綠盟科技釋出了本周安全通告,周報編号nsfocus-17-12,綠盟科技漏洞庫本周新增44條,其中高危12條。本次周報建議大家關注 fastjson遠端代碼執行 。目前漏洞細節已經披露,可導緻大規模對此漏洞的利用。強烈建議使用者檢查自己使用的fastjson是否為受影響的版本,如果是,請盡快更新。
<a href="http://toutiao.secjia.com/fastjson-remote-code-execution-vulnerability" target="_blank">fastjson遠端代碼執行</a>
nsfocus id 無
cve id 無
受影響版本
1.2.24及之前版本
漏洞點評
fastjson在反序列化時存在安全漏洞,攻擊者可以通過送出一個精心構造的序列化資料到伺服器端以達到遠端代碼執行的目的。目前漏洞細節已經披露,可導緻大規模對此漏洞的利用。強烈建議使用者檢查自己使用的fastjson是否為受影響的版本,如果是,請盡快更新。
(資料來源:綠盟科技安全研究部&産品規則組)
最近一周cve公告總數與前期相比有所下降。值得關注的高危漏洞如下:
<a href="http://toutiao.secjia.com/627-million-apple-users-login-credentials" target="_blank">維基解密稱cia 10年來在出廠iphone預裝監視工具|黑客掌握6.27億個使用者登入憑證</a>
http://toutiao.secjia.com/627-million-apple-users-login-credentials
half of android devices unpatched last year
google said more than half of android devices haven’t received a security update in the past year, and the percentage of potentially harmful apps running on devices installed from all sources rose in 2016.
https://threatpost.com/half-of-android-devices-unpatched-last-year/124511/
<a href="http://toutiao.secjia.com/cisco-tryto-fix-cluster-management-protocol-vulnerability" target="_blank">思科針對某個影響到300款交換機的漏洞發出預警</a>
cia vault 7洩露事件餘溫未過,思科專家就發現其ios與ios xe軟體叢集管理協定存在遠端代碼執行漏洞。
http://www.freebuf.com/news/129920.html’
unpatchable ‘doubleagent’ attack can hijack all windows versions — even your antivirus!
a team of security researchers from cybellum, an israeli zero-day prevention firm, has discovered a new windows vulnerability that could allow hackers to take full control of your computer.
http://thehackernews.com/2017/03/hacking-windows-dll-injection.html
hacker reveals easiest way to hijack privileged windows user session without password
you may be aware of the fact that a local windows user with system rights and permissions can reset the password for other users, but did you know that a local user can also hijack other users’ session, including domain admin/system user, without knowing their passwords?
http://thehackernews.com/2017/03/hack-windows-user-account.html?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+thehackersnews+%28the+hackers+news+-+security+blog%29
vm escape earns hackers $105k at pwn2own
hackers managed to take down microsoft edge and escape a virtual machine to boot on the third day of pwn2own early friday. members from qihoo’s 360 security team carried out the vm exploit, earning the group $105,000, by far the highest amount awarded to a group at the hacking challenge this week.
https://threatpost.com/vm-escape-earns-hackers-105k-at-pwn2own/124397/
(資料來源:綠盟科技 威脅情報與網絡安全實驗室 收集整理)
截止到2017年3月24日,綠盟科技漏洞庫已收錄總條目達到36227條。本周新增漏洞記錄44條,其中高危漏洞數量12條,中危漏洞數量21條,低危漏洞數量11條。
linux kernel 本地拒絕服務漏洞(cve-2017-6951)
危險等級:中
bid:96943
cve編号:cve-2017-6951
qemu ‘virtio-gpu-3d.c’本地拒絕服務漏洞(cve-2017-5857)
bid:95993
cve編号:cve-2017-5857
google android audioserver多個權限提升漏洞
bid:96958
cve編号:cve-2017-0479,cve-2017-0480
google android kernel ion subsystem多個權限提升漏洞
bid:96952
cve編号:cve-2017-0507,cve-2017-0508
google android qualcomm ipa driver多個權限提升漏洞
bid:96947
cve編号:cve-2017-0456,cve-2017-0525
google android networking driver多個權限提升漏洞
bid:96948
cve編号:cve-2017-0463,cve-2017-0460
google android htc sensor hub driver多個權限提升漏洞
bid:96949
cve編号:cve-2017-0526,cve-2017-0527
google android qualcomm camera driver多個權限提升漏洞
bid:96951
cve編号:cve-2017-0458,cve-2017-0521
skype dll加載本地代碼執行漏洞(cve-2017-6517)
bid:96969
cve編号:cve-2017-6517
cisco ios/ios xe software拒絕服務漏洞(cve-2017-3849)
bid:96972
cve編号:cve-2017-3849
cisco ios/ios xe software遠端代碼執行漏洞(cve-2017-3881)
危險等級:高
bid:96960
cve編号:cve-2017-3881
cisco ios/ios xe software拒絕服務漏洞(cve-2017-3850)
bid:96971
cve編号:cve-2017-3850
red hat jboss bpms跨站腳本漏洞(cve-2016-6343)
bid:96987
cve編号:cve-2016-6343
openstack glance安全限制繞過漏洞(cve-2017-7200)
危險等級:低
bid:96988
cve編号:cve-2017-7200
linux kernel本地拒絕服務漏洞(cve-2017-7187)
bid:96989
cve編号:cve-2017-7187
quagga 棧緩沖區溢出漏洞(cve-2013-2236)
bid:60955
cve編号:cve-2013-2236
quagga 棧緩沖區溢出漏洞(cve-2016-2342)
bid:84318
cve編号:cve-2016-2342
quagga 拒絕服務漏洞(cve-2017-5495)
bid:95745
cve編号:cve-2017-5495
quagga 緩沖區溢出漏洞(cve-2016-1245)
bid:93775
cve編号:cve-2016-1245
ibm powerkvm 本地指令執行漏洞(cve-2016-7032)
bid:95776
cve編号:cve-2016-7032
ibm powerkvm 本地指令執行漏洞(cve-2016-7076)
bid:95778
cve編号:cve-2016-7076
mozilla firefox 整數溢出漏洞(cve-2017-5428)
bid:96959
cve編号:cve-2017-5428
gnu binutils pe_ilf_object_p函數堆緩沖區溢出漏洞(cve-2017-7226)
cve編号:cve-2017-7226
gnu binutils堆緩沖區溢出漏洞(cve-2017-7227)
cve編号:cve-2017-7227
imagemagick 拒絕服務漏洞(cve-2014-9840)
cve編号:cve-2014-9840
gnu binutils find_nearest_line函數拒絕服務漏洞(cve-2017-7225)
cve編号:cve-2017-7225
gnu binutils objdump拒絕服務漏洞(cve-2017-7224)
cve編号:cve-2017-7224
gnu binutils 緩沖區溢出漏洞(cve-2017-7223)
cve編号:cve-2017-7223
microsoft application verifier doubleagent防毒軟體劫持漏洞
cve編号:
wordpress nextgen gallery sql注入漏洞
avast多個産品代碼注入漏洞(cve-2017-5567)
cve編号:cve-2017-5567
avira 多個産品代碼注入漏洞(cve-2017-6417)
cve編号:cve-2017-6417
avg 多個産品代碼注入漏洞(cve-2017-5566)
cve編号:cve-2017-5566
bitdefender 多個産品代碼注入漏洞(cve-2017-6186)
cve編号:cve-2017-6186
trend micro 多個産品代碼注入漏洞(cve-2017-5565)
cve編号:cve-2017-5565
ntp棧緩沖區溢出漏洞(cve-2017-6460)
bid:97052
cve編号:cve-2017-6460
ntp 緩沖區溢出漏洞(cve-2017-6458)
bid:97051
cve編号:cve-2017-6458
ntp本地緩沖區溢出漏洞(cve-2017-6462)
bid:97045
cve編号:cve-2017-6462
internet explorer拒絕服務漏洞(cve-2009-3270)
bid:79354
cve編号:cve-2009-3270
ntp拒絕服務漏洞(cve-2017-6464)
bid:97050
cve編号:cve-2017-6464
ntp拒絕服務漏洞(cve-2016-9042)
bid:97046
cve編号:cve-2016-9042
ntp拒絕服務漏洞(cve-2017-6463)
bid:97049
cve編号:cve-2017-6463
gnu glibc 拒絕服務漏洞(cve-2016-6323)
bid:92532
cve編号:cve-2016-6323
gnu glibc ‘__res_vinit()’函數資訊洩露漏洞(cve-2016-5417)
bid:92257
cve編号:cve-2016-5417
原文釋出時間:2017年3月27日
本文由:綠盟科技釋出,版權歸屬于原作者
原文連結:http://toutiao.secjia.com/nsfocus-internet-security-threats-weekly-201712
本文來自雲栖社群合作夥伴安全加,了解相關資訊可以關注安全加網站