iGB North America magazine IGBNA Aug/Sep | Page 18
Compliance and Technology
INFORMATION
SECURITY ROUND-UP
In this new regular feature, iGaming Business’ Technical Section Editor
Justin Bellinger rounds up the latest news, patches and exploits from the
information security sector.
Software
Microsoft Internet Explorer versions 6,
7, 8, 9, 10 & 11 have all been issued with a
critical update patch from Microsoft. The
update fixes a problem where a user could
visit a malicious webpage containing code
that grants the attacker the same privileges
as the user. The attack can also be run on
the Microsoft server suite, although less
successfully, depending on the user rights of
the admin on the server at the time.
Adobe Flash Player has been found to be
vulnerable to heap buffer overflow flaws.
This exploit has been found to have been
actively used to deliver malicious payloads
via malicious SWF and FLV files. Adobe have
issued Flash Player version 18.0.0.194, as a
critical update.
Tomcat on Ubuntu 15.04, 14.10 & 14.04
LTS has been found to suffer from various
issues concerning incorrectly handled HTTP
responses. The remote attack can be crafted
to both allow an attacker to view files and
also to consume resources on the server
effectively resulting in a DoS. All vulnerable
versions of Ubuntu have patches available.
OpenSSL 1.0.2. Under certain conditions
it is possible to bring down an OpenSSL
server running version 1.0.2. A connected
client can renegotiate with an invalid
signature algorithms extension effectively
implementing a DoS attack against the
server. David Ramos of Stanford University
discovered the flaw. The fix, developed by
Stephen Henson and Matt Caswell of the
OpenSSL development team, can be found in
software version 1.0.2a.
Oracle. Keep an eye out for Oracle Critical
Patch Updates which, following Oracle’s
quarterly schedule, will be issued on 17th July.
Network
Moose malware has been discovered by
ESET researchers to be infecting Linuxbased routers built on the ARM and MIPS
architectures. The primary purpose of
the worm appears to be to commit social
networking fraud by posting false ‘likes’ and
‘follows’ on popular social networking sites.
The worm is connected to a botnet however,
and could be used for future exploits such
as DDoS attacks and DNS hijacking. The
growing list of router manufactures affected
include; Zhone, Actiontec, ZyXEL, Hik Vision,
Synology, TP-Link, and Netgear. The latest
patch from your hardware vendor should
eliminate the risk of an infection on your
router or device.
Cisco Web Security Virtual Appliances,
Email Security Virtual Appliances, and
Content Security Management Virtual
Appliances are all vulnerable to exploitation
18 | iGamingBusiness North America | Issue 20 | August/September 2015
through the use of shared SSH keys. A feature
designed for remote support, including root
access, uses these shared keys.
Cisco’s advisory informs us that “A
vulnerability in the remote support
functionality of Cisco WSAv, Cisco ESAv,
and Cisco SMAv Software could allow an
unauthenticated, remote attacker to connect
to the affected system with the privileges of
the root user.” In practice, this means that an
attacker who has managed to compromise
one of the devices mentioned above, or
more likely has obtained the key through
a hackers’ database, can have unhindered
access to any of the devices. Cisco has
issued patches for all devices susceptible to
the attack.
F5 Networks were alerted to a similar
problem on their VIPRION B2100, B4100,
B4200; Enterprise Manager 3000, 4000;
BIG-IP 520, 540, 1000, 2000, 2400, 5000,
5100, 1600, 3600, 3900, 6900, 8900, 8950,
11000, 11050; and BIG-IP Virtual Edition
platforms. A security advisory published
by F5 Networks advises customers that
attackers could exploit SSH login security
through the publication of the secure SSH
private key in the public domain. Similar
to the Cisco problem, this key appears to
be shared across many of the devices and
if discovered and used gives the attacker
full root privileges. F5 have issued software
updates for the affected devices and also a
SSH reconfiguration tool, which disables
the use of the compromised keys, for