[CERT-daily] Tageszusammenfassung - Donnerstag 4-05-2017

Thu May 4 18:11:52 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 03-05-2017 18:00 − Donnerstag 04-05-2017 18:00
Handler:     Olaf Schwarz
Co-Handler:  Petr Sikuta
Co-Handler:  Robert Waldner


*** Researcher: "Baseless Assumptions" Exist About Intel AMT Vulnerability ***
---------------------------------------------
Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw.
---------------------------------------------
http://threatpost.com/researcher-baseless-assumptions-exist-about-intel-amt-vulnerability/125390/


*** Intel-ME-Sicherheitslücke: Erste Produktliste, noch keine Updates ***
---------------------------------------------
Zu der am 1. Mai von Intel gemeldeten Sicherheitslücke in der Management Engine (ME) gibt es einige neue Informationen, aber noch keine Updates.
---------------------------------------------
https://heise.de/-3703356


*** WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit ***
---------------------------------------------
This advisory reveals details of exploitation of the PHPMailer
vulnerability (CVE-2016-10033) in WordPress Core which (contrary to what
was believed and announced by WordPress security team) was affected by the
vulnerability.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2017050014


*** Kazuar: Multiplatform Espionage Backdoor with API Access ***
---------------------------------------------
Unit 42 researchers have uncovered Kazuar, a backdoor Trojan used in an espionage campaign.The post Kazuar: Multiplatform Espionage Backdoor with API Access appeared first on Palo Alto Networks Blog.
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2017/05/unit42-kazuar-multiplatform-espionage-backdoor-api-access/


*** A set of tutorials about code injection for Windows. ***
---------------------------------------------
Injectopi is a set of tutorials that Ive decided to write down in order to learn about various injection techniques in the Windows environment.
---------------------------------------------
https://github.com/peperunas/injectopi


*** Master-Fingerabdruck: Forscher können fast alle Smartphones entsperren ***
---------------------------------------------
Mithilfe von Maschinenlernen Trefferquote von 65 Prozent erreicht - Aktuelle Scanner zu niedrig aufgelöst
---------------------------------------------
http://derstandard.at/2000056971421


*** Checker ATM Security: Sicherheitslücke ermöglicht Übernahme von Geldautomaten ***
---------------------------------------------
Eine Sicherheitslücke in einer Sicherheitslösung für Geldautomaten konnte von Angreifern ausgenutzt werden, um illegal Geld auszuzahlen. Der Hersteller beschwichtigt und hat einen Patch bereitgestellt.
---------------------------------------------
https://www.golem.de/news/checker-atm-security-sicherheitsluecke-ermoeglicht-uebernahme-von-geldautomaten-1705-127638-rss.html


*** DFN-CERT-2017-0775/">LibTIFF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
Mehrere Schwachstellen in LibTIFF ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe und das Ausspähen von Informationen mit Hilfe speziell präparierter Bilddateien. 
Betroffene Plattformen
  Debian Linux 8.7 Jessie
  Debian Linux 9.0 Stretch
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0775/


*** USB-Sticks: IBM liefert Installationsmedien mit Malware aus ***
---------------------------------------------
Vom USB-Stick auf das Betriebssystem: Eine Schadsoftware verteilt sich von IBM-Produkten selbstständig. Betroffen sind die mitgelieferten Sticks mehrerer Storwize-Geräte. IBM rät, den USB-Stick zu formatieren oder gleich zu zerstören.
---------------------------------------------
https://www.golem.de/news/usb-sticks-ibm-liefert-installationsmedien-mit-malware-aus-1705-127644-rss.html


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco CVR100W Wireless-N VPN Router Universal Plug-and-Play Buffer Overflow Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
---------------------------------------------
*** Cisco IOS XR Software Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ios-xr
---------------------------------------------
*** Cisco Aironet 1800, 2800, and 3800 Series Access Points Plug-and-Play Arbitrary Code Execution Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme
---------------------------------------------
*** Cisco Wide Area Application Services SMART-SSL Accelerator Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-waas
---------------------------------------------
*** Cisco Firepower Threat Defense and Cisco ASA with FirePOWER Module Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ftd
---------------------------------------------
*** Cisco Finesse for Cisco Unified Contact Center Enterprise Information Disclosure Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce
---------------------------------------------
*** Cisco CVR100W Wireless-N VPN Router Remote Management Security Bypass Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w2
---------------------------------------------
*** Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc
---------------------------------------------
*** Cisco TelePresence ICMP Denial of Service Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp
---------------------------------------------
*** Cisco CallManager Express Unauthorized Access Vulnerability ***
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cme1
---------------------------------------------


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM QRadar Network Security XGS 7100 appliance (CVE-2016-8106) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002624
---------------------------------------------
*** IBM Security Bulletin: A vulnerability has been discovered in 40-GbE network interface modules for the IBM Security Network Protection XGS 7100 appliance (CVE-2016-8106) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002507
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Struts affects IBM Social Media Analytics (CVE-2017-5638) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22001731
---------------------------------------------
*** IBM Security Bulletin: Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21998469
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications ***
http://www.ibm.com/support/docview.wss?uid=swg22002517
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Controller (CVE-2016-7055) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002309
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Security Network Active Bypass (CVE-2016-7055) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002310
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSource ICU4C may affect IBM Streams (CVE-2016-6293, CVE-2016-7415) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002225
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in SQLite affects IBM Tivoli Composite Application Manager for Transactions (CVE-2016-6153 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996590
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the BigFix Platform (CVE-2016-2177 CVE-2016-6304 CVE-2016-6305 CVE-2016-2182 CVE-2016-6306 CVE-2016-2183) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22002870
---------------------------------------------