βοΈ Settings
> Responses
WinRM response integration added
𧩠Plugin
> NxLog - Windows Agent plugin updated
π§ Bug Fixes
> We fixed an issue where the username in the audit log was incorrect
for users logging in with 2FA.
> Fixed static exception bug in custom plugin
π§ Security Enhancements
Summary
The enhancements are intended to bolster our system's overall security posture and
defend against potential threats.
Affected Version
Solution
Vulnerability Details
> ZDI-CAN-24680 > CVE-2024-7564: Logsign Unified SecOps Platform Directory Traversal
Information Disclosure Vulnerability
> CVE-2024-6409: OpenSSH vulnerability
A race condition vulnerability was discovered in OpenSSH's server (sshd).
If a remote attacker doesn't authenticate in time, the SIGALRM handler is called
asynchronously and uses functions that are not async-signal-safe, like syslog().
This can potentially allow an attacker to perform remote code execution (RCE) as an
unprivileged user.
Mitigating Factors
Customers are advised to ensure they always have the latest version of the program.
Acknowledgement
Logsign would like to thank Abdessamad Lahlali and Smile Thanapattheerakul from
Trend Micro Zero Day Initiative for responsibly disclosing this issue.