【安全报告】绿盟科技互联网安全威胁周报 ——第201747周

绿盟科技网络安全威胁周报及月报系列,旨在简单而快速有效的传递安全威胁态势,呈现重点安全漏洞、安全事件、安全技术。

一. 互联网安全威胁态势

1.1 CVE统计

cve-201746

最近一周CVE公告总数与前期相比基本持平。

1.2 威胁信息回顾

  • 标题:apple Releases Security Update for macOS High Sierra
    • 时间:2017-11-29
    • 摘要:Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13. An attacker could exploit this vulnerability to take control of an affected system.
    • 链接:https://www.us-cert.gov/ncas/current-activity/2017/11/29/Apple-Releases-Security-Update-macOS-High-Sierra
  • 标题:Imgur—Popular Image Sharing Site Was Hacked In 2014; Passwords Compromised
    • 时间:2017-11-27
    • 摘要:Only after a few days of Uber admitting last year’s data breach of 57 million customers, the popular image sharing site disclosed that it had suffered a major data breach in 2014 that compromised email addresses and passwords of 1.7 million user accounts.
    • 链接:https://thehackernews.com/2017/11/imgur-data-breach.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29
  • 标题:Google Detects Android Spyware That Spies On WhatsApp, Skype Calls
    • 时间:2017-11-27
    • 摘要:In an attempt to protect Android users from malware and shady apps, Google has been continuously working to detect and remove malicious apps from your devices using its newly launched Google Play Protect service.
    • 链接:https://thehackernews.com/2017/11/android-spying-app.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29
  • 标题:Linux Dirty COW脏牛补丁再出大脏牛漏洞CVE-2017-1000405 已有PoC
    • 时间:2017-12-02
    • 摘要:2016年10月出现的 脏牛漏洞 Dirty COW ( CVE-2016-5195 )的原始修补程序,近日被发现又出现漏洞。因此次漏洞导致,可以在只读大页内存中写入数据,有人将其称为 大脏牛漏洞, CVEID CVE-2017-1000405 ,数百万台机器受影响,目前PoC已经公开。
    • 链接:http://toutiao.secjia.com/huge-dirty-cow-cve-2017-1000405
  • 标题:Unix mailer Exim is affected by RCE, DoS vulnerabilities. Apply the workaround asap
    • 时间:2017-11-27
    • 摘要:The Exim Internet mail message transfer agent warned of flaws through the public bug tracker, sys admins have to apply the workaround asap.
    • 链接:http://securityaffairs.co/wordpress/66043/hacking/exim-unix-mailer-flaws.html
  • 标题:Self-Replicating Malware exploits MS Office Built-In feature
    • 时间:2017-11-27
    • 摘要:An Italian researcher from the security firm InTheCyber devised an attack technique to create self-replicating malware hidden in MS Word documents.
    • 链接:http://securityaffairs.co/wordpress/65942/hacking/self-replicating-malware-flaw.html
  • 标题:Researcher found a vulnerability in Facebook polls that allowed removal of any photo
    • 时间:2017-11-27
    • 摘要:The Iran-based security researcher Pouya Darabi discovered a method to delete any photo from Facebook exploiting a flaw in the polling feature.
    • 链接:http://securityaffairs.co/wordpress/66065/hacking/facebook-polls-flaw.html
  • 标题:U.S. Charges Three Chinese Hackers for Hacking Siemens, Trimble & Moody
    • 时间:2017-11-27
    • 摘要:The United States Justice Department has charged three Chinese nationals for allegedly hacking Moody’s Analytics economist, German electronics manufacturer Siemens, and GPS maker Trimble, and stealing gigabytes of sensitive data and trade secrets.
    • 链接:https://thehackernews.com/2017/11/chinese-hackers-charged.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29
  • 标题:Bulletproof 360 website was hacked. Personal and financial data exposed
    • 时间:2017-11-28
    • 摘要:The website of the coffee vendor Bulletproof 360 was infected with a malware that stole customers’ financial and personal data.
    • 链接:http://securityaffairs.co/wordpress/66100/data-breach/bulletproof-360-hacked.html
  • 标题:22-Year-Old Hacker Pleads Guilty to 2014 Yahoo Hack, Admits Helping Russian Intelligence
    • 时间:2017-11-28
    • 摘要:Karim Baratov, a 22-year-old Kazakhstan-born Canadian citizen, has pleaded guilty to hacking charges over his involvement in massive 2014 Yahoo data breach that affected all three billion yahoo accounts.
    • 链接:https://thehackernews.com/2017/11/yahoo-email-hacker.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29
  • 标题:OWASP Top10 2017正式版解读
    • 时间:2017-11-30
    • 摘要:Top 10项目帮助企业组织找出所面临的最严重的风险,成为全球Web开发和运维人员的必读指南。
    • 链接:http://toutiao.secjia.com/owasp-top10-2017-learning
  • 标题:第四届世界互联网大会2017
    • 时间:2017-12-03
    • 摘要:第四届世界互联网大会于2017年12月3日上午,在浙江省乌镇开幕。国家主席习近平发来贺信,代表中国政府和中国人民,并以他个人的名义,向大会的召开致以热烈的祝贺。第四届世界互联网大会2017将在12月3日-5日举行,小编转发了习大大贺信内容,并帮大家找到了大会的议程及精彩看点。
    • 链接:http://toutiao.secjia.com/4rd-world-internet-conference

(数据来源:绿盟科技 威胁情报与网络安全实验室 收集整理)

二. 漏洞研究

2.1 漏洞库统计

截止到2017年12月1日,绿盟科技漏洞库已收录总条目达到38171条。本周新增漏洞记录83条,其中高危漏洞数量4条,中危漏洞数量52条,低危漏洞数量27条。

  • HP Matrix Operating Environment远程信息泄露漏洞
    • 危险等级:低
    • BID:101938
    • cve编号:CVE-2017-8970,CVE-2017-8971,CVE-2017-8972,CVE-2017-8973
  • Atlassian Hipchat for Mac远程代码执行漏洞(CVE-2017-14586)
    • 危险等级:低
    • BID:101947
    • cve编号:CVE-2017-14586
  • Atlassian Hipchat Server/Data Center远程代码执行漏洞(CVE-2017-14585)
    • 危险等级:低
    • BID:101945
    • cve编号:CVE-2017-14585
  • IBM OpenPages GRC Platform跨站请求伪造漏洞(CVE-2017-1300)
    • 危险等级:中
    • BID:101939
    • cve编号:CVE-2017-1300
  • GNU Binutils ‘readelf.c’堆缓冲区溢出漏洞(CVE-2017-16830)
    • 危险等级:中
    • BID:101941
    • cve编号:CVE-2017-16830
  • Joomla! ‘com_tag’ SQL注入漏洞(CVE-2017-15946)
    • 危险等级:中
    • BID:101942
    • cve编号:CVE-2017-15946
  • HP Integrated Lights-Out/Moonshot RCA信息泄露漏洞(CVE-2017-12543)
    • 危险等级:低
    • BID:101944
    • cve编号:CVE-2017-12543
  • 多个华为设备越界读拒绝服务漏洞(CVE-2017-8200)
    • 危险等级:中
    • BID:101948
    • cve编号:CVE-2017-8200
  • PostgreSQL远程权限提升漏洞(CVE-2017-12172)
    • 危险等级:高
    • BID:101949
    • cve编号:CVE-2017-12172
  • OpenStack Nova安全功能绕过漏洞(CVE-2017-16239)
    • 危险等级:低
    • BID:101950
    • cve编号:CVE-2017-16239
  • 多个华为设备越界读拒绝服务漏洞(CVE-2017-8199)
    • 危险等级:中
    • BID:101951
    • cve编号:CVE-2017-8199
  • 多个华为设备内存泄露漏洞(CVE-2017-8201)
    • 危险等级:中
    • BID:101952
    • cve编号:CVE-2017-8201
  • Fortinet FortiWebManager安全功能绕过漏洞(CVE-2017-14189)
    • 危险等级:中
    • BID:101953
    • cve编号:CVE-2017-14189
  • Fortinet FortiOS URI重定向及跨站脚本漏洞(CVE-2017-14186)
    • 危险等级:中
    • BID:101955
    • cve编号:CVE-2017-14186
  • Linux Kernel本地权限提升漏洞(CVE-2017-16939)
    • 危险等级:中
    • BID:101954
    • cve编号:CVE-2017-16939
  • 华为智能手机本地权限提升漏洞(CVE-2017-8179)
    • 危险等级:中
    • BID:101956
    • cve编号:CVE-2017-8179
  • 华为智能手机产品缓冲区溢出漏洞(CVE-2017-8202)
    • 危险等级:中
    • BID:101959
    • cve编号:CVE-2017-8202
  • 华为智能手机产品任意代码执行漏洞(CVE-2017-8203)
    • 危险等级:中
    • BID:101960
    • cve编号:CVE-2017-8203
  • Exim receive_msg函数拒绝服务漏洞(CVE-2017-16944)
    • 危险等级:中
    • cve编号:CVE-2017-16944
  • Exim receive_msg函数释放后重利用漏洞(CVE-2017-16943)
    • 危险等级:中
    • cve编号:CVE-2017-16943
  • Siemens多个产品拒绝服务漏洞(CVE-2017-12741)
    • 危险等级:中
    • BID:101964
    • cve编号:CVE-2017-12741
  • 华为 Honor 9 Bastet 缓冲区溢出漏洞(CVE-2017-8205)
