[CERT-daily] Tageszusammenfassung - 11.12.2017

Mon Dec 11 18:13:09 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 07-12-2017 18:00 − Montag 11-12-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Heres How to Enable Chrome "Strict Site Isolation" Experimental Security Mode ∗∗∗
---------------------------------------------
Google Chrome 63, which shipped yesterday evening, arrived with a new experimental feature called Site Isolation that according to Google engineers is an additional security layer on top of Chromes built-in sandboxing technology.
---------------------------------------------
https://www.bleepingcomputer.com/news/google/heres-how-to-enable-chrome-strict-site-isolation-experimental-security-mode/


∗∗∗ Script Recovers Event Logs Doctored by NSA Hacking Tool ∗∗∗
---------------------------------------------
Security researchers have found a way to reverse the effects of an NSA hacking utility that deletes event logs from compromised machines. 
---------------------------------------------
https://www.bleepingcomputer.com/news/security/script-recovers-event-logs-doctored-by-nsa-hacking-tool/


∗∗∗ Botconf 2017 Wrap-Up Day #3 ∗∗∗
---------------------------------------------
And this is already the end of Botconf. Time for my last wrap-up. The day started a little bit later to allow some people to recover from the social event.
---------------------------------------------
https://blog.rootshell.be/2017/12/08/botconf-2017-wrap-day-3/


∗∗∗ Security, Incident Response, Privacy and Data Protection ∗∗∗
---------------------------------------------
[...] to protect the personal data on their systems and networks, security and incident response teams must themselves process personal data. Fortunately regulators also provide guidance on balancing privacy protection and privacy invasion. The words “legitimate interest” are not just a phrase, but one of the most deeply analysed terms in data protection law. 
---------------------------------------------
https://www.first.org/blog/20171211_GDPR_for_CSIRTs


=====================
=  Vulnerabilities  =
=====================

∗∗∗ DFN-CERT-2017-2228/">ISC DHCPD: Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ∗∗∗
---------------------------------------------
Ein nicht authentisierter Angreifer im benachbarten Netzwerk kann eine Schwachstelle im DHCP Daemon (ISC DHCPD) mit Hilfe speziell präparierter OMAPI-Nachrichten ausnutzen, um die Zahl der verfügbaren Dateideskriptoren im zugehörigen Prozess zu erschöpfen und dadurch einen Denial-of-Service (DoS)-Zustand zu erzeugen. 
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2228/


∗∗∗ DFN-CERT-2017-2238/">Tor-Browser: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
Mehrere Schwachstellen im Tor Browser vor Version 7.5a9 bzw. 7.0.11 ermöglichen einem entfernten, nicht authentisierten Angreifer die Durchführung von Denial-of-Service (DoS)-Angriffen. Zwei Schwachstellen ermöglichen das Ausspähen von Informationen. Die Schwachstelle CVE-2017-7845 in der verwendeten Firefox ESR Version ermöglicht dem Angreifer das Ausführen beliebigen Programmcodes und eine weitere Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2238/


∗∗∗ Sicherheit: Keylogger in HP-Notebooks gefunden ∗∗∗
---------------------------------------------
Schon wieder wurde in einem vorinstallierten Treiber von HP ein Keylogger gefunden. Zwar ist die Schnüffelfunktion standardmäßig deaktiviert, ein Forscher fand allerdings einen Weg, das zu ändern.
---------------------------------------------
https://www.golem.de/news/sicherheit-keylogger-in-hp-notebooks-gefunden-1712-131598-rss.html


∗∗∗ DFN-CERT-2017-2237/">Node.js: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in Node.js ermöglichen einem entfernten, nicht authentisierten Angreifer das Umgehen von Sicherheitsvorkehrungen und das Ausspähen von Informationen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2237/


∗∗∗ DFN-CERT-2017-2236/">GitLab: Mehrere Schwachstellen ermöglichen u.a. das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Eine Schwachstelle in GitLab ermöglicht einem entfernten, nicht authentisierten Angreifer das Ausspähen von Informationen über private Projekte. Mehrere weitere Schwachstellen ermöglichen einem entfernten, einfach authentisierten Angreifer einen Cross-Site-Scripting (XSS)-Angriff, das Ausspähen von Informationen und die Eskalation von Privilegien.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2236/


∗∗∗ DFN-CERT-2017-2239/">Jenkins-Plugin: Eine Schwachstelle ermöglicht das Lesen beliebiger Dateien ∗∗∗
---------------------------------------------
Ein entfernter, einfach authentisierter Angreifer mit der Berechtigung, abgesicherte (sandboxed) Groovy- und Pipeline-Skripte zu erstellen, kann eine Schwachstelle im Jenkins-Plugin Script Security ausnutzen, um Lesezugriff auf beliebige Dateien des Master-Dateisystems von Jenkins zu erhalten. Dadurch sind weitere Angriffe möglich.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-2239/


∗∗∗ Android flaw lets attack code slip into signed apps ∗∗∗
---------------------------------------------
The vulnerability, CVE-2017-13156, was addressed in patch level 1 of the December Android update, so those who get their patches directly from Google should be protected. Unfortunately, due to the nature of the Android ecosystem, many vendors and carriers are slow to release fixes.
---------------------------------------------
https://www.theregister.co.uk/2017/12/08/android_flaw_lets_attack_code_slip_into_signed_apps/


∗∗∗ FortiClient improper access control of users VPN credentials ∗∗∗
---------------------------------------------
FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations; regular users may therefore be able to see each others encrypted credentials. This is an issue, because the key used to encrypt the aforementioned credentials may be retrieved from the binary.
---------------------------------------------
http://fortiguard.com/psirt/FG-IR-17-214


∗∗∗ Xiongmai Technology IP Cameras and DVRs ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a stack-based buffer overflow vulnerability in Xiongmai Technology IP Cameras and DVRs.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-01


∗∗∗ Rockwell Automation FactoryTalk Alarms and Events ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an improper input validation vulnerability in Rockwell Automations FactoryTalk Alarms and Events component.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-02


∗∗∗ PHOENIX CONTACT FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH ∗∗∗
---------------------------------------------
This advisory contains mitigation details for a cross-site scripting vulnerability in PHOENIX CONTACT’s FL COMSERVER, FL COM SERVER, and PSI-MODEM/ETH industrial networking equipment.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-341-03


∗∗∗ Cisco Email Security Appliance Header Bypass Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-esa


∗∗∗ Security Advisory - Memory Leak Vulnerability in Multiple Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171206-01-mpls-en


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime Affect IBM Web Experience Factory ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011357


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in openssh affect IBM Flex System Manager (FSM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026378


∗∗∗ IBM Security Bulletin: A vulnerability in Apache Solr affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22010330


∗∗∗ IBM Security Bulletin: A vulnerability in strongSwan affects IBM Flex System Manager (FSM) (CVE-2017-11185) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026377


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026250


∗∗∗ IBM Security Bulletin: A vulnerability in libxml2 affects IBM Flex System Manager (FSM) (CVE-2016-9318) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=isg3T1026376


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX ∗∗∗
---------------------------------------------
http://aix.software.ibm.com/aix/efixes/security/java_oct2017_advisory.asc


∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008900


∗∗∗ IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2017-1421) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005234


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011198

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily