DOCSLIB.ORG

IPS Signature Release Note V7.16.82

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
IPS Signature Release Note V7.16.82 SOPHOS IPS Signature Update Release Notes Version : 7.16.82 Release Date : 25th February 2020 IPS Signature Update Release Information Upgrade Applicable on IPS Signature Release Version 7.16.81 Sophos Appliance Models XG-550, XG-750, XG-650 Upgrade Information Upgrade type: Automatic Compatibility Annotations: None Introduction The Release Note document for IPS Signature Database Version 7.16.82 includes support for the new signatures. The following sections describe the release in detail. New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at [email protected], along with the application details. February 2020 Page 2 of 31 IPS Signature Update This IPS Release includes Two Hundred and Ninety One(291) signatures to address Two Hundred and Seventeen(217) vulnerabilities. New signatures are added for the following vulnerabilities: Name CVE–ID Category Severity BROWSER-CHROME Google Chrome V8 Browsers 2 engine memory corruption attempt BROWSER-CHROME V8 JavaScript engine Out- Browsers 2 of-Memory denial of service attempt BROWSER-FIREFOX Mozilla Firefox CVE-2005- JavaScript engine Browsers 3 2705 integer overflow attempt BROWSER-FIREFOX Mozilla Thunderbird CVE-2006- WYSIWIG Engine Browsers 2 0884 Filtering IFRAME JavaScript Execution BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine CVE-2006- Browsers 2 filtering IFRAME 0884 JavaScript execution attempt BROWSER-IE ActiveX drmstor.dll Microsoft CVE-2006- Windows DRM CVE- Browsers 1 5448 2006-5448 Code Execution February 2020 Page 3 of 31 IPS Signature Update BROWSER-IE Microsoft Edge Chakra JIT out of CVE-2018- Browsers 2 bounds information 8145 disclosure attempt BROWSER-IE Microsoft CVE-2017- Edge out of bounds Browsers 2 11861 write attempt BROWSER-IE Microsoft Internet Explorer CVE- CVE-2019- Browsers 1 2019-1429 Use-After- 1429 Free Vulnerability BROWSER-IE Microsoft Internet Explorer CVE-2019- Browsers 1 jscript.dll toJSON Use 1429 After Free BROWSER-IE Microsoft Internet Explorer Select CVE-2010- Browsers 1 Element Memory 3345 Corruption BROWSER-OTHER Cisco WebEx extension CVE-2017- Browsers 1 command execution 3823 attempt BROWSER-OTHER HP Application Buffer Overflow CVE- 1 and Software 2008-0437 BROWSER-OTHER mIRC CVE-2003- Browsers 1 Buffer overflow 1336 BROWSER-OTHER WECON LeviStudio Application ShortMessage Module 1 and Software SMtext Stack Buffer Overflow February 2020 Page 4 of 31 IPS Signature Update BROWSER-OTHER WECON LeviStudio Application ShortMessage Module 4 and Software SMtext Stack Buffer Overflow BROWSER-PLUGINS Hewlett Packard CVE- CVE-2007- 2007-2656 Browsers 2 2656 hpqvwocx.dll ActiveX Magview Overflow BROWSER-PLUGINS HP Instant Support Browsers 2 DataManager ActiveX function call access BROWSER-PLUGINS HP Operations Manager CVE-2010- Browsers 2 CVE-2010-1033 Buffer 1033 Overflow Vulnerability BROWSER-PLUGINS IBM CVE-2015- SPSS Statistics ActiveX Browsers 2 8530 clsid access attempt BROWSER-PLUGINS Microsoft Windows CVE-2010- Data Analyzer 3.5 Browsers 2 0252 ActiveX use-after-free attempt BROWSER-PLUGINS Novell CVE-2008-2908 CVE-2008- iPrint Client ActiveX Browsers 4 2908 Control Stack Buffer Overflow BROWSER-PLUGINS CVE-2008- Novell CVE-2008-2935 Browsers 2 iPrint Client ActiveX 2935 Control Stack Buffer February 2020 Page 5 of 31 IPS Signature Update Overflow BROWSER-PLUGINS Novell Groupwise Client CVE-2009- Browsers 2 CVE-2009-3863 ActiveX 3863 Denial Of Service BROWSER-PLUGINS Novell GroupWise CVE-2012- Client for Windows Browsers 1 0439 ActiveX Code Execution (Published Exploit) BROWSER-PLUGINS Novell iPrint ActiveX Browsers 1 function call access BROWSER-PLUGINS Novell iPrint Client CVE- CVE-2009- Browsers 2 2009-1568 Buffer 1568 Overflow BROWSER-PLUGINS Novell iPrint Client ExecuteRequest debug Browsers 1 Parameter Buffer Overflow BROWSER-PLUGINS Novell iPrint Client Browsers 1 GetDriverSettings Stack Buffer Overflow BROWSER-PLUGINS Oracle EasyMail Objects CVE-2007- Browsers 1 ActiveX clsid access 4607 attempt BROWSER-PLUGINS Oracle EasyMail Objects CVE-2007- Browsers 4 ActiveX clsid access 4607 attempt February 2020 Page 6 of 31 IPS Signature Update BROWSER-WEBKIT Apple Safari WebKit CVE-2019- Browsers 2 cached page memory 8822 corruption attempt BROWSER-WEBKIT Apple Safari Webkit css CVE-2012- title CVE-2012-3684 Browsers 2 3684 Memory corruption attempt BROWSER-WEBKIT Apple Safari WebKit CVE-2018- Browsers 1 memory corruption 4368 attempt BROWSER-WEBKIT Apple Safari WebKit CVE-2019- Browsers 1 out-of-bounds read 8689 attempt BROWSER-WEBKIT Apple Safari Webkit CVE-2018- Browsers 2 WebCore memory 4200 corruption attempt BROWSER-WEBKIT Apple Webkit CVE-2018- updateMinimumColum Browsers 2 4323 nHeight use-after-free attempt FILE-IDENTIFY Microsoft Windows Graphics CVE-2008- Application Rendering Engine BMP 4 3015 and Software File Parsing Integer Overflow FILE-IMAGE Adobe CVE-2012- Photoshop Camera Raw Multimedia 2 plug-in TIFF image 5679 processing buffer February 2020 Page 7 of 31 IPS Signature Update underflow attempt FILE-IMAGE Mutiple products libpng extra CVE-2010- Multimedia 1 row heap overflow 1205 attempt FILE-MULTIMEDIA Microsoft Windows CVE-2008- Visual Basic 6.0 Multimedia 1 4255 malformed AVI buffer overflow attempt FILE-OFFICE Microsoft Office Excel CVE-2019- Office Tools 1 WorksheetOptions Use 1448 After Free FILE-OFFICE Microsoft Office Outlook CVE- CVE-2006- Office Tools 1 2006-1193 Web Access 1193 Script Injection Attempt FILE-OFFICE Microsoft Office Outlook Web CVE-2005- Office Tools 3 Access Cross-Site 0563 Scripting attempt FILE-OFFICE Microsoft Office Word Document CVE-2009- Office Tools 1 remote code execution 3135 attempt FILE-OFFICE Microsoft Office Word invalid CVE-2008- sprmTDefTable length Office Tools 1 4837 stack buffer overflow attempt FILE-OFFICE Microsoft CVE-2011- Office Tools 3 Windows Wordpad 0028 Converter sprmT record February 2020 Page 8 of 31 IPS Signature Update heap overflow attempt FILE-OTHER Adobe Acrobat DC invalid TIFF CVE-2016- Application 2 tagtype out of bounds 1080 and Software read attempt FILE-OTHER Adobe Acrobat JOBOPTIONS CVE-2019- Application 2 File Parsing Out of 7109 and Software Bounds Read FILE-OTHER Cisco CVE-2016- Application WebEx player remote 2 1464 and Software code execution attempt FILE-OTHER Cisco Webex Teams CVE- CVE-2019- Application 2 2019-1636 URI Handler 1636 and Software Remote Code Execution FILE-OTHER