Category Archives: Advisories

DSA-5724-1 openssh – security update

Read Time:33 Second

The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an
implementation of the SSH protocol suite, is prone to a signal handler
race condition. If a client does not authenticate within LoginGraceTime
seconds (120 by default), then sshd’s SIGALRM handler is called
asynchronously and calls various functions that are not
async-signal-safe. A remote unauthenticated attacker can take advantage
of this flaw to execute arbitrary code with root privileges. This flaw
affects sshd in its default configuration.

Details can be found in the Qualys advisory at
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://security-tracker.debian.org/tracker/DSA-5724-1

Read More

Brain Cipher Ransomware Attack

Read Time:51 Second

What is the attack?A significant ransomware attack has struck Pusat Data Nasional (PDN), one of Indonesia’s government-owned national data centers. This incident involved threat actors encrypting government data, which disrupted digital services for immigration, airport checks, and several public services. This ransomware attack represents a new variant of the LockBit 3.0 ransomware. In 2023, the LockBit hacker group also severely disrupted the Bank Syariah Indonesia (BSI) systems.What is the recommended Mitigation?Ensure that all systems are up to date with robust cybersecurity measures. Also, maintain general awareness and training about the risk of phishing and social engineering attacks in the organization. What FortiGuard Coverage is available?FortiGuard Labs has AV signatures to block all the known malware variants used by the Ransomware group.Behavior-based detection through FortiSandbox and FortiEDR detects new and unknown ransomware malware samples.All the known IoCs related to the campaign are blocked via Web filtering service. These IOCs are available for threat hunting through FortiAnalyzer, FortiSIEM, and FortiSOAR.

Read More

USN-6851-2: Netplan regression

Read Time:30 Second

USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of
a regression in netplan which caused systemctl enable to fail on systems where
systemd is not running. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Andreas Hasenack discovered that netplan incorrectly handled the permissions
for netdev files containing wireguard configuration. An attacker could use
this to obtain wireguard secret keys.

It was discovered that netplan configuration could be manipulated into injecting
arbitrary commands while setting up network interfaces. An attacker could
use this to execute arbitrary commands or escalate privileges.

Read More

USN-6844-2: CUPS regression

Read Time:27 Second

USN-6844-1 fixed vulnerabilities in the CUPS package. The update
lead to the discovery of a regression in CUPS with regards to
how the cupsd daemon handles Listen configuration directive.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.

Read More