研究调研 – 第 29 页 – 绿盟科技技术博客

OpenSSL Patches Introducing New Vulnerabilities Technical Analysis and Solution

2016-10-02绿盟科技1.CVE-2016-6309, 1.CVE-2016-7052, Affected Versions, EnglishVersion, NSFOCUS, OpenSSL Patches Introducing New Vulnerabilities

On September 22, 2016, OpenSSL released an update advisory for three branch products to fix multiple vulnerabilities. The versions after update are 1.1.0a, 1.0.2i, and 1.0.1u. However, the security update introduced new vulnerabilities: 1.1.0a introduced CVE-2016-6309, and 1.0.2i introduced CVE-2016-7052.

OpenSSL补丁引入新漏洞技术分析与防护方案

2016-09-28绿盟科技CVE-2016-6309, CVE-2016-7052, OpenSSL 漏洞威胁, Secure Sockets Layer, 绿盟科技, 绿盟科技威胁事件定级标准

近日，OpenSSL官方发布了版本更新，修复了多个OpenSSL漏洞，这次更新所修复的漏洞中，有两个危害等级较高的为CVE-2016-6304和CVE-2016-6305。目前绿盟已发布相关检测和防护方案。

OpenSSL多个漏洞技术分析与防护方案

2016-09-25苏少博CVE-2016-6304, CVE-2016-6305, OpenSSL 技术分析, openssl漏洞, Secure Sockets Layer, 绿盟科技, 绿盟科技威胁事件定级标准

2016年9月22日，OpenSSL官方发布了版本更新，修复了多个漏洞，这次更新所修复的漏洞中，有两个危害等级较高的为CVE-2016-6304和CVE-2016-6305。绿盟科技对此漏洞进行了技术分析并提出了防护方案。

PHP Local Heap Overflow Vulnerability Technical Analysis and Protection Solution

2016-09-24苏少博EnglishVersion, NSFOCUS, PHP Local Heap Overflow Vulnerability, Protection Solution, Technical Analysis and Protection Solution, Vulnerability Analysis

On April 24, 2016, Fernando from the NULL-LIFE team submits the local heap overflow vulnerability in bcmath.c to the PHP website. For details, visit the following link.

MySQL漏洞技术分析与防护方案

2016-09-13苏少博0Day漏洞, CVE-2016-6662, MySQL 漏洞, MySQL远程代码执行, MySQL配置文件, 权限提升漏洞威胁, 绿盟科技, 远程攻击

2016年9月12日，legalhackers.com网站发布了编号为CVE-2016-6662的0day漏洞公告。该漏洞可以允许攻击者远程向MySQL配置文件(my.cnf)注入恶意的环境配置，从而导致严重后果。该漏洞将影响以默认方式进行配置的所有版本的MySQL服务器，涵盖5.7、5.6和5.5，包括最新版本。此外，包括MariaDB和PerconaDB在内的MySQL分支也在影响范围内。

PHP本地堆溢出漏洞技术分析与防护方案

2016-09-12苏少博bcmath.c, PHP本地堆溢出漏洞威胁, PHP漏洞, 堆溢出漏洞, 溢出漏洞, 绿盟科技

绿盟科技安全团队发现www.securityfocus.com 网站对PHP“bcmath.c”多个本地堆溢出漏洞做了更新，其中涉及到的CVE编号分别为：CVE-2016-4537和CVE-2016-4538。

Operation Ghoul Attacks Technical Analysis and Solution

2016-09-07李东宏EnglishVersion, Executive Summary, Operation Ghoul Attacks Technical, Operation Ghoul Attacks Technical Analysis and Solution, Sample Analysis

On June 8 and June 27, 2016, Kaspersky Lab discovered a new wave of targeted attacks in multiple regions around the world. The attacker sent spear phishing emails to entice victims to execute malware in these emails for the purpose of obtaining key business data from the target network.

泰GSB银行ATM劫案样本分析报告

2016-09-01李东宏ATM恶意样本, 泰GSB银行, 泰GSB银行ATM劫案, 泰GSB银行ATM劫案样本分析报告, 绿盟科技, 银行劫案, 银行ATM劫案, 银行劫案

8月23日出现一个疑似是新出现的ATM恶意软件样本，使用了一些与通常样本不同的技术。巧合的是此样本在曼谷邮报新闻《泰国银行ATM机被攻击，一千两百万泰铢被盗》发布出来前的几分钟，被来自于泰国的IP上传到VirusTotal（一个提供免费的可疑文件分析服务的网站）。绿盟科技安全专家团队对此恶意软件样本进行了分析，发现此样本针对ATM发起攻击，并利用了很多罕见的技术来获取目标ATM设备的物理访问权，进一步协助攻击者提取ATM中的现金。

Zabbix SQL Injection Vulnerability Technical Analysis and Solution

2016-08-31李东宏EnglishVersion, NSFOCUS, Zabbix, Zabbix SQL, Zabbix SQL Injection Vulnerability

On August 12, 2016, 1n3 disclosed by email an SQL injection vulnerability in jsrpc.php in Zabbix, which can be exploited via the “insert” statement while jsrpc.php is processing the profileIdx2 parameter. This vulnerability is of the same type as the officially announced vulnerability, which is caused by latest.php processing the toggle_ids parameter. The only difference between the two is the location.

Category Archives: 研究调研