Archive
Highly critical “Ghost” allowing code execution affects most Linux systems – #Vulnerability, #Security, #Linux
And here it continues, another critical vulnerability that affects most Linux systems. Ensure that your system is updated and rebooted!!
More information about Citrix affected systems can be found here:
Citrix Security Advisory for glibc GHOST Vulnerability (CVE-2015-0235)
http://support.citrix.com/article/CTX200391
Here is a great article on the vulnerability itself from arstechnica.com:
An extremely critical vulnerability affecting most Linux distributions gives attackers the ability to execute malicious code on servers used to deliver e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed “Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. In a blog post published Tuesday, researchers from security firm Qualys said they were able to write proof-of-concept exploit code that carried out a full-fledged remote code execution attack against the Exim mail server. The exploit bypassed all existing exploit protections available on both 32-bit and 64-bit systems, including address space layout randomization, position independent executions, and no execute protections. Qualys has not yet published the exploit code but eventually plans to make it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains standard functions that programs written in the C and C++ languages use to carry out common tasks. The vulnerability also affects Linux programs written in Python, Ruby, and most other languages because they also rely on glibc. As a result, most Linux systems should be presumed vulnerable unless they run an alternative to glibc or use a glibc version that contains the update from two years ago. The specter of so many systems being susceptible to an exploit with such severe consequences is prompting concern among many security professionals. Read more…
#Citrix #NetScaler Application Delivery Controller Denial of Service Vulnerability
A denial of service vulnerability has been identified in Citrix NetScaler Application Delivery Controller (ADC). This vulnerability, when exploited, could cause the Citrix NetScaler appliance to become temporarily unavailable for normal use.
This vulnerability affects Citrix NetScaler ADC version 10.0 prior to version 10.0-76.7 only.
Citrix NetScaler ADC versions 10.1 and 9.3 are not affected by this vulnerability.
Continue reading here!
//Richard
Enable Enterprise #Mobility and Secure Android, iOS and Windows Devices – #BYOD
This is a good blog post from Christopher Campbell that also has links to Citrix BYOD Solutions and Citrix BYOD Starter Kit.
Lots of devices with many different operating systems. Lots of users bringing Android, iOS and Windows mobile devices into the workplace. Securing all these devices and the apps and data they’re accessing can make enabling Enterprise Mobility an intimidating task. Is it going to be BYOD, COPE, MDM, MAM, MIM or a combination? One size doesn’t fit all and addressing these challenges can be painful if you’re deploying a multiple vendor solution stack.
Some of the top mobile threats now include but are not limited to:
- Data loss from lost and stolen devices
- Information stealing mobile malware
- Vulnerabilities from device, OS and 3rd party apps
- Insecure Wi-Fi, network access and rogue access points
- Insufficient management tools and capabilities
Join Citrix Chief Security Strategist Kurt Roemer to find out how IT can maintain control and protect business information accessed from Android, iOS and Windows tablets and smartphones.
Watch Now and you will learn:
- Security considerations and risk mitigation options when supporting BYOD
- The architecture required to support tablets and smartphones accessing sensitive business information
- How Citrix BYOD solutions enable secure access to enterprise desktops, apps and files from any device
- Best practices for IT to maintain control over Android, Apple iOS and Windows tablets and smartphones used in the workplace
WATCH ON-DEMAND TODAY and learn how to make a complete end-to-end, fully integrated Enterprise Mobility solution work for the business, user and IT…
Continue reading here!
//Richard
Vulnerability in Remote Desktop Client – #RDS
Microsoft Security Bulletin MS13-029 – Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
Published: Tuesday, April 09, 2013 | Updated: Wednesday, April 10, 2013
Version: 1.1
This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop Connection 7.1 Client where affected on Windows XP, Windows Vista, and Windows 7. It is rated Moderate for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop 7.1 Client where affected on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that Remote Desktop Client handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Most customers have automatic updating enabled…
Continue reading here!
//Richard
Vulnerability in #Citrix Access Gateway Standard Edition 5.0 – #AG
Vulnerability in Citrix Access Gateway Standard Edition 5.0 Could Result in Unauthorized Access to Network Resources
Document ID: CTX136623 / Created On: Mar 5, 2013 / Updated On: Mar 5, 2013
(1 ratings)
Description of Problem
A vulnerability has been identified in Citrix Access Gateway Standard Edition that could allow an unauthenticated user to gain access to network resources.
This vulnerability has been assigned the following CVE number:
• CVE-2013-2263
This vulnerability affects all 5.0.x versions of the Citrix Access Gateway Standard Edition appliance firmware earlier than 5.0.4.223524.
Citrix Access Gateway Standard Edition versions 4.5.x and 4.6.x are not affected by this vulnerability.
What Customers Should Do
A patch for version 5.0.4 of the Citrix Access Gateway Standard Edition firmware has been released to address this vulnerability. Citrix strongly recommends that all customers using affected versions of Citrix Access Gateway Standard Edition apply this patch to their appliances as soon as possible.
This patch can be found at the following location under the Appliance Firmware section (you will need to login with your MyCitrix ID):
http://www.citrix.com/downloads/netscaler-access-gateway/product-software/access-gateway-504.html
Acknowledgements
Citrix thanks Ben Williams, David Middlehurst and James Eaton-Lee of NCCGroup (http://www.nccgroup.com) for working with us to protect Citrix customers.
What Citrix Is Doing
Citrix is notifying customers and channel partners…
Continue reading here!
//Richard
MS to Release Emergency IE Patch on Monday – #Microsoft, #IE – via @appcompatguy
The patch will fix a vulnerability in Internet Explorer 6, 7 and 8
Sun, January 13, 2013
IDG News Service — Microsoft will release a patch on Monday for older versions of its Internet Explorer browser, deviating from its normal repair schedule due to the seriousness of the problem.
The vulnerability, which is present in IE 6, 7 and 8, is a memory corruption issue. It can be exploited by an attacker via a drive-by download, a term for loading a website with attack code that delivers malware to a victim’s computer if the person merely visits the website.
Microsoft released a quick fix for the issue earlier this month, but did not have a more permanent patch ready when it released its monthly batch of patches last Tuesday. The company will occasionally release an emergency patch if the software vulnerability is considered a high risk.
“While we have still seen only a limited number of customers affected by the issue, the potential exists that more customers could be affected in the future,” wrote Dustin Childs, group manager for the company’s Trustworthy Computing Group, on a company blog on Sunday.
The patch, which will be released at 10 AM PST, will be distributed through Windows Update. Childs wrote users…
Continue reading here!
//Richard
Vulnerability in Citrix Receiver with Online Plug-in for Windows could result in arbitrary code execution
Severity: Medium
Description of Problem
A vulnerability has been identified in the Citrix Receiver with Online Plug-in for Windows that could potentially allow an attacker to execute arbitrary code on the client device in the context of the currently logged in user.
This vulnerability is present in all versions of the Citrix Receiver for Windows up to and including version 3.2 and all versions of the Citrix Online Plug-in for Windows up to and including version 12.1.
For more information click here!
//Richard
The IT Melting Pot! 