ClamAV CVE-2006- Application UPX FileHandling Heap 2 4018 and Software overflow attempt FILE-OTHER IBM Lotus CVE-2011- Application Notes LZH Attachment 1 1213 and Software Viewer buffer overflow FILE-OTHER IBM Lotus Application Notes MIF Attachment 3 and Software Viewer Buffer Overflow FILE-OTHER Norton Anti-Virus Application decompression bomb 1 and Software denial of service attempt FILE-PDF Adobe Acrobat CVE-2019- Application 2 JOBOPTIONS File 7110 and Software Parsing Out of Bounds February 2020 Page 9 of 31 IPS Signature Update Read FILE-PDF Adobe Acrobat CVE-2019- Application Pro DC AcroForm 1 8033 and Software setFocus Use After Free FILE-PDF Adobe Acrobat Reader (Unix) Shell CVE-2004- Application 1 Metacharacter Code 0630 and Software Execution FILE-PDF Adobe Reader and Acrobat CVE-2012- CVE-2012- Application 0774 TrueType Font 3 0774 and Software MINDEX Integer Overflow Operating NETBIOS Session Service CVE-2004- System and 2 NetDDE attack 0206 Services OS-OTHER VxWorks TCP Operating CVE-2019- URG Memory System and 1 12255 Corruption Attempt Services OS-WINDOWS Microsoft Color Operating CVE-2008- Management System System and 1 2245 Crafted Path Name Services Buffer Overflow OS-WINDOWS Microsoft Malware Operating CVE-2008- Protection Engine file System and 2 1437 processing denial of Services service attempt OS-WINDOWS Microsoft Malware Operating CVE-2008- Protection Engine File System and 2 1437 Processing Denial Of Services Service February 2020 Page 10 of 31 IPS Signature Update OS-WINDOWS Operating Microsoft Win32k CVE-2020- System and 2 SendMinRectMessages 0726 Services use after free attempt OS-WINDOWS Microsoft Windows CryptoAPI TLS server Operating CVE-2020- certificate public key System and 3 0601 with explicitly-defined Services ECC curve parameters attempt OS-WINDOWS Microsoft Windows Operating CVE-2008- Graphics Rendering System and 2 3015 Engine BMP File Parsing Services Integer Overflow OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 1 Imaging API use after 1311 Services free attempt OS-WINDOWS Operating Microsoft Windows Jet CVE-2019- System and 1 Database CVE-2019- 1406 Services 1406 Off By One OS-WINDOWS Microsoft Windows Operating CVE-2019- MF3216 Component System and 1 1439 Heap-based Buffer Services Overflow OS-WINDOWS Microsoft Windows Operating CVE-2019- MF3216 Component System and 4 1439 Heap-based Buffer Services Overflow OS-WINDOWS CVE-2011- Operating 1 February 2020 Page 11 of 31 IPS Signature Update Microsoft Windows 0096 System and MHTML XSS attempt Services OS-WINDOWS Operating Microsoft Windows CVE-2019- System and 1 NtGdiPlgBlt out-of- 1438 Services bounds write attempt OS-WINDOWS Operating Microsoft Windows OLE CVE-2017- System and 2 CVE-2017-8487 Global 8487 Services Buffer Overflow II OS-WINDOWS Microsoft Windows Operating Remote Desktop CVE-2019- System and 1 Services license 1453 Services negotiation denial of service attempt OS-WINDOWS Microsoft Windows
Load more

Recommended publications
  • Thanos Tsouanas --- C.V
    Curriculum Vitæ Thanos Tsouanas 02/05/2017 I Personal details hello photo full name: Athanasios (Thanos) Tsouanas date of birth: 22/02/1983 place of birth: Athens, Greece nationality: Hellenic office address: IMD, Universidade Federal do Rio Grande do Norte Av. Cap. Mor Gouveia, S/N CEP: 59063-400, Natal{RN, Brasil phone number: (+55) (84) 9 8106-9789 (mobile, Telegram, WhatsApp) email address: [email protected] personal website: http://www.tsouanas.org/ GitHub: http://github.com/tsouanas Spoken languages Greek (native); English (proficient); Brazilian Portuguese (fluent). I Studies & academic positions 2016 { Associate professor (permanent position) in Instituto Metr´opole Digital of Universidade Federal do Rio Grande do Norte (UFRN), Brazil. 2015 Postdoctoral researcher in the Mathematics Department of Universidade Federal do Rio Grande do Norte (UFRN), Brazil. 2014 PhD from Ecole´ Normale Superieure´ de Lyon, under the supervision of Olivier Laurent, in the field of theoretical computer science. I was employed by CNRS under the Marie Curie fellowship \MALOA", and had a 1-month secondment split between the University of Oxford (in the team of Luke Ong) and Ecole´ Polytechnique (in the team of Dale Miller). Thesis title: On the Semantics of Disjunctive Logic Programs1 2010 Master of Science degree from MPLA (graduate program in Logic, Algorithms and Computation of the University of Athens and of the Technical University of Athens),2 mathematical logic specialty, grade 8.23/10. 2007 Bachelor's degree from the Department of Mathematics of the University of Athens, specialty of pure mathematics, grade \excellent" (8.51/10). Seminars and schools • Logoi school on Linear Logic and Geometry of Interaction.
    [Show full text]
  • Opensmtpd: Current State of Affairs
    From: "Gilles Chehade" <[email protected]> To: "Ah, Jacques Cousteau" <[email protected]> Date: Sun, 24 Sep 2017 CET Subject: OpenSMTPD, current state of affairs The plan - Made tons of slides, I'll just skip over some if needed... - Sick AF, may need to run out during the talk… - Should this happen, stay calm and don’t panic, I’ll be back :-) $ whoami - Gilles Chehade <[email protected]> - I'm also @poolpOrg on twitter and github - I live in the beautiful city of Nantes, France (west coast riprizent !) - OpenBSD user since 2.6 (1999), OpenBSD developer since 4.2 (2007) - Also used NetBSD and FreeBSD a lot in the past, I enjoyed all BSD systems - Started working on smtpd in 2007 as personal project for my own needs - pyr@, reyk@ and henning@ tricked me into turning it into OpenSMTPD - "It will be fun", they said with a grin. $ whoami - Currently a Lead-Developer for the Vente-Privée Group - Platinum Sponsor of EuroBSDCon 2017 btw, woohoo ! - We are hiring. We are hiring. We are hiring. We are hiring. Mail me ;-) - I no longer do R&D work in the mail industry - Still do mail experiments in private though ;-) - My daily job has NOTHING to do with mails whatsoever, no conflicts of interest - Vente-Privée has a few OpenSMTPD instances as main MTA - I wasn't sure, I had to ask Miky Mike, the guy who knows this stuff - We also have a few OpenBSD installs, not sure I can say where and why, so… The OpenSMTPD crew - Eric Faurot <[email protected]> aka "The Doctor" - Sunil Nimmagadda <[email protected]> - Jung Joerg <[email protected]> - We tend to cc: our diffs to Todd Miller <[email protected]> - We receive a few contributions from the community - Mostly Linux people, just saying..
