Security Advisory: GHOST Vulnerability
A medium vulnerability in one of the low-level Linux libraries called “libc”, commonly referred to as “GHOST”, was reported yesterday (January 27th, 2015) and was assigned CVE-2015-0235 affecting various software components making use of the library for DNS resolutions. The vulnerability allows an attacker to perform remote code execution and has been undiscovered for almost 15 years.
LightCyber’s engineers took immediate steps to patch all cloud and support servers (as of January 28th 11am EST). We are currently unaware of any service that is directly affected by this vulnerability.
To ensure utmost security to Magna users, we have released a hot-fix that includes the new “libc” library in order to fix this vulnerability. Please contact [email protected] for the hot-fix to be applied to your Magna appliance(s).
Security Advisory: POODLE
A medium vulnerability in the SSL protocol, commonly referred to as “POODLE”, was reported yesterday (Oct. 14th) and was assigned CVE-2014-3566 (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566) affecting *all* implementations of SSLv3. The vulnerability allows a Man-In-The-Middle (MITM) attacker to decrypt SSL traffic.
LightCyber’s engineers took immediate steps to patch all cloud and support servers (as of Oct. 15th 3pm EST). Although, the Magna appliance management and API portals are vulnerable, the risk of a MITM attack in an internal network is extremely low and the attacker would only gain information on Magna indicators and the credentials of the analyst and admin users. The vulnerability will not under any circumstance allow access to raw and aggregated traffic on the appliance.
The easiest way to mitigate the risk is to use Firefox with the official Mozilla SSL Version Control add-on installed (https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/). In case that is not applicable, an appliance-side hot-fix is also available. Please contact [email protected] for the hot-fix to be applied to your Magna appliance(s).
Security Advisory: Shellshock Bash
A critical vulnerability in “bash”, commonly referred to as “Shellshock”, was reported by US-CERT under CVE-2014-6271 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271) affecting Linux/UNIX operating systems. The vulnerability which is already exploited “in the wild”, allows remote attackers to execute arbitrary code and was ranked highest (10/10) in both impact and exploitability.
LightCyber’s engineers took immediate steps to patch all cloud and support servers (as of Sept. 25th 3pm EST). Although Magna OS is Linux-based and running an affected version of “bash”, all management and API portals of the Magna appliance are not vulnerable to the Shellshock exploit. Furthermore, these portals are not internet-facing. The only known risk is on appliances configured to use DHCP for management interface IP allocation (usually not the case). Therefore, a hot-fix is available, but is released with “Low-Medium” priority. Please contact [email protected] for the hot-fix to be applied to your Magna appliance(s).
Other than immediately patching all internet-facing Linux/UNIX servers, we recommend the following best practices:
- Make sure DMZ IP ranges are properly configured under “Network Coverage” (in the Admin UI)
- Keep an eye on for indicators originating from Linux/UNIX internet-facing servers and reported on service accounts used on these servers, as this may indicate a breach
Security Advisory: Heartbleed Bug and LightCyber Magna
On April 7th OpenSSL cryptographic software library was published under the name “Heartbleed Bug” (CVE-2014-0160). Like many applications, including most of the IT security products, LightCyber Magna is using the OpenSSL package to secure communication channels to and from the Magna Appliance and is therefore subjected to some of the weaknesses reported.
Since Magna Appliance is deployed inside the organization’s internal network and is not exposed to public Internet traffic, the risk that this vulnerability can be exploited is minimal; however to ensure utmost security to Magna users, we will be upgrading all Magna Appliances to use the new OpenSSL version that was released in order to fix this vulnerability, and will re-issue the private keys that are being used by the Appliance. Our support team will coordinate the upgrade with you in the next 48 hours.
For more details regarding the Heartbleed Bug, please see http://heartbleed.com/