”

JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/

Read More

The post Security Alert: [Updated] Alert Regarding Vulnerabilities in Microsoft Exchange Server appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/security-alert-updated-alert-regarding-vulnerabilities-in-microsoft-exchange-server/?utm_source=rss&utm_medium=rss&utm_campaign=security-alert-updated-alert-regarding-vulnerabilities-in-microsoft-exchange-server

The Humanity and Evolution of Cyber

We see the word “cyber” everywhere today. It’s included in all the hashtags, events names and even in hand sanitizer available for purchase at Toys ‘R Us: Cyber Clean (72% ethanol alcohol, with aloe.) With the market booming and the buzzword exploding, many of us still don’t understand what this vague word means. We’re simply […]… Read More

The post The Humanity and Evolution of Cyber appeared first on The State of Security.

The post The Humanity and Evolution of Cyber appeared first on Security Boulevard.

Read More

The post The Humanity and Evolution of Cyber appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/the-humanity-and-evolution-of-cyber/?utm_source=rss&utm_medium=rss&utm_campaign=the-humanity-and-evolution-of-cyber

ISC Stormcast For Monday, March 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7402, (Mon, Mar 8th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, March 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7402, (Mon, Mar 8th) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/isc-stormcast-for-monday-march-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7402-mon-mar-8th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-march-8th-2021-https-isc-sans-edu-podcastdetail-htmlid7402-mon-mar-8th

ESB-2021.0813 – [UNIX/Linux][SUSE] freeradius-server: Reduced security – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0813
                   Security update for freeradius-server
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           freeradius-server
Publisher:         SUSE
Operating System:  SUSE
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Reduced Security -- Existing Account
Resolution:        Patch/Upgrade

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2021/suse-su-20210713-1
   https://www.suse.com/support/update/announcement/2021/suse-su-20210714-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than SUSE. It is recommended that administrators 
         running freeradius-server check for an updated version of the 
         software for their operating system.
         
         This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for freeradius-server

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0713-1
Rating:            low
References:        #1180525
Affected Products:
                   SUSE Linux Enterprise Software Development Kit 12-SP5
                   SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for freeradius-server fixes the following issues:

  o move logrotate options into specific parts for each log as "global" options
    will persist past and clobber global options in the main logrotate config
    (bsc#1180525)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Software Development Kit 12-SP5:
    zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-713=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-713=1

Package List:

  o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
    s390x x86_64):
       freeradius-server-debuginfo-3.0.19-3.6.1
       freeradius-server-debugsource-3.0.19-3.6.1
       freeradius-server-devel-3.0.19-3.6.1
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       freeradius-server-3.0.19-3.6.1
       freeradius-server-debuginfo-3.0.19-3.6.1
       freeradius-server-debugsource-3.0.19-3.6.1
       freeradius-server-doc-3.0.19-3.6.1
       freeradius-server-krb5-3.0.19-3.6.1
       freeradius-server-krb5-debuginfo-3.0.19-3.6.1
       freeradius-server-ldap-3.0.19-3.6.1
       freeradius-server-ldap-debuginfo-3.0.19-3.6.1
       freeradius-server-libs-3.0.19-3.6.1
       freeradius-server-libs-debuginfo-3.0.19-3.6.1
       freeradius-server-mysql-3.0.19-3.6.1
       freeradius-server-mysql-debuginfo-3.0.19-3.6.1
       freeradius-server-perl-3.0.19-3.6.1
       freeradius-server-perl-debuginfo-3.0.19-3.6.1
       freeradius-server-postgresql-3.0.19-3.6.1
       freeradius-server-postgresql-debuginfo-3.0.19-3.6.1
       freeradius-server-python-3.0.19-3.6.1
       freeradius-server-python-debuginfo-3.0.19-3.6.1
       freeradius-server-sqlite-3.0.19-3.6.1
       freeradius-server-sqlite-debuginfo-3.0.19-3.6.1
       freeradius-server-utils-3.0.19-3.6.1
       freeradius-server-utils-debuginfo-3.0.19-3.6.1


References:

  o https://bugzilla.suse.com/1180525

- --------------------------------------------------------------------------------


SUSE Security Update: Security update for freeradius-server

______________________________________________________________________________

Announcement ID:   SUSE-SU-2021:0714-1
Rating:            low
References:        #1180525
Affected Products:
                   SUSE Linux Enterprise Module for Server Applications 15-SP2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for freeradius-server fixes the following issues:

  o move logrotate options into specific parts for each log as "global" options
    will persist past and clobber global options in the main logrotate config
    (bsc#1180525)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Server Applications 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2021-714=1

Package List:

  o SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64
    ppc64le s390x x86_64):
       freeradius-server-3.0.21-3.6.1
       freeradius-server-debuginfo-3.0.21-3.6.1
       freeradius-server-debugsource-3.0.21-3.6.1
       freeradius-server-devel-3.0.21-3.6.1
       freeradius-server-krb5-3.0.21-3.6.1
       freeradius-server-krb5-debuginfo-3.0.21-3.6.1
       freeradius-server-ldap-3.0.21-3.6.1
       freeradius-server-ldap-debuginfo-3.0.21-3.6.1
       freeradius-server-libs-3.0.21-3.6.1
       freeradius-server-libs-debuginfo-3.0.21-3.6.1
       freeradius-server-mysql-3.0.21-3.6.1
       freeradius-server-mysql-debuginfo-3.0.21-3.6.1
       freeradius-server-perl-3.0.21-3.6.1
       freeradius-server-perl-debuginfo-3.0.21-3.6.1
       freeradius-server-postgresql-3.0.21-3.6.1
       freeradius-server-postgresql-debuginfo-3.0.21-3.6.1
       freeradius-server-python3-3.0.21-3.6.1
       freeradius-server-python3-debuginfo-3.0.21-3.6.1
       freeradius-server-sqlite-3.0.21-3.6.1
       freeradius-server-sqlite-debuginfo-3.0.21-3.6.1
       freeradius-server-utils-3.0.21-3.6.1
       freeradius-server-utils-debuginfo-3.0.21-3.6.1


References:

  o https://bugzilla.suse.com/1180525

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEWET+NLKJtyKPYoAQg4yxAAqwvze2jzxBuDCag9fppiWU0WwkZuavRQ
vFwCEvBENbCZFT/t77oH7JxIjVgL3hTn8hN8E2jdiNcmFvTTkLhODt7prhyeD1KF
JGA+t5RXOCSdUS5PVIe8tTgF+OLA0d2Pi5qJ8vSVuIg30uVPg+QGmCgyG3tW/C8b
FehFeU6BeThhhVo5St7LMTFwINzoriL0lGDAvxj+bosjbZm+aTGWhuY6yHzK2koM
A26rOaysAo0QIFAhPHyCDHQezEkZu+0obOBikKbxQ1DOrAGO6pc9/SbziifYrHQZ
0WI/MJlr3hQIlTEH5loeU2kfg7RAo4QGM4EZNooWF0Cx3BCsLQ3VVk8kQNE2Akm5
qbHR9F5eQHUMhOnF3ydMYCO7Yh4sr7tAEZBeiKqXTbG0j8IOKGQ7yrx6RYWHbNB/
2gkOy8IC/PqzCQT6iheCB6c1zquuFDFlfX8ufv9IpeYSpQYMfF2/ErYZBO7pxdEI
Dd+nPQy2TQdvzrqVdaynlgJa7YPH7P0oMN00y9P/ZwmjszGFBDjqM3ZK9PA9H8yv
ypGUngtn0aPVyXYc1WyYYnObO+xFZPrM+qWHFUIQ+gx1IA9pFAw88lG8cwWkCdZL
VhQuT91w9YeaaIgehOo692fCajUx/9s4r+ZFkuNomKkh+aUmrEdudXJhGde+JAi9
6I98+tjvdpE=
=31sj
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0813 – [UNIX/Linux][SUSE] freeradius-server: Reduced security – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0813-unix-linuxsuse-freeradius-server-reduced-security-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0813-unix-linuxsuse-freeradius-server-reduced-security-existing-account

ESB-2021.0812 – [Win][UNIX/Linux][Debian] libcaca: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0812
                          libcaca security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libcaca
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
                   Windows
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3410  

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2584

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running libcaca check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2584-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
March 07, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : libcaca
Version        : 0.99.beta19-2.1~deb9u2
CVE ID         : CVE-2021-3410
Debian Bug     : 983684

A buffer overflow issue in caca_resize function in 
libcaca/caca/canvas.c may lead to local execution of arbitrary code in 
the user context.

For Debian 9 stretch, this problem has been fixed in version
0.99.beta19-2.1~deb9u2.

We recommend that you upgrade your libcaca packages.

For the detailed security status of libcaca please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libcaca

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBEbQEACgkQhj1N8u2c
KO/rOg/9EfLQhJ4lag0jGfblNYa04HUg8BWpiVYPq4HbMXSwM/rB4V/bSS+4KrTx
bhJLL7qyYhf7BlfM1mLXKgCS0BxU4bZkqTpmV3iOFF2kIoeEmvJBXRDD6aOfbVUt
8l8kP8iq7LCPaw5qqFtW4j133jjHKzoN6eUUctUEiui/jgWOlf6ZhrD/XGNwLMVw
g4AHhJS4o2nuS4fvgrqdoi/WA2wy4Ts/WzSbqCpP0yP70KN7vSu847mKIXK1HPRc
JFBFMN0CXMiC9dHevxyzkeojRAVfk8G0xVxCfzBCzLcDYQI+a8AsgYp+5YBzTrMN
0QmMhLeOBGVDqhVjzAwhDbs6AuacaYhCyCliNgNj19X+zG/OzN3UGPQHqIetpPDb
ecPi/VF2V6DMhUf7BwS4GD6LwJhoiBcfs7k1jIvpTHYb3bV+DR+CObI0dsBtdCPE
6Uaixf5vXwW+ionVrm/zue0r3WTKkFI3JCtev23ZiumR/wH4c9Mz2O8oAUCgC2pw
QG9OxxSYT55ekBYyw+KDb1MEb9q93PlFjZqN/9HM6HgxrsG6+G0J+kTT5lWOhXUq
Vc15LPRvf/e8hsihjsV0VQxr64/nzLpfeLz0w0DvNBh66gpBuxMbu7eEjvB/a2pq
qYfmfGow5Eov9Q8jU640W7Y2xDKc9GvBdeXFS5XjOLLN1Lqy9fc=
=XyNc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEWEHONLKJtyKPYoAQi7GxAAhKii3hr8uNtl6AtQ8bT0YNxaAzCm6pz5
me6xxb7KIafaPHvzSpZSSqOtzF2aznw5b6rLIGfYY87n1QxNlpUmQlKO/nNx+KP4
mXnzFVMla0LQPC1timKXxeXoIN5oKnI4Mx66HUCfuS+u4jWpuOkIbaA65iOy7St+
WQNk+E4SlVo/z21RuYgpqmcfJlLFXnM6YasjU4/GPPV6zUGt4PXVf3MKL5Tz54Jn
Go+xWQVd8C8YM5rLpm9MKPGAehqIJmplAIWJ1liaUtqNVZtyMdkZBfzFYk0+eJHh
sZLxvChAWGgDd4an3WsSx5qZeaVLN9h0CGAaWKlgTn5L8Sd6JOnN8RdHvqmW7z3s
9abYwBTrt44wo1l/rltuqaEhtzOJuwCpGnWDro7fwlGgZOaq1EfJaTBo/Gf3aOpn
aJeTvtgRiTyP8mR2JvjsntRyCyrHDL9VVe5s+UUAWP9dMLm++CtHD8vWzTrPTVq6
DVbkZeXWrfSqmagjXJ+byDEgKdUN0xKO/q3yoyV3aAxvaarybtwMJlzr5O4TCfMZ
2CegOGSImkxpL9c3cr7pH1/PaBgGAMYn5rS1f97j5sxAG89k+0GIAcY6vdqnlKc+
1/Zf6grf5VuPh69yRg9htQs9gWV+XEI6kJOSyTZtboCz6J7GB3n2/OqJ+gS/t1iE
gFmVUOOSH0I=
=776b
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0812 – [Win][UNIX/Linux][Debian] libcaca: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0812-winunix-linuxdebian-libcaca-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0812-winunix-linuxdebian-libcaca-execute-arbitrary-code-commands-existing-account

ESB-2021.0808.2 – UPDATE [Debian] libupnp: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2021.0808.2
                          libupnp security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libupnp
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13848  

Reference:         ESB-2020.1988

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2585

Revision History:  March 8 2021: Updated Original Bulletin URL
                   March 8 2021: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2585-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 08, 2021                              https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : libupnp
Version        : 1:1.6.19+git20160116-1.2+deb9u1
CVE ID         : CVE-2020-13848
Debian Bug     : 962282

libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted SSDP message due to a
NULL pointer dereference in the functions FindServiceControlURLPath
and FindServiceEventURLPath in genlib/service_table/service_table.c.

For Debian 9 stretch, this problem has been fixed in version
1:1.6.19+git20160116-1.2+deb9u1.

We recommend that you upgrade your libupnp packages.

For the detailed security status of libupnp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libupnp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBFWYwACgkQgj6WdgbD
S5a53A/+JHuGZsgaT5GeQDuQS9vJGEgdy0k9BvnNYCdKt+fSzcGY/c0BLg5+J9iO
BxrB67+3d7/uECpaz6BDCvzFWQLLADWtQB+aBwKtJQlc7vic6zee92YK5gxg1lTJ
mnvM25GMOS/OGEaZZYrA7blwkr3Wg8b09b9fYOgw0Amc1B9qTSV1Yujf+gA4o9dx
Kxohw+0DkNXVBSl+oPF4GQHSV69hvYZ30sliZAg3jLJhhobFN+5Cktr6WIPaoKpE
jmJqmR7K7b4fOZBizgFuJLoDKu6QJLHPRp7Svy12BL1l6SjU/uQ875f7hC6wU4Ce
9rdQL7NtdMvyAc697lnA1CunQRcL4mJDKJ3VGHJkWKx//S5MLiR19oeTKVa99kAb
uasMmnCMtIaObxpMTtAUIMyVy6HzIEHNrlOWCuB30gyHDGJZ+KkNSuNmRD79tcT8
hEfoYXd5xX7Z9sYjv13frCdxP+TtDiYu+L+kctx6oHVxfcDsA1ruwrxBjL7cse/0
MxuY1CHr+TZwJv3BE5N4rvealR85LvY9KYGxtB7XHgQ6ky5yrgT8YSt4xTgAyOW1
73SjAt9GGU2ULdvgKH3Bb+EnXGc6RKTuATzZd1HZopaE9CLeEw8kUmvTojYKw3qd
ie/THGIBJ3L7jhalQgqtFdIgVbDyAt8QJetti57TRYORvEuHK08=
=ZLF+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEWFx+NLKJtyKPYoAQglFw/9HqgmdJ/G63bz+2+XmSuk1F/VIOupqloP
xqGrwXPfh1eJpQUTpZJ4arIKInwQ7BRJtdFY92TB0AnxYprjoIdTccPbb/jXBT7u
+vTgdD1V+4J2xZh7GR3tlGD95BM5qRontRfz78lRz/VIcQcKwYFXuDEkdgAZBURa
kvxlK4pe9AnH8Se4n2L2M5gMvmXe0SS80BIBlJVjrMCAzmbBbxiP/QUzt73pbpV9
DXx8kHbVT+T3jC29DT2j5vU2iCv9y8lAeha36/5vEoBwayEskBFgK9Gne9fN3FF+
9uVAXMQHmKx1x5cv2H0YihA0z0zgb8xSyj3cAy3Z9ZutNa1KtT9PKQ2/WlGBSKwk
ylAi5Ap8N1MNubetqkA1El/q6xSMEMvyV401rVwf2yapw/EDffPQhcJuB6Ou4W8T
6Dx81NcQsd33cuGdR6NO1lXD2ewK2wcty33yhcUbBa1XDPJ5JUcrSZLHE532qDh6
cHiaRqAnG5kqn/RxBwwGmoPPFHa5vk9KCpe7+bDDPNko5lI4zbuNqY3FFbU0z0LP
m+ABTiPRJ/840e+Mn8UdwEMn+IxL1DEWwOgzDiPrO9ckZtxdbGoRt7EYGKx0Rmq1
uDaHOZLzccHknMToBRuRZcobljFeOM0ZaA8wx2ujBdHoVnh5KHxHUw2+Bz3fd0bD
lNjzRxHZoxA=
=nY/H
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0808.2 – UPDATE [Debian] libupnp: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0808-2-update-debian-libupnp-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0808-2-update-debian-libupnp-denial-of-service-remote-unauthenticated

