ESB-2021.1262 – [Juniper] Junos OS: SRX Series: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1262
   JSA11122 - 2021-04 Security Bulletin: Junos OS: SRX Series: Denial of
          Service in J-Web upon receipt of a crafted HTTP packet
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS: SRX Series
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-0227  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11122

- --------------------------BEGIN INCLUDED TEXT--------------------

2021-04 Security Bulletin: Junos OS: SRX Series: Denial of Service in J-Web
upon receipt of a crafted HTTP packet (CVE-2021-0227)

Article ID  : JSA11122
Last Updated: 14 Apr 2021
Version     : 1.0

Product Affected:
This issue affects Junos OS 17.3, 17.4, 18.2, 18.3, 18.4, 19.1, 19.2, 19.3,
19.4, 20.1. Affected platforms: SRX Series.

Problem:

An improper restriction of operations within the bounds of a memory buffer
vulnerability in Juniper Networks Junos OS J-Web on SRX Series devices allows
an attacker to cause Denial of Service (DoS) by sending certain crafted HTTP
packets. Continued receipt and processing of these packets will create a
sustained Denial of Service (DoS) condition. When this issue occurs,
web-management, NTP daemon (ntpd) and Layer 2 Control Protocol process (L2CPD)
daemons might crash.

This issue affects Juniper Networks Junos OS on SRX Series:

  o 17.3 versions prior to 17.3R3-S9;
  o 17.4 versions prior to 17.4R2-S11, 17.4R3-S2;
  o 18.2 versions prior to 18.2R3-S5;
  o 18.3 versions prior to 18.3R2-S4, 18.3R3-S3;
  o 18.4 versions prior to 18.4R2-S5, 18.4R3-S4;
  o 19.1 versions prior to 19.1R3-S2;
  o 19.2 versions prior to 19.2R1-S5, 19.2R3;
  o 19.3 versions prior to 19.3R3;
  o 19.4 versions prior to 19.4R2-S1, 19.4R3;
  o 20.1 versions prior to 20.1R1-S2, 20.1R2;

The examples of the config stanza affected by this issue:

[system services web-management]
[system services web-management https]
[security dynamic-vpn]

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was found during internal product security testing or research.

This issue has been assigned CVE-2021-0227 .

Solution:

The following software releases have been updated to resolve this specific
issue: 17.3R3-S9, 17.4R2-S11, 17.4R3-S2, 18.2R3-S5, 18.3R2-S4, 18.3R3-S3,
18.4R2-S5, 18.4R3-S4, 19.1R3-S2, 19.2R1-S5, 19.2R3, 19.3R3, 19.4R2-S1, 19.4R3,
20.1R1-S2, 20.1R2, 20.2R1, and all subsequent releases.

This issue is being tracked as 1503557 .

Workaround:

There are no viable workarounds for this issue.

To reduce the risk of exploitation of this issue, use access lists or firewall
filters to limit access to only trusted administrative networks, hosts and
users.

Implementation:
Software releases or updates are available for download at https://
support.juniper.net/support/downloads/
Modification History:

2021-04-14: Initial Publication.

CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHewmONLKJtyKPYoAQiPSw//SPXL1y1hgH9qH0mw1Eo53jNW1/LOEjrY
7zhuyYusld/j79ciyJmuu/9953Ja3IpAhsP89TGvUUSH286RuxgIChBR7J+5V0Kj
EH9CmePzmpcI9I7uUOwkGj3oBzvoYS4mF9d+Q4fjstYwMV84OP2F7ye4dUDc5gv/
6gaJFmJzlv0xVH+pOq67MuO0jrTfQh9qEbKPKToyK+npBQ3eVLNQiR1gaaHWnSY3
yn5LRYNVmbYaUrZIUkDp5EGLY09iLyrF4rVBo1T4Pp5TSwQJ6oWDWb89dRpECXrr
V9nF9P9N+IVNyWLPTolSQAhJ5nrO0KCLMi+p+X++dHwNDeBvk74/Q2G/MWCYEDQ6
0+UBmPY3VpezAM0AkJ7hjgKbid0C3K+dPlrT8M8b2VHatqIQ3aeHo6/PZjorB8pk
N3j6+ZNtv97Lw0vO2xBZSy8tCVXXpomLaHjGxxhK7wglelYlp3minAM96cz4lLlb
1m+O43IV1bsDIZ2vVPucvSWcU5Nt+PSppEu86cPyjvaAaZ7urdPnRVY4pkQWVC5p
B2J+ASHC8E3lqotQkus81yfIKu+uEjPiLgTjmyFXnvfKJQfHhN8iqfsLrzXGkxcK
NAm8Y9yIoKdnZGpFXjt7gSnzN5c3KWGhsNAtP/MCNiBjgjorwygwYYLVFLSM4FSJ
VV4fdvLLgqs=
=7zxz
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1262 – [Juniper] Junos OS: SRX Series: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1262-juniper-junos-os-srx-series-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1262-juniper-junos-os-srx-series-denial-of-service-remote-unauthenticated

ESB-2021.1272 – [Ubuntu] Underscore: Execute arbitrary code/commands – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1272
                   USN-4913-1: Underscore vulnerability
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Underscore
Publisher:         Ubuntu
Operating System:  Ubuntu
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-23358  

Reference:         ESB-2021.1126
                   ESB-2021.1113

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4913-1

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4913-1: Underscore vulnerability
14 April 2021

Underscore could be made to inject arbitrary code if it received a specially
crafted input.
Releases

  o Ubuntu 20.10
  o Ubuntu 20.04 LTS
  o Ubuntu 18.04 LTS
  o Ubuntu 16.04 LTS
  o Ubuntu 14.04 ESM

Packages

  o underscore - None

Details

It was discovered that Underscore incorrectly handled certain inputs.
An attacker could possibly use this issue to inject arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o libjs-underscore - 1.9.1~dfsg-1ubuntu0.20.10.1
  o node-underscore - 1.9.1~dfsg-1ubuntu0.20.10.1

Ubuntu 20.04

  o libjs-underscore - 1.9.1~dfsg-1ubuntu0.20.04.1
  o node-underscore - 1.9.1~dfsg-1ubuntu0.20.04.1

Ubuntu 18.04

  o libjs-underscore - 1.8.3~dfsg-1ubuntu0.1
  o node-underscore - 1.8.3~dfsg-1ubuntu0.1

Ubuntu 16.04

  o libjs-underscore - 1.7.0~dfsg-1ubuntu1.1
  o node-underscore - 1.7.0~dfsg-1ubuntu1.1

Ubuntu 14.04

  o libjs-underscore - 1.4.4-2ubuntu1+esm1
  o node-underscore - 1.4.4-2ubuntu1+esm1

In general, a standard system update will make all the necessary changes.

References

  o CVE-2021-23358

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHexXeNLKJtyKPYoAQhwCw/7BjxSeNUMWHR5UT8SkWwOI0RfDeLD0443
FLGlm3p2FJwoP/wR/zWFEapkEO+7TxuDxn2vkb5ckY/pSJFgkylpHEC2fJi85Lrr
ioG+UWrKKNq47LYVwrit/75tFekZnusFEfeIxPoSjry22TSHb09MPo1PJ9dJ+M3J
n4ePs+TlbtgrcGkJBZXPTgRIUIVFBEMAGlVhfGu2t0DmXOKmPmqHJMYtBEgxHop1
UuVTEebwnR4LxlsPJF+USBKLLfdils1opWiT3C0QELhIrTBh59G2TGnUvCx/6fzz
TMkP1TOJb0w6dCfGXSfgO7aEpEChP8RISUCyAC/ZgXO0yNDxl1KK6SEBSWfdItBr
otj/aUIiyw8bManIpRbe9hO8pIJmDIMSpcS31WLGKSXECX5wXk+oPey3nzfHiczW
x0iXvz3SNpR/jDCb/ll3baws37CfALk+2k8RzobRp8Ik72BTiiXhGnDpbTRWUFcr
lHlnduor8IsTba4Tkng7gpnajVjpaBvRIwVCUOhl6e3gLK1U+SNyd4BCy2vBgw1M
nj27TMMcLMFOhFzNFj+yX7Q1Bbt9w1Q7SPmYAz9ysM47XRcFExFwAN+W+XssGlNf
tEio0QzTeq7Zto6tN75tgHXkm7rZDdv/khVumyGkSOYNES6X6XU9CXmDSabiEqjd
YFcAveLEvK8=
=zuZl
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1272 – [Ubuntu] Underscore: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1272-ubuntu-underscore-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1272-ubuntu-underscore-execute-arbitrary-code-commands-existing-account

ESB-2021.1264 – [Juniper] Juniper Products: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1264
JSA11139 - 2021-04 Security Bulletin: Junos OS: SRX1500, SRX4100, SRX4200,
     SRX4600, SRX5000 Series with SPC2/SPC3: Multiple vulnerabilities
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS: SRX1500
                   Junos OS: SRX4100
                   Junos OS: SRX4200
                   Junos OS: SRX4600
                   Junos OS: SRX5000
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Access Confidential Data -- Existing Account
                   Reduced Security         -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-0246  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11139

- --------------------------BEGIN INCLUDED TEXT--------------------

2021-04 Security Bulletin: Junos OS: SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3:
In a multi-tenant environment, a tenant host administrator may be able to jailbreak out of their network
impacting other tenant networks or gather information from other networks. (CVE-2021-0246)

Article ID  : JSA11139
Last Updated: 14 Apr 2021
Version     : 3.0

Product Affected:
This issue affects Junos OS 18.3, 18.4, 19.1. Affected platforms: SRX1500,
SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2, SRX5000 Series with SPC2/
SPC3.

Problem:

On SRX1500, SRX4100, SRX4200, SRX4600, SRX5000 Series with SPC2/SPC3, devices
using tenant services on Juniper Networks Junos OS, due to incorrect default
permissions assigned to tenant system administrators a tenant system
administrator may inadvertently send their network traffic to one or more
tenants while concurrently modifying the overall device system traffic
management, affecting all tenants and the service provider. Further, a tenant
may inadvertently receive traffic from another tenant.

This issue affects:

Juniper Networks Junos OS:

  o 18.3 version 18.3R1 and later versions on SRX1500, SRX4100, SRX4200,
    SRX4600, SRX5000 Series with SPC2;
  o 18.3 versions prior to 18.3R3 on SRX1500, SRX4100, SRX4200, SRX4600,
    SRX5000 Series with SPC2;
  o 18.4 versions prior to 18.4R2 on SRX1500, SRX4100, SRX4200, SRX4600,
    SRX5000 Series with SPC2/SPC3;
  o 19.1 versions prior to 19.1R2 on SRX1500, SRX4100, SRX4200, SRX4600,
    SRX5000 Series with SPC2/SPC3.

This issue does not affect Juniper Networks Junos OS versions prior to 18.3R1.

Only one tenant configuration and login class must be enabled for this issue to
be seen between the tenant and root or multiple tenants, for example:

system login class "tenant class" tenant "tenant"
system login user "user" uid "id"
system login user "user" class "tenant class"
tenants "tenant" interfaces
tenants "tenant" routing-instances
system security-profile "tenant profile" policy maximum "number"
system security-profile "tenant profile" zone maximum "number"
system security-profile "tenant profile" tenant "tenant"
tenants "tenant" security policies default-policy deny-all

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2021-0246 .

Solution:

The following software releases have been updated to resolve this specific
issue: Junos OS: 18.3R3, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases.

This issue is being tracked as 1422058 .

Workaround:

There are no known workarounds for this issue

Implementation:
Software releases or updates are available for download at https://
support.juniper.net/support/downloads/
Modification History:

2021-04-14: Initial Publication.

CVSS Score:
7.3 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:L)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHewsuNLKJtyKPYoAQj1Qw/+OXjyYB7LVtJtuQuIF6ti3DMpolwSlSP9
E/Nl7Gtak+tr4tm/XIpgLEg49SvdahK7r3Zwoksoj87L/icLnwzmBzQo01iM5mNW
B0BjEmX5lv/K3JxfmWcxWP/wsovgKrOgkDSa7u3rS/ERb0WjbGIBLmB0ivpNdBAc
80H6OdGhYSZTWFCUUobRQg9v5cXj7Bzg9TlB3n0dIF6Lh4WseHukIMbxVqzKAJJ9
m/Am0X5V/gpjZMw0xuElhkHVnipmjl3VMw1E6+kXgPznJ/s/yPiXGernZxopLMa+
/ljwm9bIAJuPN7zUmdIgGuPki+fSjf0VWcWNuYTyRxAL9omE0Lv51pu0GFg0RXZq
18mzJCwAQB+ymVW3W1iyrRJsADaSUJLQtxsbGJUCwqcSvWFRXtFoJlI+XcmvbHkU
BlbF4EqW/i3774h9hGfgxkXt1hy0ISz15JczCIdFJ3nyvfuGWFOL1ZOrfmuv8UUb
1MaCPuLGTce+BoPuEIqG66idiD3Mr8jjtF02ouKm+JHr2j3zqfV3U8tYwlBJ+fDu
Cz1zStrdVS1EwQyU6sBDyfP7cx0do2acjNuRp6Hgrp7Awwr9jPtTiAto0sJ7g66S
YhV+zukzRD/0dEhEPHhhRUt3BByiLhSloH1R16s1SgQhK/fq97AyNg86aX8F8MZ1
rcpOayeNqrY=
=lo4X
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1264 – [Juniper] Juniper Products: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1264-juniper-juniper-products-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1264-juniper-juniper-products-multiple-vulnerabilities

ESB-2021.1273 – [UNIX/Linux][Ubuntu] NetworkManager: Denial of service – Existing account

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1273
                 USN-4914-1: NetworkManager vulnerability
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           NetworkManager
Publisher:         Ubuntu
Operating System:  Ubuntu
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-20297  

Original Bulletin: 
   https://ubuntu.com/security/notices/USN-4914-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running NetworkManager check for an updated version of the software
         for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

USN-4914-1: NetworkManager vulnerability
14 April 2021

NetworkManager could be made to crash if it received specially crafted
input.
Releases

  o Ubuntu 20.10

Packages

  o network-manager - Network connection manager

Details

It was discovered that NetworkManager incorrectly handled certain profiles.
A local attacker could possibly use this issue to cause NetworkManager to
crash, resulting in a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package
versions:

