[PLUG] Fwd: [Fwd: openssl vulnerability - heartbleed]

akshat akshat-pg8 at iiitmk.ac.in
Mon Apr 21 18:45:00 IST 2014


Hi friends,

*The Heartbleed Bug is a serious vulnerability in the popular OpenSSL
cryptographic software library. This weakness allows stealing the
information protected, under normal conditions, by the SSL/TLS encryption
used to secure the Internet. SSL/TLS provides communication security and
privacy over the Internet for applications such as web, email, instant
messaging (IM) and some virtual private networks (VPNs).*

*The Heartbleed bug allows anyone on the Internet to read the memory of the
systems protected by the vulnerable versions of the OpenSSL software. This
compromises the secret keys used to identify the service providers and to
encrypt the traffic, the names and passwords of the users and the actual
content. This allows attackers to eavesdrop on communications, steal data
directly from the services and users and to impersonate services and users.*
*So, update the openssl library as soon as possible because this is the
library responsible for secure connection on the internet compromising with
this means you are compromising with your internet security as these most
of the transaction we are doing online.. Please refer in the attached mail
for checking version and make sure built date is on or after 7th April
2014.*

*For upgrading please refer :*
https://www.digitalocean.com/community/articles/how-to-protect-your-server-against-the-heartbleed-openssl-vulnerability

*For more info please refer http://heartbleed.com/
<http://heartbleed.com/>.*


---------- Forwarded message ----------
From: V.VenkataSubramani <vvs at ncra.tifr.res.in>
Date: Sat, Apr 19, 2014 at 12:07 PM
Subject: [Fwd: openssl vulnerability - heartbleed]
To: akshat singh <akshat.space at gmail.com>


Dear Akshat

This is the notice sent to staff at ncra...see if this info will be useful
to our friends as well...may be you all know this by now.

--
With Best Regards
V.V.Subramani  020 2571 9202



-------- Forwarded Message --------
From: Vvs <vvs at ncra.tifr.res.in>
To: staff at ncra.tifr.res.in
Cc: mangesh at gmrt.ncra.tifr.res.in, rvs at tifr.res.in
Subject: openssl vulnerability - heartbleed
Date: Fri, 18 Apr 2014 12:16:05 +0530 (IST)
Mailer: Alpine 2.03 (LRH 1266 2009-07-14)

Dear All

If you are using MS-Windows OS, kindly make sure the updates are enabled
and OS and anti-virus is upto date.

If OS is Linux / MAC, pls run update, specially for openssl. The recent
detection of heartbleed vulnerability in openssl is dangerous as most of
us are making use of online transaction.

The openssl 1.0.1(a-f) has this vulnerability, openssl 1.0.1g does not
have this bug. Many old OS (Cent OS 5, RHEL 5) has older version of
openssl which does not have this vulnerability. But, better to run update
for all OS. Following command will help;

openssl version -a      -- look for built date

If it is built on or after 7 April 2014, then this bug is fixed. In Redhat
/ CentOS / Fedora, this bug is fixed using back porting. The version may
not be openssl 1.0.1g through normal update procedure. It is advised not
to update using tar ball as future updates will be affected.

If you need any help in update process, pls let us know.

With Best Regards
_____________________________________________________________
V.Venkatasubramani NCRA TIFR PUNE - 411007

---------- Forwarded message ----------
Date: Thu, 17 Apr 2014 14:52:27 +0530
From: H.Raghavan <hraghav at tifr.res.in>
Reply-To: "Computer Emergency Response Team [CERT] Advisory"
     <cert at www.tifr.res.in>
To: cert at www.tifr.res.in
Subject: [CERT] Fwd: [CIVN-2014-0067]Remote Code Execution Vulnerability in
     Microsoft Windows File Handling Component

Dear All,
Windows machines are vulnerable to attacks, pl configure your machines for
auto
update.
Vulnerabilities found in windows machines are in the trail mail.

A major vulnerability was found in openssl package used in MAC and Linux.
If your system is running OpenSSL 1.0.1 through 1.0.1f (inclusive) are
vulnerable.
Pl upgrade your system immediately.
If any assistance is required, pl call 2121 or send mail to cc at tifr.res.in.

