[CERT-daily] Tageszusammenfassung - 19.07.2017

Wed Jul 19 18:16:36 CEST 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 18-07-2017 18:00 − Mittwoch 19-07-2017 18:00
Handler:     Stefan Lenzhofer
Co-Handler:  Stephan Richter

=====================
=        News       =
=====================

∗∗∗ Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk ∗∗∗
---------------------------------------------
Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development
---------------------------------------------
https://thehackernews.com/2017/07/gsoap-iot-device-hacking.html


∗∗∗ Sicherheitslücke in allen Node.js-Versionen ∗∗∗
---------------------------------------------
Eine Sicherheitslücke macht viele Node.js-Anwendungen anfällig für Denial-of-Service-Attacken. Die Entwickler haben korrigierte Versionen von Node.js 4, 6, 7 und 8 bereitgestellt und raten dringend zum Update.
---------------------------------------------
https://heise.de/-3775843


∗∗∗ Adware the series, the final: Tools section ∗∗∗
---------------------------------------------
The final episode of our adware series talks specifically about the tools that we use in identifying adware and the places where it lurks on a system.Categories: PUPTags: adwareFileASSASSINfrstPieter Arntzprocess explorerResource Monitorrootkitthe more you knowtoolstrojan(Read more...)The post Adware the series, the final: Tools section appeared first on Malwarebytes Labs.
---------------------------------------------
https://blog.malwarebytes.com/puppum/2017/07/adware-the-series-the-final-tools-section/

=====================
=    Advisories     =
=====================

∗∗∗ DSA-3914 imagemagick - security update ∗∗∗
---------------------------------------------
This updates fixes several vulnerabilities in imagemagick: Variousmemory handling problems and cases of missing or incomplete inputsanitising may result in denial of service, memory disclosure or theexecution of arbitrary code if malformed RLE, SVG, PSD, PDB, DPX, MAT,TGA, VST, CIN, DIB, MPC, EPT, JNG, DJVU, JPEG, ICO, PALM or MNGfiles are processed.
---------------------------------------------
https://www.debian.org/security/2017/dsa-3914


∗∗∗ WP Statistics 12.0.9 - Authenticated Cross-Site Scripting (XSS) ∗∗∗
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8866


∗∗∗ DFN-CERT-2016-1068: Apache Commons FileUpload, Apache Tomcat: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1068/


∗∗∗ DFN-CERT-2017-1240: Apache Software Foundation HTTP-Server: Eine Schwachstelle ermöglicht das Ausspähen von Informationen und einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1240/


∗∗∗ DFN-CERT-2017-1245: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1245/


∗∗∗ DFN-CERT-2017-1249: Symfony: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1249/


∗∗∗ IBM Security Bulletin: IBM Cisco MDS Series Switches DCNM is affected by unauthenticated, remote attacker vulnerability (CVE-2017-6639, CVE-2017-6640). ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=ssg1S1010329


∗∗∗ IBM Security Bulletin: IBM TRIRIGA Application Platform Reports Privilege Escalation (CVE-2017-1373) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004677


∗∗∗ Oracle Critical Patch Update Advisory - July 2017 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html


∗∗∗ Solaris Third Party Bulletin - July 2017 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/bulletinjul2017-3814622.html


∗∗∗ Oracle Linux Bulletin - July 2017 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html


∗∗∗ Oracle VM Server for x86 Bulletin - July 2017 ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily