Malware Devil

Tuesday, July 13, 2021

Protecting Your Business Against Malware in the Cloud

There are multitudes of advantages that the cloud has to offer to companies. These include making the task of security management more accessible. However, there are still many gray areas associated with the cloud and its implications for an organization’s overall security. With the widespread implementation of cloud-based computing within enterprises, the conversation surrounding security management […]… Read More

The post Protecting Your Business Against Malware in the Cloud appeared first on The State of Security.

The post Protecting Your Business Against Malware in the Cloud appeared first on Security Boulevard.

The post Protecting Your Business Against Malware in the Cloud appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/protecting-your-business-against-malware-in-the-cloud/?utm_source=rss&utm_medium=rss&utm_campaign=protecting-your-business-against-malware-in-the-cloud

How to Build a Cybersecurity Culture

Are you tired of seeing your papier-mâché network defenses torn to shreds? Do you wish you could fake your way through yet another audit, but fear being exposed by a data leak? Are hoodlums in Adidas clothing using your IT infrastructure as their own personal cloud? Well, tough. Cybercriminals are here to stay and your..

The post How to Build a Cybersecurity Culture appeared first on Security Boulevard.

The post How to Build a Cybersecurity Culture appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/how-to-build-a-cybersecurity-culture/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-build-a-cybersecurity-culture

How Public Cybersecurity Companies Performed in 1H 2021

A good way to monitor the overall health of the IT security industry is to track the publicly traded companies in the space. I previously reported on the performance of 20 cybersecurity companies in 2020. This is an update on those 20 companies with the addition of newly minted SentinelOne, trading on NASDAQ with the..

The post How Public Cybersecurity Companies Performed in 1H 2021 appeared first on Security Boulevard.

The post How Public Cybersecurity Companies Performed in 1H 2021 appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/how-public-cybersecurity-companies-performed-in-1h-2021/?utm_source=rss&utm_medium=rss&utm_campaign=how-public-cybersecurity-companies-performed-in-1h-2021

OpManager facilite la supervision du réseau pour Heritage Credit Union

À propos d’Heritage Credit Union

Heritage Credit Union Limited est une institution financière américaine à but non lucratif fondée en 1934. Aujourd’hui, elle sert plus de 28 000 membres dans l’Illinois et le Wisconsin, avec 450 millions de dollars d’actifs …

The post OpManager facilite la supervision du réseau pour Heritage Credit Union appeared first on ManageEngine Blog.

The post OpManager facilite la supervision du réseau pour Heritage Credit Union appeared first on Security Boulevard.

The post OpManager facilite la supervision du réseau pour Heritage Credit Union appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/opmanager-facilite-la-supervision-du-reseau-pour-heritage-credit-union/?utm_source=rss&utm_medium=rss&utm_campaign=opmanager-facilite-la-supervision-du-reseau-pour-heritage-credit-union

Propaganda as a Social Engineering Tool

Remember WYSIWYG? What you see is what you get. That was a simpler time in technology; you knew what the end result would be during the development stage. There were no surprises. Technology moved on, though. Now, the mantra should be, “don’t automatically believe what you see.” Deep fakes, propaganda, misinformation and disinformation campaigns are..

The post Propaganda as a Social Engineering Tool appeared first on Security Boulevard.

The post Propaganda as a Social Engineering Tool appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/propaganda-as-a-social-engineering-tool/?utm_source=rss&utm_medium=rss&utm_campaign=propaganda-as-a-social-engineering-tool

ISC Stormcast For Tuesday, July 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7582, (Tue, Jul 13th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Tuesday, July 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7582, (Tue, Jul 13th) appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/isc-stormcast-for-tuesday-july-13th-2021-https-isc-sans-edu-podcastdetail-htmlid7582-tue-jul-13th/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-tuesday-july-13th-2021-https-isc-sans-edu-podcastdetail-htmlid7582-tue-jul-13th

ESB-2021.0695.2 – UPDATE [Appliance] F5 Products: Denial of service – Remote/unauthenticated

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.0695.2
Node.js vulnerability
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP
BIG-IQ Centralized Management
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Denial of Service — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8277

Reference: ESB-2021.0587
ESB-2021.0112
ESB-2020.4214

Original Bulletin:
https://support.f5.com/csp/article/K07944249

Revision History: July 13 2021: Vendor added fixes for BIG-IP 16.x branch
February 25 2021: Initial Release

– ————————–BEGIN INCLUDED TEXT——————–

K07944249: Node.js vulnerability CVE-2020-8277

Original Publication Date: 25 Feb, 2021

Security Advisory Description

A Node.js application that allows an attacker to trigger a DNS request for a
host of their choice could trigger a Denial of Service in versions
Read More

The post ESB-2021.0695.2 – UPDATE [Appliance] F5 Products: Denial of service – Remote/unauthenticated appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-0695-2-update-appliance-f5-products-denial-of-service-remote-unauthenticated/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-0695-2-update-appliance-f5-products-denial-of-service-remote-unauthenticated

ESB-2021.1883.3 – UPDATE [Win] F5 BIG-IP APM products: Increased privileges – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.1883.3
BIG-IP Edge Client for Windows vulnerability CVE-2021-23022
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP APM
BIG-IP APM Clients
Publisher: F5 Networks
Operating System: Windows
Impact/Access: Increased Privileges — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-23023 CVE-2021-23022

Original Bulletin:
https://support.f5.com/csp/article/K08503505
https://support.f5.com/csp/article/K33757590

Revision History: July 13 2021: Added fixes for BIG-IP APM 16.x branch
June 9 2021: Updated fixed version details in K08503505 and K33757590
June 2 2021: Initial Release

– ————————–BEGIN INCLUDED TEXT——————–

K08503505: BIG-IP Edge Client for Windows vulnerability CVE-2021-23022

Original Publication Date: 02 Jun, 2021
Latest Publication Date: 09 Jun, 2021

Security Advisory Description

The BIG-IP Edge Client Windows Installer Service’s temporary folder has weak
file and folder permissions. (CVE-2021-23022)

Impact

This vulnerability can be exploited to allow an unprivileged user to run a
specially crafted application to gain privilege escalation on the client
Windows system. Customers are advised to update to a fixed version of the Edge
Client software as listed in the security advisory.

Security Advisory Status

F5 Product Development has assigned ID 984613, ID 1015381, and ID 1000609
(BIG-IP) to this vulnerability.

To determine if your product and version have been evaluated for this
vulnerability, refer to the Applies to (see versions) box. To determine if your
release is known to be vulnerable, the components or features that are affected
by the vulnerability, and for information about releases, point releases, or
hotfixes that address the vulnerability, refer to the following table. For more
information about security advisory versioning, refer to K51812227:
Understanding security advisory versioning.

Note: After a fix is introduced for a given minor branch, that fix applies to
all subsequent maintenance and point releases for that branch, and no
additional fixes for that branch will be listed in the table. For example, when
a fix is introduced in 14.1.2.3, the fix also applies to 14.1.2.4, and all
later 14.1.x releases (14.1.3.x., 14.1.4.x). For more information, refer to
K51812227: Understanding security advisory versioning. Additionally, software
versions preceding those listed in the following table have reached the End of
Technical Support (EoTS) phase of their lifecycle and are no longer evaluated
for security issues. For more information, refer to the Security hotfixes
section of K4602: Overview of the F5 security vulnerability response policy.

+——————+——+———–+———-+———-+——+———-+
| | |Versions |Fixes | |CVSSv3|Vulnerable|
|Product |Branch|known to be|introduced|Severity |score^|component |
| | |vulnerable^|in | |2 |or feature|
| | |1 | | | | |
+——————+——+———–+———-+———-+——+———-+
| |16.x |16.0.0 – |16.1.0 | | | |
| | |16.0.1 | | | | |
| +——+———–+———-+ | | |
| |15.x |15.1.0 – |None^3 | | | |
| | |15.1.3 | | | | |
| +——+———–+———-+ | |BIG-IP |
| |14.x |14.1.0 – |None^3 | | |Edge |
| | |14.1.4 | | | |Client |
|BIG-IP APM +——+———–+———-+High |7.0 |Windows |
| |13.x |13.1.0 – |None^3 | | |Component |
| | |13.1.4 | | | |Installer |
| +——+———–+———-+ | |service |
| |12.x |12.1.0 – |Will not | | | |
| | |12.1.6 |fix | | | |
| +——+———–+———-+ | | |
| |11.x |11.6.1 – |Will not | | | |
| | |11.6.5 |fix | | | |
+——————+——+———–+———-+———-+——+———-+
| | | | | | |BIG-IP |
| | | | | | |Edge |
| | |7.2.1 |7.2.1.3 | | |Client |
|BIG-IP APM Clients|7.x |7.1.6 – |7.1.9.9 |High |7.0 |Windows |
| | |7.1.9 |Update 1 | | |Component |
| | | | | | |Installer |
| | | | | | |service |
+——————+——+———–+———-+———-+——+———-+
| |16.x |None |Not | | | |
| | | |applicable| | | |
| +——+———–+———-+ | | |
| |15.x |None |Not | | | |
| | | |applicable| | | |
|BIG-IP (LTM, AAM, +——+———–+———-+ | | |
|Advanced WAF, AFM,|14.x |None |Not | | | |
|Analytics, ASM, | | |applicable|Not | | |
|DDHD, DNS, FPS, +——+———–+———-+vulnerable|None |None |
|GTM, Link |13.x |None |Not | | | |
|Controller, PEM, | | |applicable| | | |
|SSLO) +——+———–+———-+ | | |
| |12.x |None |Not | | | |
| | | |applicable| | | |
| +——+———–+———-+ | | |
| |11.x |None |Not | | | |
| | | |applicable| | | |
+——————+——+———–+———-+———-+——+———-+
| |7.x |None |Not | | | |
|BIG-IQ Centralized| | |applicable|Not | | |
|Management +——+———–+———-+vulnerable|None |None |
| |6.x |None |Not | | | |
| | | |applicable| | | |
+——————+——+———–+———-+———-+——+———-+
|F5OS |1.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+——————+——+———–+———-+———-+——+———-+
|Traffix SDC |5.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+——————+——+———–+———-+———-+——+———-+

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^3In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated
independently from the BIG-IP software. To resolve this vulnerability in BIG-IP
APM 13.1.0 and later, you can update the installed version of APM Clients to a
version listed in the Fixes introduced in column, and set Component Update to
Yes in the affected connectivity profile. For more information on Component
Update, refer to K15302: Understanding BIG-IP Edge Client Component Update
behavior for Windows, macOS, and Linux CLI. For more information about Edge
Client versions, refer to K52547540: Updating BIG-IP Edge Client for the BIG-IP
APM system and K13757: BIG-IP Edge Client version matrix.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by upgrading to a version listed
in the Fixes introduced in column. If the table lists only an older version
than what you are currently running, or does not list a non-vulnerable version,
then no upgrade candidate currently exists.

Mitigation

None

Acknowledgements

F5 acknowledges Jonas Vestberg of Sentor MSS AB and Daniel Hulliger of
Armasuisse Science+Technology, CYD Campus, for bringing this issue to our
attention and for following the highest standards of coordinated disclosure.

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ——————————————————————————–

K33757590: BIG-IP Edge Client for Windows vulnerability CVE-2021-23023

Original Publication Date: 02 Jun, 2021
Latest Publication Date: 09 Jun, 2021

Security Advisory Description

A DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge
Client Windows Installer. (CVE-2021-23023)

Impact

This vulnerability may be exploited to allow an unprivileged user to use a
malicious DLL to gain privilege escalation on the client Windows system.
Customers are advised to update to a fixed version of the BIG-IP Edge Client
software as listed in the security advisory.

Security Advisory Status

F5 Product Development has assigned ID 989317 (BIG-IP) to this vulnerability.

+————+——+————–+———-+———-+——+————-+
| | |Versions known|Fixes | |CVSSv3|Vulnerable |
|Product |Branch|to be |introduced|Severity |score^|component or |
| | |vulnerable^1 |in | |2 |feature |
+————+——+————–+———-+———-+——+————-+
| |16.x |16.0.0 – |16.1.0 | | | |
| | |16.0.1 | | | | |
| +——+————–+———-+ | | |
| |15.x |15.1.0 – |None^3 | | | |
| | |15.1.3 | | | | |
| +——+————–+———-+ | | |
| |14.x |14.1.0 – |None^3 | | | |
| | |14.1.4 | | | |BIG-IP Edge |
|BIG-IP APM +——+————–+———-+High |7.0 |Client for |
| |13.x |13.1.0 – |None^3 | | |Windows |
| | |13.1.4 | | | | |
| +——+————–+———-+ | | |
| |12.x |12.1.0 – |Will not | | | |
| | |12.1.6 |fix | | | |
| +——+————–+———-+ | | |
| |11.x |11.6.1 – |Will not | | | |
| | |11.6.5 |fix | | | |
+————+——+————–+———-+———-+——+————-+
|BIG-IP APM | |7.2.1 |7.2.1.3 | | |BIG-IP Edge |
|Clients |7.x |7.1.6 – 7.1.9 |7.1.9.9 |High |7.0 |Client for |
| | | |Update 1 | | |Windows |
+————+——+————–+———-+———-+——+————-+
| |16.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |15.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |14.x |None |Not | | | |
|BIG-IP (all | | |applicable|Not | | |
|other +——+————–+———-+vulnerable|None |None |
|modules) |13.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |12.x |None |Not | | | |
| | | |applicable| | | |
| +——+————–+———-+ | | |
| |11.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————–+———-+———-+——+————-+
| |8.x |None |Not | | | |
| | | |applicable| | | |
|BIG-IQ +——+————–+———-+ | | |
|Centralized |7.x |None |Not |Not |None |None |
|Management | | |applicable|vulnerable| | |
| +——+————–+———-+ | | |
| |6.x |None |Not | | | |
| | | |applicable| | | |
+————+——+————–+———-+———-+——+————-+
|F5OS |1.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+————+——+————–+———-+———-+——+————-+
|Traffix SDC |5.x |None |Not |Not |None |None |
| | | |applicable|vulnerable| | |
+————+——+————–+———-+———-+——+————-+

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

^3In BIG-IP APM 13.1.0 and later, the APM Clients components can be updated
independently from the BIG-IP software. To resolve this vulnerability in BIG-IP
APM 13.1.0 and later, you can update the installed version of APM Clients to a
version listed in the Fixes introduced in column and set Component Update to
Yes in the affected connectivity profile. For more information about Component
Update, refer to K15302: Understanding BIG-IP Edge Client Component Update
behavior for Windows, macOS, and Linux CLI. For more information about Edge
Client versions, refer to K52547540: Updating BIG-IP Edge Client for the BIG-IP
APM system and K13757: BIG-IP Edge Client version matrix.

Recommended Actions

Mitigation

None

Acknowledgements

F5 acknowledges Jonas Vestberg of Sentor MSS AB for bringing this issue to our
attention and following the highest standards of coordinated disclosure.

Supplemental Information

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYO0lwONLKJtyKPYoAQjnUA/9H2lImK4YumQ5fIpwxK1iefT5jqiX0i/2
8Q+WPAV0VNV6QVb0nT608YAcrCmlpgJXOtDyWQePHFwosyT70AKGMwJBTlMviJY6
J9ErV7Z5fVHihQszvN9bXOYIJGfjaA4ndO0KtPrNVtzoRYPvXf8+PQw093J0XSvH
ZW6BueBusECqcz5dJMoSUb/D6a2quQNPXhcl+us7fI1PvPnxVXBVINfb9IDZ28QT
JrKyw74P8CEzLAIDmGrq9P39p+M+r0/UIVLKh/K43IPLI/Eyj2soFRpmrysF4Xrk
h4F1dsZKWCeY0g6PYrSbVU5k6cny0zKWilBt0ikqi1gXFkoetKyquybOraUpv75q
888jJlH47kkCjtBecW/pZyfYd3o51tQtjLblQx0+91k/rtKkLoWRf1+xN4ZQ7hmC
kqDEjuOzOuyP6bs7aoBpfEseJ+n6v22EUauxInQ3knYuEK9Z6t2LYcBmKeSdKfGZ
/6nC31Bq7egLTz4sx3jlZol34xGFcpJ4WjhrKlfwTMFN+KIZQt7hqN9CjsbOV01J
eVRZ6dnDWlmCF78yLYjNRBlkf1k7xQ893HAmz4hi8XC8hquam+iSZFFLfzSKdSm4
JFm1lG1Rm5gb+QqPKduGkQhIHAyiNWwzKLOEHrTclrgA0QqNJbDTfrMcwa72QSAr
zJXLc58l/Cc=
=hKV2
—–END PGP SIGNATURE—–

The post ESB-2021.1883.3 – UPDATE [Win] F5 BIG-IP APM products: Increased privileges – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-1883-3-update-win-f5-big-ip-apm-products-increased-privileges-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-1883-3-update-win-f5-big-ip-apm-products-increased-privileges-existing-account

ESB-2021.2361 – [Appliance] Traffix SDC: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2361
Apache Cassandra vulnerability CVE-2020-13946
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Traffix SDC
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Provide Misleading Information — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: None
CVE Names: CVE-2020-13946 CVE-2019-2684

Reference: ESB-2021.0883

Original Bulletin:
https://support.f5.com/csp/article/K36212405

– ————————–BEGIN INCLUDED TEXT——————–

K36212405: Apache Cassandra vulnerability CVE-2020-13946

Original Publication Date: 13 Jul, 2021

Security Advisory Description

In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and
4.0-beta2, it is possible for a local attacker without access to the Apache
Cassandra process or configuration files to manipulate the RMI registry to
perform a man-in-the-middle attack and capture user names and passwords used to
access the JMX interface. The attacker can then use these credentials to access
the JMX interface and perform unauthorised operations. Users should also be
aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be
exploited remotely. (CVE-2020-13946)

Impact

An attacker can exploit this vulnerability to access the JMX interface and
perform unauthorized operations and may have access to sensitive information
that they are not explicitly authorized to have access to.

Security Advisory Status

F5 Product Development has assigned ID SDC-1201 (Traffic SDC) to this
vulnerability.

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If you are running a version listed in the Versions known to be vulnerable
column, you can eliminate this vulnerability by installing a version listed in
the Fixes introduced in column. If the Fixes introduced in column does not list
a version for your branch, then no update candidate currently exists for that
branch and F5 recommends upgrading to a version with the fix (refer to the
table).

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

None

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYO0JJ+NLKJtyKPYoAQjx0A/9EiRQMeZtiNeXnsmnlvQm9T+JoSucVZ79
GMmCuP5rIp7Dmx2Dc8ORQz3SK0hqHt4w4TRHARQuyDS+I8N8eBlQ02/kIVa+EJAu
KuZhDtIdmidp9HX1VJcjXPsZvbg8U84/nX6BebVucrPpbfw0uvwa3vytbagCnOCM
PA9tpDjjk9K/a4g3FeoOqc6y4tgvkTj0yzJnX+/ayuLtwVPWA75qK18P0Cekkile
xhykbrRH5h5qzWgKIl9zzPaaGOUXGC3ane00Xq8YZ8oa0HsoKduw5fWw69c1/5vI
ahBuRqnVELzU6u9tm+oZOptdAV3BqxL2E40vOUeD4LoG1jo+lgdQRXXhftPyt1j4
x+AzlGi6XXEOJ1+5Cl6KwGumq5WCAA4iIWp4rWhisK6Q1a/effs/5mZx+OJH6JWl
meG9qddpnd+fhQYqbmak/RWdFm+n1/AJWbg/gm5kn6ZBMGgaFqvDViBaEVODLt1U
tDpAOk3w5QYYMBARy1xIbv0qfaLT9h6sOc4/nJ5EmfaotN8dHwKnFue3sPaSkKJL
IOdB0PRIyrVV2v1HZkr/MjffnTbzPZ71i/bY2uCOoq8tpvVIlb2hxqzBmY+S2Gjw
Z9ryyZpiv8XyWdxkcbCb440pcBjNlHsWLkZXYIPY7VbzucAIMv/jvKw64tSPzVG1
w1Ypldom6bE=
=727o
—–END PGP SIGNATURE—–

The post ESB-2021.2361 – [Appliance] Traffix SDC: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2361-appliance-traffix-sdc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2361-appliance-traffix-sdc-multiple-vulnerabilities

ESB-2021.2359 – [Win][UNIX/Linux] Apache Tomcat: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2359
Apache Tomcat Multiple Vulnerabilities (CVE-2021-30639,
CVE-2021-30640, CVE-2021-33037)
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Apache Tomcat
Publisher: The Apache Software Foundation
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service — Remote/Unauthenticated
Unauthorised Access — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33037 CVE-2021-30640 CVE-2021-30639

Original Bulletin:
https://tomcat.apache.org/security-10.html

Comment: This advisory references vulnerabilities in products which run on multiple platforms.
It is recommended that administrators running Apache Tomcat check for an updated
version of the software for their operating system.

This bulletin contains three (3) Apache security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

CVE-2021-30639 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.0.3 to 10.0.4
Apache Tomcat 9.0.44
Apache Tomcat 8.5.64

Description:
An error introduced as part of a change to improve error handling during
non-blocking I/O meant that the error flag associated with the Request
object was not reset between requests. This meant that once a
non-blocking I/O error occurred, all future requests handled by that
request object would fail. Users were able to trigger non-blocking I/O
errors, e.g. by dropping a connection, thereby creating the possibility
of triggering a DoS.
Applications that do not use non-blocking I/O are not exposed to this
vulnerability.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
– – Upgrade to Apache Tomcat 10.0.5 or later
– – Upgrade to Apache Tomcat 9.0.45 or later
– – Upgrade to Apache Tomcat 8.5.65 or later

History:
2021-07-12 Original advisory

References:
[1] https://tomcat.apache.org/security-10.html
[2] https://tomcat.apache.org/security-9.html
[3] https://tomcat.apache.org/security-8.html

– ——————————————————————————

CVE-2021-30640 JNDI Realm Authentication Weakness

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.5
Apache Tomcat 9.0.0.M1 to 9.0.45
Apache Tomcat 8.5.0 to 8.5.65
Apache Tomcat 7.0.0 to 7.0.108

Description:
Queries made by the JNDI Realm did not always correctly escape
parameters. Parameter values could be sourced from user provided data
(eg user names) as well as configuration data provided by an administrator.
In limited circumstances it was possible for users to authenticate using
variations of their user name and/or to bypass some of the protection
provided by the LockOut Realm.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
– – Upgrade to Apache Tomcat 10.0.6 or later
– – Upgrade to Apache Tomcat 9.0.46 or later
– – Upgrade to Apache Tomcat 8.5.66 or later
– – Upgrade to Apache Tomcat 7.0.109 or later

History:
2021-07-12 Original advisory

References:
[1] https://tomcat.apache.org/security-10.html
[2] https://tomcat.apache.org/security-9.html
[3] https://tomcat.apache.org/security-8.html
[4] https://tomcat.apache.org/security-7.html

– ——————————————————————————

CVE-2021-33037 HTTP request smuggling

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.6
Apache Tomcat 9.0.0.M1 to 9.0.46
Apache Tomcat 8.5.0 to 8.5.66

Description:
Apache Tomcat did not correctly parse the HTTP transfer-encoding request
header in some circumstances leading to the possibility to request
smuggling when used with a reverse proxy. Specifically: Tomcat
incorrectly ignored the transfer-encoding header if the client declared
it would only accept an HTTP/1.0 response; Tomcat honoured the identify
encoding; and Tomcat did not ensure that, if present, the chunked
encoding was the final encoding.

Mitigation:
Users of the affected versions should apply one of the following
mitigations:
– – Upgrade to Apache Tomcat 10.0.7 or later
– – Upgrade to Apache Tomcat 9.0.48 or later
– – Upgrade to Apache Tomcat 8.5.68 or later
Note that issue was fixed in 9.0.47 and 8.5.67 but the release votes for
those versions did not pass.

History:
2021-07-12 Original advisory

References:
[1] https://tomcat.apache.org/security-10.html
[2] https://tomcat.apache.org/security-9.html
[3] https://tomcat.apache.org/security-8.html

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOz2q+NLKJtyKPYoAQhaEw/+MTxcRY/wKx7f31N496mBGSqlDvh3PUOc
3M6eSVWHKGxlpV9tcwwdaYOFuJ0yOPa1/pTtdC+v8cxm6RsKzHJ2ImnOm8U8KwJa
mhXzOdroG5FczuY1e8Mswe0QIOGQxpeipgAgoY1CQIeGNDWu4ICyKH/GrifceWNX
7u2zAqBHYiZJ4QVdkc/mBc5/48L7po7Umfbd7IWLhMYKDJJ1yDpLnnDUuEgsNsTL
uT6YBpJKzya/cLRRR2rgnEKjuZS1dg9xOjUetJWC7pAFZko7XYlRDpHY1oWRP9oR
fde52FSG61WszmWvhIFqG2bzIFJKWKimJXWdvx8BDhMUj4TaCDD5n8e4A53fyYbq
+u5ZgQkMlidjvzVheZ5o901ns7pzoRaipG0zE6NI32AXcbOq2fgW1oXImMArMft7
Vh8v1jQNpS/3GUiKCyL7tWOo3Cmc1To8N0SlZh9VxnVzZnOzcZUXnr8ytTJ+dSgT
WxUbWq/hwR2deGds6JvXrBJpHxqE//qnvjU5S7PtH51u/CY3VjXD8WW0Ed44/xe+
tuCGJuKW4BwLtQP9Oto/2ypFPS+B/YOY3bleAFpcWqr2g653wFbMgmzdm/2CWDyc
gm0KOaQRozY25I6ybaYaU1YioDZPK/Ox9dOsLeroN9zr0V8gwxyo9PgkrR7tgWMA
DzbpGdQFIp8=
=9FSc
—–END PGP SIGNATURE—–

The post ESB-2021.2359 – [Win][UNIX/Linux] Apache Tomcat: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2359-winunix-linux-apache-tomcat-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2359-winunix-linux-apache-tomcat-multiple-vulnerabilities

ESB-2021.2360 – [Appliance] F5 Products: Denial of service – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2360
glibc vulnerability CVE-2020-27618
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: BIG-IP (all modules)
BIG-IQ Centralized Management
Traffix SDC
Publisher: F5 Networks
Operating System: Network Appliance
Impact/Access: Denial of Service — Existing Account
Resolution: Mitigation
CVE Names: CVE-2020-27618

Reference: ESB-2021.1743
ESB-2021.1236

Original Bulletin:
https://support.f5.com/csp/article/K08641512

– ————————–BEGIN INCLUDED TEXT——————–

K08641512: glibc vulnerability CVE-2020-27618

Original Publication Date: 13 Jul, 2021

Security Advisory Description

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier,
when processing invalid multi-byte input sequences in IBM1364, IBM1371,
IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state,
which could lead to an infinite loop in applications, resulting in a denial of
service, a different vulnerability from CVE-2016-10228. (CVE-2020-27618)

Impact

When the infinite loop can be influenced by an attacker, this weakness could
allow attackers to consume excessive resources such as CPU or memory resulting
in a denial of service (DoS).

Security Advisory Status

F5 Product Development has assigned ID 1026873 (BIG-IP), ID 1029705 (BIG-IQ),
and SDC-1215 and SDC-1217 (Traffix SDC) to this vulnerability.

^1F5 evaluates only software versions that have not yet reached the End of
Technical Support (EoTS) phase of their lifecycle.

^2The CVSSv3 score link takes you to a resource outside of AskF5, and it is
possible that the document may be removed without our knowledge.

Recommended Actions

If the Fixes introduced in column lists a version prior to the one you are
running, in the same branch, then your version should have the fix.

Mitigation

To mitigate this vulnerability for affected F5 products, you should permit
management access to F5 products only over a secure network and limit shell
access to only trusted users. For more information about securing access to
BIG-IP and BIG-IQ systems, refer to the following:

o K13092: Overview of securing access to the BIG-IP system
o K13309: Restricting access to the Configuration utility by source IP
address (11.x – 16.x)
o K31401771: Restricting access to the BIG-IQ or F5 iWorkflow user interface
by source IP address
o K39403510: Managing the port lockdown configuration on the BIG-IQ system

Supplemental Information

o K41942608: Overview of security advisory articles
o K4602: Overview of the F5 security vulnerability response policy
o K4918: Overview of the F5 critical issue hotfix policy
o K8986: F5 software lifecycle policy
o K9502: BIG-IP hotfix and point release matrix
o K13123: Managing BIG-IP product hotfixes (11.x – 16.x)
o K15106: Managing BIG-IQ product hotfixes
o K15113: BIG-IQ hotfix and point release matrix
o K167: Downloading software and firmware from F5
o K9970: Subscribing to email notifications regarding F5 products
o K9957: Creating a custom RSS feed to view new and updated documents

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOz6J+NLKJtyKPYoAQgmxw//TUK1bLsEcYe1Vl1qaMnZr8fm0Fe8Xi7t
iqqvo9c+sD3HuFa/+mFtZxx3UEMiyhuW4kaNsRfXFZlv7eaeErKoE9GlwJ4G5LUG
CqEnHNU+mJIJ+zWDLwEuLYfNml0fxzyffHRSaCh3eqY6iqKjT7ixyc4ht3CYWIZb
97uifpDylr2UPNYXxYIPe/JpXN5tiMejUNf/paRKvzAdcDD8RYvFuifJiJoSj8JL
buSozpbZYjC0uxGBYLjPQF8ZUf/7RWMZ4//jczJEiFXY5XPAP6NFtsppr53sVXDR
Cbu7I2tX9qC9yMaGm8WfrI+ywmk30GMbJheFFkQcdYpLnllP97ID4Af34gos5mgh
E29bp5V0lz+clwZ0ZobNeBf0B5of8fCx/a2vxCNgS8ZAAxoIci1wIs6D8AuyfFvY
7XDfT4+x0PtxV52nSjzTOpD44n6cQO27y71pT1sh0cnFf+2umS5B0tghDVwCryEw
rfNbD4fPsochUghxHJEjdPrg76U0Y29lKCWcrBv6BTFOFZcyGAGy5JhyxaLFWsou
u0Hlip88vnJjMTlbc/u58qFLs8g+DTOtwgsWW6G/KKewDBOzw+nOtHe9SCCHcuGT
GKAUrli87ladozDusPDMZHZbRQXyLMTPm+CoyH9Z3kRG3mSzUZnc6b8HqsDaBl/8
kumw5vUUr1M=
=LelE
—–END PGP SIGNATURE—–

The post ESB-2021.2360 – [Appliance] F5 Products: Denial of service – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2360-appliance-f5-products-denial-of-service-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2360-appliance-f5-products-denial-of-service-existing-account

ESB-2021.2358 – [UNIX/Linux][Debian] sogo: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2358
sogo security update
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: sogo
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Provide Misleading Information — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33054

Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/07/msg00007.html

Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running sogo check for an updated version of the software for their
operating system.

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– – ————————————————————————-
Debian LTS Advisory DLA-2707-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Anton Gladky
July 12, 2021 https://wiki.debian.org/LTS
– – ————————————————————————-

Package : sogo
Version : 3.2.6-2+deb9u1
CVE ID : CVE-2021-33054

One security issue has been discovered in sogo.

SOGo does not validate the signatures of any SAML assertions it receives.
Any actor with network access to the deployment could impersonate users when
SAML is the authentication method.

For Debian 9 stretch, this problem has been fixed in version
3.2.6-2+deb9u1.

We recommend that you upgrade your sogo packages.

ATTENTION! If you are using SAML authentication, use sogo-tool to immediately
delete users sessions and force all users to visit the login page:

sogo-tool -v expire-sessions 1
systemctl restart memcached

For the detailed security status of sogo please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/sogo

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
– —–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmDsn0sACgkQ0+Fzg8+n
/wYXghAAiA3Qz87G28FyoGMfusI4DD/jNGLzOLnK9o5MFctgD4Lx3mZaphrCM6Za
SDAfUaFbM/DQjdDUzEbLTMDt9M3yicplx0xPw57yHBnNJ2VWiLC287KonnaKVgNK
Uyw3ZGLS1Ak2nx67z/8o9VZzb9vhBVF1pKFWF3KvbjMMRnUT+sKw4honcjIWz0Rm
/Om71twYXjbbx/aHMZjnJlrLiR2dTwbviohYTNAjDMDPbsaiB6JIWCqo0rZOz5A0
4u/ZeZKJzVJ8WU0K1ekCqI0wSFTP4bnpAVyd/vrdapbf6s+BktbqAJ5+BGTFK17+
14tP36EzAk14/82Wzs6TgalsIsfoEuANfOss/Eqsa1o4G5HhyDGx8f1iQSUL07rg
N/AmPzxJRNdjsOAHiztCZAY+99lhgOab7ckEnEaqKgc5fkiU5USAaN1/VBdtiiBX
Ssu7+scWApPo7UFays+MO8eNW3y90hwoQLcOZLQwIiIH0cWl4P3wod0Lzu7wJKj5
GhSP7HSqyI+ZrmKGGyfWH38GjhPfMWRUNDTo3CbkIjU1aEjP0vqSQv5CZsqxf0Y7
QTxq3PVxNvzVF112rMalG1MjQACcFFiZ0id8t5LmhYzTrbNmWHCOXq3Bsr0Du1s4
rUIQPZ2m/JePCAWFFJaT56ewStSU5BEO2buNPVcR3wLT3BrKnL8=
=QZ0z
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOzyl+NLKJtyKPYoAQgUGQ//WC79vAz/qpSgqzac4ZZ3fVj6qLlTYDBS
P91VZOqPsTkBuCStHsTG9fET9f/bQEZECfhdImpRV3MODa3XXP+tLBl7tUUxXV/R
BILflBZHPLjVNqjZllfwUoEXypd9wgqO9nsBBysmQ9eM5sxJbtNFfnlSnP2ByUFZ
u/WgWFl9PQIyeLt/I721fJ9MMmirB1RdqP3meGTyVGQ28qe55XCMO05+BZf7RXzU
r2hs11C4W/lQ2rHE/z/y0zuxgza05lFQ/u1GKpu1WTZEaG5BEoYiaU22+fYD2rmy
rhMHcK1VryRVGaXd04xb2aZzpUD+7542LEcHkcbg0c8AYivIU3pLBOyv7MvrRDLK
9nonrM64dBInvdDNMg6Lows/fsqfZ1JQ/EMpjciHah2gepWbGrxd2Va08kpKjBrb
YY2pQbq0B4qAmUlvQr0UB/JMewitdyeYpaGzYVBU0Pp6lR+tXJrslzOkiGFr9vSr
v1o4uTeBu0aS+zw7JpSVpSEguFEB3jB6e/7pVqJc6tVQPt8ATBcxkLTBIPrzXaIl
bSB1TAEw8h3pO0qOJhN/FZvjdhiTPBAteNcOpHf+c65eWnjFWkU7TVl/A4axDwyq
Z3u7am9Zg4aqnamcPVkWxHNndzBaRoJwaCdo/Y9GPCeg+ZHOXSMtikegMUZ2u0ri
q7RViY+nvlA=
=7EfP
—–END PGP SIGNATURE—–

The post ESB-2021.2358 – [UNIX/Linux][Debian] sogo: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2358-unix-linuxdebian-sogo-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2358-unix-linuxdebian-sogo-multiple-vulnerabilities

ESB-2021.2356 – [RedHat] xstream: Execute arbitrary code/commands – Existing account

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2356
xstream security update
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: xstream
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-29505

Reference: ESB-2021.2313
ESB-2021.2179

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2683

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Important: xstream security update
Advisory ID: RHSA-2021:2683-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2683
Issue date: 2021-07-12
CVE Names: CVE-2021-29505
=====================================================================

1. Summary:

An update for xstream is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) – noarch
Red Hat Enterprise Linux ComputeNode Optional (v. 7) – noarch
Red Hat Enterprise Linux Server Optional (v. 7) – noarch
Red Hat Enterprise Linux Workstation Optional (v. 7) – noarch

3. Description:

XStream is a Java XML serialization library to serialize objects to and
deserialize object from XML.

Security Fix(es):

* XStream: remote command execution attack by manipulating the processed
input stream (CVE-2021-29505)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1966735 – CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:
xstream-1.3.1-14.el7_9.src.rpm

noarch:
xstream-1.3.1-14.el7_9.noarch.rpm
xstream-javadoc-1.3.1-14.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:
xstream-1.3.1-14.el7_9.src.rpm

noarch:
xstream-1.3.1-14.el7_9.noarch.rpm
xstream-javadoc-1.3.1-14.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:
xstream-1.3.1-14.el7_9.src.rpm

noarch:
xstream-1.3.1-14.el7_9.noarch.rpm
xstream-javadoc-1.3.1-14.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

Source:
xstream-1.3.1-14.el7_9.src.rpm

noarch:
xstream-1.3.1-14.el7_9.noarch.rpm
xstream-javadoc-1.3.1-14.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-29505
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYOv3vtzjgjWX9erEAQi2Tw//eMBO3LEaxT1MJXWKjvjjJI+8sFE0nJv8
EvZjUKb2QTwTOPhh1ZO60ADlprqU5CZROCcJVRjJqHQXor9ZBoi9+R/YTLKkLL6m
u7bsD4DaoDhNxwUxqQW3LOgOlA2xai6tX+Wa3gbK8ne0XSIZDE+iq7ooICF/IJgk
uhQ2vLj9ptukZEqtPpmNFIHzjVrKt3ir2snc177GOft+hI2Ns1wGo6dEeS99fDyG
wSMs/xxGiWh4E5G0fyvlxvpjZ/QDdaBTLVaSPIjuRzeVi3n3llAE6zuUIvszmxOc
Mp8cYpaU+6b0aAO4iRF6WJswpcWS9/cSqAKLswpzqYvFgvUVm6Cid5k+7OO2K5j2
CVRUmki4g7Zh2GHYylHsxg7RsVkWuqrSCSrGM9A1lMlYN9AYDbNptI7xpVfm3Y+6
vWZMi9gnVpzj4FJaydKrvqX8yljCiAyfBT98VAS5Mjd2qkpNrlhhTFMeoeQnn+jw
9BWahLQnxIBKotLnvFnlrwTJTEVi3f7Sz9VxhD2pFcQS+pufpYtNe+9m2rZlAcYL
nwAW2M6yfPHA1u3wz5LEB4VF8LZ+gKQYW/eOifaJK0D6+bXdMrp6md72PZUHMr3S
bP7qOL2lRPWxMD56QWKnloBGlxwTbUaNKiZaiqBSD7Ev9gI+4W6lM5ML1hQh/gJy
hraDvgrIW94=
=H9VW
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOzkDeNLKJtyKPYoAQghPw//ewX/t7CAboXv5zVM6EpGE59cGn6cSyET
9X7YCG5xLWACDAySRzZSuhkofXvCKz6A8/BIZ4IEcJ0by4hYCEEeTZU6wDh9Yulm
Egh/xfTdoLQ5H6iCSDSVWy1+ZUhgCzc6+Cjk5D7oydUijT2L55BTtPxMmSPok3YU
+tTdp2r5Acp4CXpEwpGUu9hDJ94Bo7ol5u20xOmSbkFe8vhJz6kwB12l+74jJNJm
DF4LehJhtGROeJpEfpefplmH+m0S9L+BLHfC7fNl0r/KaPpDPD6tAFGBajfVYh3B
/1CT9v6MeniHjpmMLpFL68scEL1R/QCzdkGk7nZMERwsOMYnkcRpxTZG19XSTl3Y
qfUf1m6TMfLyt6PP41yIQ3LBK2R1ty9mxoqinDprYCgORPqGYb8X5auTvWImJy4X
k1NuiLVd+UFPuGhWgLF/VCSskP9HZU8D2OFzoAF4l7JJybYtOykdD6d5e1WZm4EI
HZ+jHjwSMiFccJ7b1LtYazjsVNpAj0tMLx4imFYfie66xCqbX3SpHpbS4J6IcR9/
59FS9ad+nSVn3y2CZ7uBH5zOkkcOWjLFcFgideBTCbv7y1IoY0QqzMjpI38awQu6
R4bx/kD7jiow8w3mlzXeblupvUnW0N3le+TBdrDBOmlZ5H07HeL1xXKjpF5E8o6K
LLNpiv9oTjg=
=An66
—–END PGP SIGNATURE—–

