Hello, welcome to the Friday, November 17th, 2017 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Xavier today posted about his Splank dashboard that he's using to look for anomalous DNS activity.

Pretty nice queries in here. He promised for tomorrow blog post that describes how to actually build this particular dashboard, but the queries

themselves are of interest, of course, and could also be applied to other systems, not just

to Splunk.

And Oracle released a critical surprise update for PeopleSoft.

This update fixes a total of five different vulnerabilities in Jolt.

Now Jolt is part of Tuxedo,

which in turn is the application server

that PeopleSoft uses to deal with non-Java applications.

And of course, given that this was a surprise update,

the vulnerabilities addressed here are rather severe. The first one does allow an attacker

with network access, but no authentication to take over Tuxedo and essentially compromise PeopleSoft

systems via TXedo. Second one, not quite as bad because the attacker first has to log in,

but once the attacker logs in, the attacker is able to read arbitrary memory from the system.

Then we also have the ability to prude force domain passwords to gain read-only access to data, stack overflow that could be used to bypass authentication,

and finally a heap overflow that, while difficult to exploit, can also be used to bypass authentication.

So a total of five different vulnerabilities definitely rated as a patch now.

I didn't see any exploits published yet for any of these vulnerabilities, but given the

prominence of PeopleSoft, I'm pretty sure someone is already working on an exploit.

Now, this vulnerability in jolt affecting PeopleSoft is a typical example of a vulnerability that's being introduced to software due to dependencies. GitHub is trying to help developers that are using GitHub to identify these vulnerabilities better.

...