[RHSA-2002:210-06] New kernel 2.2 packages fix local vulnerabilities
2002-10-18T00:00:00
ID SECURITYVULNS:DOC:3656 Type securityvulns Reporter Securityvulns Modified 2002-10-18T00:00:00
Description
Red Hat, Inc. Red Hat Security Advisory
Synopsis: New kernel 2.2 packages fix local vulnerabilities
Advisory ID: RHSA-2002:210-06
Issue date: 2002-09-23
Updated on: 2002-10-10
Product: Red Hat Linux
Keywords: elevated local root kernel
Cross references:
Obsoletes: RHSA-2001:142
Topic:
Some potential local security vulnerabilities were found in the kernel
during code audits; these have been fixed in the 2.2.22 kernel.
Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64
Red Hat Linux 7.0 - alpha, i386, i586, i686
Problem description:
The Linux kernel handles the basic functions of the operating system. A
security code audit of the 2.2 kernel found a number of possible local
security vulnerabilities. These vulnerabilities could allow a local user
to obtain elevated (root) privileges.
Red Hat Linux 6.2 and 7.0 shipped with the 2.2 kernel and are both
vulnerable to these issues.
All Red Hat Linux users using the 2.2 kernel should upgrade to the errata
pacakages contaning the 2.2.22 kernel which are not vulnerable to these issues.
Many thanks to Silvio Cesare and Solar Designer for their work in
discovering these issues.
Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
The procedure for upgrading the kernel is documented at:
Please read the directions for your architecture carefully before
proceeding with the kernel upgrade.
Please note that this update is also available via Red Hat Network. Many
people find this to be an easier way to apply updates. To use Red Hat
Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system. Note that you need to select the kernel
explicitly on default configurations of up2date.
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
{"id": "SECURITYVULNS:DOC:3656", "bulletinFamily": "software", "title": "[RHSA-2002:210-06] New kernel 2.2 packages fix local vulnerabilities", "description": "---------------------------------------------------------------------\r\n Red Hat, Inc. Red Hat Security Advisory\r\n\r\nSynopsis: New kernel 2.2 packages fix local vulnerabilities\r\nAdvisory ID: RHSA-2002:210-06\r\nIssue date: 2002-09-23\r\nUpdated on: 2002-10-10\r\nProduct: Red Hat Linux\r\nKeywords: elevated local root kernel\r\nCross references: \r\nObsoletes: RHSA-2001:142\r\n---------------------------------------------------------------------\r\n\r\n1. Topic:\r\n\r\nSome potential local security vulnerabilities were found in the kernel\r\nduring code audits; these have been fixed in the 2.2.22 kernel.\r\n\r\n2. Relevant releases/architectures:\r\n\r\nRed Hat Linux 6.2 - alpha, i386, i586, i686, sparc, sparc64\r\nRed Hat Linux 7.0 - alpha, i386, i586, i686\r\n\r\n3. Problem description:\r\n\r\nThe Linux kernel handles the basic functions of the operating system. A\r\nsecurity code audit of the 2.2 kernel found a number of possible local\r\nsecurity vulnerabilities. These vulnerabilities could allow a local user\r\nto obtain elevated (root) privileges. \r\n\r\nRed Hat Linux 6.2 and 7.0 shipped with the 2.2 kernel and are both\r\nvulnerable to these issues.\r\n\r\nAll Red Hat Linux users using the 2.2 kernel should upgrade to the errata\r\npacakages contaning the 2.2.22 kernel which are not vulnerable to these issues.\r\n\r\nMany thanks to Silvio Cesare and Solar Designer for their work in\r\ndiscovering these issues.\r\n\r\n4. Solution:\r\n\r\nBefore applying this update, make sure all previously released errata\r\nrelevant to your system have been applied. \r\n\r\nThe procedure for upgrading the kernel is documented at:\r\n\r\nhttp://www.redhat.com/support/docs/howto/kernel-upgrade/kernel-upgrade.html\r\n\r\nPlease read the directions for your architecture carefully before\r\nproceeding with the kernel upgrade.