    • 危险等级:中
    • BID:101963
    • cve编号:CVE-2017-8205
  • Huawei UMA 本地权限提升漏洞(CVE-2017-8122)
    • 危险等级:中
    • BID:101961
    • cve编号:CVE-2017-8122
  • 华为 Honor 9 Bastet 缓冲区溢出漏洞(CVE-2017-8204)
    • 危险等级:中
    • BID:101962
    • cve编号:CVE-2017-8204
  • HP多个产品签名验证远程代码执行漏洞(CVE-2017-2750)
    • 危险等级:中
    • BID:101965
    • cve编号:CVE-2017-2750
  • MOXA EDS-G512E信息泄露漏洞(CVE-2017-13701)
    • 危险等级:高
    • BID:101966
    • cve编号:CVE-2017-13701
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1650)
    • 危险等级:低
    • BID:101904
    • cve编号:CVE-2017-1650
  • IBM WebSphere MQ信息泄露漏洞(CVE-2017-1283)
    • 危险等级:低
    • cve编号:CVE-2017-1283
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1689)
    • 危险等级:低
    • BID:101904
    • cve编号:CVE-2017-1689
  • IBM Jazz Foundation信息泄露漏洞(CVE-2017-1570)
    • 危险等级:低
    • cve编号:CVE-2017-1570
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1678)
    • 危险等级:低
    • BID:101895
    • cve编号:CVE-2017-1678
  • Linux kernel walk_hugetlb_range函数信息泄露漏洞(CVE-2017-16994)
    • 危险等级:低
    • cve编号:CVE-2017-16994
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1593)
    • 危险等级:低
    • BID:101895
    • cve编号:CVE-2017-1593
  • TeamPass跨站脚本漏洞(CVE-2017-15051)
    • 危险等级:中
    • cve编号:CVE-2017-15051
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1688)
    • 危险等级:低
    • BID:101904
    • cve编号:CVE-2017-1688
  • TeamPass任意文件上传漏洞(CVE-2017-15054)
    • 危险等级:中
    • cve编号:CVE-2017-15054
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1607)
    • 危险等级:低
    • BID:101904
    • cve编号:CVE-2017-1607
  • TeamPass访问控制漏洞(CVE-2017-15055)
    • 危险等级:中
    • cve编号:CVE-2017-15055
  • TeamPass管理器访问控制漏洞(CVE-2017-15053)
    • 危险等级:中
    • cve编号:CVE-2017-15053
  • IBM Rational DOORS Next Generation跨站脚本漏洞(CVE-2017-1560)
    • 危险等级:低
    • cve编号:CVE-2017-1560
  • TeamPass管理器访问控制漏洞(CVE-2017-15052)
    • 危险等级:中
    • cve编号:CVE-2017-15052
  • Cloud Foundry cf-deployment多个安全漏洞(CVE-2017-14390)
    • 危险等级:低
    • BID:101972
    • cve编号:CVE-2017-14390
  • Red Hat OpenStack Platform权限提升漏洞(CVE-2017-15114)
    • 危险等级:中
    • BID:101971
    • cve编号:CVE-2017-15114
  • McAfee Network Security Manager远程授权绕过漏洞(CVE-2016-8029)
    • 危险等级:高
    • BID:101970
    • cve编号:CVE-2016-8029
  • TP-Link路由器命令注入漏洞(CVE-2017-16957)
    • 危险等级:高
    • BID:101968
    • cve编号:CVE-2017-16957
  • Cloud Foundry多个产品拒绝服务漏洞(CVE-2017-8031)
    • 危险等级:低
    • BID:101967
    • cve编号:CVE-2017-8031
  • IBM Workload Scheduler本地信息泄露漏洞(CVE-2017-1716)
    • 危险等级:低
    • BID:101974
    • cve编号:CVE-2017-1716
  • QEMU ‘b/nbd/server.c’栈缓冲区溢出漏洞(CVE-2017-15118)
    • 危险等级:低
    • BID:101975
    • cve编号:CVE-2017-15118
  • IBM Rational Rhapsody Design Manager信息泄露漏洞(CVE-2017-1240)
    • 危险等级:低
    • BID:101976
    • cve编号:CVE-2017-1240
  • OpenSSL安全功能绕过漏洞(CVE-2017-3735)
    • 危险等级:低
    • BID:100515
    • cve编号:CVE-2017-3735
  • EMC RSA多个产品身份验证绕过漏洞(CVE-2017-14378)
    • 危险等级:低
    • BID:101979
    • cve编号:CVE-2017-14378
  • Ethicon Endo-Surgery Generator G11本地身份验证绕过漏洞(CVE-2017-14018)
    • 危险等级:中
    • BID:101978
    • cve编号:CVE-2017-14018
  • EMC RSA Authentication Agent for Web: Apache Web Server身份验证绕过漏洞(CVE-2017-14377)
    • 危险等级:低
    • BID:101980
    • cve编号:CVE-2017-14377
  • PowerDNS Authoritative Server Module身份验证漏洞(CVE-2017-15091)
    • 危险等级:低
    • cve编号:CVE-2017-15091
  • PowerDNS Recursor API注入漏洞(CVE-2017-15093)
    • 危险等级:中
    • cve编号:CVE-2017-15093
  • PowerDNS Authoritative Server Module跨站脚本漏洞(CVE-2017-15092)
    • 危险等级:低
    • cve编号:CVE-2017-15092
  • Apple macOS身份验证绕过漏洞(CVE-2017-13872)
    • 危险等级:中
    • BID:101981
    • cve编号:CVE-2017-13872
  • PowerDNS Recursor 拒绝服务漏洞(CVE-2017-15094)
    • 危险等级:低
    • cve编号:CVE-2017-15094
  • PowerDNS Authoritative Server Module身份验证漏洞(CVE-2017-15090)
    • 危险等级:低
    • BID:101981
    • cve编号:CVE-2017-15090
  • OpenEMR远程权限提升漏洞(CVE-2017-16540)
    • 危险等级:中
    • BID:101983
    • cve编号:CVE-2017-16540
  • Cisco WebEx Meeting Center跨站脚本漏洞(CVE-2017-12366)
    • 危险等级:中
    • BID:101984
    • cve编号:CVE-2017-12366
  • Cisco Secure Access Control System信息泄露漏洞(CVE-2017-12354)
    • 危险等级:中
    • BID:101986
    • cve编号:CVE-2017-12354
  • Cisco WebEx Meeting Center URL重定向漏洞(CVE-2017-12297)
    • 危险等级:中
    • BID:101985
    • cve编号:CVE-2017-12297
  • Cisco Application Policy Infrastructure Controller本地命令注入及权限提升漏洞(CVE-2017-12352)
    • 危险等级:中
    • BID:101993
    • cve编号:CVE-2017-12352
  • Cisco Jabber 跨站脚本漏洞(CVE-2017-12358)
    • 危险等级:中
    • BID:101992
    • cve编号:CVE-2017-12358
  • EMC ScaleIO 拒绝服务漏洞(CVE-2017-8019)
    • 危险等级:中
    • BID:101991
    • cve编号:CVE-2017-8019
