OpenSSL X509_cmp_time DoS

Time နဲ့ ပတ်သက်ပြီး OpenSSL Certificate တွေမှာ လုံခြုံရေး အားနည်းချက် တခု ကို လုံခြုံရေးသုတေသီ များက မကြာသေးခင်က ရှာဖွေတွေ့ ရှိထားပါတယ်

ယင်းအားနည်းချက်မှ DoS Attack ဖြင့်တိုက်ခိုက်နိုင်တယ်လို့ ဆိုပါတယ်

အသေးစိပ် သိချင်ရင်တော့ CVE ID 2015 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789 ဆိုတာကိုဖတ်ပါ

မိမိ Device များကို patch လုပ်ပါ

ပျော်ရွှင်ပါစေဗျာ
(Be knowledgeable, pass it on then)

Microsoft Security Bulletin Coverage (August 11, 2015)

ဩဂုတ်လအတွက် Security Advisories တွေကို Microsoft က ထုံးစံအတိုင်း ထုတ်ပြန်ထားပါတယ်။

အောက်က CVE ID တွေကို သင့် IPS/IDS, Firewall စတဲ့ Security Device တွေ၊ Operating System တွေနဲ့ Application တွေက prevent လုပ်နိုင်ဖို့လိုပါတယ်။

Dell SonicWall Security Device တွေကတော့ fix လုပ်ထားပြီးပါပြီတဲ့ဗျာ။

MS15-079 Cumulative Security Update fro Internet Explorer

  • CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
    This is a local vulnerability.
  • CVE-2015-2441 Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2442 Memory Corruption Vulnerability
    IPS: 11076 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 1"
  • CVE-2015-2443 Memory Corruption Vulnerability
    IPS: 11077 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 2"
  • CVE-2015-2444 Memory Corruption Vulnerability
    IPS: 11078 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 3"
  • CVE-2015-2445 ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2015-2446 Memory Corruption Vulnerability
    IPS: 11079 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 4"
  • CVE-2015-2447 Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2448 Memory Corruption Vulnerability
    IPS: 11080 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 5"
  • CVE-2015-2449 ASLR Bypass
    There are no known exploits in the wild.
  • CVE-2015-2450 Memory Corruption Vulnerability
    IPS: 11081 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 6"
  • CVE-2015-2451 Memory Corruption Vulnerability
    IPS: 11083 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 8"
  • CVE-2015-2452 Memory Corruption Vulnerability
    IPS: 11082 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 7"
MS15-080 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution

  • CVE-2015-2431 Microsoft Office Graphics Component Remote Code Execution Vulnerability
    SPY: 4276 "Malformed-File doc.MP.30"
  • CVE-2015-2432 OpenType Font Parsing Vulnerability
    SPY: 3148 "Malformed-File otf.MP.12"
  • CVE-2015-2433 Kernel ASLR Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2435 TrueType Font Parsing Vulnerability
    SPY: 4232 "Malformed-File ttf.MP.4"
  • CVE-2015-2453 Windows CSRSS Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2454 Windows KMD Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2455 TrueType Font Parsing Vulnerability
    SPY: 4209 "Malformed-File ttf.MP.3"
  • CVE-2015-2456 TrueType Font Parsing Vulnerability
    SPY: 3149 " Malformed-File otf.MP.13 "
  • CVE-2015-2458 OpenType Font Parsing Vulnerability
    SPY: 3150 " Malformed-File otf.MP.14 "
  • CVE-2015-2459 OpenType Font Parsing Vulnerability
    SPY: 3151 " Malformed-File otf.MP.15 "
  • CVE-2015-2460 OpenType Font Parsing Vulnerability
    SPY: 3152 " Malformed-File otf.MP.16 "
  • CVE-2015-2461 OpenType Font Parsing Vulnerability
    SPY: 3153 " Malformed-File otf.MP.17 "
  • CVE-2015-2462 OpenType Font Parsing Vulnerability
    SPY: 3157 " Malformed-File otf.MP.20 "
  • CVE-2015-2463 TrueType Font Parsing Vulnerability
    SPY: 3155 " Malformed-File otf.MP.18 "
  • CVE-2015-2464 TrueType Font Parsing Vulnerability
    SPY: 3156 " Malformed-File otf.MP.19 "
  • CVE-2015-2465 Windows Shell Security Feature Bypass Vulnerability
    There are no known exploits in the wild.
MS15-081 Vulnerability in Microsoft Office Could Allow Remote Code Execution

