绿盟科技发布了本周安全通告,周报编号NSFOCUS-17-25,绿盟科技漏洞库本周新增40条,其中高危11条。本次周报建议大家关注 多个Apache httpd安全漏洞 。Apache官方已经针对2.2.x以及2.4.x发布了相应的2.2.33-dev以及2.4.26新版本修复了上述各漏洞,请受影响的用户及时下载更新至最新版本来防护漏洞。
焦点漏洞
多个Apache httpd安全漏洞
- NSFOCUS ID
- 36932
- 36933
- 36934
- 36935
- 36936
- CVE ID
- CVE-2017-7679
- CVE-2017-7668
- CVE-2017-3167
- CVE-2017-3169
- CVE-2017-7659
受影响版本
- Apache httpd 2.2.x < 2.2.33-dev
- Apache httpd 2.4.x < 2.4.26
漏洞点评
近日,Apache官方发布了httpd的新版本修复了多个安全漏洞,涉及CVE-2017-3167,CVE-2017-3169,CVE-2017-7659,CVE-2017-7668,CVE-2017-7679,可以造成身份验证被绕过以及拒绝服务攻击等。大部分Apache httpd 2.2.x以及2.4.x版本均受影响。Apache官方已经针对2.2.x以及2.4.x发布了相应的2.2.33-dev以及2.4.26新版本修复了上述各漏洞,请受影响的用户及时下载更新至最新版本来防护漏洞。请参考如下连接:
- 2.2.x版本:https://httpd.apache.org/security/vulnerabilities_22.html
- 2.4.x版本:https://httpd.apache.org/security/vulnerabilities_24.html
(数据来源:绿盟科技安全研究部&产品规则组)
互联网安全态势
CVE统计
最近一周CVE公告总数与前期相比持续上升,高危漏洞数量也大幅攀升。值得关注的高危漏洞如下:
威胁信息回顾
- 标题:New Fileless Ransomware with Code Injection Ability Detected in the Wild
- 时间:2017-06-19
- 摘要:Security researchers have recently discovered a new fileless ransomware, dubbed “Sorebrect,” which injects malicious code into a legitimate system process (svchost.exe) on a targeted system and then self-destruct itself in order to evade detection.
- 链接:http://thehackernews.com/2017/06/fileless-ransomware-code-injection.html
- 标题:Hacker Admits Stealing Satellite Data from DoD
- 时间:2017-06-19
- 摘要:A British man from Sutton Coldfield on Thursday pleaded guilty to stealing user accounts from a U.S. military communications system, the UK’s National Crime Agency (NCA) announced.
- 链接:http://www.securityweek.com/hacker-admits-stealing-satellite-data-dod
- 标题:微软将于今秋Windows更新中默认禁用SMBv1
- 时间:2017-06-19
- 摘要:近期的一系列攻击均针对微软服务器消息块协议(SMB),该软件巨头计划在下次更新中默认禁用SMBv1。
- 链接:http://www.searchsecurity.com.cn/showcontent_95121.htm
- 标题: 美共和党营销公司发生数据泄露
- 时间:2017-06-19
- 摘要:在共和党国家委员会签约的一家营销公司 本月泄漏了超过1.98亿美国公民的政治数据 。数据泄露包含大约61%的美国人大量个人信息。除了家庭地址,出生日期和电话号码之外,这些记录还包括政治团体采用的先进情绪分析来预测个人选民如何处理热门问题,如枪支所有权,干细胞研究和堕胎权,以及宗教信仰和种族。
- 链接:http://toutiao.secjia.com/republican-marketing-data-leaked-200-million-voters-data
- 标题:Mexican Govt. Allegedly Used Spyware Against Journalists, Activists & A Child
- 时间:2017-06-19
- 摘要:After the disclosure of sophisticated global espionage and disinformation campaign aimed to discredit enemies of the state, Citizen Lab researchers exposed the dirty game of the Mexican government and its politics.
- 链接:http://thehackernews.com/2017/06/mexican-spyware-malware.html
- 标题: 新版银行木马Pinkslipbot
- 时间:2017-06-19
- 摘要:Pinkslipbot是一款银行木马,它使用复杂的多阶段代理,实现基于HTTPS的控制服务器通信。迈克菲实验室安全研究人员发现了银行木马Pinkslipbot(又称为QakBot或QBot)的一个新型变种,该变种利用UPnP开放端口(即使端口位于网络地址转换(NAT)路由器之后),使任何人均可通过互联网与受感染机器建立入向连接进行通信。
- 链接:http://toutiao.secjia.com/new-banking-trojan-pinkslipbot
- 标题: Web host agrees to pay $1m after it’s hit by Linux-targeting ransomware
- 时间:2017-06-19
- 摘要:Windfall payment by poorly secured host is likely to inspire new ransomware attacks.