    [Show full text]
  • Opensmtpd: We Deliver
    OpenSMTPD: we deliver Giovanni Bechis <[email protected]> LinuxCon Europe 2015 About Me I sys admin and developer @SNB I OpenBSD developer I Open Source developer in several other projects OpenSMTPD story I first import in late 2008 I default smtp server in OpenBSD since March 2014 I current version is 5.7.3 released October 5, 2015 I portable version is available for *BSD, Linux and MacOSX why OpenSMTPD ? I in OpenBSD we needed a new smtp server to replace sendmail(8) I Postfix has not a "good" licence (from an OpenBSD pov) I OpenSMTPD is designed with security in mind I pf.conf(5) like configuration file OpenSMTPD: security in mind I multiple processes I privilege revocation I chroot I strlcpy(3), reallocarray(3), arc4random(3), imsg, ... I no auth on unsecure connections I crypt(3) as password hashing function OpenSMTPD: features I smtp protocol as defined in RFC 5321 I backup mx support I mbox and maildir support I authentication inbound and outbound with multiple backends I masquerade support I mailwrapper(8) for sendmail(8) I filters I compressed or crypted mail queue OpenSMTPD: extras I in base src code lives the main smtp server implementation I in extra src code lives all extra features: I table(5) support for different databases I different queue backends I different schedulers I filters OpenSMTPD: basic configuration listen on lo0 table aliases db:/etc/mail/aliases.db # accept from any for domain "example.org" alias <aliases> deliver to mbox accept for local alias <aliases> deliver to mbox accept from local for any relay OpenSMTPD:
    [Show full text]
  • Opensmtpd : We Deliver!
    OpenSMTPD : We deliver! Eric´ Faurot [email protected] February 8, 2013 Abstract In this paper we present the OpenSMTPD daemon: a simple, modern and portable mail server implemented using privilege-separation and messaging passing. Among different fea- tures, it comes with a notably simple configuration file format, and it offers very powerful deployment options. We describe the internal organisation of the daemon in different processes with very specific roles. We examine the workflows for the main server tasks: enqueueing mails from external sources, delivering to the local users, relaying to external host and generating bounces. Finally, we discuss the server modularity, especially the table and backend APIs. 1 Introduction Although several mail server implementations exist, they are not always satisfying for various reasons: complexity of the configuration, aging design which make it difficult to add support for new features, or inappropriate licensing terms. The aim of the OpenSMTPD project is to provide a simple, robust and flexible implementa- tion of the SMTP protocol, as defined in by RFC 5321[2] and other related RFCs. It is available under the liberal ISC license. It is being developed as part of the OpenBSD project. The de- velopment has started a few years ago, and has been very active in the last months. This paper presents an overview of the OpenSMTPD daemon design. The first section will describe the configuration principles. In the next section we present the internal design of the daemon, based on privileged-separation and message-passing. The follow- ing section illustrates the workflow for the five main tasks : enqueueing, scheduling, delivering, relaying and bouncing.
    [Show full text]
  • John D. Duncan, III
    John D. Duncan, III 13109 Brushwood Way [email protected] Potomac, MD 20854 (240) 688-7187 https://github.com/JohnDDuncanIII http://cs.gettysburg.edu/~duncjo01 Work Experience Massachusetts Institute of Technology: Lincoln Laboratory Summer 2016 Research Intern (Secret Clearance) • Worked with the Humanitarian Assistance and Disaster Relief Systems (Division 4 Group 44) on the Local Evacuation Alert Verification (LEAV) program for HURREVAC-eXtended (HVX). Wrote an Android application for end users (LEAV) and a javascript module for the Emergency Manager front-end (HVX). Presented my work to the 50+ team group at the end of the summer. The FEMA/DHS sponsor for the project was pleased with the outcome. Agile development cycle. Participated in DHS/FEMA defense workshop. Slides and further details below. Gettysburg College Computer Science Department Summer 2015 Intern • Worked with Professor Chuck Kann developing a Gettysburg Monuments mobile app and website. Lakewood Country Club Summer 2014 Outdoor Services • Maintained driving range, ensured operation of cards, and cleaned member clubs & bags. SysArc Summer 2012 Intern/Maintenance Technician • Helped troubleshooot technology issues with client user accounts & maintained servers. Domino's Pizza 2009-2013 Insider (Part-Time) • Worked part-time while in High School training new hires, preparing orders, taking phone orders, and operating cash register. Team Member of the Period PD13 12 Education B.S. in Computer Science Honors (3.60) and Philosophy Honors (3.73) May 2017 Gettysburg College, Gettysburg, PA Dean's Honors List Fall 2015/2016, Spring 2017 Dean's Commendation List Fall 2013 Computer Science Outstanding Computer Science Student Class of 2017 Capstone Adviser: Dr.
