ESB-2021.1063 – [Debian] OpenSSL: Denial of service – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1063
                          OpenSSL security update
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Denial of Service -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3449  

Reference:         ESB-2021.1056

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4875

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4875-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 25, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : openssl
CVE ID         : CVE-2021-3449

A NULL pointer dereference was found in the signature_algorithms
processing in OpenSSL, a Secure Sockets Layer toolkit, which could
result in denial of service.

Additional details can be found in the upstream advisory:
https://www.openssl.org/news/secadv/20210325.txt

For the stable distribution (buster), this problem has been fixed in
version 1.1.1d-0+deb10u6.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBcru1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S4mQ//TejQ2VdmmRyQT6iSB6p9zu55Aq/cDlOaW+i338XKwZyI/AxvA+KMohGb
3xquLt4F9xaqT/I6jEUXRvev/y5+gsF3F6bIDczkR/3YG6YivWOXbcBXqIa8Z+NF
F2xcz33R3iMZyLh03N4iw7LaZmCTcXFXgsdpDpGv/SM0Ze7B44GRA9znYtoHWqJk
Mbk/ddsCQOYNRPccO+tfLzRKlNmoSIDDTbrPdAnETEevgVDbIHTyh/Wiv3BR/leV
YHzEGMZ7EQlCrt7V7DoYp2/tXfmxVbrvw0ZOnyGnrfn/wVgaYhxbYhhP9LqszDgL
0z/KGOOIVs4Kqjos3d5QBymA9M1QNzBbfcH+QV3NmqqmOLHfHEFSGmd/JsCX1H7/
xZo3lFCaLAexZwcwa0cQ8AyZuaBnLmpSKoVb9Oo+MAKiPmmjEJ/IBOF4/qnwlLa6
jJ79/fq/SMV3+Unf4wtNrLV1W/J5Yhio1WIOVYzmIYrCcHpHDT3gtC9LC3IOIVCS
ddJJtMB43092Z1knlfujhnEcTrVDxadcW8vce7vkFnErux7cTNSyEKdZ4afUOZP8
nxFDffPylMfvZXVS+Bp1668GiGfVAN9e+cIhy6RatkM2CMx63mZq3tXMfpT6wzps
us3U1xgIgTZabZhyyuQGPFwpxLxnc32y26wgCxMjOHtmXdP8T5s=
=r6Ce
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0xkeNLKJtyKPYoAQhQ9Q/7BC8W1/DQnSMPfLPFmrcxdRu/gAOqxvFE
ApurnLYsnoU+MXzV45C27lPSeECJuuqc5c3ed7FzIR5VzVYk8X0uyg33+Qdvu6Bv
q/FEBAiB+lYDfbZuIAHEdJpLT4gb++Zlfjz0spilKOQEm7Y9gzi9MjP3b6PUJZEJ
QciP0RZ0f6orwxV3bU6BqZqENghl4dhlg37KMHni9DoFeu8wFLiyM1/VbhkCoB8U
xMmiri+F2/1MiZELbjy2aclFbNUTzDPvQwAfbsBCE3lcasnLey5nUmxBsDn8phSm
d93SzswiV/Zh6w4RyUrrmwOAohIgCtpGjtuEnWDpv1TwUvMZ2d5IOpiLuqKqOrSq
wauiuoAJCtjTxk3/aVDsecHGTayy68ZCVdOL1zqh8Gbm6qk3bjgpli0VcsY5W0A9
ouo4dBBY2JLH/VGDANryMvvGJdzKZ1r/5mdl1nLciptTND/DfdSQlfBsHTWXYuhr
NKy29KLcw/bZ3G1McX3J7zequEp9lh71Aq/Fll7gLmnDokb7IaE3QpVo9xJ1XSpM
Esgf/+pqBeC+TBCpTptBImZuEdNh/o/h4eCyWvmNqZ74VLB3W9R+Q3YySd2wAK9J
RkOvBhhkwa+BBVsNlB3CvAlUcVpZm91jDR3YcnCq1InPeZOT8dqGtBkQc1BxVTlN
TTsOzhpM5E8=
=ddhK
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1063 – [Debian] OpenSSL: Denial of service – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1063-debian-openssl-denial-of-service-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1063-debian-openssl-denial-of-service-unknown-unspecified

ESB-2021.1062 – [Debian] thunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1062
                        thunderbird security update
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23987 CVE-2021-23984 CVE-2021-23982
                   CVE-2021-23981  

Reference:         ESB-2021.1055
                   ESB-2021.1004

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4876

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4876-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 25, 2021                        https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : thunderbird
CVE ID         : CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987

Multiple security issues were discovered in Thunderbird, which could
result in the execution of arbitrary code or information disclosure.

For the stable distribution (buster), these problems have been fixed in
version 1:78.9.0-1~deb10u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmBc/eQACgkQEMKTtsN8
TjbUEA/+NgJnNjYZt7IFjc7e7rd+fdAQQ/drSf6peQO92jKr3MukeudVKdqft1FP
mM3Fb5KL6jZm5Mj4v+VyheQnTjaqDN+9i8YrCARdKAUQvrOskproVWqZ21N9Ga5g
1CtezoBwxjnU1+IPMzJBCAYRsjbrBUsSJY9Bvbcw6y+cyrWa0Tpy/iEPxkZ4eT8v
TKLiEjB7loVzS/wxZRNL7rKU5NHPhp4pZu2sY0RYumyZB6wenhOpwa1MN9OSMPuG
fu5ngcW8/qwQimK84BRtilRJGFgYMB0XgbVp8FFtc03k2fShjvRswYMFNGeJSJYX
QM7w7IJWMECV+bsy3XkP8HCDRVuOmZoW6qXWL4Y8VJ0wJpE+UOJJ7juqDp33X9II
LDSzTe0Pjl26I0U75kkrFh8abB+z0AnxKJBZfAiC+54Jg0Ml3NJkeRJYf9uIes1a
BJLGmGshWFBNpNt1JEgkb5Cdjgum6jWzPnPi51bp2S792RzmUksF8ON86qtPUBX/
o6s/sk1zf80+uZTF4GjwKi7ohsyyYisvzF87XQsizmtsYTZ/y9pNWkH2CWgNcfAW
jR/IV2B824R+tgsf6BMNEpkaeMq24qtlDAtIsd7Iwkic2Ab14sPZSfNY/eRAHZbq
mGdo3R/PPJAYDQhYSIzEjojv8P0n/0SbkKJQ37LXibcX8a1Psgg=
=vdE4
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0xduNLKJtyKPYoAQgD7BAAprRQ1K9f2qkRyjMFgEawwiD8XVeaSV9g
oMgeJBXHQ9B38mam0A8XoGVfJ7MIxXFqTi1RiVaUcFsTe6N1Pxc4VcVIe77qgXEg
Rn6foUkmX11pGC8EeM316WGR/vd45rXiDeZnwDC8qsa9D4owu6dxZ6LryFYABop8
X8UCpj7INY99pusx238YKK7Tk4R9QWiN81eNNtPSenQ8DfIfrVL25mMkrCt+5Lcy
WUBSevknVATIXUnSorECfO5g/Qux81xHfJbnsxM4RZ5rtO0XeX0DxYLhqknF0Xr/
MUGWPRo4Kh0JrJUFZEzjwrazKcaqUoCo9eOlEzvh8hiODssigf2ZqJX5whIbM0pn
WC96pO0rzbzjLhAyOtQ8BLUi10UF0c9dbYUHXP8cOjXVf7i2Dm/CzX+LV7G0BiRZ
Nhlsjq/O2+dld1QEWbfeg7W4Re49NUeDxcmlYdQo40ruhJqyyZn0VitKrfzoLBds
jHyN7iOrbaehb/iIjmH150UDETebpq2XbAEA8k1Pw3dLY02Sugg78mHpbFbbe3nJ
tv4VeMjG2yLWaldYPdeJ5hLn6txjX32cx/N+bAI8mmz0FsqVNpujmqenhf/zQl5l
NdFlWLwHCZzrXS3/HHt7JJkdTBgO96XELCAihMvET7D3eSZ2lBXC0prOc4d1zz9a
z/GaJOKOoqE=
=cKc5
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1062 – [Debian] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1062-debian-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1062-debian-thunderbird-multiple-vulnerabilities

ESB-2021.1061 – [Ubuntu] OpenSSL: Denial of service – Unknown/unspecified

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1061
                     USN-4891-1: OpenSSL vulnerability
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           OpenSSL
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Denial of Service -- Unknown/Unspecified
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-3449  

Reference:         ESB-2021.1056

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4891-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4891-1: OpenSSL vulnerability
25 March 2021

OpenSSL could be made to crash if it received specially
crafted network traffic.
Releases

  o Ubuntu 20.10
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS

Packages

  o openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details

It was discovered that OpenSSL incorrectly handled certain renegotiation
ClientHello messages. A remote attacker could use this issue to cause
OpenSSL to crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o libssl1.1 - 1.1.1f-1ubuntu4.3

Ubuntu 20.04

  o libssl1.1 - 1.1.1f-1ubuntu2.3

Ubuntu 18.04

  o libssl1.1 - 1.1.1-1ubuntu2.1~18.04.9

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

  o CVE-2021-3449

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0qe+NLKJtyKPYoAQhmQg/+KrpbywEZrcE1kpRl4o4fiWVhHqWxxoiz
ae1LxzP8Y3EdkuB2dIRQ1HfAa6u5ZxFVHr+5usj9ySg3rNV3MITBFZTukAO40f4s
VIphbjAH2FFyiID2OQc31nTjpbhvz0gheEvAWIS5e6KEBOnQlyAVT+S1MlDNfxFU
YNvlgOpQJrOnZ+WrOiZUaR4w0Dhft1MLK0ZXx3svmjN3g7EOklr53FlpXOXHKWMz
blZOXT0Hy5pm+8jGXuQyn/IpaX/BWbWaKOOLef6iAUMVV6WB6epvyCMmanb2Eo5z
WQJ5dKWEvC6RPOMqAEmF0lqvfYFk2jZsv4T7H2S8abo7kDJU2A9pwQ64mqf+BWad
HYjhUq7kqGZOFU2BwMulFyO00wmKqNeodqMRL0ZVpvq3g+CcmEUCA04obM4/5erx
o1sn7wfGTI0RiGGQw+FZyNVGPqnmUzgx7uVGJWNESxzzzxYY/k31b77E8QgorIF8
MnxyZ367F+XmbJuZ5D+88IZ/ZBpKtbqVbBRiRzewne+/0Uv1doBViJDmuZ/b9YEa
K2kXCRj4v+ivXF6TGAnKd8NrLIKR4Dlsv2SwY/Ux2tVYz86n31L4Kl7drlDLUW73
XEE0jTp8pV2HM7hR0NxgoqTadf2sBOKWxMzLxYePBr2tDAyyRGDOQ3qQ7Fp5xnfh
TwC6N1C7y8M=
=FcZ+
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1061 – [Ubuntu] OpenSSL: Denial of service – Unknown/unspecified appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1061-ubuntu-openssl-denial-of-service-unknown-unspecified/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1061-ubuntu-openssl-denial-of-service-unknown-unspecified

ESB-2021.1059 – [Appliance] F5OS: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1059
                 Intel Ethernet Controller vulnerabilities
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           F5OS
Publisher:         F5 Networks
Operating System:  Network Appliance
Impact/Access:     Denial of Service -- Existing Account
                   Reduced Security  -- Existing Account
Resolution:        None
CVE Names:         CVE-2020-24505 CVE-2020-24501 CVE-2020-24500
                   CVE-2020-24498 CVE-2020-24497 CVE-2020-24496
                   CVE-2020-24495 CVE-2020-24494 CVE-2020-24493
                   CVE-2020-24492  

Reference:         ESB-2021.0481

Original Bulletin: 
   https://support.f5.com/csp/article/K85738358
   https://support.f5.com/csp/article/K91610944

Comment: This bulletin contains two (2) F5 Networks security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

K85738358: Intel Ethernet Controller vulnerabilities CVE-2020-24497,
CVE-2020-24498, CVE-2020-24500, CVE-2020-24501, and CVE-2020-24505

Original Publication Date: 26 Mar, 2021

Security Advisory Description

o CVE-2020-24497

    Insufficient Access Control in the firmware for Intel(R) E810 Ethernet
    Controllers before version 1.4.1.13 may allow a privileged user to
    potentially enable denial of service via local access.

  o CVE-2020-24498

    Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers
    before version 1.4.1.13 may allow a privileged user to potentially enable
    denial of service via local access.

  o CVE-2020-24500

    Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers
    before version 1.4.1.13 may allow a privileged user to potentially enable a
    denial of service via local access.

  o CVE-2020-24501

    Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers
    before version 1.4.1.13 may allow an unauthenticated user to potentially
    enable denial of service via adjacent access.

  o CVE-2020-24505

    Insufficient input validation in the firmware for the Intel(R) 700-series
    of Ethernet Controllers before version 7.3 may allow a privileged user to
    potentially enable denial of service via local access.

Impact

This vulnerability may allow a privileged user to potentially enable denial of
service (DoS) by way of local access.

Security Advisory Status

F5 Product Development has assigned ID 1004797 (F5OS) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a vulnerable version, that fix applies to
all subsequent point releases for that version and no additional fixes for that
version will be listed in the table. For example, when a fix is introduced in
14.1.2.3, the fix applies to 14.1.2.4 and all later point releases.

+------------+------+-------------+----------+----------+------+--------------+
|            |      |Versions     |Fixes     |          |CVSSv3|Vulnerable    |
|Product     |Branch|known to be  |introduced|Severity  |score^|component or  |
|            |      |vulnerable^1 |in        |          |2     |feature       |
+------------+------+-------------+----------+----------+------+--------------+
|            |16.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |15.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |14.x  |None         |Not       |          |      |              |
|BIG-IP (all |      |             |applicable|Not       |      |              |
|modules)    +------+-------------+----------+vulnerable|None  |None          |
|            |13.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |12.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |11.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
+------------+------+-------------+----------+----------+------+--------------+
|            |8.x   |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|BIG-IQ      +------+-------------+----------+          |      |              |
|Centralized |7.x   |None         |Not       |Not       |None  |None          |
|Management  |      |             |applicable|vulnerable|      |              |
|            +------+-------------+----------+          |      |              |
|            |6.x   |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
+------------+------+-------------+----------+----------+------+--------------+
|            |      |             |          |          |      |Intel ethernet|
|F5OS        |1.x   |1.0.0 - 1.1.0|None      |Low       |3.4   |controller    |
|            |      |             |          |          |      |firmware      |
+------------+------+-------------+----------+----------+------+--------------+
|Traffix SDC |5.x   |None         |Not       |Not       |None  |None          |
|            |      |             |applicable|vulnerable|      |              |
+------------+------+-------------+----------+----------+------+--------------+

^1F5 only evaluates software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K8986: F5 software lifecycle policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents


- --------------------------------------------------------------------------------


K91610944: Intel Ethernet controller vulnerabilities CVE-2020-24492,
CVE-2020-24493, CVE-2020-24494, CVE-2020-24495, CVE-2020-24496

Original Publication Date: 26 Mar, 2021

Security Advisory Description

o CVE-2020-24492

    Insufficient access control in the firmware for the Intel(R) 722 Ethernet
    Controllers before version 1.5 may allow a privileged user to potentially
    enable a denial of service via local access.

  o CVE-2020-24493

    Insufficient access control in the firmware for the Intel(R) 700-series of
    Ethernet Controllers before version 8.0 may allow a privileged user to
    potentially enable denial of service via local access.

  o CVE-2020-24494

    Insufficient access control in the firmware for the Intel(R) 722 Ethernet
    Controllers before version 1.4.3 may allow a privileged user to potentially
    enable denial of service via local access.

  o CVE-2020-24495

    Insufficient access control in the firmware for the Intel(R) 700-series of
    Ethernet Controllers before version 7.3 may allow a privileged user to
    potentially enable denial of service via local access.

  o CVE-2020-24496

    Insufficient input validation in the firmware for Intel(R) 722 Ethernet
    Controllers before version 1.4.3 may allow a privileged user to potentially
    enable denial of service via local access.

Impact

This vulnerability may allow a privileged user to enable a denial-of-service
(DOS) attack using local access.

Security Advisory Status

F5 Product Development has assigned ID 1004773 (F5OS) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a vulnerable version, that fix applies to
all subsequent point releases for that version and no additional fixes for that
version will be listed in the table. For example, when a fix is introduced in
14.1.2.3, the fix applies to 14.1.2.4 and all later point releases.

+------------+------+-------------+----------+----------+------+--------------+
|            |      |Versions     |Fixes     |          |CVSSv3|Vulnerable    |
|Product     |Branch|known to be  |introduced|Severity  |score^|component or  |
|            |      |vulnerable^1 |in        |          |2     |feature       |
+------------+------+-------------+----------+----------+------+--------------+
|            |16.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |15.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |14.x  |None         |Not       |          |      |              |
|BIG-IP (all |      |             |applicable|Not       |      |              |
|modules)    +------+-------------+----------+vulnerable|None  |None          |
|            |13.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |12.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|            +------+-------------+----------+          |      |              |
|            |11.x  |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
+------------+------+-------------+----------+----------+------+--------------+
|            |8.x   |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
|BIG-IQ      +------+-------------+----------+          |      |              |
|Centralized |7.x   |None         |Not       |Not       |None  |None          |
|Management  |      |             |applicable|vulnerable|      |              |
|            +------+-------------+----------+          |      |              |
|            |6.x   |None         |Not       |          |      |              |
|            |      |             |applicable|          |      |              |
+------------+------+-------------+----------+----------+------+--------------+
|            |      |             |          |          |      |Intel Ethernet|
|F5OS        |1.x   |1.0.0 - 1.1.0|None      |Medium    |6.0   |Controller    |
|            |      |             |          |          |      |firmware      |
+------------+------+-------------+----------+----------+------+--------------+
|Traffix SDC |5.x   |None         |Not       |Non       |None  |None          |
|            |      |             |applicable|vulnerable|      |              |
+------------+------+-------------+----------+----------+------+--------------+

^1F5 only evaluates software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
  o K4602: Overview of the F5 security vulnerability response policy
  o K4918: Overview of the F5 critical issue hotfix policy
  o K8986: F5 software lifecycle policy
  o K9502: BIG-IP hotfix and point release matrix
  o K13123: Managing BIG-IP product hotfixes (11.x - 16.x)
  o K167: Downloading software and firmware from F5
  o K9970: Subscribing to email notifications regarding F5 products
  o K9957: Creating a custom RSS feed to view new and updated documents

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0pk+NLKJtyKPYoAQhMAw/9HZyUHO97LxyTzfhnyskW3I/1cjp+3nks
qLVl/9P1jpSZ67gP80kMJF83gw86rGICz4kVlRAVIL0yfrrHnM8jBNfhhEslbSQv
WA1V7ar0wasvgAFwBj/9/jqQ3XC9zysr7uTCtgvINQLeWjochOp1CD9xItKBxOvn
1GjjhX23RoA/7xSQPFvP5+qsVYcFIdiG1LvJ4AyU36OJ+d3hCp3U35BR0bksUpVI
DQ26mXLL4nCKxBOwkf3+sUtEpuvcJgOGI2dKeq+KZFMRydgYf/XWf45VGXzb/v17
oqD1sQpoIz3RzxrFgRQwIT5uEUxNb6leSOlNE07muwmctlP2e6UMiNhwyqxIvttt
E8fJ7QISzqJZxV20N/ctJJRPT0uocj/zue1+QvYlDKFXpG9ZtHlARD7y0xBJ/5UD
kW6bF5OkG6ved+5kFhAoIikoLDLdBIiRAIupddjRiCGDziod2uG7pswZ9Kr1EKOa
AJNDSp63VsMJUVQ/7iuq8pC99+aJrAhf8dbmYYQLj9sRsMi8kj/joIsTMqStry4q
N7Or79tKLaijqH+IP9BXkqxX4QmpH6TOzkBwy8u+SSALbkuZYCJFuoNhiVeFvOj0
v45WNV+eMA8A+8uHM+RSj3fozRlrF92O73AxSvYQTd97xnOePQ9GZ/ZHfFPheQvr
M8xIjpMxIys=
=FPNp
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1059 – [Appliance] F5OS: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1059-appliance-f5os-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1059-appliance-f5os-multiple-vulnerabilities