- 链接:https://arstechnica.com/security/2017/06/web-host-agrees-to-pay-1m-after-its-hit-by-linux-targeting-ransomware/
- 标题:Stack Clash vulnerability allows an attacker to execute code as root
- 时间:2017-06-20
- 摘要:Stack Clash is a local privilege escalation flaw in Linux, BSD, Solaris and other open source systems that allows an attacker to execute code as root.
- 链接:http://securityaffairs.co/wordpress/60248/hacking/stack-clash-vulnerability.html
- 标题:Two Ztorg Trojans Removed from Google Play Store Are Definitely Better
- 时间:2017-06-20
- 摘要:For the second time in a month, Google removed malicious apps infected with the Ztorg Trojans that could allow attackers to root targeted devices.
- 链接:http://securityaffairs.co/wordpress/60272/malware/ztorg-trojans-google-play-store.html
- 标题:TrickBot gang is back with new campaigns targeting Payment Processors and CRM Providers
- 时间:2017-06-20
- 摘要:Threat actors behind the financial trojan TrickBot have been updating its campaigns targeting Payment Processors and CRM Providers.
- 链接:http://securityaffairs.co/wordpress/60262/cyber-crime/trickbot-new-campaigns.html
- 标题:University College London Ransomware Linked to AdGholas Malvertising Group
- 时间:2017-06-20
- 摘要:A ransomware attack that closed off access to personal and shared drives at University College London last week has been linked to a malvertising campaign spreading Mole, a variant of CryptoMix ransomware.
- 链接:https://threatpost.com/university-college-london-ransomware-linked-to-adgholas-malvertising-group/126405/
- 标题:NSA Opens Github Account — Lists 32 Projects Developed by the Agency
- 时间:2017-06-21
- 摘要:The National Security Agency (NSA) — the United States intelligence agency which is known for its secrecy and working in the dark — has finally joined GitHub and launched an official GitHub page.
- 链接:http://thehackernews.com/2017/06/nsa-github-projects.html
- 标题: WannaCry Is Not Dead! Hits Honda & Traffic Light Camera System
- 时间:2017-06-22
- 摘要:The WannaCry ransomware shuts down hospitals, telecom providers, and many businesses worldwide, infecting over 300,000 Windows systems running SMBv1 in more than 150 countries within just 72 hours on 12th of May.
- 链接:http://thehackernews.com/2017/06/honda-wannacry-attack.html
- 标题: Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly
- 时间:2017-06-22
- 摘要:WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures.
- 链接:http://thehackernews.com/2017/06/wikileaks-Brutal-Kangaroo-airgap-malware.html
- 标题:Critical RCE Flaw Found in OpenVPN that Escaped Two Recent Security Audits
- 时间:2017-06-22
- 摘要:A security researcher has found four vulnerabilities, including a critical remote code execution bug, in OpenVPN, those were not even caught in the two big security audits of the open source VPN software this year.
- 链接:http://thehackernews.com/2017/06/openvpn-security-flaw_21.html
(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)
绿盟科技漏洞研究
绿盟科技漏洞库新增40条
截止到2017年6月23日,绿盟科技漏洞库已收录总条目达到36966条。本周新增漏洞记录40条,其中高危漏洞数量11条,中危漏洞数量23条,低危漏洞数量6条。
- QEMU 拒绝服务漏洞(CVE-2017-9374)
- 危险等级:低
- BID:98905
- cve编号:CVE-2017-9374
- QEMU ‘hw/usb/hcd-xhci.c’拒绝服务漏洞(CVE-2017-9375)
- 危险等级:低
- BID:98915
- cve编号:CVE-2017-9375
- QEMU 拒绝服务漏洞(CVE-2017-9503)
- 危险等级:低
- BID:99010
- cve编号:CVE-2017-9503
- Citrix XenMobile Server XML外部实体信息泄露漏洞(CVE-2017-9231)
- 危险等级:中
- BID:98995
