Security researchers have warned that a new botnet called Reaper has been actively attempting to target unpatched IoT devices that could be vulnerable to attack. D-Link had previously resolved the alleged security issue by releasing firmware patches for DIR-850L, DIR-300, and DIR-600 routers. We urge users to immediately go to their local D-Link support site to update their devices with the latest firmware. 

 

The IoT_Reaper vulnerabilities affect the following products and firmware:

 

DIR-850L  H/W Rev.A1  Firmware Version : 1.14 or earlier version

DIR-850L  H/W Rev.B1  Firmware Version : 2.09 or earlier version 

DIR-300   H/W Rev.Bx  Firmware Version : 2.13 or earlier version

DIR-600   H/W Rev.Bx  Firmware-Version : 2.14 or earlier version

 

Firmware fixes are currently available for the following affected products:

 

DIR-850L    H/W Rev.A1  Requires Security Patch   1.20B03 Beta 

DIR-850L    H/W Rev.B1  Requires Security Patch   2.20B03

DIR-300**   H/W Rev.Bx  Requires Firmware Version 2.14WWB04

DIR-600**   H/W Rev.Bx  Requires Firmware Version 2.18WWB01

 

         **Please note this product is not sold or supported  in the US Region by D-Link (D-Link Systems, Inc./D-Link US/DUS)

 

 

We appreciate and value having security concerns brought to our attention. D-Link (D-Link Systems, Inc.) constantly monitors for both known and unknown threats.

저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

On October 16th, researchers disclosed security vulnerabilities in the widely used standard for Wi-Fi security WPA2 (Wi-Fi Protected Access II) that make it possible for attackers to eavesdrop on Wi-Fi traffic. D-Link has immediately taken actions to investigate this matter. This security concern appears to be an industry-wide issue that will require firmware patches to be provided from the relevant semiconductor chipset manufacturers.

 

D-Link has requested assistance from the chipset manufacturers. As soon as the firmware patches are received from the chipset manufacturers, we will post them on our websites immediately. Please take the following important actions to help protect your privacy:

 

1. Is highly recommended to use encrypted communications protocols such as VPN or HTTPS, especially when delivering confidential information.

2. Check our website regularly for the newest firmware updates.

 

[Update 10/23/17 for products sold in US]

 

Associated CVE IDs for CERT/CC VU number: VU#228519

CVE-2017-13077

CVE-2017-13078

CVE-2017-13079

CVE-2017-13080

CVE-2017-13081

CVE-2017-13082


The WPA2 protocol is ubiquitous in wireless networking. The vulnerabilities described are in the standard requiring a broad product-line and industry correction. Users are encouraged to install updates to affected products and hosts as they are available. For information about a specific product, check the table. Note that the table list below is not exhaustive, and we recommend to check back frequently over the next 30 days.


These WPA-2 vulnerabilities affect the following (US products):

 

mydlink Cameras:

 

Model Ver. Patch Release Final Release

DCS-2132L A1  

DCS-2132L B1  

DCS-2136L A1  

DCS-2230L A1  

DCS-2330L A1  

DCS-2332L A1  

DCS-2530L A2  

DCS-2630L A2  

DCS-2670L A1  

DCS-5009L A1  

DCS-5010L A1  

DCS-5020L A1  

DCS-5029L A2  

DCS-5030L A1  

DCS-5222L A3  

DCS-5222L B2  

DCS-700L A1  

DCS-8000LH A1  

DCS-800L A1  

DCS-8200LH A1  

DCS-820L A1  

DCS-825L A1  

DCS-850L A1  

DCS-855L A1  

DCS-930L A3  

DCS-930L B2  

DCS-931L A1  

DCS-932L A1  

DCS-932L B2  

DCS-933L A1  

DCS-935L A1  

DCS-936L A1  

DCS-942L A3  

DCS-942L B1  

DCS-960L A1  

DSH-C310 A1  

 

COVR WiFi System:

 

Model Ver. Patch Release Final Release

COVR-3902-US A1  

COVR-1300E A1  

 

W-Fi Routers :

 

Model Ver. Patch Release Final Release

DIR-813 A1  

DIR-816 A1/A2 11/14/17  

DIR-827 A1  

DIR-850L A1  

DIR-850L A1 11/22/17  

DIR-850L B1 11/30/17  

DIR-850L B1 11/02/17  

DIR-859 A3  

DIR-859 A3  

DIR-865L A1  

DIR-865L A1  

DIR-867 A1  

DIR-868L A1  

DIR-868L A1 11/09/17  

DIR-869 A1  

DIR-878 A1  

DIR-878 A1  

DIR-879 A1  

DIR-880L A1 11/17/17  

DIR-880L A1/A2  

DIR-880L A2 12/21/17  

DIR-882 A1  

DIR-882 A1  

DIR-885L A1 12/05/17  

DIR-885L A2  

DIR-895L A1 11/27/17  

DIR-895L A1 12/13/17  

DIR-895L A2  

DIR-895L A3  

 

 

WiFi Range Extenders:

 

Model Ver. Patch Release Final Release

DAP-1320 A1 11/27/17  

DAP-1320 B1 11/27/17  

DAP-1320 C1 11/14/17  

DAP-1330 A1  

DAP-1360 A1 11/21/17  

DAP-1360 C2  

DAP-1520 A1 11/17/17  

DAP-1620 A1/A2 11/16/17  

DAP-1650 A1/A2 12/18/17  

DAP-1665 A1/A2  

DAP-1665 B1 01/09/18  

DAP-1720 A1 12/08/17  

DAP-1860 A1 11/10/17  

DAP-2330 Ax 12/11/17 Jan-18

DAP-2360 Bx 11/23/17 Dec-17

DAP-2553 Bx 12/27/17 Jan-18

DAP-2610 Ax 11/20/17 Dec-17

DAP-2660 Ax 11/13/17 Dec-17

DAP-2690 Bx 01/03/18 Feb-17

DAP-2695 Ax 12/06/17 Jan-18

DAP-3320 Ax 12/19/17 Jan-18

DAP-3662 Ax 12/14/17 Jan-18

 

Unified Wireless System Access Points

 

     Important Note for Owners:

 

      In default configuration the unified wireless system products are NOT AFFECTED.

     ONLY If the Wireless Distribution System (WDS) feature is ENABLED will make this ecosystem vulnerable and Affected.

 

     Recommendation: We recommend to disable WDS until patches are made available.

 

Model Ver. Patch Release Final Release Notes

DWL-3610AP A1 Not Affected if WDS Disabled / Affected if WDS Enabled

DWL-6610AP A1 Not Affected if WDS Disabled / Affected if WDS Enabled

DWL-6610AP B1 Not Affected if WDS Disabled / Affected if WDS Enabled

DWL-6610APE B1 Not Affected if WDS Disabled / Affected if WDS Enabled

DWL-8610AP Ax Not Affected if WDS Disabled / Affected if WDS Enabled

DWL-8710AP A1 Not Affected if WDS Disabled / Affected if WDS Enabled

 

 

WiFi Adapters:

 

Model Ver. Patch Release Final Release

DWA-125 D1 11/30/17  

DWA-130 F1 11/28/17  

DWA-131 E1  

DWA-140 D1 11/28/17  

DWA-160 C1  

DWA-171 A1 11/24/17  

DWA-182 C1 11/24/17  

DWA-182 D1 11/30/17  

 

Mobile / WLAN Routers:

 

Model Ver. Patch Release Final Release

DIR-506L A1  

 

Power-Line Networking:

 

Model Ver. Patch Release Final Release

DHP-W310AV C1 11/28/17 Dec-17

DHP-W610AV A1 12/15/17 Dec-17

DHP-W610AV B1 11/10/17 Nov-17

 

Smart Home Products:

 

Model Ver. Patch Release Final Release

DSP-W215 A2 11/27/17  

 

DSL Gateway

Model Ver. Patch Release Final Release Notes

DSL-2750B T1/T2 Not Affected

DSL-2750B-SG T1 Not Affected

DSL-2750B-US T1 Not Affected

저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

□ 개요

 o 최근 MS오피스 DDE 기능을 이용한 악성코드 유포 사례(악성 이메일 발송)가 확인되고 있어 이용자의 주의를 당부함

    ※ DDE(Dynamic Data Exchange) : MS 오피스 프로그램에 내장된 정상기능으로 프로그램 간 데이터를 공유하기 위해 사용

 

□ 악성코드 유포 사례

 o 악성문서 첨부 된 이메일 유포

1

 o 악성 첨부파일 열람 시 아래 메시지가 발생

2
3
  - '예(Y)'를 선택하면 악성코드 감염

□ 유의 및 조치사항

 o (보안담당자) 첨부 파일이 포함된 메일에 대한 검사 강화

 o (이용자) 출처가 불분명한 메일은 삭제 또는 스팸처리, 118사이버민원센터로 신고하고 MS 오피스의 DDE 기능 불필요 시

    해제 및 사용 주의

  - 해제 방법(Office word 2013 기준)

     ①MS워드 실행 → ②메뉴에서 파일 선택 → ③옵션 → ④고급 → ⑤일반 → ⑥'문서를 열 때 자동 연결 업데이트' 체크 해제

4


저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

This Security Alert addresses CVE-2017-10151, a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS v3 base score of 10.0, and can result in complete compromise of Oracle Identity Manager via an unauthenticated network attack. The Patch Availability Document referenced below provides a full workaround for this vulnerability, and will be updated when patches in addition to the workaround are available.

Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by this Security Alert without delay.
Security Alert Supported Products and Versions
Patches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. We recommend that customers plan product upgrades to ensure that patches released through the Critical Patch Update program are available for the versions they are currently running.
Product releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert. However, it is likely that earlier versions of affected releases are also affected by these vulnerabilities. As a result, Oracle recommends that customers upgrade to supported versions.
Supported Database, Fusion Middleware, Oracle Enterprise Manager Base Platform (formerly "Oracle Enterprise Manager Grid Control") and Collaboration Suite products are patched in accordance with the Software Error Correction Support Policy explained in My Oracle Support Note 209768.1. Please review the Technical Support Policies for further guidelines regarding support policies and phases of support.
Products in Extended Support
Patches released through the Security Alert program are available to customers who have Extended Support under the Lifetime Support Policy. Customers must have a valid Extended Support service contract to download patches released through the Security Alert program for products in the Extended Support Phase.
References
Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]
Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ]
Risk Matrix definitions [ Risk Matrix Definitions ]
Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]
English text version of the risk matrices [ Oracle Technology Network ]
CVRF XML version of the risk matrices [ Oracle Technology Network ]
The Oracle Software Security Assurance Blog [ The Oracle Software Security Assurance Blog ]
List of public vulnerabilities fixed in Critical Patch Updates and Security Alerts [ Oracle Technology Network ]
Software Error Correction Support Policy [ My Oracle Support Note 209768.1 ]

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story


□ 개요

 o 오라클社 CPU에서 자사 제품의 보안취약점 252개에 대한 패치를 발표 [1]

    ※ CPU(Critical Patch Update) : 오라클 중요 보안 업데이트

 o 영향 받는 버전의 사용자는 악성코드 감염에 취약할 수 있으므로, 아래 해결방안에 따라 최신버전으로 업데이트 권고

 

□ 영향을 받는 시스템

 o Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions prior to XCP2340 and prior to XCP3030

 o Java Advanced Management Console, version 2.7

 o JD Edwards EnterpriseOne Tools, version 9.2

 o JD Edwards World Security, versions A9.1, A9.2, A9.3, A9.4

 o Management Pack for Oracle GoldenGate, version 11.2.1.0.12

 o MICROS Retail XBRi Loss Prevention, versions 10.0.1, 10.5.0, 10.6.0, 10.7.7, 10.8.0, 10.8.1

 o MySQL Connectors, versions 6.9.9 and prior

 o MySQL Enterprise Monitor, versions 3.2.8.2223 and prior, 3.3.4.3247 and prior, 3.4.2.4181 and prior

 o MySQL Server, versions 5.5.57 and prior, 5.6.37 and prior, 5.7.19 and prior

 o Oracle Access Manager, version 11.1.2.3.0

 o Oracle Agile Engineering Data Management, versions 6.1.3, 6.2.0

 o Oracle Agile PLM, versions 9.3.5, 9.3.6

 o Oracle API Gateway, version 11.1.2.4.0

 o Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle Business Intelligence Enterprise Edition, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle Business Process Management Suite, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle Communications Billing and Revenue Management, version 7.5

 o Oracle Communications Diameter Signaling Router (DSR), version 7.x

 o Oracle Communications EAGLE LNP Application Processor, version 10.x

 o Oracle Communications Messaging Server, version 8.x

 o Oracle Communications Order and Service Management, versions 7.2.4.x.x, 7.3.0.x.x, 7.3.1.x.x, 7.3.5.x.x

 o Oracle Communications Policy Management, versions 11.5, 12.x

 o Oracle Communications Services Gatekeeper, versions 5.1, 6.0

 o Oracle Communications Unified Session Manager, version SCz 7.x

 o Oracle Communications User Data Repository, version 10.x

 o Oracle Communications WebRTC Session Controller, versions 7.0, 7.1, 7.2

 o Oracle Database Server, versions 11.2.0.4, 12.1.0.2, 12.2.0.1

 o Oracle Directory Server Enterprise Edition, version 11.1.1.7.0

 o Oracle E-Business Suite, versions 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

 o Oracle Endeca Information Discovery Integrator, versions 2.4, 3.0, 3.1, 3.2

 o Oracle Engineering Data Management, versions 6.1.3.0, 6.2.2.0

 o Oracle Enterprise Manager Ops Center, versions 12.2.2, 12.3.2

 o Oracle FLEXCUBE Universal Banking, versions 11.3, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0

 o Oracle Fusion Applications, versions 11.1.2 through 11.1.9

 o Oracle Fusion Middleware, versions 11.1.1.7, 11.1.1.9, 11.1.2.2, 11.1.2.3, 12.1.3.0, 12.2.1.1, 12.2.1.2, 12.2.1.3

