Government of the Republic of Trinidad and Tobago
gov.tt

Securing the Nation's Digital Infrastructure

TTCSIRT-046.092617: TT-CSIRT Advisory – Apple Security Updates

Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows: a) An ssh:// URL scheme handling issue was addressed through improved input validation (CVE-2017-1000117) b) Multiple memory corruption issues were addressed with improved memory …

TTCSIRT-045.092617: TT-CSIRT Advisory – Chrome Security Updates

Multiple vulnerabilities have been discovered in Google Chrome, which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: Out-of-bounds access in V8. (CVE-2017-5121, CVE-2017-5122) Successful exploitation of these vulnerabilities could allow an attacker …

TTCSIRT-044.092117: TT-CSIRT Advisory – Samba Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba – a) A man in the middle attack may hijack client connections. b) A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used …

TTCSIRT-043.092117: TT-CSIRT Advisory – CISCO Security Updates

Cisco has released updates to address vulnerabilities affecting the following products: a) Unified Customer Voice Portal Operations Console – a vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. b) Cisco …

TTCSIRT-042.091417: TT-CSIRT Advisory – Bluetooth Security Updates

A collection of Bluetooth implementation vulnerabilities known as “BlueBorne” has been released. These vulnerabilities collectively affect Windows, iOS, and Linux-kernel-based operating systems including Android and Tizen and may in worst case allow an unauthenticated attacker to perform commands on the device. The following vulnerabilities have been identified in various Bluetooth implementations: 1) CWE-120: Buffer Copy …

TTCSIRT-041.091417: TT-CSIRT Advisory – Microsoft Security Updates

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. A full list of all vulnerabilities can be found at https://portal.msrc.microsoft.com/en-us/security-guidance Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the …

TTCSIRT-040.090617: TT-CSIRT Advisory – Apache Security Updates

A vulnerability has been discovered in Apache Struts which could allow for remote code execution. This vulnerability exists because the REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. Successful exploitation of this vulnerability could allow …

TTCSIRT-039.090617: TT-CSIRT Advisory – Chrome Security Updates

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: a) Use after free in PDFium – (CVE-2017-5111) b) Heap buffer …

TTCSIRT-038.090117: TT-CSIRT Advisory – PHP Security Updates

Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code: a)Fixed bug #74947 (Segfault in scanner on INF number). b) Fixed bug #74954 (null deref and segfault in zend_generator_resume()). c) Fixed bug #74725 (html_errors=1 breaks unhandled exceptions). d) Fixed bug #74125 (Fixed finding CURL on …

TTCSIRT-037.090117: TT-CSIRT Advisory – Adobe Security Updates

Adobe has released a security updates stating that Adobe Flash Player is prone to the following vulnerabilities: a) A security bypass vulnerability that could lead to information disclosure. b) A type confusion vulnerability that could lead to code execution (CVE-2017-3106) Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining …