Monday, November 13, 2017

Security Advisory for Xplico 1.2.0

Mehmet D. İNCE discovered several vulnerabilities related to Xplico. He identified three different vulnerabilities, two classified as "High severity" and one as "Medium severity". The CVE number assigned for these vulnerabilities is CVE-2017-16666:

We've resolved these issues in a new Xplico package:
xplico - 1.2.0ubuntu1securityonion9

To resolve these issues, simply install the new Xplico package according to our normal update instructions:

Since 2015, our Setup wizard has disabled Xplico by default when choosing the "Best Practices" option:

Since March 2016, our Setup wizard locks down the host-based firewall to block remote connections to Xplico:

Additionally, we recently made some changes to make it easier to totally remove the Xplico package from your system:

Future Security Onion ISO images will no longer include Xplico.

Special thanks to Mehmet İNCE for responsibly disclosing this security issue per our Security page:

Special thanks to Gianluca Costa for patching these issues so quickly!

All times below are in Eastern time.
11/8/2017 2:32 AM - Received initial notification from Mehmet İNCE.
11/8/2017 6:30 AM - Confirmed receipt of email and confirmed issue.
11/8/2017 6:39 AM - Notified Gianluca Costa of Xplico.
11/13/2017 2:36 AM - Received patches from Gianluca Costa.
11/13/2017 8:56 AM - Built new Xplico package and sent to Mehmet İNCE for review.
11/13/2017 9:04 AM - Received confirmation from Mehmet İNCE.
11/13/2017 9:09 AM - Sent email to coordinate disclosure.

No comments:

Search This Blog

Featured Post

Registration Now Open for Augusta Cyber Week 2024!

Registration is now open for Augusta Cyber Week in beautiful Augusta GA from September 30, 2024 through October 5, 2024! This includes: 4-da...

Popular Posts

Blog Archive