\r\n\r\nPlease note that this update is also available via Red Hat Network. Many\r\npeople find this to be an easier way to apply updates. To use Red Hat\r\nNetwork, launch the Red Hat Update Agent with the following command:\r\n\r\nup2date\r\n\r\nThis will start an interactive process that will result in the appropriate\r\nRPMs being upgraded on your system. Note that you need to select the kernel\r\nexplicitly on default configurations of up2date.\r\n\r\n5. RPMs required:\r\n\r\nRed Hat Linux 6.2:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm\r\n\r\nalpha:\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm\r\nftp://updates.redhat.com/6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm\r\nftp://updates.redhat.com/6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm\r\nftp://updates.redhat.com/6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm\r\nftp://updates.redhat.com/6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm\r\nftp://updates.redhat.com/6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm\r\n\r\nRed Hat Linux 7.0:\r\n\r\nSRPMS:\r\nftp://updates.redhat.com/7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm\r\n\r\nalpha:\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm\r\nftp://updates.redhat.com/7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm\r\n\r\ni386:\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm\r\nftp://updates.redhat.com/7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm\r\n\r\ni586:\r\nftp://updates.redhat.com/7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm\r\nftp://updates.redhat.com/7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm\r\n\r\ni686:\r\nftp://updates.redhat.com/7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm\r\nftp://updates.redhat.com/7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm\r\nftp://updates.redhat.com/7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm\r\n\r\n\r\n\r\n6. Verification:\r\n\r\nMD5 sum Package Name\r\n--------------------------------------------------------------------------\r\n17d2896d2f7fb9b6fb63128593e44cf7 6.2/en/os/SRPMS/kernel-2.2.22-6.2.2.src.rpm\r\n934a473b6149c31aab29ffeb55d1bb33 6.2/en/os/alpha/kernel-2.2.22-6.2.2.alpha.rpm\r\n3078540160bbcb03a9b087b8d3f02797 6.2/en/os/alpha/kernel-BOOT-2.2.22-6.2.2.alpha.rpm\r\n78ad15c3d6e79f40906f660f337a41cf 6.2/en/os/alpha/kernel-doc-2.2.22-6.2.2.alpha.rpm\r\ndf17f26a164abb1cc432a1601553c32c 6.2/en/os/alpha/kernel-enterprise-2.2.22-6.2.2.alpha.rpm\r\n87d00fcd2b047605c3e6b2fcb2ed3550 6.2/en/os/alpha/kernel-headers-2.2.22-6.2.2.alpha.rpm\r\nf1357fd71e421012e86d57f5b8403b49 6.2/en/os/alpha/kernel-jensen-2.2.22-6.2.2.alpha.rpm\r\nd9848588d5b399e2e46dabef9dfa56a2 6.2/en/os/alpha/kernel-smp-2.2.22-6.2.2.alpha.rpm\r\n2492a5eafc3a5369ee021f31acddc161 6.2/en/os/alpha/kernel-source-2.2.22-6.2.2.alpha.rpm\r\nf7866cc49775c8cc041a99630a8ccd8f 6.2/en/os/alpha/kernel-utils-2.2.22-6.2.2.alpha.rpm\r\na8ed8ef5a2ab223ae3686b6c9332979d 6.2/en/os/i386/kernel-2.2.22-6.2.2.i386.rpm\r\n415ee4e472766ff19818aa8f93959e06 6.2/en/os/i386/kernel-BOOT-2.2.22-6.2.2.i386.rpm\r\nf08d05768682829b67a96837135f5b3e 6.2/en/os/i386/kernel-doc-2.2.22-6.2.2.i386.rpm\r\ne0e5f8eaaa90337287056ecdf61a1b85 6.2/en/os/i386/kernel-headers-2.2.22-6.2.2.i386.rpm\r\n6f1c7eee03bdce33b41c45882786a90c 6.2/en/os/i386/kernel-ibcs-2.2.22-6.2.2.i386.rpm\r\n7fbb23912a3fff7d67bfff2fbb0e28af 6.2/en/os/i386/kernel-pcmcia-cs-2.2.22-6.2.2.i386.rpm\r\nd64f7291e28cbeef5606d66f33deb741 6.2/en/os/i386/kernel-smp-2.2.22-6.2.2.i386.rpm\r\na1daa9363e733e772e3d14821cc39379 6.2/en/os/i386/kernel-source-2.2.22-6.2.2.i386.rpm\r\n265b166a208ad120483e90b0ddb1e150 6.2/en/os/i386/kernel-utils-2.2.22-6.2.2.i386.rpm\r\n0b7f92ce29dff3dc44cef4cf5e7b739a 6.2/en/os/i586/kernel-2.2.22-6.2.2.i586.rpm\r\nddc59fcecc7d8c78f072bcb24cc81cc9 6.2/en/os/i586/kernel-smp-2.2.22-6.2.2.i586.rpm\r\n256c8301d5ee1ddfe1835f52106fc8ae 6.2/en/os/i686/kernel-2.2.22-6.2.2.i686.rpm\r\n9c5e0a7ef930677409e17b6874b0a64c 6.2/en/os/i686/kernel-enterprise-2.2.22-6.2.2.i686.rpm\r\naa50bde6dbcfdccd105b094fb2a64b3e 6.2/en/os/i686/kernel-smp-2.2.22-6.2.2.i686.rpm\r\n14c7af0e8c0d2eb4459e53457c711f6d 7.0/en/os/SRPMS/kernel-2.2.22-7.0.2.src.rpm\r\n33b15c03cedaf29c677c11a4014c6fe0 7.0/en/os/alpha/kernel-2.2.22-7.0.2.alpha.rpm\r\nd0384d7a4b6537aad8f998e121fdc413 