  • Cisco Jabber 跨站脚本漏洞(CVE-2017-12356)
    • 危险等级:中
    • BID:101990
    • cve编号:CVE-2017-12356
  • Cisco IOS XR Software拒绝服务漏洞(CVE-2017-12355)
    • 危险等级:中
    • BID:101989
    • cve编号:CVE-2017-12355
  • Cisco Unified Communications Manager跨站脚本漏洞(CVE-2017-12357)
    • 危险等级:中
    • BID:101988
    • cve编号:CVE-2017-12357
  • Cisco Meeting Server拒绝服务漏洞(CVE-2017-12362)
    • 危险等级:中
    • BID:101987
    • cve编号:CVE-2017-12362
  • EMC ScaleIO 缓冲区溢出漏洞(CVE-2017-8020)
    • 危险等级:中
    • BID:101995
    • cve编号:CVE-2017-8020
  • Cisco Jabber for Windows本地信息泄露漏洞(CVE-2017-12361)
    • 危险等级:中
    • BID:101994
    • cve编号:CVE-2017-12361
  • Cisco WebEx Network Recording Player拒绝服务漏洞(CVE-2017-12360)
    • 危险等级:中
    • BID:102001
    • cve编号:CVE-2017-12360
  • Cisco Data Center Network Manager安全限制绕过漏洞(CVE-2017-12343)
    • 危险等级:中
    • BID:101996
    • cve编号:CVE-2017-12343
  • Cisco Data Center Network Manager HTTP标头注入漏洞(CVE-2017-12344)
    • 危险等级:中
    • cve编号:CVE-2017-12344
  • Cisco Data Center Network Manager 内容欺骗漏洞(CVE-2017-12345)
    • 危险等级:中
    • cve编号:CVE-2017-12345
  • Cisco Data Center Network Manager 跨站脚本漏洞(CVE-2017-12346)
    • 危险等级:中
    • cve编号:CVE-2017-12346
  • Cisco Email Security Appliance远程安全功能绕过漏洞(CVE-2017-12353)
    • 危险等级:中
    • BID:102002
    • cve编号:CVE-2017-12353
  • Cisco Data Center Network Manager 跨站脚本漏洞(CVE-2017-12347)
    • 危险等级:中
    • cve编号:CVE-2017-12347
  • EMC ScaleIO 本地信息泄露漏洞(CVE-2017-8001)
    • 危险等级:中
    • BID:101997
    • cve编号:CVE-2017-8001
  • cURL/libcURL 缓冲区溢出漏洞(CVE-2017-8816)
    • 危险等级:中
    • BID:101998
    • cve编号:CVE-2017-8816
  • Cisco WebEx Event Center信息泄露漏洞(CVE-2017-12365)
    • 危险等级:中
    • BID:101999
    • cve编号:CVE-2017-12365
  • Cisco Meeting Server远程安全功能绕过漏洞(CVE-2017-12363)
    • 危险等级:中
    • BID:102000
    • cve编号:CVE-2017-12363

(数据来源:绿盟科技安全研究部&产品规则组)

2.2 焦点漏洞

  • 焦点漏洞
    • Exim 拒绝服务漏洞(CVE-2017-16944)
    • NSFOCUS ID
      • 38107
    • CVE ID
      • CVE-2017-16944
    • 受影响版本
      • Exim Exim 4.89
      • Exim Exim 4.88
    • 漏洞点评
      • Exim是一个MTA(Mail Transfer Agent,邮件传输代理)服务器软件。Exim 4.88及4.89版本,receive_msg函数存在安全漏洞,可使远程攻击者利用此漏洞造成拒绝服务(无限循环及栈耗尽)。请用户及时下载补丁修复漏洞。对于暂时无法更新的情况,可更改配置文件中的chunking_advertise_hosts值为空,禁止ESMTP CHUNKING扩展使漏洞不可利用。

(数据来源:绿盟科技安全研究部&产品规则组)

Spread the word. Share this post!

Meet The Author

Leave Comment