    [Show full text]
  • Dodging Raindrops: Escaping the Public Cloud a User Story of De-Google-Ication Using Freebsd and Other Open Source Software
    Dodging Raindrops: Escaping the Public Cloud A User Story of De-Google-ication Using FreeBSD and Other Open Source Software Michael "Ike" Eichorn BSDCan 2016 Table of Contents Who is the Guy? And Why Should I Listen? What Does He Have Against Google and the Cloud? Three Domains Served From Home Email with a Residential ISP File Sharing - Many Solutions My To Do List What is Missing? (Or at least hard to find) What was Painful? Table of Contents Who is the Guy? And Why Should I Listen? What Does He Have Against Google and the Cloud? Three Domains Served From Home Email with a Residential ISP File Sharing - Many Solutions My To Do List What is Missing? (Or at least hard to find) What was Painful? From Windows Fanboy to BSD User I Windows Vista and my college laptop the Thinkpad X61t I Windows 7 not enough configuration options I Ubuntu was my gateway, but upgrades were terrible I Mangling .deb and .rpm distros I Archlinux gateway to the terminal I The crash that brought me to BSD I FreeBSD to OpenBSD to PCBSD to FreeBSD The Day Job I Mechanical Test Engineer I 'Data Engineer' I And by Mechanical I mean Aerospace I Not Admin, Not Programmer, but an 'Operator' I FORTRAN 77 with bad comments I 'Like we did it last time' I (And by 'last time' they mean 10-15 years ago) I A member of the TEX faction I Hater of Excel Yea, but Why Should I Listen to You I I am in front of you I I have the podium I I like to hear myself talk I IANALawyer I IANADev I IANASysAdmin I IANANetAdmin I I am a User Table of Contents Who is the Guy? And Why Should I Listen?
    [Show full text]
  • A Systematic Evaluation of Openbsd's Mitigations 36C3 — Stein Agenda
    A systematic evaluation of OpenBSD's mitigations 36c3 — stein Agenda ● Why ● Mitigations ○ Attack surface reduction ○ Hardware vulnerabilities ○ Memory corruption ○ Misc ○ Missing ones ● Conclusion 2 Earlier this year, on an irc channel… ze > whenever I read ROP-chain I'm reminded why I run OpenBSD :D stein > why? ze > because OpenBSD is taking security seriously … a couple of weeks later ts > You should do a talk at the CCC about this 3 OpenBSD? Fork of NetBSD in October 1995 by Theo de Raadt Goals: Pay attention to security problems and fix them before anyone else does. (Try to be the #1 most secure operating system.) […] Be as politics-free as possible; solutions should be decided on the basis of technical merit. Source: https://www.openbsd.org/goals.html 4 Heated responses to this talk ● Just look at https://www.openbsd.org/innovations.html ● Just look at https://www.openbsd.org/events.html ● “There are almost no exploits for OpenBSD” ● “OpenSSH and opensmtpd are the best!” ● “All the mitigations are complementary” ● “Just read undeadly.org” ● “the talk title sure is clickbait...” Sources: ● bsd.network/@yuki_is_bored ● https://www.reddit.com/r/openbsd/comments/dy7b3v/openbsd_markets_itself_as_a_secure_operating/ 5 How do we measure exploit mitigations anyway? MitiGator. The well-intentioned, but short-sighted and not terribly effective alligator, always working to make exploitation harder. — Halvar Flake Source: https://twitter.com/halvarflake/status/836492121339211776 6 How do we measure exploit mitigations anyway? In the words of Ryan Mallon: Threat modelling rule of thumb: if you don’t explain exactly what you are securing against and how you secure against it, the answers can be assumed to be: “bears” and “not very well”.
    [Show full text]
  • Opensmtpd for the Real World Bsdcan – Mail Server Tutorial
    OpenSMTPD for the Real World BSDCan – Mail Server Tutorial Aaron Poffenberger 2017-06-07 Wed Aaron Poffenberger OpenSMTPD for the Real World 2017-06-07 Wed 1 / 46 Outline 1 Introduction 2 Tutorial Goals and Prerequisites 3 OpenSMTPD 4 PF 5 SPF_Fetch 6 BGP-Spamd 7 Amavisd Overview 8 ClamAV 9 DKIMProxy 10 Dovecot 11 SpamAssassin 12 Conclusion 13 Resources Aaron Poffenberger OpenSMTPD for the Real World 2017-06-07 Wed 2 / 46 Introduction – Background Software developer Software Development 30+ years Experience 19+ years professionally ExxonMobil Security software developer BRS Labs/Giant Gray Design and implement TheAnimeNetwork.com secure APIs NetIQ Consulting PentaSafe Technologies IT Background InfoSec Boeing Software vulnerability ISP (dial-up land) assessment Consulting Auditing DevOps CISSP 2005+ US Army Aaron Poffenberger OpenSMTPD for the Real World 2017-06-07 Wed 3 / 46 Introduction – Other OpenBSD user Amateur radio enthusiast Electronics hobbyist Aaron Poffenberger OpenSMTPD for the Real World 2017-06-07 Wed 4 / 46 Introduction – You Enough about me, let’s talk about you. Who runs: OpenBSD FreeBSD NetBSD DragonFly BSD HardenedBSD MidnightBSD Anyone want to admit to: Debian GNU/kFreeBSD UbuntuBSD Windows with Bash shell Aaron Poffenberger OpenSMTPD for the Real World 2017-06-07 Wed 5 / 46 Tutorial Goals Configure smtpd as a Mail Transfer Agent (MTA) for single and multi-domain use Install a certificate and configure smtpd to provide or require TLS Accept or reject mail based on criteria like recipient, source, sender and domain Tag mail
    [Show full text]
  • Comparison of Operating System Complexity
    Comparison of Operating System Complexity Dan•Simon Myrland [email protected] ABSTRACT It is plainly obvious that computer operating systems are growing increasingly complex every year, and have been for some time now. In the early days of UNIX a PDP11 with ¼ Mb of ram and 30 Mb of diskspace served its 100 users well, whereas today a computer with 10,000 times more resources is not even adequate for a single user. The increased complexity does not only tax our hardware but also our minds. Whereas Dennis Ritchie and Ken Thompson at Bell•Labs wrote the entire UNIX operating system and userland in a matter of weeks in the late 60’s, you would be hard pressed to find a developer today that can finish a company webpage within a year. Naturally you can do a lot more with a computer today then you could in the 70’s, but at what cost? This article does not give a definitive answer to the correct balance between providing the necessary features and keeping things simple, instead it simply analyses the complexity of operating systems, and their various components. Such analysis is illuminating in itself and can provide hints to the above question. Although commented, proprietary systems are not studied in detail here since it would be illegal to do so. Finally, only UNIX•like operating systems are analyzed. In practice very few viable non•UNIX exist, and comparing the handful that do with UNIX•like systems, would be comparing apples and oranges. Table of Contents CHAPTERS 1. Preliminary information 1 2.