ESB-2021.0811 – [Linux] IBM WebSphere Application Server: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0811
       Security Bulletin: IBM WebSphere Application Server Multiple
                              Vulnerabilities
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM WebSphere Application Server
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-27221 CVE-2020-14803 CVE-2020-14781
                   CVE-2020-2773  

Reference:         ESB-2021.0773
                   ESB-2021.0618
                   ESB-2020.4389

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6425553

- --------------------------BEGIN INCLUDED TEXT--------------------

Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server
January 2021 CPU that is bundled with IBM WebSphere Application Server Patterns

Document Information

Document number    : 6425553
Modified date      : 05 March 2021
Product            : WebSphere Application Server Patterns
Component          : Not Applicable
Software version   : Version Independent
Operating system(s): Linux
                     AIX
Edition            : All Editions

Summary

There are multiple vulnerabilities in the IBM SDK Java Technology Edition that
is shipped with IBM WebSphere Application Server. These issues were disclosed
in the IBM Java SDK updates in January 2021.

Vulnerability Details

CVEID: CVE-2020-14803
DESCRIPTION: An unspecified vulnerability in Java SE could allow an
unauthenticated attacker to obtain sensitive information resulting in a low
confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2020-27221
DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when
the virtual machine or JNI natives are converting from UTF-8 characters to
platform encoding. By sending an overly long string, a remote attacker could
overflow a buffer and execute arbitrary code on the system or cause the
application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2020-2773
DESCRIPTION: An unspecified vulnerability in Java SE related to the Java SE
Security component could allow an unauthenticated attacker to cause a denial of
service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2020-14781
DESCRIPTION: An unspecified vulnerability in Java SE related to the JNDI
component could allow an unauthenticated attacker to obtain sensitive
information resulting in a low confidentiality impact using unknown attack
vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0
through 1.0.0.7 and 2.2.0.0 through 2.3.3.3.

Remediation/Fixes

Please see the IBM Java SDK Security Bulletin for WebSphere Application Server 
to determine which WebSphere Application Server versions are affected and to
obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2101 can be
used to apply the January 2021 SDK iFixes in a PureApplication or Cloud Pak
System Environment.

Download and apply the interim fix 1.0.0.0-WS-WASPATTERNS-JDK-2101.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Change History

19 Feb 2021: Initial Publication

Document Location

Worldwide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEVz5+NLKJtyKPYoAQgvrA//f67ImWsFVE1lUYT5RnAlhRT6DHmm6XDy
x3NwJqIqcCEjdH+usfe8LqgF01K6o7EZpz1ip/xkxX+dnJ0xgQIuLxTZs+cVDlT6
XAE/gX91DYE2kRJC6EfYyzD7YPbek7pNFmkgxNASsZqfV6VUsBFr4neb/LD1XZOM
bYIYEmGN2K6xVKGAJAsJkbCCh+HUfdE2vbkGHj+nnitqa4tozoqf4Fzj5Kr/YObX
VIRvGgPGqdXZNwbRsFn9lXXV7CUS18Jdi89mqe4BnJHyzFzxxVc2d2xM4WnRxN5B
uWFVr6Ie36/qPY418KvxN8h/RNncKD3Or+wIZCOCdtq2t4xQzk1Syya0lbdgQhh7
kumucjzdxEOMb6ZXbvdbvCEOVdmAahSC5d9MxnLaLR7RzWf9UDKuH9NVQTOIb066
RAyunbTCK9S/vTbZUJIAzh8soHpihZ4NGhsYNuzAuXnos5IUJ/t1cSx8xOlmwIsW
22TJBGOCIZMaG8/17cMNEidsaKa0Vvzzg5Ks4LpeNGCBxY/VgeBeb0inyQiYA+W8
NEFdvEHvpIap+IeQRsFTBhwpfde009KoXutnObTkKZJRkmbYsmj2OlAK6VV9VMiB
dLISmHU/ffvMy0o+f3mCJxon8anUZnmJb0MT8c6GjRQ1ZK9ssCLLZAk6JAxJVruO
PcToAjzO95M=
=397r
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0811 – [Linux] IBM WebSphere Application Server: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0811-linux-ibm-websphere-application-server-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0811-linux-ibm-websphere-application-server-multiple-vulnerabilities

ESB-2021.0810 – [Appliance] F5 Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0810
                   F5 Products Multiple Vulnerabilities
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           BIG-IP
                   BIG-IQ
                   F5OS
                   Traffix SDC
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2020-8625  

Reference:         ESB-2021.0794
                   ESB-2021.0738
                   ESB-2021.0658

Original Bulletin: 
   https://support.f5.com/csp/article/K13591074

- --------------------------BEGIN INCLUDED TEXT--------------------

K13591074: BIND vulnerability CVE-2020-8625

Original Publication Date: 05 Mar, 2021

Security Advisory Description

BIND servers are vulnerable if they are running an affected version and are
configured to use GSS-TSIG features. In a configuration which uses BIND's
default settings the vulnerable code path is not exposed, but a server can be
rendered vulnerable by explicitly setting valid values for the
tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the
default configuration is not vulnerable, GSS-TSIG is frequently used in
networks where BIND is integrated with Samba, as well as in mixed-server
environments that combine BIND servers with Active Directory domain
controllers. The most likely outcome of a successful exploitation of the
vulnerability is a crash of the named process. However, remote code execution,
while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27,
9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 ->
9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 ->
9.17.1 of the BIND 9.17 development branch (CVE-2020-8625)

Impact

An attacker can exploit this vulnerability to cause the named process to be
terminated abnormally and resulting in a denial of service to the clients.
The BIND GSS-TSIG feature is enabled by default in the BIG-IP and BIG-IQ
systems running the affected versions, and they are vulnerable to this issue if
they are configured to use the GSS-TSIG features by setting valid values for
the tkey-gssapi-keytab or tkey-gssapi-credential configuration options.

Security Advisory Status

F5 Product Development has assigned ID 997173 (BIG-IP and BIG-IQ) to this
vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

+-------------------+------+----------+----------+----------+------+----------+
|                   |      |Versions  |Fixes     |          |CVSSv3|Vulnerable|
|Product            |Branch|known to  |introduced|Severity  |score^|component |
|                   |      |be        |in        |          |1     |or feature|
|                   |      |vulnerable|          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |16.x  |16.0.0 -  |None      |          |      |          |
|                   |      |16.0.1    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |15.x  |15.1.0 -  |None      |          |      |          |
|                   |      |15.1.2    |          |          |      |          |
|BIG-IP (LTM, AAM,  +------+----------+----------+          |      |          |
|Advanced WAF, AFM, |14.x  |14.1.0 -  |None      |          |      |          |
|Analytics, APM,    |      |14.1.4    |          |          |      |          |
|ASM, DDHD, DNS,    +------+----------+----------+High      |8.1   |BIND      |
|FPS, GTM, Link     |13.x  |13.1.0 -  |None      |          |      |          |
|Controller, PEM,   |      |13.1.3    |          |          |      |          |
|SSLO)              +------+----------+----------+          |      |          |
|                   |12.x  |12.1.0 -  |None      |          |      |          |
|                   |      |12.1.5    |          |          |      |          |
|                   +------+----------+----------+          |      |          |
|                   |11.x  |11.6.1 -  |None      |          |      |          |
|                   |      |11.6.5    |          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|                   |8.x   |8.0.0     |None      |          |      |          |
|                   +------+----------+----------+          |      |          |
|BIG-IQ Centralized |7.x   |7.0.0 -   |None      |          |      |          |
|Management         |      |7.1.0     |          |High      |8.1   |BIND      |
|                   +------+----------+----------+          |      |          |
|                   |6.x   |6.0.0 -   |None      |          |      |          |
|                   |      |6.1.0     |          |          |      |          |
+-------------------+------+----------+----------+----------+------+----------+
|F5OS               |1.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+
|Traffix SDC        |5.x   |None      |Not       |Not       |None  |None      |
|                   |      |          |applicable|vulnerable|      |          |
+-------------------+------+----------+----------+----------+------+----------+

The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Security Advisory Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None. To avoid this vulnerability, do not use the GSS-TSIG features even though
it is enabled by default on the affected products and versions.

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K15106: Managing BIG-IQ product hotfixes
  o K15113: BIG-IQ hotfix and point release matrix
  o K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM
    systems (11.4.x and later)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEVzFONLKJtyKPYoAQgEjxAAnX/u5DiuV7kgVr5ulx0A6mP/39hK9+Ow
1jrHNLLrX+h/85PuODUKbbSGbdt5f1uaMML27juvvHKCe276n0EMmI4q4+Folhyh
L4FZzfsOBXqq8OsagEASwSlRnbK95akdsfif1aGVxLivZ8S1okf4VjUa5+7xUjCx
kzpOXD3fuuqK/ihl8U4WQurDwlXYFobo+bzbBM561DGN4GuJ0scmPh0hihTV9ccU
cW95hmfqvXRFton5Laa1WX1SOrZq+OrooNIdPyaHL9CXG/Pdt/pfaf9h7cSTJ14k
ZG34ezNRPGExLNBR2ss2ZtJ6MknXLVijZ3KUQfTFlJkc6MiD8b1PM7J/OMVM57PU
SrfVAs7XZpdq6/cTs9i8fKODPCUQYnL0xMwz8TtqhQNLOAMnLmLgGN2o+PvKmf1H
RCk+1kBssNv9JtrExU7MHaZMM1n4t9kSDscf0/eghTEDq+dNvQslaHrhvGiZVW/Q
Qq2hcbS/QqHqqAQcofXcgEa4adGDkWyIImzSWEUu9AwZ5hJXRUVTZdRHCkf03kGx
y5O4GSIAlmMENQidQasVhtVkNUZWtPB3eVz6wzL/2ubavT+E11oZStu3hVIPXvIz
jhzNk5/UPyy1vrusJdHBi6ijMhd0xthIvuYtOwf7em8Ka9UrjVMT0rSKKFl15hpO
aiUMcbGdyfk=
=EpQ1
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0810 – [Appliance] F5 Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0810-appliance-f5-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0810-appliance-f5-products-multiple-vulnerabilities

ESB-2021.0809 – [Linux] IBM QRadar SIEM: Unauthorised access – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0809
        Security Bulletin: Google-api-client as used by IBM QRadar
                SIEM is vulnerable to authorization bypass
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM QRadar SIEM
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Unauthorised Access -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7692  

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6417571

- --------------------------BEGIN INCLUDED TEXT--------------------

Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization
bypass (CVE-2020-7692)

Document Information

Document number    : 6417571
Modified date      : 04 March 2021
Product            : IBM QRadar SIEM
Software version   : 7.3, 7.4
Operating system(s): Linux
Edition            : All Editions

Summary

Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization
bypass, caused by no PKCE support implemented.

