4/26/2016

Security Updates For April

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.  

1. The administrative web services interface in Juniper ScreenOS before 6.3.0r21 allows remote attackers to cause a denial of service (reboot) via a crafted SSL packet. There are more denial types of vulnerabilities found in Juniper software. 

Normally admin interface of firewalls should not be opened to the public internet. However, as firewalls and firewall software integrity is extremely important the information technology security we decided to give attention to this vulnerability. This vulnerability was discovered by the manufacturer, so the exploit software does not exist yet. 

More details:
By manipulating TCP timestamps within a TCP session to a reachable listening port, it may be possible for an attacker to trigger a persistent buffer/socket resource exhaustion denial of service DoS attack. Normally, a networked device will time out a session after a number of unsuccessful retransmission events, occurring at increasing intervals. However, in this case, a crafted sequence of TCP packets will cause the device to not try to retransmit, allowing the attacker to create sockets that will be long-lived without the need to maintain state on them.

2. Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. We do not think that it is a serious threat but wanted to mention this CVE-2015-8778 that needs to be patched during next patching cycle. 

3. Hypervisor weaknesses are always attract our attention. This one is another interesting case when encapsulation can be broken and guest can harm the physical host. Here is the description from Xen:
In the x86 shadow pagetable code, the guest frame number of a superpage mapping is stored in a 32-bit field.  If a shadowed guest can cause a superpage mapping of a guest-physical address at or above 2^44 to be shadowed, the top bits of the address will be lost, causing an assertion failure or NULL dereference later on, in code that removes the shadow.

Impact:
A HVM guest using shadow pagetables can cause the host to crash.

A PV guest using shadow pagetables (i.e. being migrated) with PV superpages enabled (which is not the default) can crash the host, or corrupt hypervisor memory, and so a privilege escalation cannot be ruled out.

If you feel that you need assistance from the Digital Edge Security team, please contact Danielle Saladis at dsaladis@DIGITALEDGE.NET or open a ticket through Digital Edge web site at https://www.digitaledge.net

Digital Edge is committed to providing the highest levels of security within all the IT infrastructure environments under its care. In order to achieve this utmost goal for all of our clients, we continuously maintain vigilance both on the productive side of IT as well as on its destructive side. We thus send out news and security bulletins such as this one from time to time to ensure that our clients are informed and educated on any important developments in IT security and are fully aware of what we are doing to ensure that we and our clients are always at the Cutting and at the Digital Edge of technology.

Was this article helpful?
Michael Petrov
Founder, Chief Executive Officer

Michael brings 20 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank.

LET'S TALK: 800-714-5143