Security update for clamav (moderate)

This update for clamav fixes the following issues: clamav was updated to version 0.100.2. Following security issues were fixed: - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an...

Security Bulletin: A vulnerability in Samba affects IBM OS Image for Red Hat Linux Systems on IBM PureApplication (CVE-2018-1050)

Summary Samba is used by IBM OS Image for Red Hat Linux Systems on IBM PureApplication. The products that are identified for this support are: - PureApplication System - PureApplication Software - PureApplication Service The following vulnerability has been addressed. Vulnerability Details...

Receiver for Linux: How to Redirect COM/Serial Port?

This an How-To document on COM/Serial Port redirection for Rflinux...

Lynis 2.6.7 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Lynis 2.6.5 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

Security Bulletin: Vulnerability in Mozilla gdk-pixbuf2 affects PowerKVM (CVE-2015-4491)

Summary PowerKVM is affected by a vulnerability in Mozilla gdb-pixbuf2 CVE-2015-4491. A fix for this vulnerability is available, as described below. Note that this primarily affects Mozilla Firefox, which does not ship with PowerKVM. Vulnerability Details CVEID: CVE-2015-4491 DESCRIPTION: Mozilla...

Security Bulletin: Vulnerability in gdk-pixbuf affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance

Summary Vulnerability in gdk-pixbuf affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance CVE-2015-4491. Vulnerability Details CVEID: CVE-2015-4491 DESCRIPTION: Mozilla Firefox is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by gdk-pixbuf...

Security Bulletin: Open Source GNU glibc Vulnerabilities which is used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-1000366)

Summary There are vulnerabilities in the Open Source GNU glibc that is used by the OS Images for IBM PureApplication Software Suite, IBM Bluemix Local System and IBM PureApplication System/Software Vulnerability Details CVEID: CVE-2017-1000366 DESCRIPTION: Glibc could allow a local attacker to...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-4000, CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, and CVE-2015-1931)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 and 7, that is used by IBM OS Images for Red Hat Linux Systems, AIX, and Windows. These issues were disclosed as part of the IBM Java SDK updates in July 2015. This bulletin also addresses the Logjam Attack o...

Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2013-7423)

Summary A vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. Vulnerability Details CVEID: CVE-2013-7423 DESCRIPTION: GNU glibc could allow a local attacker to obtain sensitive information, caused by the writing of DNS queries to random file descriptors under...

glibc 'realpath()' Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in GNU C Library glibc version 2.26 and prior. This module uses halfdog's RationalLove exploit to exploit a buffer underflow in glibc realpath and create a SUID root shell. The exploit has offsets for glibc...

Libuser roothelper Privilege Escalation

This module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This module makes use of the roothelper.c exploit...

Forgot About Default Accounts? No Worries, GoScanSSH Didn’t

This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response IR engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named...

Lynis 2.6.2 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation

This module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid executables...

ABRT raceabrt Privilege Escalation

This module attempts to gain root privileges on Linux systems with a vulnerable version of Automatic Bug Reporting Tool ABRT configured as the crash handler. A race condition allows local users to change ownership of arbitrary files CVE-2015-3315. This module uses a symlink attack on...

Excerpts from The Ransomware Economy: Projections

Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is the final excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Ransomware Epidemic: Stop Bad...

CVE-2017-5117

Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3163.79 for Linux and Windows allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

7 Predictions for Ransomware’s Evolution

During the past six months, the Carbon Black Threat Analysis Unit TAU analyzed more than 1,000 ransomware samples, categorizing them into 150 families, and found attackers are looking to make quick, easy money with unsophisticated malware, combined with sophisticated delivery methods. Our samplin...