Ubuntu 20.10

  o network-manager - 1.26.2-1ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

  o CVE-2021-20297

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHeztuNLKJtyKPYoAQghhg//RQgq34euDHWkj1g+mKjA4VUclm0cbcpX
pxxJFctCgIpziCQPeqv1UFdJJiOiUPv79fNhjD/N9MIY8TyPSPcYLJGabw0Jiadm
8ZfH7Tp7CsrfUgFZZuHshvjvp45h8EwHEqyfCgGVIWqXympiynu+T+Ua9yZN8acc
HZfCvVPWEV9sTvsNql62vaNyEdIABVJau315lICwH3qPVIaTMxK/F/K7ULNbf9wm
k3vEXhCblOvRS7rRehWh8gSXZAqO8PVLUCBHht9qmuaYv7TUtkoMy68y4rgPNeBP
iaDM3qLJj+SBGk+foIxqjtoPI7ripQWlMgRPZ3c/G+lONJMl8bc713WAEcVD5a8k
sMTixzonSgez9sel/vT+z5Kuazccowc3SAqo2j4y5AtMtMV3t/Tvfjja5QW+r4PT
WY/oGfPvl5scszSdl5dvI2kWX8xHOjpFeW7zAXXpGrlsk4JmDzfsQDbA9HXOCntD
NSyKfP0MplINjbkQ1WqK8A9nU9eBTrh3NPPsT9+hrC/TqxXqQdvK2IypYwmS1TI1
rVSrmyETfFHCp3hyOF67RhpihqAgC0HcPbYqGeEzYGZN6THPQTM9Ouascu+RM6mm
Gt4bmD/tGB8TYLPEPzGMvsk97WFnJXUt9m+23+TZWSL0YXlDAvuqZy3LeRfyTH9O
PUEG0jztG/w=
=p1qS
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1273 – [UNIX/Linux][Ubuntu] NetworkManager: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1273-unix-linuxubuntu-networkmanager-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1273-unix-linuxubuntu-networkmanager-denial-of-service-existing-account

ESB-2021.1266 – [Juniper] Juniper Products: Denial of service – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1266
JSA11161 - 2021-04 Security Bulletin: Junos OS: PTX Series, QFX10K Series:
              A PTX/QFX FPC may restart unexpectedly with the
        "inline-Jflow" feature enabled on a large-scale deployment
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Junos OS: PTX Series
                   Junos OS: QFX10K Series
Publisher:         Juniper Networks
Operating System:  Juniper
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-0270  

Original Bulletin: 
   http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11161

- --------------------------BEGIN INCLUDED TEXT--------------------

2021-04 Security Bulletin: Junos OS: PTX Series, QFX10K Series:
A PTX/QFX FPC may restart unexpectedly with the "inline-Jflow" feature
enabled on a large-scale deployment (CVE-2021-0270)

Article ID  : JSA11161
Last Updated: 14 Apr 2021
Version     : 4.0

Product Affected:
This issue affects Junos OS 18.1. Affected platforms: PTX Series, QFX10K
Series.

Problem:

On PTX Series and QFX10k Series devices with the "inline-jflow" feature
enabled, a use after free weakness in the Packet Forwarding Engine (PFE)
microkernel architecture of Juniper Networks Junos OS may allow an attacker to
cause a Denial of Service (DoS) condition whereby one or more Flexible PIC
Concentrators (FPCs) may restart. As this is a race condition situation this
issue become more likely to be hit when network instability occurs, such as but
not limited to BGP/IGP reconvergences, and/or further likely to occur when more
active "traffic flows" are occurring through the device. When this issue
occurs, it will cause one or more FPCs to restart unexpectedly. During FPC
restarts core files will be generated. While the core file is generated traffic
will be disrupted. Sustained receipt of large traffic flows and
reconvergence-like situations may sustain the Denial of Service (DoS)
situation.

This issue affects:

Juniper Networks Junos OS:

  o 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series,
    QFX10K Series.

The inline flow monitoring configuration can be broadly classified into the
following categories:

Configurations at the [edit services flow-monitoring version-ipfix template] or
[edit services flow-monitoring version9 template] hierarchy level-At this
level, you configure the template properties for inline flow monitoring.

Configurations at the [edit forwarding-options sampling instance] hierarchy
level-At this level, you configure a sampling instance and associate the
template to the sampling instance. At this level, you also configure the
flow-server IP address and port number as well as the autonomous system type.

Configurations at the [edit chassis fpc] hierarchy level-At this level, you
associate the sampling instance with the FPC on which the media interface is
present.

Configurations at the [edit firewall] hierarchy level-At this level you
configure a firewall filter for the family of traffic to be sampled. You must
attach this filter to the interface on which you want to sample the traffic.

See https://www.juniper.net/documentation/en_US/junos/topics/task/configuration
/inline-flow-monitoring-ptx.html for further details.

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

This issue was seen during production usage.

This issue has been assigned CVE-2021-0270 .

Solution:

The following software releases have been updated to resolve this specific
issue: 16.1R7-S8, 17.2R3-S4, 17.3R3-S8, 17.4R2-S11, 17.4R3-S2, 18.1R3-S10,
18.2R1, and all subsequent releases.

This issue is being tracked as 1498427 .

Workaround:

If you are susceptible to this issue and unable to upgrade to software with the
fix, you can deploy a workaround by disabling the "inline-flow" feature.

To check for use and to disable the "inline-jflow" service on a device, see
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/
inline-flow-monitoring-ptx.html for additional details.

Removing "inline-jflow" takes effect immediately and there is no need to
restart the FPCs or the router. Once the feature is removed, the router no
longer provides traffic data to the flow collector.

Implementation:
Software releases or updates are available for download at https://
support.juniper.net/support/downloads/
Modification History:

2021-04-14: Initial Publication.
2021-04-14: Added QFX after PTX on FPC.

CVSS Score:
7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Severity Level:
High
Severity Assessment:
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common
Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHewx+NLKJtyKPYoAQhxag//WVLch1rxhkuyvVg7pjyshZc3FsqwSOqv
QYWUyQRCxe8ZUb7imFBo2ieXWsTV005KEd3f42ktbRnZLglEdUwcXwENwK+qu2uA
9gifQCw26XPst7aozBmU7jf5FKXPtjWt/d0P/Py+XxhLqQJOaT8J+XAeg42hoB/K
7zRaIeJQcjfZjUYWepqeYtjMp0Z2i4E/BF9AXG+lUERNunGj1Q8sJPBmsdMEjmcu
o3qQzZ1reo6XgwLWnD2KuSghYn8ULGU1hfR/Osq4OP0LPsN/ytcNwpmeBCvMuHBU
Lxx5ktZoPDlYtI5ZRUfSD530sl3tUQd0CynCOowzkxS3ZhVKGItIyQ7NxZxz+Yiv
ynmPbR7jxdPncf1zBllz4M3e9yF5+PF6ZFnBouy93VI9og2ed5Ndy/2RSriVt/LG
zyOTbr1oIo+VVWNcW3371RZURjD2kcG2UqES7npGt0NOplw/fkIF5gdPYLxlmsrK
mahjzUFcquVAoxDFr6E1xYhNkOBO4vibgKbU8M49ARYekVgu98A+JNQtQmPyKrSE
uwCRSrKEJVo019xYtrtC8rSP9Dpyl8NcBXjtstaR+PlTQTF5HJThbUawkfvYHuHO
isOoXdN1mmGlbNipdAAstPT81ItgwQzTQCPKrmX9tMnPnk+3vuIr47WJb2DVtmpP
MfWuPGdHWgE=
=A1rJ
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1266 – [Juniper] Juniper Products: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1266-juniper-juniper-products-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1266-juniper-juniper-products-denial-of-service-remote-unauthenticated

ESB-2021.1274 – [RedHat] RHV Manager: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1274
       RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug
                             fix, enhancement
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           RHV Manager
Publisher:         Red Hat
Operating System:  Red Hat
Impact/Access:     Denial of Service        -- Remote/Unauthenticated      
                   Cross-site Scripting     -- Remote with User Interaction
                   Access Confidential Data -- Remote/Unauthenticated      
                   Reduced Security         -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-28477 CVE-2020-28458 CVE-2020-25657
                   CVE-2019-20921  

Reference:         ESB-2021.0978
                   ESB-2021.0977

Original Bulletin: 
   https://access.redhat.com/errata/RHSA-2021:1169
   https://access.redhat.com/errata/RHSA-2021:1186

Comment: This bulletin contains two (2) Red Hat security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] security, bug fix, enhancement
Advisory ID:       RHSA-2021:1169-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1169
Issue date:        2021-04-14
CVE Names:         CVE-2019-20921 CVE-2020-25657 CVE-2020-28458 
                   CVE-2020-28477 
=====================================================================

1. Summary:

An update is now available for Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch

3. Description:

The ovirt-engine package provides the manager for virtualization
environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.

