TTCSIRT-087.020818: TT-CSIRT Advisory – Linux Security Updates

TTCSIRT-087.020818: TT-CSIRT Advisory – Linux Security Updates

A vulnerability has been discovered in the GNU C Library of all Linux Distributions which could allow for arbitrary code execution. It is caused due to internal memalign() and malloc() functions in glibc failing to properly report allocation errors. This vulnerability can be exploited when the system processes maliciously crafted data. Successful exploitation could result […]

TTCSIRT-086.020518: TT-CSIRT Advisory – Adobe Security Updates

Adobe reports that a vulnerability has been discovered in Adobe Flash Player that could allow for remote code execution. This vulnerability occurs due to a use-after-free error (CVE-2018-4878). Depending on the privileges associated with this application, an attacker could then install programs, view, change, or delete data or create new accounts with full user rights. […]

TTCSIRT-085.020518: TT-CSIRT Advisory – HP Security Updates

HP has reported that a vulnerability has been discovered in HP printers which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. HP states that a directory traversal attack could allow […]

TTCSIRT-084.013018: TT-CSIRT Advisory – CISCO Security Updates

Cisco has released a security update stating that a vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free […]

TTCSIRT-082.012418: TT-CSIRT Advisory – KRACK Security Update

WPA2 Key Reinstallation Attacks (KRACKs) Date first published: 23/1/2018   1.0 Introduction TT-CSIRT wishes to advise that weaknesses have been discovered in the Wi-Fi Protected Access 2 (WPA2) protocol used to secure wireless networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Attackers can use these exploits […]

TTCSIRT-081.012418: TT-CSIRT Advisory – Apple Security Updates

Apple has released security updates stating that the following vulnerabilities have been discovered in Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS: a) A certificate evaluation issue existed in the handling of name constraints – (CVE-2018-4086) b) An application may be able to execute arbitrary code with kernel privileges – (CVE-2018-4097) c) A […]

TTCSIRT-080.012218: TT-CSIRT Advisory – Lenovo Security Updates

Lenovo has released a security update for its Enterprise Network Operating System (ENOS) stating that an authentication bypass mechanism known as “HP Backdoor” was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces as well as the SSH and Web management interfaces under certain limited and unlikely conditions. This bypass […]

TTCSIRT-079.012218: TT-CSIRT Advisory – Oracle Security Updates

Oracle has released a January 2018 Critical Patch Update to fix certain products vulnerable to Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Some of the products affected include: a) Application Express, versions prior to 5.1.4.00.08 b) Java Advanced Management Console, version 2.8 c) MySQL Enterprise Monitor, versions 3.3.6.3293 and prior, 3.4.4.4226 and prior, […]

TTCSIRT-078.010418: TT-CSIRT Advisory – SideChannel Vulnerabilities

Security updates have been released stating that CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These vulnerabilities affect many modern processors and operating systems including Intel, AMD, and ARM which can be used to read the content of memory across a trusted boundary and can therefore lead to information […]