The post ESB-2021.2356 – [RedHat] xstream: Execute arbitrary code/commands – Existing account appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2356-redhat-xstream-execute-arbitrary-code-commands-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2356-redhat-xstream-execute-arbitrary-code-commands-existing-account

ESB-2021.2357 – [RedHat] Red Hat AMQ Broker: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2357
Red Hat AMQ Broker 7.8.2 release and security update
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Red Hat AMQ Broker
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Reduced Security — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-28165 CVE-2021-28164 CVE-2021-28163
CVE-2021-21409 CVE-2021-21295 CVE-2021-21290
CVE-2021-3425 CVE-2020-27223

Reference: ESB-2021.1640
ESB-2021.1571

Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:2689

– ————————–BEGIN INCLUDED TEXT——————–

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Red Hat AMQ Broker 7.8.2 release and security update
Advisory ID: RHSA-2021:2689-01
Product: Red Hat JBoss AMQ
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2689
Issue date: 2021-07-12
Keywords: amq,messaging,integration,broker
Cross references: RHBA-2021:77314-01
CVE Names: CVE-2020-27223 CVE-2021-3425 CVE-2021-21290
CVE-2021-21295 CVE-2021-21409 CVE-2021-28163
CVE-2021-28164 CVE-2021-28165
=====================================================================

1. Summary:

Red Hat AMQ Broker 7.8.2 is now available from the Red Hat Customer Portal.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

AMQ Broker is a high-performance messaging implementation based on ActiveMQ
Artemis. It uses an asynchronous journal for fast message persistence, and
supports multiple languages, protocols, and platforms.

This release of Red Hat AMQ Broker 7.8.2 serves as a replacement for Red
Hat AMQ Broker 7.8.1, and includes security and bug fixes, and
enhancements. For further information, refer to the release notes linked to
in the References section.

Security Fix(es):

* jetty: request containing multiple Accept headers with a large number of
“quality” parameters may lead to DoS (CVE-2020-27223)

* Red Hat AMQ Broker: discloses JDBC username and password in the
application log file (CVE-2021-3425)

* netty: Information disclosure via the local system temporary directory
(CVE-2021-21290)

* netty: possible request smuggling in HTTP/2 due missing validation
(CVE-2021-21295)

* netty: Request smuggling via content-length header (CVE-2021-21409)

* jetty: Symlink directory exposes webapp directory contents
(CVE-2021-28163)

* jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)

* jetty: Resource exhaustion when receiving an invalid large TLS frame
(CVE-2021-28165)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.

The References section of this erratum contains a download link (you must
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

1927028 – CVE-2021-21290 netty: Information disclosure via the local system temporary directory
1934116 – CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of “quality” parameters may lead to DoS
1936629 – CVE-2021-3425 Red Hat AMQ Broker: discloses JDBC username and password in the application log file
1937364 – CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation
1944888 – CVE-2021-21409 netty: Request smuggling via content-length header
1945710 – CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents
1945712 – CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF
1945714 – CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame

5. References:

https://access.redhat.com/security/cve/CVE-2020-27223
https://access.redhat.com/security/cve/CVE-2021-3425
https://access.redhat.com/security/cve/CVE-2021-21290
https://access.redhat.com/security/cve/CVE-2021-21295
https://access.redhat.com/security/cve/CVE-2021-21409
https://access.redhat.com/security/cve/CVE-2021-28163
https://access.redhat.com/security/cve/CVE-2021-28164
https://access.redhat.com/security/cve/CVE-2021-28165
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.broker&version=7.8.2
https://access.redhat.com/documentation/en-us/red_hat_amq/2020.q4/

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

iQIVAwUBYOwx3tzjgjWX9erEAQik1xAAit8VyD0LrOUfTjnfMXQXrE3jenFXH/9+
0CyoHNOnPUyzgGib/jrwCh6Fgx01qXGQ6nV6xTddVKuBaIobaH9VkWkBPaiDmP90
uTsFBZw7lrK4rEm/dY3eljnKKMnG5gL8dFrmPg82cxGVRyjgjw/T8Cq0vqHgdUNE
X9qHa+uAwntgZlfeU7D7KPDtnny8BqnVnsWV/vHHfRF6s2C1z2n1OV4pKXhIvOjj
jOwcmoe0Dh6mb3Pv9gCBPq/2/Yw3kylH3nhIYgK4jrPa0e2VNvz3gkn1Qxmfom7b
9pIz2MB/NygqRrqMl4XvNYEWc4ieM2gyw02LJGbBDx6L5DF4/DVSp8g6hxElykIZ
0sBiOpAmVl2oKt/Sid4Fxe3FByyKukRDYJ+Ji2aDDSfl1vBPg3P3+D4FXV5/rSUI
OKxo4/t2ha9UrV6aTKJDNIfI5uTUGD/4kecaccXszK+mVzufwN8ZqV9BwDWvmmF4
U3D7w8OaUilOcerZQ2++n1t97lmp9wzXEv7hUMrVMUTACH7sx4plf4mu6TL/w0YZ
kvSzBP8ELhUFyXLm1tfI9dC6AP3wpjnpaqUbFl5SP76XgFEYIMlj8N/EkokrQ722
YCEaGxBnn8IeaowyqNCuy19lr8zKnCFliOgHD3tCvVF6EPY8AoCpp+0If7xyAG7s
yRhbSftWPQQ=
=z7Yt
– —–END PGP SIGNATURE—–

