绿盟科技发布了本周安全通告，周报编号NSFOCUS-18-26， 绿盟科技漏洞库 本周新增68条，其中高危12条。本次周报建议大家关注 Microsoft OneDrive 任意代码执行漏洞 CVE-2018-0592等，Microsoft OneDrive在产品功能实现中存在不可信的搜索路径漏洞。攻击者可借助目录下恶意的DLL，利用该漏洞获取提升的权限，执行任意代码。目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本。

焦点漏洞

• Microsoft OneDrive 任意代码执行漏洞
• NSFOCUS ID
  • 40215
• CVE ID
  • CVE-2018-0592
• 受影响版本
  • Microsoft OneDrive
• 漏洞点评
  • Microsoft OneDrive是微软公司的一款云备份应用程序。该程序具有自动备份相册、在线办公和文件分享等功能。Microsoft OneDrive在实现中存在不可信的搜索路径漏洞。攻击者可借助目录下恶意的DLL，利用该漏洞获取提升的权限，执行任意代码。目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本。

（数据来源：绿盟科技安全研究部&产品规则组）

一. 互联网安全威胁态势

1.1 CVE统计

最近一周CVE公告总数与前期相比数量减少。

1.2 威胁信息回顾

• 标题：WPA3 Standard Officially Launches With New Wi-Fi Security Features
  • 时间：2018-06-25
  • 简介：The Wi-Fi Alliance today officially launched WPA3—the next-generation Wi-Fi security standard that promises to eliminate all the known security vulnerabilities and wireless attacks that are up today including the dangerous KRACK attacks
  • 链接：https://thehackernews.com/2018/06/wpa3-wifi-security-standard.html
• 标题：Gentoo Linux on Github hacked; repositories modified
  • 时间：2018-06-29
  • 简介：Another day, another data breach – This time, it is Linux distribution Gentoo whose GitHub mirror was compromised and content of repositories was modified by unknown hackers.
  • 链接：https://www.hackread.com/gentoo-linux-on-github-hacked-repositories-modified/
• 标题：House Passes Bill to Enhance Industrial Cybersecurity
  • 时间：2018-06-27
  • 简介：The U.S. House of Representatives on Monday passed a bill aimed at protecting industrial control systems (ICS), particularly ones used in critical infrastructure, against cyberattacks.
  • 链接：https://www.securityweek.com/house-passes-bill-enhance-industrial-cybersecurity
• 标题：Ticketmaster Suffers Security Breach – Personal and Payment Data Stolen
  • 时间：2018-06-28
  • 简介：Global entertainment ticketing service Ticketmaster has admitted that the company has suffered a security breach, warning customers that their personal and payment information may have been accessed by an unknown third-party
  • 链接：https://thehackernews.com/2018/06/ticketmaster-data-breach.html
• 标题：Adidas US breach may have exposed millions of customers’ personal info
  • 时间：2018-06-29
  • 简介：Adidas warned late on Thursday that hackers may have lifted customer data from its US website.
  • 链接：https://www.theregister.co.uk/2018/06/29/adidas_breach/
• 标题：Hyperthreading under scrutiny with new TLBleed crypto key leak
  • 时间：2018-06-26
  • 简介：Last week, developers on OpenBSD—the open source operating system that prioritizes security—disabled hyperthreading on Intel processors. Project leader Theo de Raadt said that a research paper due to be presented at Black Hat in August prompted the change, but he would not elaborate further.
  • 链接：https://arstechnica.com/gadgets/2018/06/tlbleed-a-new-way-to-leak-crypto-keys-on-hyperthreaded-processors/
• 标题：RAMpage Attack Explained—Exploiting RowHammer On Android Again!
  • 时间：2018-06-29
  • 简介：A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices
  • 链接：https://thehackernews.com/2018/06/android-rowhammer-rampage-hack.html
• 标题：Pbot: evolving adware
  • 时间：2018-06-26
  • 简介：The adware PBot (PythonBot) got its name because its core modules are written in Python. It was more than a year ago that we detected the first member of this family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a hidden miner on victim computers:
  • 链接：https://securelist.com/pbot-evolving-adware/86242/

（数据来源：绿盟科技 威胁情报与网络安全实验室 收集整理）

二. 漏洞研究

2.1 漏洞库统计

截止到2018年6月29日，绿盟科技漏洞库已收录总条目达到40222条。本周新增漏洞记录68条，其中高危漏洞数量12条，中危漏洞数量25条，低危漏洞数量31条。

• Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0312)
  • 危险等级:高
  • BID:104515
  • cve编号:CVE-2018-0312
• Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0314)
  • 危险等级:高
  • BID:104516
  • cve编号:CVE-2018-0314
• Cisco FXOS/NX-OS Software远程代码执行漏洞(CVE-2018-0304)
  • 危险等级:高
  • BID:104513
  • cve编号:CVE-2018-0304
• Cisco FXOS/NX-OS Software Fabric Services远程拒绝服务漏洞(CVE-2018-0305)
  • 危险等级:高
  • cve编号:CVE-2018-0305
• Cisco Firepower 4100 Series Next-Generation Firewall/Firepower 9300 Security Appliance 路径遍历漏洞(CVE-2018-0300)
  • 危险等级:高
  • cve编号:CVE-2018-0300
• Cisco Nexus 4000 Series Switch NX-OS 输入验证漏洞(CVE-2018-0299)
  • 危险等级:高
  • cve编号:CVE-2018-0299
• 多款Cisco产品NX-OS Software Discovery Protocol子系统资源管理错误漏洞(CVE-2018-0331)
  • 危险等级:高
  • cve编号:CVE-2018-0331
• 多款Cisco产品NX-OS Software 输入验证漏洞(CVE-2018-0313)
  • 危险等级:高
  • cve编号:CVE-2018-0313
• Cisco Nexus 3000/9000 Series Switches NX-OS 拒绝服务安全漏洞(CVE-2018-0309)
  • 危险等级:高
  • cve编号:CVE-2018-0309
• Cisco NX-OS Software Role-Based Access任意命令执行漏洞(CVE-2018-0337)
  • 危险等级:中
  • cve编号:CVE-2018-0337
• Cisco TelePresence Video Communication Server Expressway拒绝服务漏洞(CVE-2018-0358)
  • 危险等级:中
  • BID:104521
  • cve编号:CVE-2018-0358
• Micro Focus Solutions Business Manager 代码执行漏洞(CVE-2018-7679)
  • 危险等级:中
  • cve编号:CVE-2018-7679
• Micro Focus Solutions Business Manager 跨站脚本漏洞(CVE-2018-7680)
  • 危险等级:中
  • cve编号:CVE-2018-7680
• Micro Focus Solutions Business Manager 代码注入漏洞(CVE-2018-7681)
  • 危险等级:中
  • cve编号:CVE-2018-7681
• Micro Focus Solutions Business Manager信息泄露漏洞(CVE-2018-7683)
  • 危险等级:中
  • cve编号:CVE-2018-7683
• GNU libiberty 内存破坏漏洞(CVE-2018-12697)
  • 危险等级:低
  • BID:104538
  • cve编号:CVE-2018-12697
• GNU libiberty 内存破坏漏洞(CVE-2018-12698)
  • 危险等级:低
  • BID:104539
  • cve编号:CVE-2018-12698
• GNU Binutils 堆缓冲区溢出漏洞(CVE-2018-12699)
  • 危险等级:低
  • BID:104540
  • cve编号:CVE-2018-12699
• GNU Binutils 拒绝服务漏洞(CVE-2018-12700)
  • 危险等级:低
  • BID:104541
  • cve编号:CVE-2018-12700
• Micro Focus Solutions Business Manager 访问验证漏洞(CVE-2018-7682)
  • 危险等级:低