7.0/en/os/alpha/kernel-BOOT-2.2.22-7.0.2.alpha.rpm\r\ne1efc88a783d30235ee9772ec09e65da 7.0/en/os/alpha/kernel-doc-2.2.22-7.0.2.alpha.rpm\r\nbacb622d69236a51609495cb6613ff37 7.0/en/os/alpha/kernel-enterprise-2.2.22-7.0.2.alpha.rpm\r\n836ffa5d2975669d1e81e66586d48733 7.0/en/os/alpha/kernel-jensen-2.2.22-7.0.2.alpha.rpm\r\nfc0ebba88dbbdf0af7ac00fda9f6dc64 7.0/en/os/alpha/kernel-smp-2.2.22-7.0.2.alpha.rpm\r\n8bc6b2708e152fec14e9b1a1de0adfe1 7.0/en/os/alpha/kernel-source-2.2.22-7.0.2.alpha.rpm\r\nfdb3a29828d1f7b5a2592940a11f2cb6 7.0/en/os/alpha/kernel-utils-2.2.22-7.0.2.alpha.rpm\r\nc561988f01540db372bc01b8ae0c77d2 7.0/en/os/i386/kernel-2.2.22-7.0.2.i386.rpm\r\n9d045b22d45c579b7482f6d748bc840a 7.0/en/os/i386/kernel-BOOT-2.2.22-7.0.2.i386.rpm\r\n1865fbcf74b3f91c0d2d57f1753b4a47 7.0/en/os/i386/kernel-doc-2.2.22-7.0.2.i386.rpm\r\n3d3c946eba48ced9b4b652335e674786 7.0/en/os/i386/kernel-ibcs-2.2.22-7.0.2.i386.rpm\r\ne840ba8a42aabb575b5be7f76d03315f 7.0/en/os/i386/kernel-pcmcia-cs-2.2.22-7.0.2.i386.rpm\r\n179b363e1de74a4fc221efa8c65eb756 7.0/en/os/i386/kernel-smp-2.2.22-7.0.2.i386.rpm\r\n24f087e27a87b1023bde1095e7319207 7.0/en/os/i386/kernel-source-2.2.22-7.0.2.i386.rpm\r\nfb444ec4b89b911f08da0560d779836a 7.0/en/os/i386/kernel-utils-2.2.22-7.0.2.i386.rpm\r\n3c5b3eb12bafd6b17763822194d662b6 7.0/en/os/i586/kernel-2.2.22-7.0.2.i586.rpm\r\nd6ec7ae5f3f2b08df563c26f8143ec16 7.0/en/os/i586/kernel-smp-2.2.22-7.0.2.i586.rpm\r\n815ea0a611884d4285d3e60ec64b689b 7.0/en/os/i686/kernel-2.2.22-7.0.2.i686.rpm\r\n16d4f5bbc2360d2fdb6a662d0cf9b9cb 7.0/en/os/i686/kernel-enterprise-2.2.22-7.0.2.i686.rpm\r\nbc678bf0ce41901831fc585387a6d4d1 7.0/en/os/i686/kernel-smp-2.2.22-7.0.2.i686.rpm\r\n\r\n\r\nThese packages are GPG signed by Red Hat, Inc. for security. Our key\r\nis available at:\r\n http://www.redhat.com/about/contact/pgpkey.html\r\n\r\nYou can verify each package with the following command:\r\n rpm --checksig <filename>\r\n\r\nIf you only wish to verify that each package has not been corrupted or\r\ntampered with, examine only the md5sum with the following command:\r\n rpm --checksig --nogpg <filename>\r\n\r\n\r\n7. References:\r\n\r\nhttp://www.kernel.org/pub/linux/kernel/v2.2/ChangeLog-2.2.22\r\n\r\n\r\nCopyright(c) 2000, 2001, 2002 Red Hat, Inc.\r\n", "published": "2002-10-18T00:00:00", "modified": "2002-10-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3656", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:06", "edition": 1, "viewCount": 1, "enchantments": {"score": {"value": 2.7, "vector": "NONE", "modified": "2018-08-31T11:10:06", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB955430", "KB977074", "KB2880833"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164", "OPENVAS:1361412562311220201314"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34144", "1337DAY-ID-34159", "1337DAY-ID-34157", "1337DAY-ID-34154", "1337DAY-ID-34134", "1337DAY-ID-34153", "1337DAY-ID-34158"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}], "modified": "2018-08-31T11:10:06", "rev": 2}, "vulnersScore": 2.7}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **212[.]83.46.128** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2020-01-02T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **malware**.\nASN 47447: (First IP 212.83.32.0, Last IP 212.83.63.255).\nASN Name \"TTM\" and Organisation \"\".\nASN hosts 88732 domains.\nGEO IP information: City \"\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-02T00:00:00", "id": "RST:3BFC42B6-14C8-3656-B5DA-C5F208A15B64", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 212.83.46.128", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **audit[.]namecheaphosting.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2020-12-26T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **malware**.\nWhois:\n Created: 2007-06-07 11:59:42, \n Registrar: ENOM INC, \n Registrant: REDACTED FOR PRIVACY.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-26T00:00:00", "id": "RST:B7A60121-B521-3656-86E5-5AFCECB8A806", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: audit.namecheaphosting.