Regards,
Raghavan.




-------- Original Message --------
Subject:        [CIVN-2014-0067]Remote Code Execution Vulnerability in
Microsoft Windows File Handling Component
Date:   Thu, 17 Apr 2014 14:11:29 +0530
From:   advisory <advisory at cert-in.org.in>
To:     advisory at cert-in.org.in




Error verifying signature: Hash:
SHA512
gpg: armor header:
Version: PGP Desktop 10.2.0 (Build
2599) - not licensed for commercial
use:
gpg: armor header:
www.pgp.com\r\n
gpg: invalid armor header:
Content-Type: application/x-inlinepgp-signed; format="flowed";
charset="US-ASCII"
Content-Transfer-Encoding:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Original Issue Date:April 09, 2014

Severity Rating: HIGH

Systems Affected

Windows XP SP3 and Professional x64 Edition SP2
Windows Vista SP2 and x64 Edition SP2
Windows Server 2003 SP2 ,x64 Edition SP2 and SP2 for Itanium-based
Systems
Windows Server 2008 SP2 ,x64 Edition SP2 and SP2 for Itanium-based
Systems
Windows Server 2008 R2 x64-based SystemsSP1 and for Itanium-Based
Systems
Windows 7 SP1 for 32-bit and x64-based Systems
Windows 8 for 32-bit and x64 based Systems
Windows 8.1 for 32-bit and x64 based Systems
Windows Server 2012
Windows Server 2012 R2
Windows RT
Windows RT 8.1
Overview

A  vulnerability has been reported in Microsoft Windows File Handling
Component which could be exploited by a remote attacker to take complete
control of the affected system.
Description

This vulnerability exists in Microsoft Windows file handling component
due
to improper path restriction while processing specially crafted .bat and
.cmd files that are run from an external network. A remote attacker
could
exploit this vulnerability by convincing the user to visit a link that
contains a malicious file.

Successful exploitation of this vulnerability could result in execution
of
arbitrary code on the targeted system in context of the logged-on user.


Workaround

Set Internet and Local intranet security zone settings to "High" to
block
ActiveX Controls and Active Scripting in these zones.
Configure Internet Explorer to prompt before running Active Scripting or
to
disable Active Scripting in the Internet and Local intranet security
zone
Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS14-019

Vendor Information

Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms14-019


References

Microsoft
http://technet.microsoft.com/en-us/security/bulletin/ms14-019


Cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=33581


Secunia
http://secunia.com/advisories/57642/


Symantec
http://www.symantec.com/security_response/vulnerability.jsp?bid=66619


CVE Name
CVE-2014-0315


- -- Note: Please do not reply to this e-mail. For further queries
contact
CERT-In Information Desk. Email: info at cert-in.org.in

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 2599) - not licensed for commercial
use:
www.pgp.com
Charset: utf-8

wsBVAwUBU0+SmgeYBMMthaeHAQq8MggAhHUy3s/Me4jOHlQXwoyzdwUKWSfpLgSZ
Epn21HidTF+HctGyO11o4khvsG9X99EWtrmgn+h2wjNAoYqBtNVdWlpbzTdWHDSO
D3eEXqlV1NMeWEzRVofOQkNVUo2qq7TT7fdm+WwFV9uNARllOiGQ8RQ0NE/UZ06t
BgWi8AnsozItL9IFqE6raf9OjtHEW9q6Wbu7AXKy2Sq8DsJfhY715+1OVpB21s1X
cg53hS2TFpm96bjljebHJUlXEMv6Szvf0TTS9MSgHYb3kQJPWIjvIpA6FphDeEWp
eyrgsfH7xQ2xe3n4FG7K274whTyDRpBw30L2Pil456hGWaQZgTm6zA==
=inUH
-----END PGP SIGNATURE-----



-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<
http://www.tifr.res.in/mailman/private/cert/attachments/20140417/83cbfbad/attachment.html
>
_______________________________________________
CERT mailing list
CERT at www.tifr.res.in
http://www.tifr.res.in/mailman/listinfo/cert





-- 
Akshat Singh
[PG-8 IIITM-Kerala]
Pune

Mob.: +91-8806963718
http://a4akshat.weebly.com/



More information about the Plug-mail mailing list