ESB-2021.1060 – [RedHat] thunderbird: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1060
                        thunderbird security update
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           thunderbird
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23987 CVE-2021-23984 CVE-2021-23982
                   CVE-2021-23981  

Reference:         ESB-2021.1055
                   ESB-2021.1034
                   ESB-2021.1004

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:0993
   https://access.redhat.com/errata/RHSA-2021:0994
   https://access.redhat.com/errata/RHSA-2021:0995
   https://access.redhat.com/errata/RHSA-2021:0996

Comment: This bulletin contains four (4) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:0993-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0993
Issue date:        2021-03-25
CVE Names:         CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 
                   CVE-2021-23987 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer 
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed 
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
thunderbird-78.9.0-3.el8_3.src.rpm

aarch64:
thunderbird-78.9.0-3.el8_3.aarch64.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.aarch64.rpm
thunderbird-debugsource-78.9.0-3.el8_3.aarch64.rpm

ppc64le:
thunderbird-78.9.0-3.el8_3.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_3.ppc64le.rpm

x86_64:
thunderbird-78.9.0-3.el8_3.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_3.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFyJP9zjgjWX9erEAQgHhw/+MeSbv23PGyUuJiudJOexW1n5gjh+sTaM
etnt8tQ90dA8coPvFPU7w3OC1sG6r1fg4T4ySoQ0kTkgWFApT0t4FG5n6bWNa0Un
Ji57jOG62ImSFz+TWPz96BPXh781z5yX94mWR0ZTHkk+Gj/ncTglLBv/NuFSzEro
DH+0TW5NJExppw+sN/vs+3dVRY/72Mm55MX+FFGEKyyErW9Mu8xwqeN4bId2PDiQ
Z/xcrJv2xE+rta87Zw7UvTd4ls9SD2lebNGpov1aFabFd2bPyS6o2qy0YkIbio8l
oOnrs9YdTJ334lLTz8v9g0OuxgMgEUZYaR0/hZQbcjvh86tzUW6XSYlJyI0qzYdI
wYqkJyaTzVcKa3Osta4wDiv9/EVzktxGgL5qU8nWbuFr37L1A6lrM1MekZhV4wTg
JX/+D92u8O66/ietVmCelI135frKGBNhNl4gbpqkMEf99neCYm8KeQ4aMxovjcY8
ycPm2bD3uIwPPZQVo64JGvURJHd+AEk++GTO/6FSs4R2paZjuQ3b5/aYuqXoNbYE
NnnfD0VnlwjmDoK5rVBNRd9wxOnLS2A6eLuvNuY5uuKq+V9/QaFV983KEO2Uka81
RRnKjtPtrh4RzQbH9HhNP4vh4t0NzMACH0GFaiSB7f//L/tADnjRq8Tg5esL2vK1
KJ+MGJfeFyQ=
=7qFM
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:0994-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0994
Issue date:        2021-03-25
CVE Names:         CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 
                   CVE-2021-23987 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer 
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed 
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:
thunderbird-78.9.0-3.el8_2.src.rpm

aarch64:
thunderbird-78.9.0-3.el8_2.aarch64.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.aarch64.rpm
thunderbird-debugsource-78.9.0-3.el8_2.aarch64.rpm

ppc64le:
thunderbird-78.9.0-3.el8_2.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_2.ppc64le.rpm

x86_64:
thunderbird-78.9.0-3.el8_2.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_2.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFyJedzjgjWX9erEAQjeuw/9H8p0l4MoVecNLJUPmlyXZ9cOenwDHt7h
YKgHPA8u0GxuH7rqjlgTjfUI1v7RR96Fpw8a4D+oxuM5OJLdse56LxTsWVzgLMwO
Q32Oiw8oamuFQivceT8kXUpfhM8KNLxHPGsvFowv4Kz0usAUMJF/crq/Fj9hr7eR
CsuAXCI4hI41rI+myN12UzVh+oL3yVbByVEhgMW9MVpM7+3VIA/cOgYC5yL8Dx9t
J5L33+9PDZJGAB31ApGv5PPLPb7xiWCPPadSREokcmz8VzH5udLn1/J633Laim7X
8l0ZgI9/zrIoVEgNjwis0ImjHDob6a4fBtYs7MFDVs1jFWWLvgxACW5ciuVSJIDj
aQz3t4cRtQfzbKg//81i80Z7bMrkNYemzTirQtddLyiv8woXzt+2Ot70BouX73bG
STR9QymYxzq58PHdRNnngFk4HnK6Q+VaYEeIvtnd/jGpfuXwqDOZEyBDfO+K8DeH
jTPAf7+N7QLPhp97eCAaR3IN/JiPuaoP1i0bEzB6g+7cEPkEHWmmAPPO0OinXf3V
gpgncojvry3cJRQtROAtc7BFPfJfT3+7O8nmRb2J0wKlGydvXPNb9KnmsIpPE8sN
CTday194uBFnwGn3fNdpbUfXvYa6sFAG4UqmT7JbPZf4rZ8ToAqjlNLy85nwfvy6
JCV1TEB3F0A=
=0GK5
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:0995-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0995
Issue date:        2021-03-25
CVE Names:         CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 
                   CVE-2021-23987 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer 
resulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed by
 a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.1):

Source:
thunderbird-78.9.0-3.el8_1.src.rpm

ppc64le:
thunderbird-78.9.0-3.el8_1.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el8_1.ppc64le.rpm
thunderbird-debugsource-78.9.0-3.el8_1.ppc64le.rpm

x86_64:
thunderbird-78.9.0-3.el8_1.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el8_1.x86_64.rpm
thunderbird-debugsource-78.9.0-3.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFyJJtzjgjWX9erEAQghhw//YBRmjw1a4apb22pFpGnEaqx2sD2TeSUY
k8OkwxdJVCZtlaT63q1zn0O4NfU1ZNRvrKakm/R48ZPQIg9X6FGPxLVg/lWPyqYc
Qdf0d983k9xsdeiWBY5U/aWtpFuiWSZtSfr5yg75Z5j5Yx5diMwSl+jR9YJp3YoR
+dG1zqnhLbsMHT9iGK2c8DDAd2jpNbFNbcB1tCBbkB3CSkeLvWfxEZSOWjaCVT5y
ts7SbBx6cvNpuERw5wfTmC8JoyHGEq6yWoSxSvYP4SNAzXdfLw7ZCqMd0FkDPhYg
cpcudDAb/BKjrk7rth3fCqkwCnA+zfLSrtSzb/wa/VbrxMjbvWcMSNCKq5wP5sni
A8O76eEQVvov5J4vAcooGVyesJ/wlR70iPynW3sE31XDb5tXWzYsjg8OXU+snvlX
suH6a5EtmDC5cXHopPb2jRR4vwPN0CIk6PXJrMO0Fug2rzsJHlRRysVUD6DR8XSq
Veg9Dsj1lufLS4fK/BMRvTWYbBHQjrqj7IJK89tr7e0vHwjrmN3qN4iX+g8tRCvt
AVOH3M3u25KQUaiJPIFwEVjHlUx/9Y5JFadS0PaatjWmFt+NOSDynreuZgbWBgEm
MdpWV7V1qbnjuPY13PDj6cHfY7xGgi94jr6he3Fa9ZqgBPnWEfYGiJOF0dVGdCTk
BlB9eaPWTEg=
=+g8m
- -----END PGP SIGNATURE-----

- --------------------------------------------------------------------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update
Advisory ID:       RHSA-2021:0996-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0996
Issue date:        2021-03-25
CVE Names:         CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 
                   CVE-2021-23987 
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 78.9.0.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1942783 - CVE-2021-23981 Mozilla: Texture upload into an unbound backing buffer 
esulted in an out-of-bound read
1942785 - CVE-2021-23982 Mozilla: Internal network hosts could have been probed 
by a malicious webpage
1942786 - CVE-2021-23984 Mozilla: Malicious extensions could have spoofed popup information
1942787 - CVE-2021-23987 Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
thunderbird-78.9.0-3.el7_9.src.rpm

x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
thunderbird-78.9.0-3.el7_9.src.rpm

ppc64le:
thunderbird-78.9.0-3.el7_9.ppc64le.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.ppc64le.rpm

x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
thunderbird-78.9.0-3.el7_9.src.rpm

x86_64:
thunderbird-78.9.0-3.el7_9.x86_64.rpm
thunderbird-debuginfo-78.9.0-3.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-23981
https://access.redhat.com/security/cve/CVE-2021-23982
https://access.redhat.com/security/cve/CVE-2021-23984
https://access.redhat.com/security/cve/CVE-2021-23987
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYFyRltzjgjWX9erEAQh7Pg/8DREHRukRlZVrAO9ExQgxl7pR4aSX/m1D
xeYaEG+fTyQZGslK+Q7BnbAspQfdNy54my1IV0ynUeUXOFDLiJt1v4W+RYXemNI+
ZgOqcrvRBXL1CXQMWRZjq5V/WHqlLNn8mYZCDFDpiTddVFijVNZM2tbR2I2de/rm
E87N9ioGT9ZKm0YkQIDvPIuRr/XhPBoHMnA2WvXXEkcCrUGwhC9xcSHvUu5X410r
ZO2F6U1jcjEpmwyCinpQqWraHabJ2ZJkT8hM1KK6X6GYOrFwkEknPSmtEbY0MfCQ
4dHmhmoyFykbjASoUxLhChHTH7KlRLIQY40QAIpX7MBx2z+uTHVTYGGSs8gIfGVc
TCJjElyZmVKZiKIn2k4mTScvYTxbpk97mFr2Ri5ZHXp7qRJSGyXcRCPzn/CIw+nC
xNvt66mfY1h/CyfsUfLs9YaYJBKAj7wRqs5Valr5h8Y2bD4daO0CAWvchdxlPhxD
ghDzUuOutodED0bBzdUZWO6uSMQIX1xPVHhCRdPM3bkQH/KTkpGMTsHkRsXFOhJV
JIytHWrLyGwcpISH2qgOHSec2p7pwe+fxWpNrVelXFagWfz8sptRSqQUbM/XRPef
3ixQMO/QhflYnJB2Uejm/rhVZ6G1OP6y42aRWhEZ9osh4vJMhlRO8Uuk8A3zNTmV
L8pklHF0naI=
=lEaO
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0qHuNLKJtyKPYoAQiR9A//VyhBcKnBXoIDzEBZTyeedkr4gwtZGWgD
cnMmZl++e2S1lT2Ipq/mnr8TbabLw3v1/Mov7YvcsDe0O8NgNGVCNxUm7Pn/ZteK
UnGPtwaQZ5M2ccDhN5h71C54bsx/pBTSXICf87j0yF5v76bBDRNZ3WQTEqjyy9+0
17kSTObB9lW5pp13JSM/bYjO6bGqqF8MgMgyL1JsKO8xfzw02ZOILOtQKN211QLo
2+DPTOpzdOP0m7UQJH2Zq+gO6rlUNX6vOO3rYXq0t0O0BDL7isefnfHC/70Bc+tj
P8KOiwihMJJvVkuImgxg/VW3T6Vh7ETsWn+oRpSOV1XUA8TtWTYz+1HIm6/MPCHP
2c/GBunMrKGEnL1RESwCjqLpZntnfZyuIiR5xpECtEybG3I8E0FmPP12wDSo1gZB
gTPUzYLnb8CgJCqbKrXnm9UszIcxrTn0oxVK28DUK11Hrt/hYgVIWe88xcWtN4hh
ivMWRs/XqmYa0TekMqFMeFBfMmB/A5imh5kbwKEp1i4eEROD9x0x3GdkYYIJDtxw
i8hZV0C2UA9R3mYoCRQbzKMr94yuRklSOulxUURq1zq8MZ5abpkdyjbvL9ei1F7d
1oToqqulDaEPdAnj/fMAxRKHoB2YdrgCneWviqLFCEROmQI14NO/tyqLqCD4ZiZo
JyXPyxQV7Wo=
=DJq8
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1060 – [RedHat] thunderbird: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1060-redhat-thunderbird-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1060-redhat-thunderbird-multiple-vulnerabilities

ESB-2021.1057 – [Debian] firefox-esr: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1057
                        firefox-esr security update
                               26 March 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           firefox-esr
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
                   Access Confidential Data        -- Remote with User Interaction
                   Reduced Security                -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23987 CVE-2021-23984 CVE-2021-23982
                   CVE-2021-23981  

Reference:         ESB-2021.1055
                   ESB-2021.1034
                   ESB-2021.1003

Original Bulletin: 
   http://www.debian.org/lts/security/2021/dla-2607

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2607-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
March 25, 2021                                https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------

Package        : firefox-esr
Version        : 78.9.0esr-1~deb9u1
CVE ID         : CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987

Multiple security issues have been found in the Mozilla Firefox
web browser, which could potentially result in the execution
of arbitrary code, information disclosure or spoofing attacks.