    [Show full text]
  • Black Opensmtpd Over the Clouds
    OpenSMTPD over the clouds the story of an HA setup Giovanni Bechis <[email protected]> Fosdem 2020, Brussels Historical setup I some OpenBSD mail servers I Postfix + Apache SpamAssassin + Amavisd-new + Courier Imap I no shared storage I no load balancer fixed pieces of the puzzle I OpenBSD I Apache SpamAssassin first steps towards smtpd(8) I customers started sending marketing newsletters via the primary mail server I some dedicated smtpd(8) mail servers to send out newsletters [smtpd(8)] web gui HA mail server setup I pf(4) and relayd(8) I shared nfs storage I MySQL master-master replica to share databases (users, addressbooks, calendars, ...) [relayd(8)] HA mail server setup mx0_pub="1.2.3.4" mx0_priv="10.0.0.4" mx1_priv="10.0.0.5" table <mx0> { $mx0_priv } table <fallback-mx0> { $mx1_priv } redirect mx0-smtp { listen on $mx0_pub port smtp \ interface $if_pub sticky-address pftag RELAYD forward to <mx0> check tcp forward to <fallback-mx0> check tcp } [mysqld(8)] HA mail server setup [mysqld] server-id = 1 binlog-do-db = dbispconfig binlog-do-db = sogo replicate-do-db = dbispconfig replicate-do-db = sogo auto_increment_increment= 2 auto_increment_offset = 1 [mysqld(8)] HA mail server setup mysql> CHANGE MASTER TO MASTER_HOST='10.0.0.5', \ MASTER_PORT=3306, MASTER_USER='replica', \ MASTER_PASSWORD='changeme', \ MASTER_LOG_FILE='slave-bin.000831', \ MASTER_LOG_POS=341, MASTER_CONNECT_RETRY=10; mysql> CHANGE MASTER TO master_use_gtid=slave_pos; [smtpd(8)] mail server setup pki mx.domain.tld cert "/etc/.../fullchain.pem" pki mx.domain.tld
    [Show full text]
  • Threat Intelligence Bulletin
    February 24 – March 1, 2020 YOUR CHECK POINT THREAT INTELLIGENCE REPORT TOP ATTACKS AND BREACHES An unprotected ElasticSearch database belonging to the sport retailer Decathlon in Spain has been discovered, exposing over 123 million records of employee and customer data. The archive, over 9GB in size, contains unencrypted employee and admin passwords, customer emails and more. The operators behind Sodinokibi ransomware claim that they have in possession 70,000 financial and work documents as well as 60,000 customer data records belonging to the US fashion house Kenneth Cole. The operators published a part of the data, threatening to release all of it if the fashion house refuses to pay ransom. Check Point SandBlast and Anti-Bot blades provide protection against this threat (Ransomware.Win32.Sodinokibi) A misconfigured web server belonging to the marketing company Straffic has been found, exposing 49 million email addresses, phone numbers and postal addresses of their users. Bretagne Télécom, a French cloud services company, has been hit by a DoppelPaymer ransomware attack during January 2020. The attackers successfully exploited the then-unpatched vulnerability in Citrix (CVE-2019-19781), and managed to encrypt 148 machines. The attackers stole some data during the attack, and published samples of it in DopplePaymer’s recently-launched data leak website. Check Point SandBlast and Anti-Bot blades provide protection against this threat (Ransomware.Win32.Doppelpaymer) Hackers are sharing SQL databases from unsecured Amazon S3 buckets. The shared information from the SQL dumps contains at least 36,000 emails and logins from the affected websites. An electric utility department in Massachusetts has been hit by a ransomware attack, which took down some of its online resources.
    [Show full text]
  • Kcgi: Securing CGI Web Applications 1 Introduction
    kcgi: securing CGI web applications Kristaps Dzonsons BSD.lv Project Abstract With privilege separation, sandboxes, capabilities, and jails, the BSD systems have gained increasingly sophisticated tools to protect developers from themselves. These tools constrain the resources available to pro- cesses whether operating normally or exploited by an adversary. In this paper, I'll introduce a library, kcgi, that brings these constraints to bear on a special class of applications: web applications. Web applications (\CGI scripts") are broad enough to have only one common characteris- tic: a complex, non-interactive input channel. Connected either directly to the Internet or proxied through a web server, they often expose precious resources in response to their input. kcgi helps by parsing and proxying input to calling applications in a sandboxed child. 1 Introduction There are few computing environments more hostile than those of web ap- plications. Graphical utilities, for example, require a button-pushing opera- tor. Command-line utilities inherit login credentials. Web applications|like all network-facing applications|have no such protection: they must consider arbitrary input from arbitrary locations. The potential for damage is proportionate. While a compromised graphical or command-line system might allow a local adversary access to privileged system access, a compromised network application avails itself to the Internet. It's little wonder that network applications are subject to intense scrutiny, often taking advantage of the strongest in system protection. Processes often run as unprivileged users, \dropping" superuser credentials after startup, and run in a chroot, which limits file-system access to a sanitised root. This limits the scope of damage in the event of compromise.
    [Show full text]