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOzkQeNLKJtyKPYoAQhCvw//Unr5n4gnKolqMEc1d0Lq4sal+W1dU209
TPn+UL/bugJzp+LxH03a/5BNiaqed+YrZN/hKdhc0++GGGJ41pyj4MeIHpzcB6vF
gBiOSEWUAWGe+BGx5uv1KY4ClIrUPGB2XKY/LCvZmZ5cioBkV+TGei8IGpLBiO3e
5U7tnbeM/DXl6iDkHc4Euw/Frp2YIIcN1wKxiPILb9evGG0y9cUdBsG2ebPZRAnu
lKfCYdSifsB9g0CaEL792QFJ1/olOSLVCrgIP1NG3/48WFmllRQHQQNjY/AD9krS
tvxfI+st5Pwj2fnq2qq2iisBj7NZ1ik/JMWzOv5g+sRxWilnkruf1LX572G/vioW
GlJApUioiCasBqAiL4wHtYlpBgBF3sqGrPzQKknSUEId60SBb4hkCew55omZTZ75
8FMV8uTBak9E4/4VOqcuQLLUQzTm5pv81BlXCruDqm/+qgcLCDoM5zaJvRH9ubUU
wTjR+JdFQUtTNQ7e0V1TiN/YtSA5Tg1omDdb9skxWIl+sJpTM/KNH2KT7DK9R/KK
9lE8QU6fVZP6lzseMreoPka/EKTj6qTW+bJzcA+Js/jPXY83iGYf9uF0cF+Z/8VE
j6TJkK5zLnwB8Rt4yPln2HqtWBhqG2gG/GyC7+jB26H/QNkzPFH2Yomi1Ss+0yEt
YCuZHN9z/94=
=Lkxf
—–END PGP SIGNATURE—–

The post ESB-2021.2357 – [RedHat] Red Hat AMQ Broker: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2357-redhat-red-hat-amq-broker-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2357-redhat-red-hat-amq-broker-multiple-vulnerabilities

ESB-2021.2350 – [SUSE] bluez: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2350
Security update for bluez
13 July 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: bluez
Publisher: SUSE
Operating System: SUSE
Impact/Access: Provide Misleading Information — Remote/Unauthenticated
Access Confidential Data — Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-0129 CVE-2020-26558

Reference: ESB-2021.2290
ESB-2021.2248
ESB-2021.1999

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212291-1

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for bluez

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2291-1
Rating: moderate
References: #1186463
Cross-References: CVE-2020-26558 CVE-2021-0129
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for bluez fixes the following issues:

o CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags (bsc#1186463).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2291=1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-2291=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2291=1

Package List:

o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
bluez-cups-5.55-3.3.1
bluez-cups-debuginfo-5.55-3.3.1
bluez-debuginfo-5.55-3.3.1
bluez-debugsource-5.55-3.3.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64
ppc64le s390x x86_64):
bluez-debuginfo-5.55-3.3.1
bluez-debugsource-5.55-3.3.1
bluez-devel-5.55-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
bluez-5.55-3.3.1
bluez-debuginfo-5.55-3.3.1
bluez-debugsource-5.55-3.3.1
libbluetooth3-5.55-3.3.1
libbluetooth3-debuginfo-5.55-3.3.1

References:

o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://bugzilla.suse.com/1186463

– ————————–END INCLUDED TEXT——————–

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

iQIVAwUBYOzM1eNLKJtyKPYoAQgZow//Y+lnJPGS3BgsTcBb+jY5ZjzdYokzmhXu
ZATCi0OrH+mtjTLWl3sm2Xul4PzUr3LdxHDr9y0kx+3uQid3v2wMCec/1sA+Ef3P
xCK4WYjDmG6tkX37UnDWRh2P+R3yvBh+7dt39btSfhvhu0B17OJCdfn8IfeqVoYT
9YX41GPXIhYkjNopbxzWlcwcWuSguvjJru4y8PcOG4BzJZsWSVvr9UvzUGDiimev
+mDxqqDbYdqVyC1A0Mt5l4eapMgiqEwgDVKopbD8fakZfwSqqCQ2wtPPq8usxRYn
S032Y39/HsDJLnAaupS/r0mnpJBGaUli4eqv3NezfRydIa4/KfdNi4e+mLitApbO
gqDiW1a4cYrg4WxjjKS9LFhBxMv5DCWok2Sn/t9A87tmO8o+mStZ4NW7suZ/tXCm
51XopIvJ1/mBdeXvbxdYhU27NSHxqR6TZLsjuKNKneAYRzLqCdWuYtI5htp+nfju
Oe762bdmlAx5BpsrquG134m+e33BFWR9QLmir0G7O7Guhoa6aHm/2hZyHYM0x29v
vpCvhuC9wA0E9ipkxDcuM2SYv/uc0aGHgps8+Ihqe+GP0VAHMcqFOlNpxhvDOhQl
D0eBRnhLBm8YVUm2kq7Ah5lbUzxYS2nlhiujjoF7v0THflA32uI5PPixgn6N5W0c
JAhmZCyfwu4=
=XXT0
—–END PGP SIGNATURE—–

The post ESB-2021.2350 – [SUSE] bluez: Multiple vulnerabilities appeared first on Malware Devil.

https://malwaredevil.com/2021/07/13/esb-2021-2350-suse-bluez-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2350-suse-bluez-multiple-vulnerabilities

Malware Devil

Malware Devil

Tuesday, July 13, 2021

Protecting Your Business Against Malware in the Cloud

How to Build a Cybersecurity Culture

How Public Cybersecurity Companies Performed in 1H 2021

OpManager facilite la supervision du réseau pour Heritage Credit Union

Propaganda as a Social Engineering Tool

ISC Stormcast For Tuesday, July 13th, 2021 https://isc.sans.edu/podcastdetail.html?id=7582, (Tue, Jul 13th)

ESB-2021.0695.2 – UPDATE [Appliance] F5 Products: Denial of service – Remote/unauthenticated

ESB-2021.1883.3 – UPDATE [Win] F5 BIG-IP APM products: Increased privileges – Existing account

ESB-2021.2361 – [Appliance] Traffix SDC: Multiple vulnerabilities

ESB-2021.2359 – [Win][UNIX/Linux] Apache Tomcat: Multiple vulnerabilities

ESB-2021.2360 – [Appliance] F5 Products: Denial of service – Existing account

ESB-2021.2358 – [UNIX/Linux][Debian] sogo: Multiple vulnerabilities

ESB-2021.2356 – [RedHat] xstream: Execute arbitrary code/commands – Existing account

ESB-2021.2357 – [RedHat] Red Hat AMQ Broker: Multiple vulnerabilities

ESB-2021.2350 – [SUSE] bluez: Multiple vulnerabilities

Barbary Pirates and Russian Cybercrime

Blog Archive

About Me