[CERT-daily] Tageszusammenfassung - Mittwoch 24-05-2017

Wed May 24 18:20:41 CEST 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-05-2017 18:00 − Mittwoch 24-05-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** FIRST releases version 1.1 of the CSIRT Services Framework ***
---------------------------------------------
The leading association of incident response and security teams released a new version of its CSIRT Services Framework. This is a formal list of services a Computer Security Incident Response Team (CSIRT) may consider implementing to address the needs of their constituency.
---------------------------------------------
https://www.first.org/newsroom/releases/20170524


*** B. Braun Medical SpaceCom Open Redirect Vulnerability ***
---------------------------------------------
This advisory was originally posted to the NCCIC Portal on March 23, 2017, and is being released to the ICS-CERT web site. This advisory contains mitigation details for an open redirect vulnerability in B. Braun Medical's SpaceCom module, which is integrated into the SpaceStation docking station.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02


*** Trend Micro ServerProtect for Linux Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1038548


*** OpenVPN Access Server Input Validation Flaw Lets Remote Users Conduct Session Fixation Attacks to Hijack a Target Users Session ***
---------------------------------------------
A remote user can create a specially crafted URL containing the '%0A' character that, when loaded by the target user prior to authentication, will inject headers and set the session cookie to a specified value. After the target user authenticates to the target OpenVPN Access Server, the remote user can hijack the target user's session.
---------------------------------------------
http://www.securitytracker.com/id/1038547


*** DFN-CERT-2017-0901/">Puppet, Puppet Enterprise: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ***
---------------------------------------------
Betroffene Software
Puppet < 4.10.1
Puppet Enterprise < 2016.4.5
Puppet Enterprise < 2017.2.1
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0901/


*** [Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download ***
---------------------------------------------
CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
---------------------------------------------
https://lists.samba.org/archive/samba-announce/2017/000406.html


*** Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ***
---------------------------------------------
There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-02036). This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2710.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170524-01-frp-en


*** Jaff ransomware gets a makeover ***
---------------------------------------------
With all the recent news about WannaCry ransomware, people might forget Jaff is an ongoing threat. Worse yet, some people might not know about it at all since its debut about 2 weeks ago. Jaff has already gotten a makeover, so an infected host looks noticeably different now.
---------------------------------------------
https://isc.sans.edu/diary/Jaff+ransomware+gets+a+makeover/22446


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Security Guardium Data Redaction. . ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003466
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management generates error messages that could reveal sensitive information that could be used in further attacks against the system (CVE-2017-1292) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003414
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to HTTP response splitting attacks (CVE-2017-1291) ***
http://www.ibm.com/support/docview.wss?uid=swg22003413
---------------------------------------------
*** IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1325) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22003497
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000602
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000516
---------------------------------------------