A list of bugs fixed in this update is available in the Technical Notes
book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht
ml-single/technical_notes

Security Fix(es):

* nodejs-bootstrap-select: not escaping title values on  may lead
to XSS (CVE-2019-20921)

* m2crypto: bleichenbacher timing attacks in the RSA decryption API
(CVE-2020-25657)

* datatables.net: prototype pollution if 'constructor' were used in a data
property name (CVE-2020-28458)

* nodejs-immer: prototype pollution may lead to DoS or remote code
execution (CVE-2020-28477)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1145658 - Storage domain removal does not check if the storage domain contains any memory dumps.
1155275 - [RFE] - Online update LUN size to the Guest after LUN resize
1649479 - [RFE] OVF_STORE last update not exposed in the UI
1666786 - RHV-M reports "Balancing VM ${VM}" for ever as successful in the tasks list
1688186 - [RFE] CPU and NUMA Pinning shall be handled automatically
1729359 - Failed image upload leaves disk in locked state, requiring manual intervention to cleanup.
1787235 - [RFE] Offline disk move should log which host the data is being copied on in the audit log
1802844 - rest api setupnetworks: assignment_method should be inside ip_address_assignment
1837221 - [RFE] Allow using other than RSA SHA-1/SHA-2 public keys for SSH connections between RHVM and hypervisors
1843882 - network interface not added to public firewalld zone until host reboot
1858420 - Snapshot creation on host that engine then loses connection to results in missing snapshots table entry
1882273 - CVE-2019-20921 nodejs-bootstrap-select: not escaping title values on  may lead to XSS
1884233 - oVirt-engine reports misleading login-domain for external RH-SSO accounts
1889823 - CVE-2020-25657 m2crypto: bleichenbacher timing attacks in the RSA decryption API
1895217 - Hosted-Engine --restore-from-file fails if backup has VM pinned to restore host and has no Icon set.
1901503 - Misleading error message, displaying Data Center Storage Type instead of its name
1901752 - AddVds fails as FIPS host rejects SSH with ssh-rsa, failing HostedEngine deployment
1905108 - Cannot hotplug disk reports libvirtError: Requested operation is not valid: Domain already contains a disk with that address
1905158 - After upgrading RHVH 4.4.2 to 4.4.3 moves to non-operational due to missing CPU features : model_Cascadelake-Server
1908441 - CVE-2020-28458 datatables.net: prototype pollution if 'constructor' were used in a data property name
1910302 - [RFE] Allow SPM switching if all tasks have finished via UI
1913198 - Host deploy fails if 6+ hosts are deployed at the same time.
1914602 - [RHV 4.4] /var/lib/ovirt-engine/external_truststore (Permission denied)
1918162 - CVE-2020-28477 nodejs-immer: prototype pollution may lead to DoS or remote code execution
1919555 - Rebase apache-sshd to version 2.6.0 for RHV 4.4.5
1921104 - Bump required ansible version in RHV Manager 4.4.5
1921119 - RHV reports unsynced cluster when host QoS is in use.
1922200 - Checking the Engine database consistency takes too long to complete
1924012 - Rebase ansible-runner to 1.4.6
1926854 - [RFE] Requesting an audit log entry be added in LSM flow to display the host on which the internal volumes are copied
1927851 - [RFE] Add timezone AUS Eastern Standard Time
1931514 - [downstream] Cluster upgrade fails when using Intel Skylake Client/Server IBRS SSBD MDS Family
1931786 - Windows driver update does not work on cluster level 4.5

6. Package List:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source:
ansible-runner-1.4.6-2.el8ar.src.rpm
ansible-runner-service-1.0.7-1.el8ev.src.rpm
apache-sshd-2.6.0-1.el8ev.src.rpm
ovirt-engine-4.4.5.9-0.1.el8ev.src.rpm
ovirt-engine-dwh-4.4.5.5-1.el8ev.src.rpm
ovirt-web-ui-1.6.7-1.el8ev.src.rpm

noarch:
ansible-runner-1.4.6-2.el8ar.noarch.rpm
ansible-runner-service-1.0.7-1.el8ev.noarch.rpm
apache-sshd-2.6.0-1.el8ev.noarch.rpm
apache-sshd-javadoc-2.6.0-1.el8ev.noarch.rpm
ovirt-engine-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-backend-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-dwh-4.4.5.5-1.el8ev.noarch.rpm
ovirt-engine-dwh-grafana-integration-setup-4.4.5.5-1.el8ev.noarch.rpm
ovirt-engine-dwh-setup-4.4.5.5-1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-restapi-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-base-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-tools-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.4.5.9-0.1.el8ev.noarch.rpm
ovirt-web-ui-1.6.7-1.el8ev.noarch.rpm
python3-ansible-runner-1.4.6-2.el8ar.noarch.rpm
python3-ovirt-engine-lib-4.4.5.9-0.1.el8ev.noarch.rpm
rhvm-4.4.5.9-0.1.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20921
https://access.redhat.com/security/cve/CVE-2020-25657
https://access.redhat.com/security/cve/CVE-2020-28458
https://access.redhat.com/security/cve/CVE-2020-28477
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYHbXDtzjgjWX9erEAQiTWQ/9FiMmej2/JnL+QpebvDH+rtVY6jyd5CZ1
ddZiKSXzW7A7hOhm9LhmdxG+jrtmEOy4w0XD8r9NZzauh9nrZcKYrAbwUorefRNe
7ppAIri2ybGrq62kLW0FkPYo+cKsg9uWdDooNCvJi7pLcn8C7B9ZCyb6SWYSQyEz
NhYPxcbTbAoHQ0ACTC4Fr4YKOM7UIt8toZJ91/fnfLk1pjmM5eUsiax9mIFYB9fa
/ormZyfwUqnr8HtiX8FNsFMamltoz/y5cdBX9RNAC5ype7m1CDDvtePyiD5ch+PB
T1oplGTfbD3YzjwSgdsJb8CxB19QrHBWbw3moVoPelfpm6GDwYGNcONErUDkiYlR
0gukk91EDkNgwTp3n7ihSOGpodF3P7kkvxFVV0nMXCBOz5wIFLeBPQJvBT3CkmQ0
8/vi05DT+ceocexVKXmF7KbLkav0rxlfzKu3NskLgAzVmEysOs93VUajUjcRVrft
562YQ0Set8NKIdJUFrXqtGQ7qaPATdGcyMyJ87vcSM26NcuXrmv9AgcznlBonikx
cxxJW2fAsewPO8zZoGm5mef9yX5wRAn2ulAQpSPZmtIATpS8DKPb7/ihtvInSMyy
HQ6NgVREW0260cTNM6nRSzgehmIKeu8t4Q1Dn4ZI13YdMN7j9TfLAUVv+bJuj7aT
2FfpORrEpRw=
=CVx+
- -----END PGP SIGNATURE-----


- --------------------------------------------------------------------------------


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: RHV Manager (ovirt-engine) 4.4.z [ovirt-4.4.5] 0-day security, bug fix, enhance
Advisory ID:       RHSA-2021:1186-01
Product:           Red Hat Virtualization
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1186
Issue date:        2021-04-14
CVE Names:         CVE-2019-20921 CVE-2020-28458 
=====================================================================

1. Summary:

An update for org.ovirt.engine-root, ovirt-engine-ui-extensions, and
ovirt-web-ui is now available for Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch

3. Description:

The ovirt-engine package provides the manager for virtualization
environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.

