Sysadm:Vulnerability Patches

From CHG-Wiki
Jump to navigationJump to search

The purpose of this page is to record vulnerabilities that were patched in CHG systems, including when the vulnerability was found, the date it was patched, and what systems were patched. Please list the most recently patched vulnerabilities on top.

GHOST Vulnerability (01/2015)

The GHOST vulnerability was patched on all CHG servers and VMs that needed it by Aaron. chg-git was already up to date. .

Jenkins Default Tomcat Vulnerability (12/2014)

OIT brought to our attention that example Apache Tomcat JSPs and Servlets were installed on chg-ewx. These were subsequently removed.

ShellShock Bash Bug (09/2014)

To test for vulnerability:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you're vulnerable it'll print:

vulnerable
this is a test

If you've updated Bash you'll only see:

this is a test

All Windows PCs using Cygwin were vulnerable. Updated individually by installing newest version of bash. The folks at ERI took care of updating our unix servers (yum -y update bash) and Mac users received an update from OSX (Mavericks, Mountain Lion, Lion).

Heartbleed (04/2014)

The campus VPN server depends upon OpenSSL and was vulnerable to the Heartbleed bug. It was patched.

Windows Samba Security Policy on Swift (11/2013)

OIT sent us a notice that swift was vulnerable because of a security policy setting where "signing is disabled on the remote SMB server". This can allow man-in-the-middle attacks against the SMB server. Resolved issue by going into Security Policy interface on swift and setting "Microsoft network server: Digitally sign communications (always)".

Solution also applied to chg2.

See: http://technet.microsoft.com/en-us/library/cc731957.aspx

HP Printer Public String Vulnerability (09/2013)

OIT/NOC brought to our attention the fact that RSRU (the CHG Laserjet 4100dtn print) was using the manufacturer-default “public” community string, which is a potential DoS attack mechanism. Performed cold reset to resolve issue and reset admin password.

Windows Bad BSOD Update (04/2013)

A Microsoft update from April 8th, 2013 (KB2823324) had the potential to cause blue screens of death upon reboot. Microsoft recommends uninstalling the update immediately. An email was sent out to this effect - no users reported being effected.

An article on the issue: https://threatpost.com/en_us/blogs/microsoft-uninstall-faulty-patch-tuesday-security-update-041213

Microsoft official notices: http://support.microsoft.com/kb/2823324 http://support.microsoft.com/kb/2839011