Monthly Archives: March 2017

Ubuntu

USN-3251-1: Linux kernel vulnerability

Leave a comment

Ubuntu Security Notice USN-3251-1

29th March, 2017

linux, linux-raspi2 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux
    – Linux kernel

  • linux-raspi2
    – Linux kernel for Raspberry Pi 2

Details

It was discovered that the xfrm framework for transforming packets in the
Linux kernel did not properly validate data received from user space. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code with administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
linux-image-4.8.0-45-powerpc-e500mc

4.8.0-45.48
linux-image-powerpc-smp 4.8.0.45.57
linux-image-powerpc-e500mc 4.8.0.45.57
linux-image-4.8.0-45-generic-lpae

4.8.0-45.48
linux-image-generic 4.8.0.45.57
linux-image-4.8.0-45-generic

4.8.0-45.48
linux-image-generic-lpae 4.8.0.45.57
linux-image-4.8.0-1032-raspi2

4.8.0-1032.35
linux-image-4.8.0-45-powerpc-smp

4.8.0-45.48
linux-image-4.8.0-45-lowlatency

4.8.0-45.48
linux-image-lowlatency 4.8.0.45.57
linux-image-raspi2 4.8.0.1032.36

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-7184

Ubuntu

USN-3250-2: Linux kernel (Trusty HWE) vulnerability

Leave a comment

Ubuntu Security Notice USN-3250-2

29th March, 2017

linux-lts-trusty vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-lts-trusty
    – Linux hardware enablement kernel from Trusty for Precise

Details

USN-3250-1 fixed a vulnerability in the Linux kernel for Ubuntu 14.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
12.04 LTS.

It was discovered that the xfrm framework for transforming packets in the
Linux kernel did not properly validate data received from user space. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code with administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
linux-image-3.13.0-115-generic

3.13.0-115.162~precise1
linux-image-generic-lpae-lts-trusty

3.13.0.115.106
linux-image-3.13.0-115-generic-lpae

3.13.0-115.162~precise1
linux-image-generic-lts-trusty

3.13.0.115.106

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-7184

Ubuntu

USN-3249-2: Linux kernel (Xenial HWE) vulnerability

Leave a comment

Ubuntu Security Notice USN-3249-2

29th March, 2017

linux-lts-xenial vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-lts-xenial
    – Linux hardware enablement kernel from Xenial for Trusty

Details

USN-3249-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.04
LTS. This update provides the corresponding updates for the Linux
Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
14.04 LTS.

It was discovered that the xfrm framework for transforming packets in the
Linux kernel did not properly validate data received from user space. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code with administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
linux-image-powerpc-smp-lts-xenial

4.4.0.71.58
linux-image-lowlatency-lts-xenial

4.4.0.71.58
linux-image-4.4.0-71-powerpc-e500mc

4.4.0-71.92~14.04.1
linux-image-4.4.0-71-lowlatency

4.4.0-71.92~14.04.1
linux-image-4.4.0-71-powerpc-smp

4.4.0-71.92~14.04.1
linux-image-generic-lpae-lts-xenial

4.4.0.71.58
linux-image-powerpc64-smp-lts-xenial

4.4.0.71.58
linux-image-4.4.0-71-powerpc64-smp

4.4.0-71.92~14.04.1
linux-image-generic-lts-xenial

4.4.0.71.58
linux-image-4.4.0-71-generic

4.4.0-71.92~14.04.1
linux-image-4.4.0-71-generic-lpae

4.4.0-71.92~14.04.1
linux-image-powerpc-e500mc-lts-xenial

4.4.0.71.58

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-7184

Ubuntu

USN-3251-2: Linux kernel (HWE) vulnerability

Leave a comment

Ubuntu Security Notice USN-3251-2

29th March, 2017

linux-hwe vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.04 LTS

Summary

The system could be made to crash or run programs as an administrator.

Software description

  • linux-hwe
    – Linux hardware enablement (HWE) kernel

Details

USN-3251-1 fixed a vulnerability in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware
Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

It was discovered that the xfrm framework for transforming packets in the
Linux kernel did not properly validate data received from user space. A
local attacker could use this to cause a denial of service (system crash)
or execute arbitrary code with administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.04 LTS:
linux-image-4.8.0-45-generic-lpae

4.8.0-45.48~16.04.1
linux-image-lowlatency-hwe-16.04

4.8.0.45.17
linux-image-4.8.0-45-generic

4.8.0-45.48~16.04.1
linux-image-generic-hwe-16.04

4.8.0.45.17
linux-image-4.8.0-45-lowlatency

4.8.0-45.48~16.04.1
linux-image-generic-lpae-hwe-16.04

4.8.0.45.17

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References

CVE-2017-7184

Panda Security

WYSIWYE: A User-Friendly Interface for Cybercrooks

Leave a comment

What You See Is What You Encrypt.

The trend of installing malware on corporate networks through the Remote Desktop Protocol is booming among cybercriminals. In the last few months we have analyzed several cases of ransomware attacks directed at companies from different European countries that share this methodology and are being perpetrated by the same attackers.

Once credentials are obtained through a brute force attack on the RDP, the cybercriminals gain access to the computer.

At this point, when the goal is to deploy ransomware, attackers simply execute the corresponding malware automatically to start encryption and ultimately display the ransom message. However, here we can see a more personalized type of attack

In the intrusion analyzed, we see that the ransomware has an interface through which it can be configured according to the attacker’s preferences, starting with the email address that will appear in the ransom note that will be sent to the victim.

 

With this customized attack, it’s possible to hand-pick the network computers whose information the attacker would like to encrypt, choose files, self-delete upon completing the encryption, enter stealth mode, etc.

 

How to protect your business from customized attacks

The survival of any company in a digital environment calls for establishing a solid corporate network security strategy. Prevention in the face of unknown cybersecurity threats with the goal of neutralizing it as soon as possible, or blocking an attacker should he succeed in gaining entry to the system, plays a role of top priority today.

In the present case study, from PandaLabs we blocked attack attempts that used this form of ransomware against companies protected by Adaptive Defense in Germany, Belgium, Sweden, and Spain.

Here are the MD5s of the ransomware:

4C163E182FFBA6C87EA816B7D7A7D32B
D9489263DA3A5CA7E938315EFD32522D

A timely investment in prevention, detection, and response technologies, instead of adopting perimeter-based solutions, guarantees better preparation in the defense against cyberattacks.

The post WYSIWYE: A User-Friendly Interface for Cybercrooks appeared first on Panda Security Mediacenter.

NVD

CVE-2017-7290

Leave a comment

SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. An example attack uses “into outfile” to create a backdoor program.

NVD

CVE-2016-10308

Leave a comment

Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built-in, hidden root account, with an unchangeable password that is the same across all devices. This account is accessible via both SSH and the device’s web interface and grants access to the underlying embedded Linux OS on the device, allowing full control over it.

NVD

CVE-2017-7320

Leave a comment

setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.

NVD

CVE-2017-7318

Leave a comment

Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with no authentication.