For Debian 9 stretch, these problems have been fixed in version
78.9.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmBcvEIACgkQnUbEiOQ2
gwIx4RAAlhcg8yavLv5UUvAwzYdkeSfPHuBi4P7V6U1kZNJUs1Xh96K6sWm52EYZ
qQY4lN9XweoKCsjnRGllSI8q2N4n6ZneuRUrNH06AFV461sUjgFBt+smubOHKgnn
zeLrRJRkj96ZI4KcyapLSGg1xf3YN8CcPHmbZmVyDIhZ5nRgg/nbCzkLNSn6lMVY
xLyfB0PzHMNbG3Fq6ck1GsqRxA6F2vC3sOO6n7w+zgj9pZpFfufgCP4NkK0ZVkDU
/37ze242E8DCnhTv5LT28+hzZLoDAfPC1qpWdu9JkACXU1UYJxsDoB/eS/VbwfYO
A4HR9hYJEd02uwff6CQEMSgZ8Ou2I0+20F3jgFDfnkGgXMK9neHghtr7aFqZ5VYL
uAe+5G9kIJkUgQOUU5r1e9NLnAKjWvz9VWld+1Y4SsB6UH2qt22iVC6rtu7Fy87/
sd3Rw2hYyGrsmeBqQiVHvQy8vTmMNrdDeu2Ut2gkrPH1iJZYTBwG0BxQ6w9PgYTf
7c+1FGcwZZnliJeQ3ga+LQvHeZoxt7eriWLpSmzS3aWu5zaSRKVcll2iAApwOQ8N
+ucZmcrORJYXHwPWCL11s05ulUgpbXc7+z8tcLnBjM2dvrup6mMdcUQ76Ugggyra
eRyaTxqawF/jvkGLXZFgxJ32kloHF/3LU/+OiKQyyuK1EalmhSg=
=/raq
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYF0pbuNLKJtyKPYoAQhCQg/+J2K5bgoNPmegNTFzWFzS4cHXV8iFpBuo
zOJo0QGWfEcRacgAr77fFjjUQa9gTXi49iL4XM17ZzMu4JQUxCEXtOM47W7PwXIX
XQrXArLFjP+OiIpA27IAtT0yMt7tPt6ZcNZ/B0dQNxj69LsHek1VyaxZ7Xtwuck5
L+qbRR6t9ppztO1ygINE2pXEIXEoJoEa5mr9rbbAYeCwXTd9jbcGHe97QRVQTxks
u+D9XX75alF+OxBe2O2LOnOg62XmqYpofCzhq81fvJA5FahuZV2d2MXyxvfQEec5
9/RTFFGX55ZjlSHyYXdyzPmM7EWIPtl63STej5q+lIy3vB3jdUOs8L+TCfEbsR6y
AVDFxlFInJHSv998vqZ3p7nA2UpYBHDZnDAhehRr2V2wBCkoW/iMMo+r/UwVNXOU
cnbCsTsg7PXAkx3XWVVBmNbUUnAnhcWBoAgwAUT2CT0PjF81AyF+vvAyZ6HNojVE
nEyqZiAe0JEiIFLhIcHpYMWZKgifXiUzs9Ow2W3LGoodYR1h/1jiq/Z88Uo3Q6TT
rynvTQHg+eMirDpaUqdGMJaG9zpEHKd13xAhyfYubWNw0C6MedLhkCvPelUVR2IL
PXmMiz7MODjyggjczxgJxnwqeLKKg8tEvsn6mlxCspkQip7htqnNThQBX7lRdeXK
dANFfGtEpes=
=ttV9
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1057 – [Debian] firefox-esr: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/esb-2021-1057-debian-firefox-esr-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1057-debian-firefox-esr-multiple-vulnerabilities

Taming Vulnerability Overload – Mehul Revankar – PSW #688

Almost weekly, hackers discover and exploit vulnerabilities in popular programs like SolarWinds and Microsoft Exchange Server, impacting thousands. While it would be great to eradicate these vulnerabilities in the programs themselves, it is unlikely to happen any time soon. That’s why patching vulnerabilities quickly is important, yet even when patches are available, companies often fail to patch promptly. We’ll discuss barriers companies face that delay patching and Qualys’ experience with creating free services that help companies detect specific vulnerabilities and patching remotely for events like the SolarWinds and Microsoft Exchange incidents. The session will include a brief demo of Qualys free 60-day service to detect, prioritize, and patch vulnerable Exchange servers, and to detect environments missing compensating controls.

This segment is sponsored by Qualys.

Visit https://securityweekly.com/ to learn more about them!

Visit https://www.securityweekly.com/psw for all the latest episodes!

Show Notes: https://securityweekly.com/psw688

The post Taming Vulnerability Overload – Mehul Revankar – PSW #688 appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/taming-vulnerability-overload-mehul-revankar-psw-688/?utm_source=rss&utm_medium=rss&utm_campaign=taming-vulnerability-overload-mehul-revankar-psw-688

Cuatro pilares de gestión de cuentas privilegiadas (PAM), según Gartner

La gestión de cuentas privilegiadas depende de muchas cosas más allá de las herramientas PAM, es indispensable tener en cuenta aspectos como la auditoría, el control, la gobernanza y una adecuada administración de las tareas automatizadas. Conozca aquí los pilares …

The post Cuatro pilares de gestión de cuentas privilegiadas (PAM), según Gartner appeared first on ManageEngine Blog.

The post Cuatro pilares de gestión de cuentas privilegiadas (PAM), según Gartner appeared first on Security Boulevard.

Read More

The post Cuatro pilares de gestión de cuentas privilegiadas (PAM), según Gartner appeared first on Malware Devil.

https://malwaredevil.com/2021/03/25/cuatro-pilares-de-gestion-de-cuentas-privilegiadas-pam-segun-gartner/?utm_source=rss&utm_medium=rss&utm_campaign=cuatro-pilares-de-gestion-de-cuentas-privilegiadas-pam-segun-gartner

5 tendências que definirão o gerenciamento de endpoint em 2021 e além

2020 foi um ano de tremendo desânimo e perturbação. Imagine se você tivesse dito à administração da sua organização que eles teriam que mudar seus 10.000 ou 20.000 escritórios corporativos para o mundo virtual em janeiro daquele ano. Eles teriam …

The post 5 tendências que definirão o gerenciamento de endpoint em 2021 e além appeared first on ManageEngine Blog.