  • cve编号:CVE-2018-7682
• SLiMS 8 Akasia 安全限制绕过漏洞(CVE-2018-12659)
  • 危险等级:低
  • cve编号:CVE-2018-12659
• SLiMS 8 Akasia Stock Take模块跨站脚本漏洞(CVE-2018-12658)
  • 危险等级:低
  • cve编号:CVE-2018-12658
• SLiMS 8 Akasia Master File模块跨站脚本漏洞(CVE-2018-12657)
  • 危险等级:低
  • cve编号:CVE-2018-12657
• SLiMS 8 Akasia Membership模块跨站脚本漏洞(CVE-2018-12656)
  • 危险等级:低
  • cve编号:CVE-2018-12656
• SLiMS 8 Akasia Circulation模块跨站脚本漏洞(CVE-2018-12655)
  • 危险等级:低
  • cve编号:CVE-2018-12655
• GNU Binutils 缓冲区溢出漏洞(CVE-2018-12641)
  • 危险等级:低
  • cve编号:CVE-2018-12641
• SLiMS 8 Akasia Bibliography模块跨站脚本漏洞(CVE-2018-12654)
  • 危险等级:低
  • cve编号:CVE-2018-12654
• Adobe Acrobat/Reader远程代码执行漏洞(CVE-2018-4999)
  • 危险等级:中
  • BID:104266
  • cve编号:CVE-2018-4999
• Adobe Acrobat Pro DC ImageConversion EMF解析信息泄露漏洞(CVE-2018-4901)
  • 危险等级:低
  • cve编号:CVE-2018-4901
• Delta Industrial Automation COMMGR AHSIM_5x0 Simulator栈缓冲区溢出远程代码执行漏洞(CVE-2018-10594)
  • 危险等级:高
  • cve编号:CVE-2018-10594
• Fortinet FortiManager 跨站脚本漏洞(CVE-2018-1351)
  • 危险等级:中
  • BID:104533
  • cve编号:CVE-2018-1351
• Fortinet FortiOS 信息泄露漏洞(CVE-2018-9185)
  • 危险等级:低
  • BID:104535
  • cve编号:CVE-2018-9185
• Fortinet FortiAnalyzer/FortiManager开放重定向漏洞(CVE-2018-1355)
  • 危险等级:低
  • BID:104546
  • cve编号:CVE-2018-1355
• Schneider Electric U.motion Builder 栈缓冲区溢出漏洞(CVE-2018-7784)
  • 危险等级:高
  • cve编号:CVE-2018-7784
• Schneider Electric U.motion Builder 命令注入漏洞(CVE-2018-7785)
  • 危险等级:高
  • cve编号:CVE-2018-7785
• Schneider Electric U.motion Builder 跨站脚本漏洞(CVE-2018-7786)
  • 危险等级:中
  • cve编号:CVE-2018-7786
• Schneider Electric U.motion Builder 输入验证漏洞(CVE-2018-7787)
  • 危险等级:中
  • cve编号:CVE-2018-7787
• Cybozu Office 跨站脚本漏洞(CVE-2018-0565)
  • 危险等级:低
  • cve编号:CVE-2018-0565
• Cybozu Office 安全限制绕过漏洞(CVE-2018-0567)
  • 危险等级:低
  • cve编号:CVE-2018-0567
• Cybozu Office 拒绝服务漏洞(CVE-2018-0529)
  • 危险等级:低
  • cve编号:CVE-2018-0529
• Cybozu Office 信息泄露漏洞(CVE-2018-0528)
  • 危险等级:低
  • cve编号:CVE-2018-0528
• Cybozu Office 跨站脚本漏洞(CVE-2018-0527)
  • 危险等级:低
  • cve编号:CVE-2018-0527
• Cybozu Office 信息泄露漏洞(CVE-2018-0526)
  • 危险等级:低
  • cve编号:CVE-2018-0526
• Cybozu Mailwise Address 跨站脚本漏洞(CVE-2018-0559)
  • 危险等级:低
  • cve编号:CVE-2018-0559
• Cybozu Mailwise System settings跨站脚本漏洞(CVE-2018-0558)
  • 危险等级:低
  • cve编号:CVE-2018-0558
• Cybozu Mailwise E-mail Details Screen跨站脚本漏洞(CVE-2018-0557)
  • 危险等级:低
  • cve编号:CVE-2018-0557
• baserCMS 权限许可和访问控制漏洞(CVE-2018-0573)
  • 危险等级:低
  • cve编号:CVE-2018-0573
• baserCMS 权限许可和访问控制漏洞(CVE-2018-0575)
  • 危险等级:低
  • cve编号:CVE-2018-0575
• baserCMS 跨站脚本漏洞(CVE-2018-0574)
  • 危险等级:低
  • cve编号:CVE-2018-0574
• baserCMS 权限许可和访问控制漏洞(CVE-2018-0572)
  • 危险等级:低
  • cve编号:CVE-2018-0572
• baserCMS 任意文件上传漏洞(CVE-2018-0571)
  • 危险等级:低
  • cve编号:CVE-2018-0571
• baserCMS 跨站脚本漏洞(CVE-2018-0570)
  • 危险等级:低
  • cve编号:CVE-2018-0570
• baserCMS 命令执行安全漏洞(CVE-2018-0569)
  • 危险等级:中
  • cve编号:CVE-2018-0569
• Microsoft Visual C++ Redistributable installer 权限提升漏洞(CVE-2018-0599)
  • 危险等级:中
  • cve编号:CVE-2018-0599
• Microsoft Windows Iexpress 权限提升漏洞(CVE-2018-0598)
  • 危险等级:中
  • cve编号:CVE-2018-0598
• Microsoft Visual Studio Code installer权限提升漏洞(CVE-2018-0597)
  • 危险等级:中
  • cve编号:CVE-2018-0597
• Microsoft Visual Studio Community installer权限提升漏洞(CVE-2018-0596)
  • 危险等级:中
  • cve编号:CVE-2018-0596
• Microsoft Skype for Windows installer 权限提升漏洞(CVE-2018-0595)
  • 危险等级:中
  • cve编号:CVE-2018-0595
• Microsoft Skype for Windows 权限提升漏洞(CVE-2018-0594)
  • 危险等级:中
  • cve编号:CVE-2018-0594
• Microsoft OneDrive installer权限提升漏洞(CVE-2018-0593)
  • 危险等级:中
  • cve编号:CVE-2018-0593
• Microsoft OneDrive 任意代码执行漏洞(CVE-2018-0592)
  • 危险等级:中
  • cve编号:CVE-2018-0592
• Fortinet FortiAnalyzer/FortiManager开放重定向漏洞(CVE-2018-1355)
  • 危险等级:中
  • BID:104546
  • cve编号:CVE-2018-1355
• Fortinet FortiAnalyzer/FortiManager访问限制绕过漏洞(CVE-2018-1354)
  • 危险等级:中
  • BID:104537
  • cve编号:CVE-2018-1354
• Apache HBase安全限制绕过漏洞(CVE-2018-8025)
  • 危险等级:中
  • BID:104554
  • cve编号:CVE-2018-8025
• Linux kernel hfs_ext_read_extent空指针间接引用漏洞(CVE-2018-12928)
  • 危险等级:低
  • cve编号:CVE-2018-12928
• Linux kernel ntfs_read_locked_inode 拒绝服务漏洞(CVE-2018-12929)
  • 危险等级:中
  • cve编号:CVE-2018-12929
• Linux kernel ntfs_end_buffer_async_read拒绝服务漏洞(CVE-2018-12930)
  • 危险等级:中
  • cve编号:CVE-2018-12930
• Linux kernel ntfs_attr_find拒绝服务漏洞(CVE-2018-12931)
  • 危险等级:中
  • cve编号:CVE-2018-12931

（数据来源：绿盟科技安全研究部&产品规则组）