Vulnerability Details

CVEID: CVE-2020-7692
DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker
to bypass security restrictions, caused by no PKCE support implemented. By
executing a specially-crafted application, an attacker could exploit this
vulnerability to obtain the authorization code, and gain authorization to the
protected resource.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
184858 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

7.3

All GoogleCommon versions before
7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436

7.4

All GoogleCommon versions before
7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430

Remediation/Fixes

7.3

7.3.0-QRADAR-PROTOCOL-GoogleCommon-7.3-20210126200436

7.4

7.4.0-QRADAR-PROTOCOL-GoogleCommon-7.4-20210126200430

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Acknowledgement

Change History

25 Feb 2021: Initial Publication

Document Location

Worldwide

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEVxb+NLKJtyKPYoAQj3wxAAhJvn8ZIn2cYPYNaYUXZDk1txbAtU1y97
wkzRS4J/6JWJgTXexDY8RZL23CrbVrP6OXIilsYooptqswAIakAUvpfDe5vt/mSu
Yy1YDIHVzcnl2hBuiK/mCnR/oFwx4AQzDQS4sjdfegGUzfNWRFscLtXZgoBtDwGf
Ke0GDicowBzpnYzOvfu4k8vAJ9eOIDuvSk2vD2W55QGtJSRetGLqpBhntUBwPvzP
AojG0kVyquqC9O8wXTURECOqygxJHkZUNS83R4mElJQf31bqJNUOuoeRDiZujOFa
qqki5s4OypNoVe6WSFoOpDFwPju05+xCiH8ZqHXPGQ2kZA6OS0JE83eb/hK8xgr3
oHyuSNpkEFLocxWYMBTBpQsockeFQJ/iatxpBLjlw1HD+AIfDV5zG9ZzNoF97CVl
ZgJ98uBYHi1q4sm4ogX6LRcruo7DZ37W40YK8IvM9rBonhxcL7bC8fgtFj048/Ol
LE+fMjx0lDvFVSVTyP4h/TPqZ24PdzLylURBDPSri/MFwPr623zlhssrb1em7nin
y9ABzADFxMtWEXqCOarEwWymgkWzuFu0i7fvRJKALN0ZrktbkYZV9Vmi8mgl41fD
um/rS6pwqdCR9rrMFnV05JqveTnWvTVUmeUymTD+2t25Ah0X9Heq0rEC4XBRObql
t2M23nw1+fQ=
=wQWB
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0809 – [Linux] IBM QRadar SIEM: Unauthorised access – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0809-linux-ibm-qradar-siem-unauthorised-access-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0809-linux-ibm-qradar-siem-unauthorised-access-remote-unauthenticated

ESB-2021.0808 – [Debian] libupnp: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0808
                          libupnp security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libupnp
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13848  

Reference:         ESB-2020.1988

Original Bulletin: 
   http://www.debian.org/security/2021/dla-2585

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -----------------------------------------------------------------------
Debian LTS Advisory DLA-2585-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
March 08, 2021                              https://wiki.debian.org/LTS
- - -----------------------------------------------------------------------

Package        : libupnp
Version        : 1:1.6.19+git20160116-1.2+deb9u1
CVE ID         : CVE-2020-13848
Debian Bug     : 962282

libupnp, the portable SDK for UPnP Devices allows remote attackers to
cause a denial of service (crash) via a crafted SSDP message due to a
NULL pointer dereference in the functions FindServiceControlURLPath
and FindServiceEventURLPath in genlib/service_table/service_table.c.

For Debian 9 stretch, this problem has been fixed in version
1:1.6.19+git20160116-1.2+deb9u1.

We recommend that you upgrade your libupnp packages.

For the detailed security status of libupnp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libupnp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmBFWYwACgkQgj6WdgbD
S5a53A/+JHuGZsgaT5GeQDuQS9vJGEgdy0k9BvnNYCdKt+fSzcGY/c0BLg5+J9iO
BxrB67+3d7/uECpaz6BDCvzFWQLLADWtQB+aBwKtJQlc7vic6zee92YK5gxg1lTJ
mnvM25GMOS/OGEaZZYrA7blwkr3Wg8b09b9fYOgw0Amc1B9qTSV1Yujf+gA4o9dx
Kxohw+0DkNXVBSl+oPF4GQHSV69hvYZ30sliZAg3jLJhhobFN+5Cktr6WIPaoKpE
jmJqmR7K7b4fOZBizgFuJLoDKu6QJLHPRp7Svy12BL1l6SjU/uQ875f7hC6wU4Ce
9rdQL7NtdMvyAc697lnA1CunQRcL4mJDKJ3VGHJkWKx//S5MLiR19oeTKVa99kAb
uasMmnCMtIaObxpMTtAUIMyVy6HzIEHNrlOWCuB30gyHDGJZ+KkNSuNmRD79tcT8
hEfoYXd5xX7Z9sYjv13frCdxP+TtDiYu+L+kctx6oHVxfcDsA1ruwrxBjL7cse/0
MxuY1CHr+TZwJv3BE5N4rvealR85LvY9KYGxtB7XHgQ6ky5yrgT8YSt4xTgAyOW1
73SjAt9GGU2ULdvgKH3Bb+EnXGc6RKTuATzZd1HZopaE9CLeEw8kUmvTojYKw3qd
ie/THGIBJ3L7jhalQgqtFdIgVbDyAt8QJetti57TRYORvEuHK08=
=ZLF+
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEVkfuNLKJtyKPYoAQggwRAAjnOqNqfzt8unboEN+sX+5IkZBkVZQdxF
r2H0lWNo9YbjGmZ2dky3ZP+aeo7iuCf/vEGp625Om/zNiYtlK6Yee5i/Mjdsv6wx
sWjQJWbW0HgwU8HPx0bkCK/73QKifz9FfxC7hWqBcjxFeM3aw6ffZjfvKifql0Uo
JvlMTgaxoC9yz194MbqYxFugfp+YSawe52HSxy74tLDTu1ePyOd5C8TEJ028HG0B
graAPGzDQuKQZ2gyM/WOk24fwT8RWBzlvbvyYatLoZG18DwqjAPyygEA7Fb58027
eBhimDSNfGwS/oyhZ893Qu9qq9JvU7BIWXhVn7xfvZEZ28jnNsbe0zqQmrP56EmU
c6u5G3+BmT49cdRQjrMgjHsj36LCYhOe6xpYfJmT+8K3HUlXzr/79ng29p63AwjY
zA4QYu5Jk9mmtWib0ZeHyMZcn08e+wGuglQVKeG06NMutKCH0NLdhor4VojFsqtY
jBUcLay5AgoAmKn60wgK7DNETTxwZoHu8sg/sws4iLEVNPyECo+W1WOns0XazYgd
HaBDh41Nq85BA46L+OD4AVHZg8lEAZ2t7Bxrr7zNQ7Y39nZyQBNdFq7EM5Eg6f0t
/1lJS2wxBBDXaWdpbfGvcYI2QrMkNSo3dEVEgFeD/W7aFg6qr/PK7U+3vFdm2CUV
3KedG3AGksI=
=0U+r
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0808 – [Debian] libupnp: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0808-debian-libupnp-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0808-debian-libupnp-denial-of-service-remote-unauthenticated

ESB-2021.0807 – [Debian] activemq: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0807
                         activemq security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           activemq
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service              -- Remote/Unauthenticated
                   Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Remote/Unauthenticated
                   Unauthorised Access            -- Remote/Unauthenticated
                   Reduced Security               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-26117 CVE-2019-0222 CVE-2018-11775
                   CVE-2017-15709  

Reference:         ESB-2021.0381
                   ESB-2020.3485
                   ESB-2020.1030

Original Bulletin:
   https://www.debian.org/lts/security/2021/dla-2583

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2583-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
March 05, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : activemq
Version        : 5.14.3-3+deb9u2
CVE ID         : CVE-2017-15709 CVE-2018-11775 CVE-2019-0222 
                 CVE-2021-26117
Debian Bug     : 890352 908950 982590

Multiple security issues were discovered in activemq, a message 
broker built around Java Message Service.

CVE-2017-15709

    When using the OpenWire protocol in activemq, it was found that 
    certain system details (such as the OS and kernel version) are 
    exposed as plain text.

CVE-2018-11775

    TLS hostname verification when using the Apache ActiveMQ Client 
    was missing which could make the client vulnerable to a MITM 
    attack between a Java application using the ActiveMQ client and 
    the ActiveMQ server. This is now enabled by default.

CVE-2019-0222

    Unmarshalling corrupt MQTT frame can lead to broker Out of Memory 
    exception making it unresponsive

CVE-2021-26117

    The optional ActiveMQ LDAP login module can be configured to use
    anonymous access to the LDAP server. The anonymous context is used 
    to verify a valid users password in error, resulting in no check 
    on the password.

For Debian 9 stretch, these problems have been fixed in version
5.14.3-3+deb9u2.

We recommend that you upgrade your activemq packages.

For the detailed security status of activemq please refer to
its security tracker page at:
Dehttps://security-tracker.debian.org/tracker/activemq

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBCZOwACgkQhj1N8u2c
KO/k0g/8ClGG9rvRDmoOMkZT4yFBcerkt24teqJwVTxCqa+pJowiPxCG2jp/hd+t
Q9w2hgHcQRES5icQVA2lE3f3Kbe84EXo67upBQks2eXbNyX3H4MSI8z8rfS4xfUx
D+p0yBxPPDEglG9FBRJdWCBekjx/2GvONNyeQicUcb3VDqIJBxsgwt8Qsp+2XfAD
uX3ntPM7DWU8kefopTCSAJBHfXG89o9sz63YZBC8xQavnTJPAaj6C+VXiFW7gdar
GSZc7ck/s8ph7J0qdr1Eg7a/SVxBZIhJLDXHt3ZlVx5t7PldncpYtdiBgnhlUgPO
LReFSZAkdTCLN5S+YqTYgCGNTru0U+qIlvp1WbOf6IEqn2DckZemmiZyLa3NrA+f
pFLpq4p6Kr4xiUb3aqAzPLdYQsSrpnWwHxRhXkdd3nGyY+uqWgQHreBHVAbah/i3
QK08UWr5/OsfUz1hFZ1ZG2dUJ1xKQU3ZVHy2U9a9rvuAzzFnh3TjWswLYkhZHgJT
MoViXcSqpjBjGVLlUtKE9x4VFJosWLVd9fMi299Lij9yuz6hCoYSWh2jJVknLes1
Ihx8DyS/4GVLnu43FILD8qFKDxXUuaP8wHcCru/fSrGKtlHbIYYbksZ9kgCtq1MA
NrL/my6j8e9dUbt2ojzEozAlOeO2B0D1beb3V4GUV6bUMb4niYM=
=H+6j
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEViOeNLKJtyKPYoAQjnWw//ZLp2ewQbVvQue/mVYuGlD0/yhW2pBt3S
miZw1lvmRF1R7FNYVuU4MeErfeIEV9qiDd5Hs9Jm9OzS6PW5wwpjxTm1GtRU0Lmy
vRBPibT2e3sK/QXeq7phoJYX/uiahSHjVBmIQBEA4S0Sc15ZIg7wFdStdrhA8dLA
0kxvfffa5J+Spyln9EKZfbab+vsiP3S6U70MtmFWCyd6aGEoLMNAMbq1rKqCm+Dd
9u+lS8Ev+heKKGR3t7S3U9Xv7SReigzmkRXDZ5EW1IUbDZaie4SjHI7lkmjbs1d6
r7xZviQASx3m2wmNk2PkIPjQ0WBuxgDWZPONIHV5N+Vucao3a0joJDNM8mLtT7ur
oBRquqmRk6fFl98Xc+j7DEFt7akw0VZRip8IXsSIsOkMKmCSNFjgD8f8MOuh+zQq
1qP8x3GzkuNGOae9qu4HP9TK0D7BYUNwA7uHIdrWRfcRqqulISi2KaszzeyqRemB
JRpLr1wtbR07oswLV2UV1bwHfIT+ePXDYX1eboz8BuB3kI5wDxNlxe90d/ifw12h
DLe800XnJZnfzeX1sdQEGsroYvXO5WCb1mIr67dq4B/RbB7FesrAs5dXAXroLR8y
jZWmPRANOYXoGAATfH3mwe1NfJJDKvRG38fC0NwiOrXZRBDYXaOpeFEHSObKwAxs
zRAIa+ddNL0=
=OYtM
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0807 – [Debian] activemq: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0807-debian-activemq-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0807-debian-activemq-multiple-vulnerabilities