Bug Fix(es):
* Previously, saving user preferences in the Red Hat Virtualization Manager
required the MANIPULATE_USERS permission level. As a result, user
preferences were not saved on the server.
In this release, the required permission level for saving user preferences
was changed to EDIT_PROFILE, which is the permission level assigned by
default to all users. As a result, saving user preferences works as
expected. (BZ#1920539)

A list of bugs fixed in this update is available in the Technical Notes
book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/ht
ml-single/technical_notes

Security Fix(es):

* nodejs-bootstrap-select: not escaping title values on  may lead
to XSS (CVE-2019-20921)

* datatables.net: prototype pollution if 'constructor' were used in a data
property name (CVE-2020-28458)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

1171924 - [RFE] User Preferences / settings dialog with server-side storage
1750426 - [RFE] No clear/consistent indication that Upgrade Cluster is underway
1795457 - RHV-M causing high load on PostgreSQL  DB after upgrade to 4.2
1882273 - CVE-2019-20921 nodejs-bootstrap-select: not escaping title values on  may lead to XSS
1908441 - CVE-2020-28458 datatables.net: prototype pollution if 'constructor' were used in a data property name
1920539 - Error screen displayed after user login in admin portal.

6. Package List:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source:
ovirt-engine-4.4.5.11-0.1.el8ev.src.rpm
ovirt-engine-ui-extensions-1.2.5-1.el8ev.src.rpm
ovirt-web-ui-1.6.8-1.el8ev.src.rpm

noarch:
ovirt-engine-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-backend-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-dbscripts-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-health-check-bundler-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-restapi-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-base-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-cinderlib-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-imageio-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-ovirt-engine-common-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-setup-plugin-websocket-proxy-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-tools-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-tools-backup-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-ui-extensions-1.2.5-1.el8ev.noarch.rpm
ovirt-engine-vmconsole-proxy-helper-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-webadmin-portal-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-engine-websocket-proxy-4.4.5.11-0.1.el8ev.noarch.rpm
ovirt-web-ui-1.6.8-1.el8ev.noarch.rpm
python3-ovirt-engine-lib-4.4.5.11-0.1.el8ev.noarch.rpm
rhvm-4.4.5.11-0.1.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2019-20921
https://access.redhat.com/security/cve/CVE-2020-28458
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYHbWvtzjgjWX9erEAQhn0g//Tq1J7QQK39XqARe/yaUWGMTA5/A2vFyl
1mY+q0N28mpDEKG2aCN/Qa5fBmk6bstCT3qZjog5kQa4z4gy54BxmhnYAEnlVk4s
pLW/f9akgalJrnRHs18h+ElGlIhIAQ7X/Kmve5XsarXYLuu9H1eIaVwLX9mPRiTi
4jcwZUmNUGO32xCYW9k1+AZf7t7BHvx3IwOQkY33SznwqLY7IWVJ7VbsS3SnNUOT
t5Ww1ewZqMD8QUiZcMMbX4ySu9aINIVYDNRIh/GOd6W9U0xVozg0PMjVVLqd2gZM
A8G7K/Wns8xDt0/XEdW12F8kC4aH25dKZydU6uPynI2n5nLyR+9db1zV9y0v0mDB
fwBhCGh2YnieW9v7Tjnde46wmg08MOxi6a+FpxHJgfWtwgEiyhm+sPxfwe+fSUmB
LNoZyvPr+yVuEuGIEhZeTIUpWnNsv94fkyaN+aLYs3GNpB1/+r3agtJJh1/Gu58Y
d4f2iuzMqaLN6SYW3LjUH2wv6tBEu+vqcx2+cyx098qS2c3/dn9hfg3KNsAMRU5l
3yMDe7BKuKgFhqLdxwW/YopCYX4C39Lg3oJgew6R2GsM0mAaha/pFmjQ/scICTLY
fovk925eAT5Pv+A9ExkOQrXWZU9uSXRYeBhONpv04bqWnw9BMhKLzMWWpyKP+lsc
QafqGkxbv7g=
=BhsF
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHezwONLKJtyKPYoAQgUUg/8D2ShO5Tlftq4wK4zs/IOBvFdNhKm0uX+
X24Eo3aYg3fcLCXleCkofEJ78mwIrk2cTLltCfIPQkUNkY2gAffXNBgea20qzD78
+TqpqM8fUFHCrsJwYmg9fGYTNJRmpseqflifIPSn/yDykXVCUNC9yiP5n36030HS
LAAtWOsPXHOl/i3e/6YJZSlva4NZd1afqseyUumEqVBLWlI+i1CIdSRTYg5tH1Pa
W3jyYbicfkwe4Jzz+wBW0bdI0chwBVQsw8Q5t7lN/RVGZTM2XD85AiozSApu4pDL
EdIZU3/zT2A97vVSLKOhgyY/gAwUjameRcyrEyVgcKNJ33kRDJE4NhBMnK8ZcT91
Ieam/DyQ/ixOPaM0V14PGdvtE+Iu6M85UZufG+WYaMGeNgN4rCvL+EdyHZNMOd1O
AXWlr08jraESLuRJ289hJ5Hqh74NPOKvpSx4VZoJTwzs5rUeAMeGjPC41zMK/L0P
p4NP3XvbNExIa76lduEbuB2Pfr3Vj6RaDdwTKVp+3GVlYOg8R8n2To4bjtLbiZBW
e5EyHBffENarR3Rsbci92rUTCGv1G0BOPkjNCFmlPPcP/9ine66BYQIBkmQXu9Dm
cqw0Hwr200oh7ZkScoRBF/doDV5USQWwCJ7BMAITFvr8kx3zNU2SKX9WPwG+DOoB
C/LgMjSixvo=
=dVfA
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1274 – [RedHat] RHV Manager: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1274-redhat-rhv-manager-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1274-redhat-rhv-manager-multiple-vulnerabilities

ESB-2021.1267 – [Win] Endpoint Security (ENS) for Windows: Provide misleading information – Remote/unauthenticated

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.1267
       Endpoint Security for Windows update fixes one vulnerability
                         (CVE-2020-7308) (SB10354)
                               15 April 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Endpoint Security (ENS) for Windows
Publisher:         McAfee
Operating System:  Windows
Impact/Access:     Provide Misleading Information -- Remote/Unauthenticated
                   Access Confidential Data       -- Remote/Unauthenticated
                   Reduced Security               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7308  

Original Bulletin: 
   https://kc.mcafee.com/corporate/index?page=content&id=SB10354

- --------------------------BEGIN INCLUDED TEXT--------------------

McAfee Security Bulletin - Endpoint Security for Windows update fixes one
vulnerability (CVE-2020-7308)