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **actionlink13[.]de** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:B4912B95-42BE-3656-B46B-A431A6677D2C", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: actionlink13.de", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **188[.]252.196.2** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **31**.\n First seen: 2021-02-01T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 15994: (First IP 188.252.196.0, Last IP 188.252.199.255).\nASN Name \"A1HR\" and Organisation \"A1 Hrvatska doo Zagreb Croatia\".\nASN hosts 11 domains.\nGEO IP information: City \"Zagreb\", Country \"Croatia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-01T00:00:00", "id": "RST:475EB136-3656-3716-ACB0-459BD99C8879", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 188.252.196.2", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **122[.]154.24.254** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **4**.\n First seen: 2020-04-01T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 9931: (First IP 122.154.23.0, Last IP 122.154.24.255).\nASN Name \"CATAP\" and Organisation \"The Communication Authoity of Thailand CAT\".\nASN hosts 2436 domains.\nGEO IP information: City \"\", Country \"Thailand\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-04-01T00:00:00", "id": "RST:D1555330-E032-3656-BF3A-8F3AC4C2EDA2", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 122.154.24.254", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **185[.]220.102.242** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-08-20T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **tor_node, shellprobe, tor_exit, generic**.\nASN 60729: (First IP 185.220.102.0, Last IP 185.220.102.255).\nASN Name \"ZWIEBELFREUNDE\" and Organisation \"\".\nASN hosts 0 domains.\nGEO IP information: City \"\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-20T00:00:00", "id": "RST:FD4D476B-E8CE-3656-BE75-024CFB2CB3B2", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 185.220.102.242", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **153[.]127.37.59** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **7**.\n First seen: 2020-10-21T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 7684: (First IP 153.126.0.0, Last IP 153.127.223.255).\nASN Name \"SAKURAA\" and Organisation \"SAKURA Internet Inc\".\nASN hosts 237842 domains.\nGEO IP information: City \"\", Country \"Japan\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-10-21T00:00:00", "id": "RST:3FE48E94-4F29-3656-8AEE-0D861C02D3ED", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 153.127.37.59", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **172[.]107.1.235** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 40676: (First IP 172.106.196.0, Last IP 172.107.1.255).\nASN Name \"AS40676\" and Organisation \"Psychz Networks\".\nASN hosts 1000389 domains.\nGEO IP information: City \"\", Country \"United States\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:430D4E0D-0AEF-3656-A245-82D02788E734", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 172.107.1.235", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **115[.]159.142.131** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **42**.\n First seen: 2021-02-28T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **generic**.\nASN 45090: (First IP 115.159.0.0, Last IP 115.159.255.255).\nASN Name \"CNNICTENCENTNETAP\" and Organisation \"Shenzhen Tencent Computer Systems Company Limited\".\nASN hosts 483346 domains.\nGEO IP information: City \"\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-28T00:00:00", "id": "RST:FFE7EDCE-3DD1-3656-850D-EFDEAF2EFFA9", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: 115.159.142.131", "type": "rst", "cvss": {}}, {"lastseen": "2021-03-02T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **g0gwculhtihk4ytr[.]link** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-03-02T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:8CBD3E5B-7A27-3656-AEE1-994B5B2B767D", "href": "", "published": "2021-03-03T00:00:00", "title": "RST Threat feed. IOC: g0gwculhtihk4ytr.link", "type": "rst", "cvss": {}}]}