The post 5 tendências que definirão o gerenciamento de endpoint em 2021 e além appeared first on Security Boulevard.

Read More

The post 5 tendências que definirão o gerenciamento de endpoint em 2021 e além appeared first on Malware Devil.

https://malwaredevil.com/2021/03/25/5-tendencias-que-definirao-o-gerenciamento-de-endpoint-em-2021-e-alem/?utm_source=rss&utm_medium=rss&utm_campaign=5-tendencias-que-definirao-o-gerenciamento-de-endpoint-em-2021-e-alem

Perkiler malware turns to SMB brute force to spread

Researchers at Guardicore have identified a new infection vector being used by the Perkiler malware where internet-facing Windows machines are breached through SMB password brute force.

Perkiler is a complex Windows malware with rootkit components that is dropped by the Purple Fox exploit kit (EK) and was spread by phishing campaigns.

What is SMB?

Server Message Block (SMB), aka Common Internet File System (CIFS), is the network-protocol that enables file exchanges between Microsoft Windows computers. You will find it wherever Windows computers are sharing printers, files, and sometimes remote control. By default, SMB is configured to use the ports 139 and 445.

SMB vulnerability history

SMB has a history of being used by malware (coupled with a history of being enabled by mistake and exposed to the Internet by accident). The most famous example of SMB-exploiting malware is WannaCry. This worm-like outbreak spread via an operation that hunted down vulnerable public facing SMB ports and then used the EternalBlue exploit to get on the network, chained with the DoublePulsar exploit to establish persistence, and allow for the installation of the WannaCry ransomware.

What are brute force attacks?

A brute-force password attack is a relentless attempt to guess the username and password of one or more systems. As it sounds, a brute-force attack relies on force rather than cunning or skill: It is the digital equivalent of throwing everything and the kitchen sink at something. Some attacks will try endless combinations of usernames and passwords until finding a combination that works, others will try a small number of usernames and passwords on as many systems as possible.

Brute force attacks are usually automated, so they don’t cost the attacker a lot of time or energy. Certainly not as much as individually trying to figure out how to access a remote system. Based on a port number or another system-specific property, an attacker picks the target and the method and then sets his brute force application in motion. He can then move on to the next target and wait to get notified when one of the systems has swallowed the hook.

Not a new infection method

The fact that the researchers found the Perkiler malware attacking Windows machines through SMB password brute force came as something of a surprise. Not because of the SMB brute force per se. SMB has always been brute forced, but why would you bother when you have:

• EternalBlue that allows you to own every single unpatched SMB server without going through the brute force routine.
• A few million RDP ports you can brute force with a potentially bigger gain. Remote desktop is exactly what the name implies, an option to remotely control a computer system. Which is much more interesting to an attacker than just being able to drop a file on an SMB server.

The answer to this question remains a mystery for now. Maybe they are planning ahead for when the number of vulnerable RDP servers dries up.

Using compromised machines

Perkiler uses a large network of compromised servers to host its dropper and the payloads. These servers appear to be compromised Microsoft IIS 7.5 servers. Most of these Windows Servers are running IIS version 7.5 and Microsoft FTP, which are known to have multiple vulnerabilities with varying severity levels.

The rootkit

Once a machine is infected with the new variant of Perkiler, it reboots to load the rootkit that’s hidden inside the encrypted payload. The purpose of this rootkit is to hide various registry keys and values, files, etc. Ironically enough, the hidden rootkit was developed by a security researcher to conduct various malware analysis tasks and to keep the research tasks hidden from the malware.

Infected machines

Once the machine is restarted, the malware will be executed as well. After its execution, the malware will start its propagation process: the malware will generate IP ranges and start scanning them on port 445. When a machine responds to the SMB probe on port 445, it will try to authenticate to SMB by brute-forcing usernames and passwords, or by trying to establish a null session.

One interesting detail is that the malware will install an IPv6 interface on the infected machine to allow the malware to port scan IPv6 addresses as well as to maximize the efficiency of the spread over (usually unmonitored) IPv6 subnets.

Mitigation

In theory, brute force password attacks conducted over the Internet can be defeated by even moderately strong passwords (six characters should be enough). However, even the threat of big-game ransomware using RDP brute force attacks hasn’t been enough to get people using stronger passwords. And if the prospect of facing a $50 million ransom isn’t enough motivation, it’s hard to see anything else working.

Luckily there are other, easier ways to blunt brute force attacks. The best defence of all is to remove the SMB (or RDP, or anything else) service from the Internet entirely, if possible, or to put it behind a VPN protected by two-factor authentication if it isn’t possible.

The post Perkiler malware turns to SMB brute force to spread appeared first on Malwarebytes Labs.

The post Perkiler malware turns to SMB brute force to spread appeared first on Malware Devil.

https://malwaredevil.com/2021/03/25/perkiler-malware-turns-to-smb-brute-force-to-spread/?utm_source=rss&utm_medium=rss&utm_campaign=perkiler-malware-turns-to-smb-brute-force-to-spread

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment.

Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and third-party partners outside their company—the new “direct message” feature allowed paying Slack users to message anyone outside of their company or organization, so long as they had another person’s email address. The messages came attached to an invite, but as many tech news outlets and concerned online users noted, there was no way for recipients to block the invites, or to block the content of the messages that came attached to the invites.

As Twitter product employee Menotti Minutillo said on Twitter, the implementation of Slack Connect DMs meant that malicious users could send repeated DM invites with harassing language, and that Slack would also email the DM’s recipient with the invite, including the harassing language. DM recipients would also have trouble blocking those emails as they came from a generic email address, too, Minutillo said.

well that was easy as shit to abuse

– send invite with nasty language
– slack emails you w/ the full content of the invite
– can’t block the emails because they come from a generic slack address that informs you of invites
– abuser can keep inviting w/ abusive language https://t.co/Mw9W5L251a pic.twitter.com/dWEAD7ccRO

— Menotti Minutillo (@44) March 24, 2021

Further, according to TechCrunch, the Slack Connect DM feature is opt-in at the organizational level, meaning that individual employees could not, alone, overwrite their company’s decision, should it choose to enable the feature.  

Less than 24 hours after Slack Connect DM’s full release, Slack realigned. According to Slack Vice President of Communications and Policy Jonathan Prince, the company will disable the capability to customize messages that are attached to Slack Connect DM invites.