- cve编号:CVE-2017-9231
- QEMU 拒绝服务漏洞(CVE-2017-9373)
- 危险等级:低
- BID:98921
- cve编号:CVE-2017-9373
- Apache HTTP Server mod_mime缓冲区溢出漏洞(CVE-2017-7679)
- 危险等级:高
- cve编号:CVE-2017-7679
- Apache HTTP Server 缓冲区溢出漏洞(CVE-2017-7668)
- 危险等级:高
- cve编号:CVE-2017-7668
- Apache HTTP Server ap_get_basic_auth_pw身份验证绕过漏洞(CVE-2017-3167)
- 危险等级:高
- cve编号:CVE-2017-3167
- Apache HTTP Server mod_ssl空指针间接引用漏洞(CVE-2017-3169)
- 危险等级:高
- cve编号:CVE-2017-3169
- Apache HTTP Server mod_http2 空指针间接引用漏洞(CVE-2017-7659)
- 危险等级:高
- cve编号:CVE-2017-7659
- Linux Kernel 本地拒绝服务漏洞(CVE-2017-8064)
- 危险等级:中
- BID:97975
- cve编号:CVE-2017-8064
- 389 Directory Server信息泄露漏洞(CVE-2016-5416)
- 危险等级:中
- BID:99097
- cve编号:CVE-2016-5416
- VMware vSphere Data Protection身份验证绕过漏洞(CVE-2016-7456)
- 危险等级:中
- BID:94990
- cve编号:CVE-2016-7456
- FreeType 2 越界写缓冲区溢出漏洞(CVE-2017-8105)
- 危险等级:中
- BID:99093
- cve编号:CVE-2017-8105
- Ecava IntegraXor SQL注入漏洞(CVE-2017-6050)
- 危险等级:中
- BID:99164
- cve编号:CVE-2017-6050
- GnuTLS 空指针间接引用拒绝服务漏洞(CVE-2017-7507)
- 危险等级:中
- BID:99102
- cve编号:CVE-2017-7507
- Symantec Web Gateway多个跨站脚本漏洞(CVE-2016-9096)
- 危险等级:中
- BID:96297
- cve编号:CVE-2016-9096
- Microsoft Windows Graphics信息泄露漏洞(CVE-2017-8575)
- 危险等级:高
- cve编号:CVE-2017-8575
- Microsoft Windows Graphics权限提升漏洞(CVE-2017-8576)
- 危险等级:高
- cve编号:CVE-2017-8576
- Microsoft Windows DirectX权限提升漏洞(CVE-2017-8579)
- 危险等级:高
- cve编号:CVE-2017-8579
- Cisco StarOS IPsec 拒绝服务漏洞(CVE-2017-3865)
- 危险等级:中
- cve编号:CVE-2017-3865
- Cisco Firepower Management Center跨站脚本漏洞(CVE-2017-6717)
- 危险等级:中
- cve编号:CVE-2017-6717
- Cisco Firepower Management Center跨站脚本漏洞(CVE-2017-6716)
- 危险等级:中
- cve编号:CVE-2017-6716
- Cisco Firepower Management Center跨站脚本漏洞(CVE-2017-6715)
- 危险等级:中
- cve编号:CVE-2017-6715
- Cisco SocialMiner跨站脚本漏洞(CVE-2017-6702)
- 危险等级:中
- cve编号:CVE-2017-6702
- Cisco EPNM/PI SQL注入漏洞(CVE-2017-6698)
- 危险等级:高
- cve编号:CVE-2017-6698
- Cisco PI/EPNM 跨站脚本漏洞(CVE-2017-6700)
- 危险等级:低
- cve编号:CVE-2017-6700
- Cisco Prime Infrastructure/Evolved Programmable Network Manager XML注入漏洞(CVE-2017-6662)
- 危险等级:高
- cve编号:CVE-2017-6662
- Cisco Identity Services Engine跨站脚本漏洞(CVE-2017-6605)
- 危险等级:中
- cve编号:CVE-2017-6605
- Cisco Identity Services Engine跨站脚本漏洞(CVE-2017-6701)
- 危险等级:中
- cve编号:CVE-2017-6701
- Cisco IOS XR Software权限提升漏洞(CVE-2017-6718)
- 危险等级:中
- cve编号:CVE-2017-6718
- Cisco IOS XR Software本地命令注入漏洞(CVE-2017-6719)
- 危险等级:中
- cve编号:CVE-2017-6719
- Cisco EPNM/PI 跨站脚本漏洞(CVE-2017-6699)
- 危险等级:低
- cve编号:CVE-2017-6699
- Cisco Prime Collaboration Provisioning 任意文件下载漏洞(CVE-2017-6704)
- 危险等级:中
- BID:99223
- cve编号:CVE-2017-6704
- Cisco Prime Collaboration Provisioning Tool会话劫持漏洞(CVE-2017-6703)
- 危险等级:中
- BID:99224
- cve编号:CVE-2017-6703
- Cisco WebEx Network Recording Player缓冲区溢出漏洞(CVE-2017-6669)
- 危险等级:高
- BID:99196
- cve编号:CVE-2017-6669
- Cisco Wide Area Application Services远程拒绝服务漏洞(CVE-2017-6721)
- 危险等级:中
- BID:99200
- cve编号:CVE-2017-6721
- Cisco Virtualized Packet Core-Distributed Instance拒绝服务漏洞(CVE-2017-6678)
- 危险等级:中
- BID:99195
- cve编号:CVE-2017-6678
- Cisco Prime Collaboration Provisioning Tool本地信息泄露漏洞(CVE-2017-6706)
- 危险等级:中
- BID:99204
- cve编号:CVE-2017-6706
- Cisco Prime Collaboration Provisioning Tool本地信息泄露漏洞(CVE-2017-6705)
- 危险等级:中
- BID:99206
- cve编号:CVE-2017-6705
(数据来源:绿盟科技安全研究部&产品规则组)
原文发布时间:2017年6月26日
本文由:绿盟科技发布,版权归属于原作者
原文链接:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201725
时间: 2024-08-30 13:26:23