Daily Archives: April 26, 2016

Mozilla Releases Firefox 46 and Firefox ESRs 45.1 and 38.8

As scheduled; earlier today Mozilla released security updates for Firefox and Firefox ESR (Extended Support Release) raising their version numbers to 46, 38.8 and 45.1 (both ESR) respectively.

Firefox 46 resolves 15 security issues more formally known as CVEs (defined). Individually the severity of these issues are as follows:

====================
4x critical severity CVEs
5x high severity CVEs and 1 high severity issue (not assigned a CVE)
5x moderate severity CVEs
====================

Firefox ESR 45.1 resolves 6 security issues:
====================
4x critical severity CVEs
2x high severity CVEs
====================

Moreover; Firefox ESR 38.8 resolves 10 security issues:
====================
4x critical severity CVEs
5x high severity CVEs
1x moderate CVE
====================

As always full details of the security issues resolved by these updates are available in the following links:

Firefox 46
Firefox ESR 45.1
Firefox ESR 38.8

Details of how to install updates for Firefox are here. If Firefox is your web browser of choice, please update it as soon as possible to resolve these security issues.

In general, Mozilla Firefox updates install without issues, however as always I would recommend backing up the data on any device for which you are installing updates in order to prevent data loss in the rare event that any update causes unexpected issues.

Thank you.

Wireshark Releases Security Updates April 2016

Last Friday the Wireshark Foundation made available security updates for their popular open source network packet analyzer Wireshark (v2.0.3; the current branch and v1.12.11; the previous branch).

Version 2.0.3 addresses 11x security issues within 9 security advisories (10x of which were assigned CVEs (defined) that it addresses while version 1.12.11 references 6x security advisories (addressing 6 issues assigned to 6x CVEs).

As per standard process Linux distributions can obtain this update using the operating systems standard package manager (if the latest version is not installed automatically using the package manager you can instead compile the source code). This forum thread and this forum thread may also be helpful to you with installing Wireshark on your Linux based system.

For Mac OS X and Windows, the update is available within the downloads section of the Wireshark website. In addition, a detailed FAQ for Wireshark is available here.

As always, if Wireshark is installed on a critical production system or systems that contain your critical data, please back up your data before installing this update in order to prevent data loss in the rare event that an update causes unexpected issues.

Thank you.

Symantec Releases Security Updates for Messaging Gateway (SMG)

Early last week Symantec issued a security update for their Symantec Messaging Gateway (SMG) appliance versions 10.6 and 10.7. This update addresses two elevation of privilege vulnerabilities (defined) that were responsibly disclosed (defined) to Symantec. The first issue discussed below was disclosed to Symantec by karim reda Fakhir. The second issues was disclosed by Martin Carpenter with Citco.

Why Should These Issues Be Considered Important?
The first issue when exploited by an attacker could result in them obtaining the encrypted Active Directory (defined) password stored on the SMG appliance. Once they have obtained possession of the password they would need to reverse engineer (defined) it to reveal the actual password. As Symantec notes, the password would not provide the attacker with any further access to the SMG appliance than they would already have but it can potentially provide an attacker with elevated privileged to other devices on the same internal network as the SMG.

The second issue involves tampering with the code that is input/sent to the terminal window with the goal of escaping the current permissions of the logged in user to elevate those permissions to that of the root (defined) user. With these permissions an attacker can carry out any instructions/actions of their choice. As Symantec notes this includes code execution (carrying out actions of an attacker’s choice) or access to the management console of the SMG.

One mitigating factor for the second issue is that the management interface of the SMG is not usually accessible outside of the local network (namely not accessible to the wider/outside internet). This means that an attacker would first need to have already gained access to your corporate network using another means. Moreover; at this time Symantec is not aware of these issues being exploited.

How Can I Protect Myself From These Issues?
To address both of the above issues Symantec have issued a security advisory. This advisory details that the appropriate security update for SMG version 10.6 is available using the software update facility of the SMG.

This advisory provides further best practice advice to minimize the impact of these issues before you apply the necessary updates as well as hardening your SMG against other potential security issues.

If you make use of the affected Symantec corporate messaging gateways within your organization, please install the relevant updates as soon as possible.

Thank you.

Cisco Releases Large Group of Security Advisories

On Wednesday of last week Cisco issued five security advisories addressing 1x critical vulnerability and 4x high severity vulnerabilities.

Why Should This Issue Be Considered Important?
The most severe of these issues (due to the ease of exploitation) could allow an unauthenticated remote attacker (namely a user with no prior access to your corporate network) to carry out a denial of service issue (defined) of the Cisco Wireless LAN Controller (WLC) Software as a result of a buffer overflow (defined).

All (but one) of the other issues can also be exploited by sending specifically crafted packets (defined below) to the software/system resulting in a denial of service issue. The remaining high severity issue involves an attacker accessing normally inaccessible URLs from within the management interface of the Cisco Wireless LAN Controller (WLC) again resulting in a potential denial of service issue.

Workarounds are available for 2 of the above security issues, detailed here and here.

The affected products are as follows:
=======================
Critical issue:
Cisco WLC Software of the following versions:

  • All 7.2 releases
  • All 7.3 releases
  • All 7.4 releases prior to 7.4.140.0(MD)
  • All 7.5 releases
  • All 7.6 releases
  • All 8.0 releases prior to 8.0.115.0(ED)

=======================
High severity issues:
=======================
Issue 1:
Cisco ASA Software running on the following products:

  • Cisco ASA 5500-X Series Next-Generation Firewalls
  • Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • Cisco Adaptive Security Virtual Appliance (ASAv)

Steps to check if your Cisco ASA Software in its current configuration is vulnerable are provided within this advisory.
=======================
Issue 2:
Cisco WLC Software of the following versions:

  • All 7.4 releases prior to 7.4.130.0(MD)
  • All 7.5 releases
  • All 7.6 releases
  • All 8.0 releases prior to 8.0.110.0(ED)

=======================
Issue 3:
For the full list please refer to the relevant security advisory.

=======================
Issue 4:
Cisco WLC devices running the following releases of Cisco AireOS Software are vulnerable:

  • Releases 4.1 through 7.4.120.0
  • All 7.5 releases
  • Release 7.6.100.0

=======================

How Can I Protect Myself From These Issues?
If your organization uses any of the above mentioned software products, please follow the directions within the 5 Cisco security advisories mentioned below to install the necessary security updates:

Critical Severity:
Cisco Wireless LAN Controller HTTP Parsing Denial of Service Vulnerability

High Severity:
Cisco Adaptive Security Appliance Software DHCPv6 Relay Denial of Service Vulnerability

Cisco Wireless LAN Controller Denial of Service Vulnerability

Multiple Cisco Products libSRTP Denial of Service Vulnerability

Cisco Wireless LAN Controller Management Interface Denial of Service Vulnerability

Thank you.

=======================
Aside:
What is a packet (in the context of computer networking)?
This is the name given to the most fundamental components of a MAC (Media Access Control)(defined) frame. With the outer enclosing MAC frame removed from the data units sent over a network connection, what you are left with is called a packet.
=======================