From security em unicamp.br Thu Oct 6 16:57:11 2022 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 6 Oct 2022 16:57:11 -0300 Subject: [SECURITY-L] [SECURITY] [DSA 5251-1] isc-dhcp security update Message-ID: - ------------------------------------------------------------------------- Debian Security Advisory DSA-5251-1 security em debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 06, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : isc-dhcp CVE ID : CVE-2022-2928 CVE-2022-2929 Debian Bug : 1021320 Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. CVE-2022-2928 https://kb.isc.org/docs/cve-2022-2928 It was discovered that the DHCP server does not correctly perform option reference counting when configured with "allow leasequery;". A remote attacker can take advantage of this flaw to cause a denial of service (daemon crash). CVE-2022-2929 https://kb.isc.org/docs/cve-2022-2929 It was discovered that the DHCP server is prone to a memory leak flaw when handling contents of option 81 (fqdn) data received in a DHCP packet. A remote attacker can take advantage of this flaw to cause DHCP servers to consume resources, resulting in denial of service. For the stable distribution (bullseye), these problems have been fixed in version 4.4.1-2.3+deb11u1. We recommend that you upgrade your isc-dhcp packages. For the detailed security status of isc-dhcp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/isc-dhcp Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce em lists.debian.org === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Fri Oct 7 14:23:00 2022 From: security em unicamp.br (CSIRT Unicamp) Date: Fri, 7 Oct 2022 14:23:00 -0300 Subject: [SECURITY-L] CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy Message-ID: https://www.tenable.com/blog/cve-2022-40684-critical-authentication-bypass-in-fortios-and-fortiproxy CVE-2022-40684 is a critical authentication bypass vulnerability that received a CVSSv3 score of 9.6. By sending specially crafted HTTP or HTTPS requests to a vulnerable target, a remote attacker with access to the management interface could perform administrator operations. At this time, there is no information on whether this vulnerability has been exploited in attacks. But, given threat actors? penchant for targeting FortiOS vulnerabilities, Fortinet?s recommendation to remediate this vulnerability ?with the utmost urgency? is appropriate. === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Thu Oct 13 14:46:17 2022 From: security em unicamp.br (CSIRT Unicamp) Date: Thu, 13 Oct 2022 14:46:17 -0300 Subject: [SECURITY-L] =?utf-8?q?Fwd=3A_=5BRNP/CAIS_Alerta_=230085=5D_Vuln?= =?utf-8?q?erabilidades_cr=C3=ADticas_em_equipamentos_Fortinet?= In-Reply-To: <227009595.1261223.1665509697356.JavaMail.zimbra@rnp.br> References: <1897443822.1261123.1665509000143.JavaMail.zimbra@rnp.br> <227009595.1261223.1665509697356.JavaMail.zimbra@rnp.br> Message-ID: ---------- Forwarded message --------- De: CAIS/RNP Alerta Date: ter., 11 de out. de 2022 às 14:44 Subject: [RNP/CAIS Alerta #0085] Vulnerabilidades críticas em equipamentos Fortinet To: rnp-alerta -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 CAIS-Alerta [11/10/2022]: Vulnerabilidades críticas em equipamentos Fortinet Prezados, O CAIS alerta para recentes vulnerabilidades críticas em produtos Fortinet que permitem execução remota de código. Já existem relatos da exploração ativa da vulnerabilidade na Internet. Descrição A vulnerabilidade, que pode ser explorada remotamente, permite usuários maliciosos burlarem os mecanismos de autenticação e dessa forma operar e executar comandos com privilégios administrativos nas plataformas afetadas. Sistemas impactados Plataformas FortiOS, FortiProxy e FortiSwitchManager Versões afetadas FortiOS versões 7.0.0 a 7.0.6 e 7.2.0 a 7.2.1 FortiProxy versões 7.0.0 a 7.0.6 e 7.2.0 FortiSwitchManager versões 7.0.0 e 7.2.0 Correções disponíveis A Fortinet