Red Hat Security Advisory 2017-0329-01 – KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Monthly Archives: February 2017
Red Hat Security Advisory 2017-0328-01
Red Hat Security Advisory 2017-0328-01 – KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Security Fix: Quick emulator built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
Exploring the boundaries of routers – securing the connected home
At Avast Labs, we started to look at the home router, since our homes today have more Internet of Things (IoT) devices running on our network than we may realize.
We believe routers can and should be at the heart of the connected home yet we know that they are subject to vulnerabilities.
Routers are often overlooked devices, capable of more than we might realize – more than just connecting our homes and devices to the Internet. However, as they are the central connected point, they are susceptible to the same attacks as any IoT device. Using the Avast Wi-Fi Inspector product, we performed 132 million unique scans last month of our global Avast users base to check the security status of their connected products and found:
- 22% of Avast users have some sort of router software vulnerability (Rom-0, CWE-79, etc.)
- 73% of Avast users have either router software vulnerability or weak/default password or open network
The concept of what we call ‘Chime’ started from the idea that a router could add an extra layer of security to your smart home and also act as connecting hub between your smart home devices. Chime is a platform that sits on top of the router and makes it smart so that it can protect itself and all devices connected to it.
We already have a partner in the US using it with their router. Amped Wireless’ new ALLY Smart Wi-Fi System, which recently won a CES Innovation Award, offers users an extra, to offer an extra layer of security to their IoT devices, parental controls and content filters to all their customers through an easy to use mobile app.
Chime can also do more. In our prototype demo shown here at Mobile World Congress 2017, we are exploring how we can make the router also act as a smart home hub, facilitating the interaction between the smart devices in your home. Our scenario is where a Chime-enabled router acts as a liaison between an IP camera and your smart TV.
Here’s how this works. Imagine you are at home sitting and watching TV when someone comes at your front door. Then the motion enabled camera (which might also be a smart doorbell) will start streaming the video of your visitor to your Chime router. The router will take this video and will show it as overlay on top of whatever you are watching on the TV, enabling two previously separate devices to communicate and making it simple for you to control both from a single screen.
This short demo is just a hint of what a Chime enabled router will be able to do for the IoT home of the future. By enabling your smart home devices to communicate with each other, the router will allow you to create any customized scenario you might think of, limited only by the devices you own.
For more information, please visit: http://www.chimewifi.com/
Kaspersky Lab Continues to Achieve Top Spot in Overall Independent Testing for 2016
For the fourth year in a row, Kaspersky Lab has continued to outperform the competition in its TOP3 metric for internet security, achieving top scores in independent tests throughout the year.
Microsoft Browser HandleColumnBreakOnColumnSpanningElement Type Confusion (CVE-2017-0037)
A type confusion vulnerability exists in Microsoft Internet Explorer and Microsoft Edge. The vulnerability is due to an error in Microsoft Internet Explorer and Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted HTML file with an affected version of Microsoft Internet Explorer or Microsoft Edge.
CVE-2017-5927
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2017-6342
Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send the MD5 or SHA-256 Admin Hash during a SmartPSS Auto Login, which might allow remote attackers to obtain sensitive information by sniffing the network and then conducting a rainbow-table attack, a different vulnerability than CVE-2013-6117.
CVE-2017-6350
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
CVE-2017-5926
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
CVE-2017-6349
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.