'취약점 정보2'에 해당되는 글 418건

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

====================================================================
== Subject:     Server memory information leak over SMB1
==
== CVE ID#:     CVE-2017-12163
==
== Versions:    All versions of Samba.
==
== Summary:     Client with write access to a share can cause
==              server memory contents to be written into a file
==              or printer.
==
====================================================================

===========
Description
===========

All versions of Samba are vulnerable to a server memory information
leak bug over SMB1 if a client can write data to a share. Some SMB1
write requests were not correctly range checked to ensure the client
had sent enough data to fulfill the write, allowing server memory
contents to be written into the file (or printer) instead of client
supplied data. The client cannot control the area of the server memory
that is written to the file (or printer).

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

As this is an SMB1-only vulnerability, it can be avoided by setting
the server to only use SMB2 via adding:

server min protocol = SMB2_02

to the [global] section of your smb.conf and restarting smbd.
저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

===============================================================================
== Subject:     SMB3 connections don't keep encryption across DFS redirects
==
== CVE ID#:     CVE-2017-12151
==
== Versions:    Samba 4.1.0 to 4.6.7
==
== Summary:     A man in the middle attack can read and may alter confidential
==              documents transferred via a client connection, which are reached
==              via DFS redirect when the original connection used SMB3.
==
================================================================================

===========
Description
===========

Client command line tools like 'smbclient' as well as applications
using 'libsmbclient' library have support for requiring
encryption. This is activated by the '-e|--encrypt' command line
option or the smbc_setOptionSmbEncryptionLevel() library call.

By default, only SMB1 is used in order to connect to a server, as the
effective default for "client max protocol" smb.conf option as well
for the "-m|--max-protocol=" command line option is "NT1".

If the original client connection used encryption, following DFS
redirects to another server should also enforce encryption. This is
important as these redirects are transparent to the application.

In the case where "SMB3", "SMB3_00", "SMB3_02", "SMB3_10" or "SMB3_11"
was used as max protocol and a connection actually made use of the
SMB3 encryption, any redirected connection would lose the requirement
for encryption and also the requirement for signing.  That means, a
man in the middle could read and/or alter the content of the
connection.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  https://www.samba.org/samba/security/

Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
security releases to correct the defect. Samba vendors and
administrators running affected versions are advised to upgrade or
apply the patch as soon as possible.

==========
Workaround
==========

Keep the default of "client max protocol = NT1".
저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

===============================================================================
== Subject:     SMB1/2/3 connections may not require signing where they should
==
== CVE ID#:     CVE-2017-12150
==
== Versions:    Samba 3.0.25 to 4.6.7
==
== Summary:     A man in the middle attack may hijack client connections.
==
===============================================================================

===========
Description
===========

There are several code paths where the code doesn't enforce SMB signing:

* The fixes for CVE-2015-5296 didn't apply the implied signing protection
  when enforcing encryption for commands like 'smb2mount -e', 'smbcacls -e' and
  'smbcquotas -e'.

* The python binding exported as 'samba.samba3.libsmb_samba_internal'
  doesn't make use of the "client signing" smb.conf option.

* libgpo as well as 'net ads gpo' doesn't require SMB signing when fetching
  group policies.

* Commandline tools like 'smbclient', 'smbcacls' and 'smbcquotas' allow
  a fallback to an anonymous connection when using the '--use-ccache'
  option and this happens even if SMB signing is required.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  https://www.samba.org/samba/security/

Additionally 4.6.8, 4.5.14 and 4.4.16 have been issued as
security releases to correct the defect. Samba vendors and administrators
running affected versions are advised to upgrade or apply the patch as
soon as possible.

==========
Workaround
==========

The missing implied signing for 'smb2mount -e', 'smbcacls -e' and
'smbcquotas -e' can be enforced by explicitly using '--signing=required'
on the commandline or "client signing = required" in smb.conf.

저작자 표시 비영리
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

개요
o Apple社에서 자사 제품에 대해 다수의 취약점을 해결한 보안 업데이트를 공지
o 공격자가 취약점을 이용하여 피해를 발생시킬 수 있어 해당 Apple 제품을 사용하는 이용자들은 최신 버전으로 업데이트 권고

□ 설명
o macOS Sierra의 Xcode 9에서 발생하는 임의 코드 실행 취약점(CVE-2017-1000117) 등 7건
o tvOS의 Wi-Fi chip에서 발생하는 임의 코드 실행 취약점(CVE-2017-7103) 등 7건
o watchOS의 Wi-Fi chip에서 발생하는 임의 코드 실행 취약점(CVE-2017-7103) 등 6건
o Safari의 WebKit에서 발생하는 XSS 취약점(CVE-2017-7089) 등 3건
o iOS의 iBooks에서 발생하는 서비스 거부 취약점(CVE-2017-7072) 등 8건
o iTunes에서 발생하는 취약점(업데이트 예정)

□ 영향을 받는 제품
o Xcode 9 for macOS Sierra [1]
- macOS Sierra 10.12.6 미만 버전
- Xcode 9 미만 버전
o tvOS
- tvOS 11 미만 버전 [2]
o watchOS
- watchOS 4 미만 버전 [3]
o Safari
- Safari 11 미만 버전 [4]
o iOS
- iOS 11 미만 버전 [5]
o iTunes
- iTunes 12.7 미만 버전

□ 해결 방안
o MacOS Sierra, Safari, Xcode 9 사용자
- 홈페이지 직접 설치 : http://support.apple.com/downloads/ 링크에서 해당 버전을 다운로드하여 업데이트 진행
- 맥 앱스토어 이용 : 애플 메뉴에서 [소프트웨어 업데이트] 선택
o tvOS 사용자
- 직접 설치 : Apple TV에서 [설정] → [시스템] → [소프트웨어 업데이트] → [소프트웨어 업데이트하기] 선택
- 자동 업데이트 설정 : [설정] → [시스템] → [소프트웨어 업데이트] 탭으로 이동하여 [자동 업데이트] 설정
o watchOS
- iPhone을 최신 iOS로 업데이트 한 후 ‘Apple Watch’ 앱 실행 → [나의 시계] → [일반] → [소프트웨어 업데이트] 선택
o iOS 사용자
- [설정] → [일반] → [소프트웨어 업데이트] → [다운로드 및 설치] → [동의] 선택하여 업데이트



[참고사이트]
[1] https://support.apple.com/ko-kr/HT208103
[2] https://support.apple.com/ko-kr/HT208113
[3] https://support.apple.com/ko-kr/HT208115
[4] https://support.apple.com/ko-kr/HT208116
[5] https://support.apple.com/ko-kr/HT208112

저작자 표시 비영리 변경 금지
신고
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

Tag Apple, IOS

티스토리 툴바