[CERT-daily] Tageszusammenfassung - Freitag 2-12-2016

Fri Dec 2 18:10:58 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 01-12-2016 18:00 − Freitag 02-12-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** BitUnmap: Attacking Android Ashmem ***
---------------------------------------------
Posted by Gal Beniamini, Project ZeroThe law of leaky abstractions states that "all non-trivial abstractions, to some degree, are leaky". In this blog post we'll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html


*** Exploited Script in WordPress Theme Sends Spam ***
---------------------------------------------
As WordPress continues to grow in popularity, so does its library. New and experienced developers are creating themes and plugins - which creates diverse directories. While this is useful to the WordPress community, the nature of mass creation can account for coding errors and vulnerabilities. Even premium themes have security issues. We often find code that is developed with good intentions but without taking security measures into consideration.
---------------------------------------------
https://blog.sucuri.net/2016/12/exploited-script-wordpress-themes-send-spam.html


*** Blockchain Technology Explained - An Executive Summary ***
---------------------------------------------
This article provides an executive summary on the Blockchain technology, what it is, how it works, and why everyone is excited about it.
---------------------------------------------
https://www.whitehatsec.com/blog/blockchain-technology/


*** [0day] Bypassing Apples System Integrity Protection ***
---------------------------------------------
Read how an attacker can bypass Apples SIP, via the local OS upgrade process
---------------------------------------------
https://objective-see.com/blog/blog_0x14.html


*** One Bit To Rule A System: Analyzing CVE-2016-7255 Exploit In The Wild ***
---------------------------------------------
Recently, Google researchers discovered a local privilege escalation vulnerability in Windows which was being used in zero-day attacks, including those carried out by the Pawn Storm espionage group. This is an easily exploitable vulnerability which can be found in all supported versions of Windows, from Windows 7 to Windows 10. By changing one bit, the attacker can elevate the privileges of a thread, giving administrator access to a process that would not have it under normal circumstances.
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bcdzgHcT2VE/


*** Protecting Powershell Credentials (NOT), (Fri, Dec 2nd) ***
---------------------------------------------
If youre like me, youve worked through at least one Powershell tutorial, class or even a how-to blog. And youve likely been advised to use the PSCredential construct to store credentials. The discussion usually covers that this a secure way to collect credentials, then store them in a variable for later use. You can even store them in a file and read them back later. Awesome - this solves a real problem you thought - or does it? For instance, to collect credentials for a VMware vSphere...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21779&rss


*** Remote management app exposes millions of Android users to hacking ***
---------------------------------------------
Poor implementation of encryption in a popular Android remote management application exposes millions of users to data theft and remote code execution attacks.According to researchers from mobile security firm Zimperium, the AirDroid screen sharing and remote control application sends authentication information encrypted with a hard-coded key. This information could allow man-in-the-middle attackers to push out malicious AirDroid add-on updates, which would then gain the permissions of the app...
---------------------------------------------
http://www.cio.com/article/3146916/security/remote-management-app-exposes-millions-of-android-users-to-hacking.html#tk.rss_security


*** DFN-CERT-2016-1971: Google Chrome: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1971/


*** ZDI-16-617: Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL Universal Management Suite. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-617/


*** F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-6816 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/50/sol50116122.html?ref=rss


*** F5 Security Advisory: Apache Tomcat vulnerability CVE-2016-8735 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/49/sol49820145.html?ref=rss


*** USN-3148-1: Ghostscript vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-3148-11st December, 2016ghostscript vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummaryGhostscript could be made to crash, run programs, or disclose sensitiveinformation if it processed a specially crafted file.Software description ghostscript - PostScript and PDF interpreter  DetailsTavis Ormandy discovered multiple vulnerabilities in the way that
---------------------------------------------
http://www.ubuntu.com/usn/usn-3148-1/


*** ICS-CERT Advisories ***
---------------------------------------------
*** Siemens SICAM PAS Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01
---------------------------------------------
*** Moxa NPort Device Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02
---------------------------------------------
*** Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03
---------------------------------------------
*** Advantech SUSIAccess Server Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04
---------------------------------------------
*** Smiths-Medical CADD-Solis Medication Safety Software Vulnerabilities ***
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in PHP affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024545
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024478
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2016 CPU (CVE-2016-5573, CVE-2016-5597) that is bundled with IBM WebSphere Application Server Patterns. ***
http://www.ibm.com/support/docview.wss?uid=swg21993759
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in redis affect PowerKVM (CVE-2015-4335, CVE-2013-7458) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024538
---------------------------------------------
*** IBM Security Bulletin: Authentication vulnerability affects IBM Integration Bus V10.0.0.4 onwards (CVE-2016-8918 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21995079
---------------------------------------------
*** IBM Security Bulletin: The WebAdmin context for WebSphere Message Broker Version 8 allows directory listings (CVE-2016-6080) ***
http://www.ibm.com/support/docview.wss?uid=swg21995004
---------------------------------------------
*** IBM Security Bulletin: IBM Mobile Connect is vulnerable to the Sweet32: Birthday Attacks (CVE-2016-2183) ***
http://www.ibm.com/support/docview.wss?uid=swg21994927
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-5573, CVE-2016-5597, CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994297
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009581
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSource libxml2 affect IBM Security Guardium (CVE-2016-2073) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984606
---------------------------------------------