US-CERT.gov

Feliratkozás US-CERT.gov hírcsatorna csatornájára
CERT publishes vulnerability advisories called "Vulnerability Notes." Vulnerability Notes include summaries, technical details, remediation information, and lists of affected vendors. Many vulnerability notes are the result of private coordination and disclosure efforts.
Frissítve: 51 perc 41 másodperc

VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities

k, 02/05/2019 - 18:48
A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans,an overflow condition can be triggered,overwriting certain block pool data structures. Because many devices conduct automatic background network scans,this vulnerability could be exploited regardless of whether the target is connected to a Wi-Fi network and without user interaction.
Kategóriák: Biztonsági hírek

VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

h, 01/28/2019 - 23:51
Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscription,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscription feature will attempt to negotiate with the arbitrary web server using NTLM authentication. Starting with Microsoft Exchange 2013,the NTLM authentication over HTTP fails to set the NTLM Sign and Seal flags. The lack of signing makes this authentication attempt vulnerable to NTLM relay attacks. Microsoft Exchange is by default configured with extensive privileges with respect to the Domain object in Active Directory. Because the Exchange Windows Permissions group has WriteDacl access to the Domain object,this means that the Exchange server privileges obtained using this vulnerability can be used to gain Domain Admin privileges for the domain that contains the vulnerable Exchange server.
Kategóriák: Biztonsági hírek

VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow

p, 01/04/2019 - 19:01
CWE-122:Heap-based Buffer Overflow - CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that"an attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account."This remote code execution vulnerability exists in Windows DNS servers when they fail to properly handle requests.
Kategóriák: Biztonsági hírek

VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

p, 01/04/2019 - 17:11
CWE-362:Concurrent Execution using Shared Resource with Improper Synchronization('Race Condition')- CVE-2018-8611 According to Microsoft,the Windows kernel fails"to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode,and then"install programs; view,change,or delete data; or create new accounts with full user rights."
Kategóriák: Biztonsági hírek

VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

cs, 12/20/2018 - 22:11
The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The MsiAdvertiseProduct contains a race condition while performing checks,which can allow an attacker to read an arbitrary file which would otherwise be protected with filesystem ACLs. Exploit code for this vulnerability is publicly available.
Kategóriák: Biztonsági hírek

VU#741315: A Dokan file driver contains a stack-based buffer overflow

cs, 12/20/2018 - 21:49
CWE-121:Stack-based Buffer Overflow - CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
Kategóriák: Biztonsági hírek

VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

sze, 12/19/2018 - 23:35
Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability. This vulnerability was detected in exploits in the wild.
Kategóriák: Biztonsági hírek

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

cs, 12/13/2018 - 16:24
CWE-79:Improper Neutralization of Input During Web Page Generation - CVE-2018-5411 Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into this note field that is then saved and displayed to the end user.
Kategóriák: Biztonsági hírek

VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities

sze, 11/07/2018 - 00:20
CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowing the attacker to decrypt information encrypted with that key. According to National Cyber Security Centre - The Netherlands(NCSC-NL),the following products are affected by CVE-2018-12037: Crucial(Micron)MX100,MX200 and MX300 drives Samsung T3 and T5 portable drives Samsung 840 EVO and 850 EVO drives(In"ATA high" mode these devices are vulnerable,In"TCG"or"ATA max"mode these devices are NOT vulnerable.) CVE-2018-12038 Key information is stored within a wear-leveled storage chip. Wear-leveling does not guarantee that an old copy of updated data is fully removed. If the updated data is written to a new segment,old versions of data may exist in the previous segment for some time after it has been updated(until that previous segment is overwritten). This means that if a key is updated with a new password,the previous version of the key(either unprotected,or with an old password)could be accessible,negating the need to know the updated password. According to NCSC-NL,the following products are affected by CVE-2018-12038: Samsung 840 EVO drives Other products were not reported to have been tested,and similar vulnerabilities may be found in those products.
Kategóriák: Biztonsági hírek

VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

h, 11/05/2018 - 20:20
Cisco Adaptive Security Appliance(ASA)software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,which can allow an attacker to trigger high CPU usage,resulting in a denial-of-service condition on affected devices. This vulnerability is exposed if SIP Inspection is enabled on affected devices,which is the default configuration on ASA devices. The Cisco SIP Inspection feature is advertised to"... enforce the sanity of the SIP messages,as well as detect SIP-based attacks."
Kategóriák: Biztonsági hírek

VU#317277: Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

p, 11/02/2018 - 21:44
CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-16986 Both Texas Instruments microcontrollers CC2640 and CC2650 BLE-Stacks contain a memory corruption vulnerability resulting from the mishandling of BLE advertising packets. The function llGetAdvChanPDU that is part of the embedded ROM image in both chips handles the incoming advertising packets and parses their headers. It copies the contents to a separate buffer provided by the calling function. The incorrect length of the packet is taken and end up being parsed as larger packets than originally intended. If the incoming data is over a certain length,the function will call the halAssertHandler function,as defined by the application running on top of the stack,and not stop execution. Since the flow of execution does not stop,it will copy the overly large packet to the buffer and cause a heap overflow.
Kategóriák: Biztonsági hírek

VU#317277: Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflow.

cs, 11/01/2018 - 17:45
Texas Instrument Microcontrollers CC2640 and CC2650 are vulnerable to variable and heap overflow.
Kategóriák: Biztonsági hírek

VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

cs, 11/01/2018 - 17:12
Cisco Adaptive Security Appliance(ASA)Software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,whcih can result in a denial-of-service condition on affected devices.
Kategóriák: Biztonsági hírek