[CERT-daily] Tageszusammenfassung - Dienstag 28-02-2017

Tue Feb 28 18:11:59 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 27-02-2017 18:00 − Dienstag 28-02-2017 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Mac-AV-Software ermöglichte Einschleusen von Schadcode ***
---------------------------------------------
Eine unzureichende Absicherung bei der Lizenzprüfung von Eset Endpoint Antivirus für macOS ermöglichte es einem Angreifer, beliebigen Code mit Root-Rechten auszuführen. Die als kritisch eingestufte Sicherheitslücke wurde inzwischen behoben.
---------------------------------------------
https://heise.de/-3638786


*** MongoDB: Sprechender Teddy teilte alle Daten mit dem Internet ***
---------------------------------------------
Spielzeug aus der Cloudpets-Reihe zeichnet die Stimmen der Kinder auf. Wem das nicht schon zu creepy ist, der dürfte sich spätestens über die offene MongoDB-Datenbank aufregen. 800.000 Nutzer mit über 2 Millionen Sprachsamples sind betroffen. (Spielzeug, Datenschutz)
---------------------------------------------
https://www.golem.de/news/mongodb-sprechender-teddy-teilte-alle-daten-mit-dem-internet-1702-126452-rss.html


*** Severe SQL Injection Flaw Discovered in WordPress Plugin with Over 1 Million Installs ***
---------------------------------------------
A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a websites database. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/severe-sql-injection-flaw-discovered-in-wordpress-plugin-with-over-1-million-installs/


*** Decrypting after a Findzip ransomware infection ***
---------------------------------------------
The Findzip ransomware was discovered on February 22, 2017. At that time, it was thought that files would be irreversibly encrypted by this ransomware, with no chance of decryption. Turns out, thats not quite true.
---------------------------------------------
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/


*** Guidelines on Incident Notification for Digital Service Providers ***
---------------------------------------------
ENISA publishes a comprehensive guideline on how to implement incident notification requirements for Digital Service Providers, in the context of the NIS Directive.
---------------------------------------------
https://www.enisa.europa.eu/news/enisa-news/guidelines-on-incident-notification-for-digital-service-providers


*** DFN-CERT-2017-0355: TYPO3: Zwei Schwachstellen ermöglichen Cross-Site-Scripting-Angriffe und das Umgehen von Sichherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0355/


*** DFN-CERT-2017-0340: Red Hat Package Manager (RPM): Mehrere Schwachstellen ermöglichen verschiedene Denial-of-Service-Angriffe ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0340/


*** SAP BusinessObjects Financial Consolidation Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037910


*** VU#742632: Sage XRT Treasury database fails to properly restrict access to authorized users ***
---------------------------------------------
Vulnerability Note VU#742632 Sage XRT Treasury database fails to properly restrict access to authorized users Original Release date: 28 Feb 2017 | Last revised: 28 Feb 2017   Overview Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.  Description CWE-639: Authorization Bypass Through User-Controlled Key - CVE-2017-3183Sage XRT Treasury is a business finance...
---------------------------------------------
http://www.kb.cert.org/vuls/id/742632


*** DFN-CERT-2017-0356: ktnef: Eine Schwachstelle ermöglicht u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0356/


*** Bugtraq: Advisory X41-2017-001: Multiple Vulnerabilities in X.org ***
---------------------------------------------
http://www.securityfocus.com/archive/1/540180


*** VTS17-003: Multiple Vulnerabilities in Veritas NetBackup and NetBackup Appliance ***
---------------------------------------------
https://www.veritas.com/content/support/en_US/security/VTS17-003.html


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server January 2017 CPU ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998379
---------------------------------------------
*** IBM Security Bulletin: DB2 local escalation of privilege vulnerability affects Tivoli Storage Manager (IBM Spectrum Protect) Server (CVE-2016-5995) ***
http://www.ibm.com/support/docview.wss?uid=swg21998885
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Jazz for Service Management affects IBM Performance Management products (CVE-2016-9975) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993846&myns=swgtiv&mynp=OCSSTFXA&mync=R&cm_sp=swgtiv-_-OCSSTFXA-_-R
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Cognos Controller ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983083
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Cognos Controller (CVE-2016-3427) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983082
---------------------------------------------
*** IBM Security Bulletin: vulnerabilities in IBM WebSphere Application Server Liberty affects IBM Performance Management products ***
http://www.ibm.com/support/docview.wss?uid=swg21993794
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Controller. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21977636
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cognos Controller (CVE-2015-3195) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21976531
---------------------------------------------
*** IBM Security Bulletin: OpenSSL as used in IBM QRadar SIEM is vulnerable to various CVEs ***
http://www.ibm.com/support/docview.wss?uid=swg21999478
---------------------------------------------
*** IBM Security Bulletin: Pivotal Spring Framework as used in IBM QRadar SIEM is vulnerable to various CVEs ***
http://www.ibm.com/support/docview.wss?uid=swg21999395
---------------------------------------------
*** IBM Security Bulletin: Apache Solr as used in IBM QRadar SIEM and Incident Forensics is vulnerable to a denial of service (CVE-2014-0050) ***
http://www.ibm.com/support/docview.wss?uid=swg21999474
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM uses broken or risky cryptographic algorithms (CVE-2016-2879) ***
http://www.ibm.com/support/docview.wss?uid=swg21997341
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) ***
http://www.ibm.com/support/docview.wss?uid=swg21997340
---------------------------------------------
*** IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to various CVEs ***
http://www.ibm.com/support/docview.wss?uid=swg21999488
---------------------------------------------
*** IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM and Incident Forensics is vulnerable to various CVEs ***
http://www.ibm.com/support/docview.wss?uid=swg21999479
---------------------------------------------