绿盟科技 – 第 98 页 – 绿盟科技技术博客

绿盟科技能源行业10月安全通告

2016-11-01绿盟科技ISC BIND 9拒绝服务漏洞, NSFOCUS TVM, 云计算安全风险, 国际原子能机构, 威胁和漏洞管理解决方案, 绿盟威胁情报系统NTI, 绿盟科技, 绿盟科技2016网络视频监控系统安全报告, 绿盟科技威胁响应中心NS-SRC, 能源行业报告

绿盟科技刚刚发布的能源行业月度安全通告10月刊，报告内容十分详实，包括安全事件及漏洞、安全技术及分析、绿盟科技解决方案、绿盟科技动态等几个方面，报告主要内容如下。

Linux Kernel Local Privilege Escalation Vulnerability Technical Analysis and Solution

2016-10-27绿盟科技EnglishVersion, Linux Kernel Local Privilege Escalation Vulnerability, Linux Vulnerability, NSFOCUS, Recommended Solutions, Vulnerability Analysis

The memory subsystem of the Linux kernel contains a race condition in the way of handling the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could exploit this vulnerability to gain write access to otherwise read-only memory mappings, thus escalating his or her privileges on the system.

OpenSSH Remote Denial-of-Service Vulnerability Technical Analysis and Solution

2016-10-27绿盟科技Affected Versions, Denial-of-Service Vulnerability, EnglishVersion, NSFOCUS, NTI, OpenSSH, OpenSSH Remote Denial-of-Service Vulnerability, Recommended Solutions, Technical Analysis and Solution

OpenSSH contains a memory exhaustion issue during key exchange. An unauthenticated client can increase the memory allocated to each connection on the server to 384 MB, by repeating the KEXINIT process. An attacker can exploit this vulnerability by initiating multiple connections, to exhaust memory resources of the server and therefore lead to a denial of service.

【威胁通告】OpenSSL告警处理不当远程拒绝服务漏洞

2016-10-26绿盟科技CVE-2016-8610, OpenSSH远程拒绝服务漏洞威胁, OpenSSH远程漏洞, OpenSSL告警处理不当远程拒绝服务漏洞, OpenSSL告警漏洞, 绿盟科技, 远程拒绝服务漏洞

OpenSSL又出漏洞了 CVE-2016-8610 OpenSSL官方已经修复了补丁，还请广大用户尽快升级，不要犯了之前的错误。 APT组织FruityArmor利用微软刚修补的漏洞发起攻击黄金72小时的威力再次证明攻防是在比谁更快。

【预警通告】Linux内核本地提权漏洞威胁

2016-10-21绿盟科技CVE-2016-5195, Linux 漏洞, Linux内核, Linux内核漏洞, Linux内核本地提权漏洞威胁, 绿盟科技, 绿盟科技威胁事件定级标准

Linux内核出现本地提权漏洞 CVE-2016-5195 事件引发业界关注。绿盟科技发布Linux内核本地提权漏洞威胁预警通告，通告将该漏洞定义为中级，这意味着该漏洞影响范围可控，危害程度可控，利用难度较高，绿盟科技将实施7*8小时内部应急跟踪，72小时内完成技术分析、产品升级和防护方案。

【公益译文】关键基础设施系统攻击的检测、关联与呈现

2016-10-20绿盟科技DATES研究重点, DATES项目, IEEE Xplore, SCADA, SRI 报告, 关键基础设施, 关键基础设施系统攻击, 数据采集与监控系统, 贝叶斯统计方法

由于需要运营复杂的物理信息系统，能源部门对于数据采集与监控系统（SCADA）之类的数字工控系统（ICS）越来越依赖。美国斯坦福国际研究中心（SRI）发布报告，介绍了DATES（能源部门威胁检测与分析）项目的部分研究成果，针对工业控制系统，我们修改、开发了几种入侵检测技术，并将整套检测技术集成并连接至ArcSight 的商业安全事件关联框架。

【预警通告】OpenSSH远程拒绝服务漏洞威胁

2016-10-20绿盟科技CVE-2016-8858, OpenSSH 漏洞威胁, OpenSSH远程拒绝服务漏洞威胁, OpenSSH远程漏洞, 绿盟科技, 绿盟科技威胁事件定级标准

OpenSSH内存耗尽漏洞CVE-2016-8858 将会消耗服务器37.5G内存，绿盟科技就此漏洞发布《 OpenSSH 远程拒绝服务漏洞威胁预警通告 》，报告称该漏洞CVE-2016-8858将导致拒绝服务攻击，并将该漏洞等级定义为高，这意味着该漏洞影响范围比较广，危害严重，利用难度较低，绿盟科技将进行7*24小时内部应急跟踪，24小时内完成技术分析、产品升级和防护方案。

Mirai Source Code Analysis Report

2016-10-19绿盟科技EnglishVersion, Mirai, mirai folder, Mirai Source Code, Mirai Source Code Analysis Report, Workarounds

As shown in Figure 1, there are two folders. The loader folder, as its name implies, is a loader that creates servers and monitors the status of connections.

ISC BIND 9 Denial-of-Service Technical Analysis and Solution

2016-10-19绿盟科技CVE-2016-2776, EnglishVersion, ISC BIND 9 Denial-of-Service, Recommended Solutions, Technical Analysis and Solution

Internet Systems Consortium (ISC) officially released a security advisory to announce a vulnerability (CVE-2016-2776) and its fixing. The vulnerability exists in buffer.c. When constructing a response packet for a specially crafted query request, BIND will encounter an assertion failure, causing the program to crash and therefore a denial of service.

Author Archives: 绿盟科技