No Image

USN-4559-1: Samba update

2020-09-30 KENNETH 0

USN-4559-1: Samba update Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changing the “server schannel” setting to default to “yes”, instead of “auto”, which forced a secure netlogon channel, this update provides additional improvements. For compatibility reasons with older devices, Samba now allows specifying an insecure netlogon configuration per machine. See the following link for examples: https://www.samba.org/samba/security/CVE-2020-1472.html In addition, this update adds additional server checks for the protocol attack in the client-specified challenge to provide some protection when ‘server schannel = no/auto’ and avoid the false-positive results when running the proof-of-concept exploit. Source: USN-4559-1: Samba update

No Image

USN-4558-1: libapreq2 vulnerabilities

2020-09-30 KENNETH 0

USN-4558-1: libapreq2 vulnerabilities It was discovered that libapreq2 did not properly sanitize the Content-Type field in certain, crafted HTTP requests. An attacker could use this vulnerability to cause libapreq2 to crash. Source: USN-4558-1: libapreq2 vulnerabilities

No Image

USN-4557-1: Tomcat vulnerabilities

2020-09-30 KENNETH 0

USN-4557-1: Tomcat vulnerabilities It was discovered that the Tomcat realm implementations incorrectly handled passwords when a username didn’t exist. A remote attacker could possibly use this issue to enumerate usernames. (CVE-2016-0762) Alvaro Munoz and Alexander Mirosh discovered that Tomcat incorrectly limited use of a certain utility method. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-5018) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-6794) It was discovered that Tomcat incorrectly controlled certain configuration parameters. A malicious application could possibly use this to bypass Security Manager restrictions. (CVE-2016-6796) It was discovered that Tomcat incorrectly limited access to global JNDI resources. A malicious application could use this to access any global JNDI resource without an explicit ResourceLink. (CVE-2016-6797) Regis Leroy discovered that Tomcat [ more… ]

Diagnostic Logging with the NGINX JavaScript Module

2020-09-30 KENNETH 0

Diagnostic Logging with the NGINX JavaScript Module Troubleshooting in Production Without Tuning the Error Log Editor – This blog is one of several that discuss logging with NGINX and NGINX Plus. Please also see: Application Tracing with NGINX and NGINX Plus Sampling Requests with NGINX Conditional Logging It’s also one of many blogs about use cases for the NGINX JavaScript module. For the complete list, see Introduction to the NGINX JavaScript Module. NGINX helps organizations of all sizes to run their mission‑critical websites, applications, and APIs. Regardless of your scale and choice of deployment infrastructure, running in production is not easy. In this article we talk about just one of the hard things about a production deployment – logging. More specifically, we discuss the balancing act of collecting the right amount of detailed logs for troubleshooting without being swamped with unnecessary data. [ more… ]

No Image

USN-4556-1: netqmail vulnerabilities

2020-09-30 KENNETH 0

USN-4556-1: netqmail vulnerabilities It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. (CVE-2005-1513, CVE-2005-1514, CVE-2005-1515) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. (CVE-2020-3811) It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this vulnerability to cause netqmail to disclose sensitive information. (CVE-2020-3812) Source: USN-4556-1: netqmail vulnerabilities