 o Oracle GlassFish Server, versions 3.0.1, 3.1.2

 o Oracle Healthcare Master Person Index, version 4.x

 o Oracle Hospitality Cruise AffairWhere, versions 2.2.5.0, 2.2.6.0, 2.2.7.0

 o Oracle Hospitality Cruise Fleet Management, version 9.0.2.0

 o Oracle Hospitality Cruise Materials Management, version 7.30.564.0

 o Oracle Hospitality Cruise Shipboard Property Management System, version 8.0.2.0

 o Oracle Hospitality Guest Access, versions 4.2.0, 4.2.1

 o Oracle Hospitality Hotel Mobile, version 1.1

 o Oracle Hospitality OPERA 5 Property Services, versions 5.4.2.x through 5.5.1.x

 o Oracle Hospitality Reporting and Analytics, versions 8.5.1, 9.0.0

 o Oracle Hospitality Simphony, versions 2.6, 2.7, 2.8, 2.9

 o Oracle Hospitality Suite8, versions 8.10.1, 8.10.2

 o Oracle HTTP Server, versions 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle Hyperion BI+, version 11.1.2.4

 o Oracle Hyperion Financial Reporting, version 11.1.2

 o Oracle Identity Manager, version 11.1.2.3.0

 o Oracle Identity Manager Connector, version 9.1.1.5.0

 o Oracle Integrated Lights Out Manager (ILOM), versions prior to 3.2.6

 o Oracle iPlanet Web Server, version 7.0

 o Oracle Java SE, versions 6u161, 7u151, 8u144, 9

 o Oracle Java SE Embedded, version 8u144

 o Oracle JDeveloper, versions 12.1.3.0.0, 12.2.1.2.0

 o Oracle JRockit, version R28.3.15

 o Oracle Managed File Transfer, versions 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle Outside In Technology, version 8.5.3.0

 o Oracle Retail Back Office, versions 13.2, 13.3, 13.4, 14.0, 14.1

 o Oracle Retail Clearance Optimization Engine, version 13.4

 o Oracle Retail Convenience and Fuel POS Software, version 2.1.132

 o Oracle Retail Markdown Optimization, versions 13.4, 14.0

 o Oracle Retail Point-of-Service, versions 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x, 16.0.0

 o Oracle Retail Store Inventory Management, versions 13.2.9, 14.0.4, 14.1.3, 15.0.1, 16.0.1

 o Oracle Retail Xstore Point of Service, versions 6.0.11, 6.5.11, 7.0.6, 7.1.6, 15.0.1

 o Oracle Secure Global Desktop (SGD), version 5.3

 o Oracle SOA Suite, version 11.1.1.7.0

 o Oracle Transportation Management, versions 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.1, 6.4.2

 o Oracle Virtual Directory, versions 11.1.1.7.0, 11.1.1.9.0

 o Oracle VM VirtualBox, versions prior to 5.1.30

 o Oracle WebCenter Content, versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0

 o Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.2.0

 o Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0, 12.2.1.2.0

 o PeopleSoft Enterprise FSCM, version 9.2

 o  PeopleSoft Enterprise HCM, version 9.2

 o PeopleSoft Enterprise PeopleTools, versions 8.54, 8.55, 8.56

 o PeopleSoft Enterprise PRTL Interaction Hub, version 9.1.00

 o PeopleSoft Enterprise PT PeopleTools, versions 8.54, 8.55, 8.56

 o PeopleSoft Enterprise SCM eProcurement, versions 9.1.00, 9.2.00

 o Primavera Unifier, versions 9.13, 9.14, 10.x, 15.x, 16.x

 o Siebel Applications, versions 16.0, 17.0

 o Solaris Cluster, versions 3.3, 4.3

 o SPARC Enterprise M3000, M4000, M5000, M8000, M9000 Servers, versions prior to XCP 1123

 o SPARC M7, T7, S7 based Servers, versions prior to 9.7.6.b

 o Sun ZFS Storage Appliance Kit (AK), version AK 2013

 o Tekelec HLR Router, version 4.x

 

□ 해결 방안

 o "Oracle Critical Patch Update Advisory - July 2017“ 문서 및 패치사항을 검토하고 벤더사 및 유지보수 업체와

     협의/검토 후 패치 적용[1]

 o JAVA SE 사용자는 설치된 제품의 최신 업데이트를 다운로드[2] 받아 설치하거나, Java 업데이트 자동 알림 설정을 권고[3]




[참고사이트]

 [1] http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

 [2] http://www.oracle.com/technetwork/java/javase/downloads/index.html

 [3] http://www.java.com/ko/download/help/java_update.xml

저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

티스토리 툴바