Security Bulletins ID   : SB10354

Last Modified           : 4/13/2021

Summary

First Published: April 13, 2021
+----------------+-----------+-------------+----------------+--------+--------+
|                |           |             |                |        |CVSS    |
|                |Impacted   |             |Impact of       |Severity|v3.1    |
|Product:        |Versions:  |CVE ID:      |Vulnerabilities:|Ratings:|Base/   |
|                |           |             |                |        |Temporal|
|                |           |             |                |        |Scores: |
+----------------+-----------+-------------+----------------+--------+--------+
|                |10.7.0     |             |                |        |        |
|                |prior to   |             |CWE-319:        |        |        |
|Endpoint        |February   |             |Cleartext       |        |        |
|Security (ENS)  |2021 Update|CVE-2020-7308|Transmission of |Medium  |4.8 /   |
|for Windows     |10.6.1     |             |Sensitive       |        |4.3     |
|                |prior to   |             |Information     |        |        |
|                |February   |             |                |        |        |
|                |2021 Update|             |                |        |        |
+----------------+-----------+-------------+----------------+--------+--------+
|                |Install or update to:                                       |
|Recommendations:|                                                            |
|                |  o ENS 10.7.0 February 2021 Update                         |
|                |  o ENS 10.6.1 February 2021 Update                         |
+----------------+------------------------------------------------------------+
|Security        |                                                            |
|Bulletin        |None                                                        |
|Replacement:    |                                                            |
+----------------+------------------------------------------------------------+
|Location of     |                                                            |
|updated         |http://www.mcafee.com/us/downloads/downloads.aspx           |
|software:       |                                                            |
+----------------+------------------------------------------------------------+

To receive email notification when this Security Bulletin is updated, click
Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

  o Vulnerability Description
  o Remediation
  o Product Specific Notes
  o Acknowledgments
  o Frequently Asked Questions (FAQs)
  o Resources
  o Disclaimer

Vulnerability Description
The McAfee Global Threat Intelligence (GTI) over DNS (GTI-DNS) service has been
in production for about 12 years. At the time of its launch, most internet
traffic was not encrypted. GTI-DNS used a fixed key to partially encrypt the
most sensitive information. Since then, we have updated most of our products
and cloud services to use encrypted communication facilities such as TLS. The
latest evolution of our GTI service is GTI-REST. GTI-REST runs only over TLS
1.2 and does not support unauthenticated clients. Our GTI-REST POPs (point of
presence) receive an A rating from SSL Labs.

In the legacy GTI-DNS service, it is possible to snoop DNS traffic and
determine the number of malicious objects on a system. It is also possible to
map known hashes to the encrypted version by examining the A record. An
attacker could also gain control of an intermediate DNS server, or they could
modify the DNS configuration so as to direct DNS requests to a server under
their control. Either of these techniques would enable an attacker to intercept
A record queries and send a spoof response that a malicious file is clean.
Snooping the traffic to see the requests and responses to and from the McAfee
servers is relatively easy to do. But, it is less easy to gain access to a DNS
server and alter the data sent to the client.

It is important to remember that spoofing a clean A record as described above
only has the same effect as when the McAfee product is running on a system that
has no internet connection. Our products use regularly updated local content to
make sure that they continue to offer excellent protection when disconnected
from the internet.

Moreover, if an attacker spoofs an A record to suggest to the product that a
clean file is malicious, the product verifies this response by requesting a
confirmatory TXT record from GTI-DNS. Unlike the A record, the TXT record is
digitally signed. This mechanism prevents attackers from orchestrating a DoS
(denial-of-service) by convicting clean files.

CVE-2020-7308
Cleartext Transmission of Sensitive Information between McAfee Endpoint
Security (ENS) for Windows prior to 10.7.0 February 2021 Update and McAfee
Global Threat Intelligence (GTI) servers using DNS allows a remote attacker to
view the requests from ENS and responses from GTI over DNS. By gaining control
of an intermediate DNS server or altering the network DNS configuration, it is
possible for an attacker to intercept requests and send their own responses.
https://web.nvd.nist.gov/view/vuln/detailvulnId=CVE-2020-7308
https://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2020-7308
Remediation
To remediate this issue:

  o Customers on ENS 10.7.0: Update to ENS 10.7.0 February 2021 Update.
  o Customers on ENS 10.6.1 and earlier versions: Upgrade to ENS 10.7.0
    February 2021 Update, or update to ENS 10.6.1 February 2021 Update.

Once you have installed the update, see the Product Specific Notes section for
the next steps.

Go to the Product Downloads site , and download the applicable product update
file:
+---------------+---------------------------+------+----------------+
|Product        |Version                    |Type  |Release Date    |
+---------------+---------------------------+------+----------------+
|ENS for Windows|10.7.0 February 2021 Update|Update|February 9, 2021|
|               |10.6.1 February 2021 Update|      |                |
+---------------+---------------------------+------+----------------+

Download and Installation Instructions
For instructions to download McAfee product updates and hotfixes, see: KB56057
- - How to download Enterprise product updates and documentation . Review the
Release Notes and the Installation Guide for instructions on how to install
these updates. All documentation is available at https://docs.mcafee.com .
Product Specific Notes

  o This feature is currently offered as an opt-in. Once you have installed the
    relevant update, you need to follow the instructions in KB94339 -
    REGISTERED - Redirect Endpoint Security AMCore to use REST supported
    content to enable the feature.
    The referenced article is available only to registered ServicePortal users.

    To view registered articles:
     1. Log on to the ServicePortal at http://support.mcafee.com .
     2. Type the article ID in the search field on the home page.
     3. Click Search or press Enter.
  o There is a dependency on updated protection content released on or after
    April 13, 2021, which has AMCore version 21.2.0.1292.6 (or later).
  o McAfee plans to use the GTI-REST API as the default in a future release.

Acknowledgments
McAfee credits the following for responsibly reporting this flaw:

Asaf Nadler from Ben Gurion University of the Negev
Ron Bitton from Ben Gurion University of the Negev
Oleg Brodt from Ben Gurion University of the Negev
Asaf Shabtai from Ben Gurion University of the Negev
Frequently Asked Questions (FAQs)
How do I know if my McAfee product is vulnerable or not
For Endpoint Security on Windows:
Use the following instructions for endpoint or client-based products:

 1. Right-click the McAfee tray shield icon on the Windows taskbar.
 2. Select McAfee Endpoint Security .
 3. In the console, select Action Menu .
 4. In the Action Menu, select About . The product version displays.

What is CVSS
CVSS, or Common Vulnerability Scoring System, is the result of the National
Infrastructure Advisory Council's effort to standardize a system of assessing
the criticality of a vulnerability. This system offers an unbiased criticality
score between 0 and 10 that customers can use to judge how critical a
vulnerability is and plan accordingly. For more information, visit the CVSS
website at: https://www.first.org/cvss/ .

When calculating CVSS scores, McAfee has adopted a philosophy that fosters
consistency and repeatability. Our guiding principle for CVSS scoring is to
score the exploit under consideration by itself. We consider only the immediate
and direct impact of the exploit under consideration. We do not factor into a
score any potential follow-on exploits that might be made possible by the
successful exploitation of the issue being scored.

What are the CVSS scoring metrics

CVE-2020-7308: Transmission of data in clear text by ENS
+------------------------+--------------------+
|Base Score              |4.8                 |
+------------------------+--------------------+
|Attack Vector (AV)      |Network (N)         |
+------------------------+--------------------+
|Attack Complexity (AC)  |High (H)            |
+------------------------+--------------------+
|Privileges Required (PR)|None (N)            |
+------------------------+--------------------+
|User Interaction (UI)   |None (N)            |
+------------------------+--------------------+
|Scope (S)               |Unchanged (U)       |
+------------------------+--------------------+
|Confidentiality (C)     |Low (L)             |
+------------------------+--------------------+
|Integrity (I)           |Low (L)             |
+------------------------+--------------------+
|Availability (A)        |None (N)            |
+------------------------+--------------------+
|Temporal Score (Overall)|4.3                 |
+------------------------+--------------------+
|Exploitability (E)      |Proof-of-Concept (P)|
+------------------------+--------------------+
|Remediation Level (RL)  |Official Fix (O)    |
+------------------------+--------------------+
|Report Confidence (RC)  |Confirmed (C)       |
+------------------------+--------------------+

NOTE: The below CVSS version 3.1 vector was used to generate this score.
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorvector=AV:N/AC:H/PR:N/UI:N
/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C&version=3.1

Where can I find a list of all Security Bulletins
All Security Bulletins are published on our external PSIRT website at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To see
Security Bulletins for McAfee Enterprise products on this website click
Enterprise Security Bulletins . Security Bulletins are retired (removed) once a
product is both End of Sale and End of Support (End of Life).

How do I report a product vulnerability to McAfee
If you have information about a security issue or vulnerability with a McAfee
product, visit the McAfee PSIRT website for instructions at https://
www.mcafee.com/us/threat-center/product-security-bulletins.aspx . To report an
issue, click Report a Security Vulnerability .

How does McAfee respond to this and any other reported security flaws
Our key priority is the security of our customers. If a vulnerability is found
within any McAfee software or services, we work closely with the relevant
security software development team to ensure the rapid and effective
development of a fix and communication plan.

McAfee only publishes Security Bulletins if they include something actionable
such as a workaround, mitigation, version update, or hotfix. Otherwise, we
would simply be informing the hacker community that our products are a target,
putting our customers at greater risk. For products that are updated
automatically, a non-actionable Security Bulletin might be published to
acknowledge the discoverer.

View our PSIRT policy on the McAfee PSIRT website at https://www.mcafee.com/us/
threat-center/product-security-bulletins.aspx by clicking About PSIRT .
Resources
To contact Technical Support, log on to the ServicePortal and go to the Create
a Service Request page at https://support.mcafee.com/ServicePortal/faces/
serviceRequests/createSR :

  o If you are a registered user, type your User ID and Password, and then
    click Log In .
  o If you are not a registered user, click Register and complete the required
    fields. Your password and logon instructions will be emailed to you.

Disclaimer
The information provided in this Security Bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the preceding limitation may not apply.

Any future product release dates mentioned in this Security Bulletin are
intended to outline our general product direction, and they should not be
relied on in making a purchasing decision. The product release dates are for
information purposes only, and may not be incorporated into any contract. The
product release dates are not a commitment, promise, or legal obligation to
deliver any material, code, or functionality. The development, release, and
timing of any features or functionality described for our products remains at
our sole discretion and may be changed or canceled at any time

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYHew1ONLKJtyKPYoAQj0jg//ZExqZDsqVXpuKrd0q7WFO+Nsq/wq+ouw
H059OBJyVZoyR8sinNDgI69SMtqdS91WwOmFmzBwj0uqcvcoDqn83inmk0hWNNpI
UJ5OzczWwENIXEGoGJyAN6lGZ+ogL2Bwa46v4762fDk8utiKZ6dPMZ+Z4emjAb+I
VqqIvnXeyhLS4uAsPIKnJLqdRYZ/uFIwvCeY3e287sxjCbRAkntVCnaVfWlV9kwT
VQbsCaRNcAIm2dHVqz3OQHmPS7IZtqql1qzK5FqgWjwFfJx5KbUzdwcCsoyBSd0s
NrzH6H1FCmw/c72iHj1jJhmcQGGTgt2FaPSzGQnAATTN3NoDdvUpsBki6lGPzblI
r3cBDSj/0JO17MkO3wYaftIYTLSNxRdof52tv+iQSIIYEQhMKnTJL3bTsLnyj5FL
VV08kbQR0X8HIYtTTHcViGQnwwWg9c8BqaYpVtCZclzcuHNM+qwTonHJvZI1vbne
88WjTkKN30JcODXGGBzisU+Y8AljmZka5uCGQq+4HBVCJMsVNUHOtk+xeZgTyvG8
TGhqQ3y+axhYhBSoFvrh+WmJBrF/nWOecV7ybZOP+NKq7ZtW6LEl/2MKdCFefH8N
uieYVsCknvSS6SIxBOBh8Ebo1F3mefC/d/xnnaq+19YOAvsenmg908KQa6eYw8Be
aRNoxc0Q0N0=
=aCYP
-----END PGP SIGNATURE-----

Read More

The post ESB-2021.1267 – [Win] Endpoint Security (ENS) for Windows: Provide misleading information – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/esb-2021-1267-win-endpoint-security-ens-for-windows-provide-misleading-information-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1267-win-endpoint-security-ens-for-windows-provide-misleading-information-remote-unauthenticated

Avoiding The mdls Command Line Round Trip With swiftr::swift_function()

The last post showed how to work with the macOS mdls command line XML output, but with {swiftr} we can avoid the command line round trip by bridging the low-level Spotlight API (which mdls uses) directly in R via Swift. If you’ve already played with {swiftr} before but were somewhat annoyed at various boilerplate elements… Continue reading →

The post Avoiding The mdls Command Line Round Trip With swiftr::swift_function() appeared first on Security Boulevard.

Read More

The post Avoiding The mdls Command Line Round Trip With swiftr::swift_function() appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/avoiding-the-mdls-command-line-round-trip-with-swiftrswift_function/?utm_source=rss&utm_medium=rss&utm_campaign=avoiding-the-mdls-command-line-round-trip-with-swiftrswift_function

Network Security News Summary for Thursday April 15th, 2021

pcap challenge solution; Adobe, Chrome, SAP Patches; Linux/Mac npm Malware; @sans.edu NCL

April 2021 Forensics Quiz Solution
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/

Adobe Patch Tuesday
https://helpx.adobe.com/security.html

Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day

SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt

Congratulations to the SANS.edu National Cyber League Teams!

We are blown away by the achievements of the @SANS_EDU teams at National Cyber League Spring 2021. 5 teams in the top 100! A school Power Ranking of 6th overall! Plus all these achievements. We can't wait for the fall competition! #goteam pic.twitter.com/hE6jTT8TGv

— @SANS_EDU (@SANS_EDU) April 14, 2021

keywords: sans.edu; ncl; linux; mac; npm; malware; sap; chrome; adobe; forensics; quiz

The post Network Security News Summary for Thursday April 15th, 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/network-security-news-summary-for-thursday-april-15th-2021/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-thursday-april-15th-2021

Important Strategies for Aligning Security With Business Objectives

What is the objective of implementing cybersecurity in a business? The answer might vary depending on whether you ask a security professional or a business executive.

However, in any cybersecurity implementation, it’s very important to stay focused on the big picture: cybersecurity is there to secure the business and its assets, so the business can concentrate on achieving its business objectives.

For example, if we are a coffee shop, then cybersecurity should be implemented to help the restaurant sell more coffee, and cybersecurity by itself is not an end goal.

To do so, security professionals and executives must align cybersecurity with business objectives, which can be quite challenging in certain cases.

Below, we’ll share important strategies that can help cybersecurity teams move business and cybersecurity alignment in the right direction, starting with the first one.