Prince’s full statement is as follows:  

 “After rolling out Slack Connect DMs this morning, we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse, beginning today with the removal of the ability to customize a message when a user invites someone to Slack Connect DMs. Slack Connect’s security features and robust administrative controls are a core part of its value both for individual users and their organizations. We made a mistake in this initial roll-out that is inconsistent with our goals for the product and the typical experience of Slack Connect usage. As always, we are grateful to everyone who spoke up, and we are committed to fixing this issue.”

Slack’s quick work to fix the problem is appreciated, but it is curious that the company did not catch the problem before the full rollout. The company has already faced complaints about the limited features in the free version of its platform, which allows users to visibly show harassing language without even having to actually write and send messages. This is because Slack automatically sends notifications when new users join a thread, so if those new users stylize their username to be an insult, then the users in that thread will receive a notification that includes that language.

Further, the problem of harassment on messaging platforms is far from new. On the Lock and Code podcast, when we spoke with Electronic Frontier Foundation’s Director of Cybersecurity Eva Galperin, Galperin warned about this very issue.

“Primarily, the onus for making safe platforms, is on the makers of the platforms,” Galperin said. “And so, if there are people who are listening to this podcast, who are developing software or who are developing platforms or services for commercial use, I encourage them to think about how their tool will be used for harassment.”

Galperin provided specific guidance for any platform with messaging capabilities. She said that those platforms should make it possible for users to not use their real names, and for users to block other users or to mute certain keywords. This setup, Galperin said, is beneficial for both the user and the company.

“If you give the power to the users, then they can decide what is harassment and what is abuse, and it really takes the onus off the platform to be judge, jury, and executioner for every communication that somebody has online.”

Unfortunately, Slack users could not block users—and in fact the company has pushed back against such a feature for years—or mute keywords, and users would have trouble filtering out emails from Slack’s generic email addresses that included the DM invites and the accompanying messages.

These may sound like high-level discussions that are difficult to forecast, but there is actually a far simpler way to look at the problem. To borrow the words of Twitter user @geekgalgroks, a developer and accessibility advocate:

“Seriously with every new messaging system and feature ask yourself if people can send unsolicited dick pics and if those receiving them can block the sender.

Because it will happen.”

The post Slack hurries to fix direct message flaw that allowed harassment appeared first on Malwarebytes Labs.

The post Slack hurries to fix direct message flaw that allowed harassment appeared first on Malware Devil.

https://malwaredevil.com/2021/03/25/slack-hurries-to-fix-direct-message-flaw-that-allowed-harassment-9/?utm_source=rss&utm_medium=rss&utm_campaign=slack-hurries-to-fix-direct-message-flaw-that-allowed-harassment-9

Office macro execution evidence, (Fri, Mar 26th)

Microsoft Office Macros continue to be the security nightmare that they have been for the past 3 decades. System and security admins everywhere continue to try to protect their users from prevalent macro malware, but they find Microsoft’s tooling often less than helpful.

Case in point, the Microsoft page that describes how to disable macros sports this useful warning:

If only life were so easy…. The only two people who will ever be “sure” what a macro is doing are its original developer, and the malware analyst who just reverse engineered it. And I’m actually even doubtful about the developer.  

Considering how shaky and often bypassed the avialable mechanisms are to control macro usage, we would expect to at least see some decent instrumentation that allows us to log, monitor and reproduce “what happened”. But… no. There are hardly any useful logs. Which over the years led to a plethora of work-arounds, YARA rules, Powershell scripts, and reverse engineering. 

This week, I had the “joy” of doing a bit of the latter, while investigating an incident. One of the few places where macro execution leaves traces is in the “TrustRecords” entry in the registry:

HKCU:SOFTWAREMicrosoftOffice16.0WordSecurityTrusted DocumentsTrustRecords
HKCU:SOFTWAREMicrosoftOffice16.0ExcelSecurityTrusted DocumentsTrustRecords
HKCU:SOFTWAREMicrosoftOffice16.0PowerPointSecurityTrusted DocumentsTrustRecords

The version number (16.0) might vary depending on your Office installation. Whether, when and how the keys get populated also depends on the “Trust Center” setting as described in the Microsoft link above.

But in general, the registry entries will look something like this:

 

The rightmost value (00 or 7f) indicates which trust center warning the user clicked away. “00” means “Open for Editing” and “7F” means “Allow Macros to Run”. The other hex values encode, amongst other data, the original creation time stamp of the file whose name is shown. This can be extremely helpful when you need to determine the exact time of original download, if the file came from a shady source. In combination with the file name, this can be the “pivot points” that you need in an incident to go hunting in proxy or email logs, to determine how that file got to the user in the first place. 

Volatility has support to extract this information, but if you are forensicating on a live system, you can also wing it with Powershell in a pinch:

$regkeys =  'HKCU:SOFTWAREMicrosoftOffice16.0WordSecurityTrusted DocumentsTrustRecords',
            'HKCU:SOFTWAREMicrosoftOffice16.0ExcelSecurityTrusted DocumentsTrustRecords',
            'HKCU:SOFTWAREMicrosoftOffice16.0PowerPointSecurityTrusted DocumentsTrustRecords'
foreach ($key in $regkeys) {
        try {$item = Get-Item $key -erroraction stop} catch { $item = "" }
        foreach ($line in $item.property) {
            $values = $item.getvalue($line)
            if ($values[-1] -gt 0) {$type="RUN"} else {$type="EDIT"}
            $timestamp = [datetime]::FromFileTimeUtc([System.BitConverter]::ToUint64($values,0))
            Write-Output "$line $timestamp $type"
        }
}

Yep, not exactly the most beautiful code. It ain’t my fault that Microsoft insists on using 64bits for a time stamp, nor that converting such a value back into human readable time is so convoluted in Powershell :).

In my case, for the registry screenshot shown above, the Powershell spits out the following

%USERPROFILE%/Downloads/invoice%2058633.xls 03/24/2021 23:52:21 RUN
%USERPROFILE%/Downloads/Invoice%2038421.xls 03/22/2021 23:45:42 EDIT
%USERPROFILE%/Downloads/Invoice%2094377.xls 03/22/2021 21:02:04 EDIT

which tells me that the file I want is “invoice 58633.xls”, because for it, Macros were allowed to run. It also gives me a timestamp for when the user made the download – March 24, 23:52 UTC. 

If you have savvy ways of keeping track of or analyzing macro execution in your environment, please let us know, or share in the comments below.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post Office macro execution evidence, (Fri, Mar 26th) appeared first on Malware Devil.

https://malwaredevil.com/2021/03/26/office-macro-execution-evidence-fri-mar-26th/?utm_source=rss&utm_medium=rss&utm_campaign=office-macro-execution-evidence-fri-mar-26th