ESB-2021.0806 – [Debian] mqtt-client: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0806
                        mqtt-client security update
                               8 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           mqtt-client
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-0222  

Reference:         ESB-2020.1335

Original Bulletin: 
   https://www.debian.org/lts/security/2021/dla-2582

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2582-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Abhijith PA
March 05, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : mqtt-client
Version        : 1.14-1+deb9u1
CVE ID         : CVE-2019-0222
Debian Bug     : 925964

A vulnerability was discovered in mqtt-client wher unmarshalling 
corrupt MQTT frame can lead to broker Out of Memory exception making 
it unresponsive.

For Debian 9 stretch, this problem has been fixed in version
1.14-1+deb9u1.

We recommend that you upgrade your mqtt-client packages.

For the detailed security status of mqtt-client please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mqtt-client

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmBCYQAACgkQhj1N8u2c
KO/emg/+MOUnMNGQOfPdW7Y/KYa0hC/RQQlTvaJLzhZT3+bX4qLzqTc1mn/z6oiE
yt1XnXHbzF7hT2+HkE7VnouPJfVZiJpIe9BNvExB+RYNtmjsz5vczQWUxNCmbFBv
K7kA4RgE+wWb1CyiUWp3H1+P3pyYjTwpc+/wiXDJHb1lvMuhUYXXIG5+VE2SloNy
YbbPTHKcXhA2HW/VDDgTdQqCUkj2RXUgnO6L8bgF2qNnWaKnRSy0IKG65jO0Sl1l
WHBZUIJLp2TQlrkTc9yeHq3n5W8ho3WUBTgoDP7yhXRVy4wHChAi6iV9YUm7aCE6
S8Eb9PvysB6dIB9Xb3D7UhkyFiLXhkYtY/I5jNVRzd4s+P8nglM6hRl9HuaZsypB
fQI/jTTpCWaNaqDRRr549HtF6oyZCG4W/VUfTFgStbjWZl0XU6iZYV8DaK4yEayF
Ql/3m4226JZ1C7sjR6Y0zsrpxf5R1iO9sNZsEr3+peM07/NDQ7hSl0SoEgRMNa3l
5GhzopQTqDAT6yYdLFj7++ugMRDaj87yiQZpmADou0oTpJPUFRyyL3RQN03exhVY
hXT8KQzXct+BVu1IzqQki+C0lF/B55ailgWaaNzoID6eVta4t0spq5RYfx/wma9b
EkOsVWDbedWaDaLH8QjDST6Qe7IkQRQOR7pNg6NKxjEl1WJ0Kbs=
=w/ss
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYEVfPeNLKJtyKPYoAQj7WQ//cRAveIEqzDlRhyZTU8RzoIhTk58sU84U
NRA/yjOWs7FPSn3zNbYvdsJDcDbKvKp9d7N5iThFQiijzV9ncGBqPs5NKe521Z45
uZFoHoO44qsiQVtf5clfv0qMKMq8h5l1dmDR1HinDTCaCBjGL8ttsf6WznO1J28i
HUF+TmI+3v9e2nIrJzATA6xtVIS8RAdqelWfJOHeFKcXY6jSf++LImHUaVqAZ9v4
3WwoEEXMCsHYCtFtJViSoXT1m6P32Ky0irZ+KNYvlA0Nnkp0aHBxKTTTEFRg89kc
nW67L5Q1qMiKUlDZd2xaRpH/+y/bDVNucf6N95JBPLNc7nNISvXCzHLvuxcoTWeO
GgozzBDfJ4KcrVWoUNJRKJIV/yKRQb+UXKtLRpV+U+JbgZfjbUtu//2Uga+mRojB
YcHPbNXT8fhV32+WV7NuwWjZXKiAhhzTruvUPCFk6ytIgqhdq5ZbBgZNO6B+9BSl
EHKSr13pS/Wp6BwYMG1y7EZNlscEIxfet+mWhXjq6r3jsSCyV516cUFsuESyFT70
+ynKG5stjPEUX5SdgnIpG2iDWH9hQUn0FH0MyieIkhJh9TFMeDDQ0NSl3gU6pltj
c0jhy2iSqFb9Zf5udL002/avS+KfMWfsQoaB7bexkNBQbHlkOkyf24fldzTa9itD
JfXMD3CJND4=
=1ya4
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.0806 – [Debian] mqtt-client: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/esb-2021-0806-debian-mqtt-client-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0806-debian-mqtt-client-denial-of-service-remote-unauthenticated

Network Security News Summary for Monday March 8th, 2021

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday March 8th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/08/network-security-news-summary-for-monday-march-8th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-march-8th-2021

Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules

To this “researcher”, even a job not worth doing was worth overdoing. Here’s what you can learn from the incident…
Read More

The post Poison packages – “Supply Chain Risks” user hits Python community with 4000 fake modules appeared first on Malware Devil.

https://malwaredevil.com/2021/03/07/poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules/?utm_source=rss&utm_medium=rss&utm_campaign=poison-packages-supply-chain-risks-user-hits-python-community-with-4000-fake-modules