Know the business objectives inside out
One of the key challenges in aligning security with business objectives is that information security/data security executives (i.e. CISO/Chief Information Security Officer) are often too concerned about security and not the overall business objectives.

Each top stakeholder in the company might have different business and security concerns. For example, the marketing manager might be more worried about the success of the upcoming marketing campaign, while the CFO might be more worried about the cost of security infrastructure and potential losses due to security concerns.

With that being said, explore the following areas to consider how security should align with business objectives:

• Compliance with local regulations and policies
• Data assurance, security, and integrity
• Market trust and brand reputation
• Availability and performance
• Culture, policy, and governance
• Cost efficiency in implementing security controls

Maintaining two-way discussions with management and employees is very important so the security team can prioritize which areas they should focus on to help achieve organizational business objectives.

Upgrade connectivity to improve cybersecurity and productivity
With remote working becoming the norm nowadays, especially due to the COVID-19 restrictions, more employees are now actively accessing cloud resources from home. Even in a traditional office setting, regularly accessing cloud resources in various forms is now also a common practice.

To prevent potential issues, organizations must ensure a more reliable connectivity solution that is also more secure, and SD-WAN (Software Defined-Wide Area Network) can be a viable solution in the following ways:

• Better security: SD-WAN allows businesses to integrate security directly into the connection, for example by integrating VPNs, encryption, IPS, sandboxing, and firewalls.
• Reliability: SD-WAN can prioritize critical applications to ensure more reliable connectivity for all employees.
• Centralized management: security teams can easily integrate essential security functions into a single location, allowing better efficiency.

The implementations of SD-WAN as well as other types of security-focused connectivity solutions, can help businesses in aligning security with business objectives by ensuring fast, reliable, but secure network at all times.

Implement cybersecurity automation to free up time and resources for pursuing organizational objectives
Implementing automation in executing cybersecurity practices has two core benefits:

First, is that while human resources are and should be an organization’s most important security asset, human errors are also often an organization’s biggest security vulnerability. In fact, more than 95% of successful cybersecurity breaches are caused by human errors. Automating the execution of your cybersecurity can help reduce or even eliminate these human errors.

Second, is that automating cybersecurity practices can free up your employees’ valuable time so they don’t deviate from their core competencies, allowing these employees to contribute more in pursuing organizational objectives.

For example, investing in automated bot detection and management solutions like DataDome can help implement advanced, AI-powered bot mitigation. DataDome will stop bot attacks on autopilot and in real-time.

Establish a security-focused company culture
Again, human resources are an organization’s most important security assets and also the most vulnerable security vulnerabilities.

It’s very important to ensure regular training so employees and management can better spot various forms of cybersecurity attacks especially phishing and social engineering attacks.

Creating a security-focused company culture start by building awareness and knowledge of end-users by ensuring:

• All employees must understand the symptoms of key attack vectors with the highest potential of affecting the organization, so they can recognize these threats in real-world situations
• Communication is key. Management and employees should maintain clear, two-way communication about security and keep them updated.
• Monitor and evaluate progress regularly, including updating the employees with new training modules when required

Creating an organization-wide security culture requires commitment both from management and from employees, and improving awareness can be the most important asset an organization should invest in to ensure alignment of security with business objectives.

Recognizing that cybersecurity is a prerequisite, not the end goal
A very common mistake performed by organizations, especially security executives and officers, is treating cybersecurity as the end goal, while in truth cybersecurity is only a means to an end. We need cybersecurity to achieve the end goal and not the other way around.

This is why every cybersecurity initiative should consider the related business objective it’s pursuing, and the cybersecurity team should provide an assessment to explore different options and possible outcomes rather than forcing the idea of security for the sake of security.

We wouldn’t want security teams and executives to get caught up in being like an overprotective parent, hindering the business’s performance by treating security as the end goal.

Thus, cybersecurity should help the business’s goals, and not the ultimate objective by itself.

Conclusion
With various cyber-attacks are continuously growing, both in terms of scale and quality of attack, the negative impacts of these attacks on any business are increasingly becoming more threatening.

This is why aligning cybersecurity to business objectives is now a necessity, ensuring the organization is becoming more capable of mitigating security risks that can hinder the organization’s success while ensuring positive ROI in security investments.

The post Important Strategies for Aligning Security With Business Objectives appeared first on Security Boulevard.

Read More

The post Important Strategies for Aligning Security With Business Objectives appeared first on Malware Devil.

https://malwaredevil.com/2021/04/15/important-strategies-for-aligning-security-with-business-objectives/?utm_source=rss&utm_medium=rss&utm_campaign=important-strategies-for-aligning-security-with-business-objectives

How Businesses Can Survive and Thrive Amidst the New Fraud Landscape

Businesses must learn how to combat the evolving fraud landscape and strengthen their defense systems to protect themselves and consumers from complex fraud and abuse methods.  2020 was no doubt an unprecedented year as it left indelible changes on the global economy. Digital transformation efforts of businesses around the globe evolve rapidly with the need […]

The post How Businesses Can Survive and Thrive Amidst the New Fraud Landscape appeared first on Security Boulevard.

Read More

The post How Businesses Can Survive and Thrive Amidst the New Fraud Landscape appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/how-businesses-can-survive-and-thrive-amidst-the-new-fraud-landscape/?utm_source=rss&utm_medium=rss&utm_campaign=how-businesses-can-survive-and-thrive-amidst-the-new-fraud-landscape

WordPress Continues to Fall Victim to Carding Attacks

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores.

Over recent years, attackers whose goal it is to fradulently obtain credit card information have mostly focused on e-commerce specific platforms such as Magento, PrestaShop and OpenCart (knowing that 100% of these websites are dealing with payment information).

Continue reading WordPress Continues to Fall Victim to Carding Attacks at Sucuri Blog.

The post WordPress Continues to Fall Victim to Carding Attacks appeared first on Security Boulevard.

Read More

The post WordPress Continues to Fall Victim to Carding Attacks appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/wordpress-continues-to-fall-victim-to-carding-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=wordpress-continues-to-fall-victim-to-carding-attacks

2021-04-14 – BazaLoader (BazarLoader) activity

Read More

The post 2021-04-14 – BazaLoader (BazarLoader) activity appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/2021-04-14-bazaloader-bazarloader-activity-2/?utm_source=rss&utm_medium=rss&utm_campaign=2021-04-14-bazaloader-bazarloader-activity-2

Thycotic & Centrify Merge to Form Cloud Identity Security Firm

The combined entity will expand on both companies’ privileged access management tools and expects to debut a new brand this year.

The post Thycotic & Centrify Merge to Form Cloud Identity Security Firm appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/thycotic-centrify-merge-to-form-cloud-identity-security-firm-2/?utm_source=rss&utm_medium=rss&utm_campaign=thycotic-centrify-merge-to-form-cloud-identity-security-firm-2

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

The agency urges researchers to take precautions amid an ongoing targeted threat campaign.

The post CISA Urges Caution for Security Researchers Targeted in Attack Campaign appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/cisa-urges-caution-for-security-researchers-targeted-in-attack-campaign-2/?utm_source=rss&utm_medium=rss&utm_campaign=cisa-urges-caution-for-security-researchers-targeted-in-attack-campaign-2

FBI Operation Remotely Removes Web Shells From Exchange Servers

A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.

The post FBI Operation Remotely Removes Web Shells From Exchange Servers appeared first on Malware Devil.

https://malwaredevil.com/2021/04/14/fbi-operation-remotely-removes-web-shells-from-exchange-servers-2/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-operation-remotely-removes-web-shells-from-exchange-servers-2