  • CVE-2015-1642 Microsoft Office Memory Corruption Vulnerability
    SPY: 4366 "Malformed-File docx.MP.5"
  • CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2466 Microsoft Office Remote Code Execution Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2467 Microsoft Office Memory Corruption Vulnerability
    SPY: 3159 "Malformed-File doc.MP.25"
  • CVE-2015-2468 Microsoft Office Memory Corruption Vulnerability
    SPY: 3160 "Malformed-File doc.MP.26"
  • CVE-2015-2469 Microsoft Office Memory Corruption Vulnerability
    SPY: 3365 "Malformed-File doc.MP.27"
  • CVE-2015-2470 Microsoft Office Integer Underflow Vulnerability
    SPY: 4193 " Malformed-File doc.MP.28"
  • CVE-2015-2477 Microsoft Office Memory Corruption Vulnerability
    SPY: 4195 "Malformed-File doc.MP.29"
MS15-082 Vulnerabilities in RDP Could Allow Remote Code Execution 

  • CVE-2015-2472 Remote Desktop Session Host Spoofing Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2473 Remote Desktop Protocol DLL Planting Remote Code Execution Vulnerability
    There are no known exploits in the wild.
MS15-083 Vulnerabilities in Server Message Block Could Allow Remote Code Execution 

  • CVE-2015-2474 Server Message Block Memory Corruption Vulnerability
    There are no known exploits in the wild.
MS15-084 Vulnerability in XML Core Services Could Allow Elevation of Privilege 

  • CVE-2015-2434 MSXML Information Disclosure Vulnerability
    IPS: 5770 "Downgraded TLS Traffic"
  • CVE-2015-2440 MSXML Information Disclosure Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2471 MSXML Information Disclosure Vulnerability
    IPS: 5770 "Downgraded TLS Traffic"
MS15-085 Vulnerability in Mount Manager Could Allow Elevation of Privilege 

  • CVE-2015-1769 Mount Manager Elevation of Privilege Vulnerability
    This is a local vulnerability.
MS15-086 Vulnerability in System Center Operations Manager Could Allow Elevation of Privilege 

  • CVE-2015-2420 System Center Operations Manager Web Console XSS Vulnerability
    There are no known exploits in the wild.
MS15-087 Vulnerability in UDDI Services Could Allow Elevation of Privilege 

  • CVE-2015-2475 UDDI Services Could Allow Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
MS15-088 Unsafe Command Line Parameter Passing Could Allow Information Disclosure 

  • CVE-2015-2423 Unsafe Command Line Parameter Passing Vulnerability
    This is a local vulnerability.
MS15-089 Vulnerabilities in WebDAV Could Allow Information Disclosure 

  • CVE-2015-2476 WebDAV Client Information Disclosure Vulnerability
    IPS: 5770 "Downgraded TLS Traffic"
MS15-090 Vulnerability in Microsoft Windows Could Allow Elevation of Privilege 

  • CVE-2015-2428 Windows Object Manager Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2429 Windows Registry Elevation of Privilege Vulnerability
    This is a local vulnerability.
  • CVE-2015-2430 Windows Filesystem Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
MS15-091 Cumulative Security Update for Microsoft Edge 

  • CVE-2015-2441 Memory Corruption Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2442 Memory Corruption Vulnerability
    IPS: 11076 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 1"
  • CVE-2015-2446 Memory Corruption Vulnerability
    IPS: 11079 "Internet Explorer Memory Corruption Vulnerability (MS15-079) 4"
  • CVE-2015-2449 ASLR Bypass
    There are no known exploits in the wild.
MS15-092 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege 

  • CVE-2015-2479 RyuJIT Optimization Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2480 RyuJIT Optimization Elevation of Privilege Vulnerability
    There are no known exploits in the wild.
  • CVE-2015-2481 RyuJIT Optimization Elevation of Privilege Vulnerability
    There are no known exploits in the wild.


ပျော်ရွှင်ပါစေဗျာ။
(Be knowledgeable, pass it on then)

How to Configure a Route-Based VPN by using Tunnel Interface between two SonicWALL UTM appliances

Hub and Spoke Design သုံးထားတဲ့ Network တွေမှာ IPSec VPN Tunnel ဆောက်တဲ့အခါ Spoke to Spoke connection ရဖို့ မဖြစ်နိုင်တော့ပါဘူး။
Gateway တခုပဲ သုံးရတဲ့အတွက်ကြောင့်ပါ။

ဒီပြဿနာကို Tunnel Interface သုံးပြီး Route-Based VPN သုံးခြင်းအားဖြင့် ဖြေရှင်းနိုင်ပါတယ်။

အောက်က နမူနာပုံလေးမှာကြည့်ပါ။
Site 1 နဲ့ Site 2 ကို Route-Based VPN ချိတ်ကြည့်ရအောင်ဗျာ။



Step 1:
- SonicWall ကို Login ဝင်ပြီး VPN>Settings, Add လုပ်ပါ။
- General Tab ရဲ့ Policy Type မှာ Tunnel Interface ကိုရွေးပြီး Name မှာတော့ မိမိအဆင်ပြေတာပေးပါ။
- Gateway Address မှာ Remote Site ရဲ့ WAN Interface IP ပေးပါ။
- Shared Secret ပေးပါ။
- Proposal Setting ကို အောက်ကပုံးမှာ နမူနာကြည့်ပါ။
ISP ပေါ်မူတည်ပြီး Proposal Setting (Main Mode, Aggressive Mode, IKEv2 Mode) များပြောင်းလဲမှုရှိနိုင်ပါတယ်။





IP Address, Name နှင့် Gateway Address များကလွဲလို့ ကျန် Setting များ Site 1 နှင့် Site 2 ၂ ဖက်လုံးမှာ တူညီရပါမယ်။

Step 2:
-Network>Routing ကိုသွားပြီး Add ကိုနှိပ်ပါ။
- Route Policy Settings များ ထည့်ပါ။ အောက်ကပုံမှာ နမူနာကြည့်ပါ။
Source နေရာမှာ Any ပါ။
Destination နေရာမှာ Remote Site ရဲ့ Subnet ထည့်ပါ။ ဒီနေရာမှာ Subnet ကို Firewall Address တခုအနေနဲ့ ဖန်တီးထားဖို့လိုပါတယ်။
Service ကတော့ Any ပါ။
Interface နေရာမှာတော့ VPN Policy Settings မှာ Create လုပ်ခဲ့တဲ့ Name ထည့်ပေးပါ။
- အားလုံးပြီးရင် OK နှိပ်ပါ။



Route Policies အောက်မှာ Remote Site ကိုသွားတဲ့ Route ပေါ်လာတာတွေ့ရပါမယ်။



Local Site နဲ့ Remote Site (Site 1 , Site 2) ၂ ဖက်စလုံးမှာ Step 1, Step 2 တို့ကို Configure လုပ်ပြီးပြီဆိုရင်
Spoke to Spoke အချင်းချင်း connected ဖြစ်ပြီဆိုတာ LAN to LAN Ping ကြည့်ချင်းဖြင့် သိနိုင်ပါပြီ။
Local Site ကို Configure လုပ်ပုံလေးပဲ နမူနာပြပေးထားပါတယ်။
Remote Site ကို မိမိကိုယ်တိုင် Configure လုပ်စေချင်ပါတယ်။
မိမိ Network ရဲ့ Data တွေကို သက်ဆိုင်ရာနေရာများမှာ အစားထိုးပြီး ထည့်ပါ။

ဒီ Post ဟာ Advaced တွေထဲက Basic အကျဆုံး Route-Based VPN ဖန်တီးခြင်းဖြစ်ပါတယ်။
အလျင်းသင့်ရင် OSPF ကိုသုံးပြီး Dynamic Routing VPN ဖန်တီးပုံကိုရေးပါအုံးမယ်။

နမူနာပြထားတဲ့ SonicWall ကတော့ NSA 3600 ဖြစ်ပြီး SonicWall အချင်းချင်းပဲ ချိတ်ဆက်လို့ရတယ်ဆိုတာ သိစေချင်ပါတယ်။

ပျော်ရွှင်ပါစေဗျာ။
(Be knowledgeable, pass it on then)