Customer Alert: “GHOST” Vulnerability on Linux Systems

By | January 30th, 2015|Uncategorized|

Ghost VulnerabilityOn January 27, 2015, Qualys, Inc., the leading provider of cloud security and compliance solutions, announced that its security research team discovered a vulnerability in the Linux GNU C Library known as (glibc). This vulnerability, called “GHOST (CVE-2015-0235),” allows attackers to remotely take control of a system without having prior knowledge of system credentials. This exposure can be triggered by a buffer overflow in a system library that affects many, if not most, Linux distributions.

The recommended resolution for addressing the GHOST vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by your Linux vendor.

CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We strongly recommend that our customers running Linux-based systems take the same proactive approach with respect to any and all machines that are potentially vulnerable to the GHOST vulnerability.

For more information, please visit the Qualys Security Advisory.

Customer Alert: POODLE Vulnerability

By | October 16th, 2014|Uncategorized|

On October 14, 2014, three Google researchers announced the details of a vulnerability in the design of SSL version 3 named the POODLE (Passing Oracle On Downgraded Legacy Encryption) vulnerability. This vulnerability affects all implementations of SSLv3.0 protocol, but does not affect the newer encryption mechanism known as TLS (Transport Security Layer). Under the right conditions, the POODLE vulnerability would allow a cyber-criminal to hijack and decrypt the session cookie that identifies your browser to a service, and then take control of your accounts without needing your password. The POODLE vulnerability is being considered less severe than Heartbleed and Shellshock, since in order to exploit the vulnerability you must be running JavaScript, and the attacker has to be on the same network as you.

Secure Sockets Layer (SSL) protocol is primarily used to encrypt traffic between a browser and website.

Google’s security team has recommended that businesses disable SSLv3.0 immediately and use TLS 1.1 or 1.2 in order to avoid the problem. As an individual, it is recommended that you disable SSLv3.0 in your browser immediately to secure yourself when surfing websites that still support SSLv3.0. There currently is no patch for this, and SSLv3.0 is considered to have reached the end of its useful life and should be retired.

CSID has disabled SSLv3.0 across all our network traffic. We strongly advise that CSID customers take similar action to immediately disable SSLv3.0 in your environments and use an alternative encryption mechanism.

For more information on the POODLE vulnerability, visit the Red Hat Security Blog.

News Recap: An Update on the Shellshock Bug

By | October 9th, 2014|Uncategorized|

Shellshock BugOn September 24, 2014, the Shellshock bug was discovered, exposing vulnerabilities in Unix and Linux machines. The aftermath of the Shellshock bug has continued to stay in headlines as a wave of new vulnerabilities have emerged.

Threatpost’s Michael Mimoso explains that Shellshock has been actively exploited: “Analysis into the vulnerability and Bash behavior once it was patched gave birth to a half-dozen vulnerabilities in all, each with a different degree of severity.”For example, “Mayhem,” a type of malware that was discovered in April, is now using Shellshock as a way to infect servers.

“In the past, the malware used a PHP script to infect servers, but the latest version uploads a script in the Perl programming language via the Shellshock vulnerability,” said eWeek reporter Robert Lemos.

Some speculate that Shellshock may be worse than Heartbleed, but many experts believe that the worst of Shellshock is already behind us.

Tom’s Guide’s Marshall Honorof explains that the “bottom line is that while a very enterprising malefactor could use Shellshock’s tricks to affect a Windows system, system administrators can take prophylactic measures against it, and everyday users don’t have to worry about it. With fixes for the various affected Unix-like operating systems already being deployed as well, Shellshock’s potential impact should continue to diminish over time.”

Do you have any questions about Shellshock? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Customer Alert: ‘Shellshock’ Bug

By | September 26th, 2014|Uncategorized|

On September 24, 2014, Red Hat, Inc., the software company that provides a version of the Linux Operating System, indicated that its security team discovered a vulnerability in the command line interface functionality known as “Bash” (Bourne-Again Shell). This vulnerability, called “Shellshock,” is believed to pose a larger threat than the Heartbleed vulnerability that was discovered in April 2014. Shellshock poses a serious threat because cyber criminals could exploit the vulnerability and execute arbitrary code in order to gain control of servers. This exposure extends to any Unix and Linux machine via Web requests, CentOS machines, Mac computers, or any program that runs software with Bash functionality.

The recommended resolution for addressing the Shellshock vulnerability is to apply the latest patches, which have been specifically developed to address this issue, distributed by the Operating System (OS) vendors, e.g., Red Hat, Apple and others. Please note, however, that the current patch set is under development and may not provide complete protection from this vulnerability.

CSID customers should be assured that we have evaluated our systems for any exposure and patched our Linux servers in all environments, up to and including Production. We will continue to test and apply security patches to our servers as they become available from the OS vendors.

We strongly recommend that our customers take the same proactive approach with respect to any and all machines that potentially have the Bash Security Vulnerability.

For more information, please visit the Red Hat Security Blog.

Update: Apple has released updates to insulate Mac OS X systems from teh dangerous “Shellshock” bug. Patches are available from the following links for OS X Mavericks, Mountain Lion and Lion.

 

Load More Posts