Hello, welcome to the Wednesday, July 5th, 2017 edition of the Sansanet Storms anders Stormcast.

My name is Johannes Ulrich and the day I'm recording from Prague, Czech Republic.

First, let me start with an item that didn't make it into last Friday's podcast.

Microsoft released a critical update for Skype.

This affixes a stack-based buffer overflow in the clipboard feature in Skype.

It can be exploited without any user interaction from the victim.

Microsoft has released an update, so this should download automatically just to make sure

check if any new updates are available that you haven't applied yet. And then there was some

additional security hoopla about System D. Now, we did have an actual real vulnerability in System D about a week ago.

There was a second bug report that the reporter did consider a security vulnerability,

but was ultimately rejected as a security vulnerability from the System D team.

The problem here is that if your service file that describes a service and the user, it

should run as if the username starts with a number, which basically turns it into an invalid

username as far as Unix is concerned, then the associated service will run as

route, not restricted by the particular user. So ultimately this sounds sort of like a

privilege escalation, but it isn't really a privilege escalation because in order to create

such a file, the user already has to

have administrator rights. Otherwise, you're not able to edit these system services files.

So at this point, System D is not planning on fixing anything here. Essentially, you're stating

it works as designed. If you're

trying to launch a service using a non-existing or invalid user, it will be started as root. And

Cisco released a security bulletin stating that iOS as well as iOS XE are vulnerable to a buffer

...