Monthly Archives: October 2016

NVD

CVE-2015-6392

Cisco NX-OS 4.1 through 7.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.

US-CERT

National Cyber Security Awareness Month

Original release date: October 05, 2016

October is National Cyber Security Awareness Month, which is an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance (NCSA) has released the first in a series of tips focused on helping people protect their online activities and increasing cybersecurity awareness. This tip describes how users can protect their online accounts using strong authentication techniques, including the use of biometrics or a security key.

Users and administrators are encouraged to review the Stop.Think.Connect. tip Lock Down Your Login and the US-CERT Security Tip Choosing and Protecting Passwords for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Security

Ubuntu Security Notice USN-3096-1

Ubuntu Security Notice 3096-1 – Aanchal Malhotra discovered that NTP incorrectly handled authenticated broadcast mode. A remote attacker could use this issue to perform a replay attack. Matt Street discovered that NTP incorrectly verified peer associations of symmetric keys. A remote attacker could use this issue to perform an impersonation attack. Jonathan Gardner discovered that the NTP ntpq utility incorrectly handled memory. An attacker could possibly use this issue to cause ntpq to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.