recomenda a imediata atualização das plataformas para versões atualizadas de acordo com a matriz de atualização do fabricante. Como solução alternativa, a fabricante Fortinet recomenda a restrição de acesso administrativo apenas para origens autorizadas, caso ainda não seja implementado tal recurso, ou a desativação da função administrativa via protocolos HTTP/HTTPS. Identificadores CVE (http://cve.mitre.org) CVE-2022-40684 Mais informações - - https://www.fortiguard.com/psirt/FG-IR-22-377 - - https://www.bleepingcomputer.com/news/security/fortinet-warns-admins-to-patch-critical-auth-bypass-bug-immediately/ - - https://www.bleepingcomputer.com/news/security/fortinet-says-critical-auth-bypass-bug-is-exploited-in-attacks/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40684 O CAIS recomenda que os administradores mantenham seus sistemas e aplicativos sempre atualizados, de acordo com as últimas versões e correções oferecidas pelos fabricantes. Os alertas do CAIS também podem ser acompanhados pelas redes sociais da RNP. Siga-nos!! Twitter: @RedeRNP Facebook: facebook.com/RedeNacionaldeEnsinoePesquisaRNP. ################################################################ # CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA (CAIS) # # Rede Nacional de Ensino e Pesquisa (RNP) # # # # cais em cais.rnp.br https://cais.rnp.br/ # # Tel. 019-37873300 Fax. 019-37873301 # # Chave PGP disponivel https://www.rnp.br/cais/cais-pgp.key # ################################################################ -----BEGIN PGP SIGNATURE----- Version: OpenPGP.js v2.6.2 Comment: https://openpgpjs.org wsFcBAEBCAAQBQJjRaluCRDU96v9U5pXgAAA4jYP/iboQ9pU3TWb1M/uBQfM R4FtM6lvEmh+LbwuywTRtuPyLSTFN0h84qdPezt3aSg6JYGfgZceRUkfa1fU 2qo78xK/Wt+2ZUCl8SkR7M1XIPs62kVS+EW6GM9dxzdhivAP8Vr9Xk8qHwLH RO7Ef0RDuRb881q9FBfzndqOswD4uzEpI8lGJYgLY3xEOj6T5L+YhUrilOJv s9F9/5fpOKPgz9i7rkdRmz2ne+w0o3GDvbMpPDhEYFJrbZCqSBUr96je5Br0 2vwUkC8GmLMNujgErCTx2SD3tEknD5vkFnoy1HN27Am7xqy9tl8Qk2HAGn8u TuGGdwuf6pcuKfW2ku9EMMuJ6zpPbrDpJ088g8pL64PDv/GT9ir9cUte2GXx VKGKPTzEw3a9M6fhOy80LoPc1CuTo0tWbllD/zfSzoPrN/SBs1mM/i+yUogj xbIQguQ8+yplap4SDLQ6ZLvWZMVaWIuZyMIkGgdEzuG5+t8+H1xPpbgFhrUE ri/R6OJWg2+Y8UuyMBc0YVxKuX5nbw6PqEMQ7NpRwDDlVt3rqeH6CoZ3hjS5 RlzMKJS6B1e0iarw8za5VL0JgmJzhNL87wXZMbWjBY4upP618QjdzifHK8ct WcHMoNWRL5qzLuQCW+NRQoZ0s04ZTRT+Ek4LBbQ5JZJxAKvsAYse5vDH0PdD sSLV =IiVV -----END PGP SIGNATURE----- _______________________________________________ RNP-Alerta rnp-alerta em listas.rnp.br https://listas.rnp.br/mailman/listinfo/rnp-alerta -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: From security em unicamp.br Mon Oct 31 09:07:36 2022 From: security em unicamp.br (CSIRT Unicamp) Date: Mon, 31 Oct 2022 09:07:36 -0300 Subject: [SECURITY-L] OpenSSL Critical Vulnerability Disclosure Message-ID: Critical OpenSSL fix due Nov 1?what you need to know Posted: October 27, 2022 by Malwarebytes Labs A fix for a critical issue in OpenSSL is on the way, announced in advance of its release on November 1, 2022, in a four hour window between 13:00 UTC and 17:00 UTC. The release, version 3.0.7, will address a critical vulnerability for all versions of the software starting with a 3. Versions starting with a 1 are unaffected. A separate release for that branch of the software, version 1.1.1, is scheduled for the same day but it is a bug fix and is not related to this issue. Outras informações https://www.malwarebytes.com/blog/news/2022/10/critical-openssl-fix-due-november-1st-get-ready-to-patch https://blog.checkpoint.com/2022/10/30/openssl-gives-heads-up-to-critical-vulnerability-disclosure-check-point-alerts-organizations-to-prepare-now/ === Computer Security Incident Response Team - CSIRT Universidade Estadual de Campinas - Unicamp Centro de Computacao - CCUEC GnuPG Public Key: http://www.security.unicamp.br/security.asc [^] Contato: +55 19 3521-2289 ou INOC-DBA: 1251*830 -------------- Próxima Parte ---------- Um anexo em HTML foi limpo... URL: