[CERT-daily] Tageszusammenfassung - 05.09.2018

Wed Sep 5 18:21:28 CEST 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-09-2018 18:00 − Mittwoch 05-09-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Verschlüsselung: NSA-Chiffre Speck fliegt aus dem Linux-Kernel ∗∗∗
---------------------------------------------
Mit der NSA-Chiffre Speck wollte Google ursprünglich den Speicher von Low-End-Android-Smartphones verschlüsseln, doch nun hat das Unternehmen seine Unterstützung dafür zurückgezogen. Die umstrittene Verschlüsselung wird deshalb wieder aus dem Linux-Kernel entfernt. (Linux-Kernel, Verschlüsselung)
---------------------------------------------
https://www.golem.de/news/verschluesselung-nsa-chiffre-speck-fliegt-aus-dem-linux-kernel-1809-136402-rss.html


∗∗∗ Multiple Remote Code-Execution Flaws Patched in Opsview Monitor ∗∗∗
---------------------------------------------
Five flaws were disclosed Tuesday in monitoring software Opsview Monitor.
---------------------------------------------
https://threatpost.com/multiple-remote-code-execution-flaws-patched-in-opsview-monitor/137170/


∗∗∗ WordPress Database Upgrade Phishing Campaign ∗∗∗
---------------------------------------------
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline.
---------------------------------------------
https://blog.sucuri.net/2018/09/wordpress-database-upgrade-phishing-campaign.html


∗∗∗ PowerPool malware exploits ALPC LPE zero-day vulnerability ∗∗∗
---------------------------------------------
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure
---------------------------------------------
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/


∗∗∗ Lets Trade: You Read My Email, Ill Read Your Password! ∗∗∗
---------------------------------------------
Its been a while, but my last few posts have been on password spraying, which is great approach if your customer has an userid / password interface that faces the internet. I also ran a walk-through on using responder and LLMNR. But what if you are on the outside, and your customer is wise enough to front all of those interfaces with two-factor authentication, or mutual certificate authentication?
---------------------------------------------
https://isc.sans.edu/forums/diary/Lets+Trade+You+Read+My+Email+Ill+Read+Your+Password/24062/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ VU#598349: Problems with automatic DNS registration and autodiscovery ∗∗∗
---------------------------------------------
Problems with automatic DNS registration and autodiscovery. If an attacker with access to the network adds a malicious device to the network with the name WPAD, such an attacker may be able to utilize DNS autoregistration and autodiscovery to act as a proxy for victims on the network, resulting in a loss of confidentiality and [...]
---------------------------------------------
http://www.kb.cert.org/vuls/id/598349


∗∗∗ Opto22 PAC Control Basic and PAC Control Professional ∗∗∗
---------------------------------------------
This advisory includes mitigation recommendations for a stack-based buffer overflow vulnerability in Opto22s PAC Control software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-247-01


∗∗∗ Android Security Bulletin - September 2018 ∗∗∗
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. [...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2018-09-01


∗∗∗ (0Day) Cisco WebEx Network Recording Player Improper Access Control Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Cisco WebEx Network Recording Player. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-18-998/


∗∗∗ Remote Code Execution Vulnerabilities in WECON LeviStudioU ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-989/
http://www.zerodayinitiative.com/advisories/ZDI-18-990/
http://www.zerodayinitiative.com/advisories/ZDI-18-991/
http://www.zerodayinitiative.com/advisories/ZDI-18-992/
http://www.zerodayinitiative.com/advisories/ZDI-18-993/
http://www.zerodayinitiative.com/advisories/ZDI-18-994/
http://www.zerodayinitiative.com/advisories/ZDI-18-995/
http://www.zerodayinitiative.com/advisories/ZDI-18-996/
http://www.zerodayinitiative.com/advisories/ZDI-18-997/


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (lcms2), openSUSE (yubico-piv-tool), Oracle (kernel), and SUSE (cobbler and kvm).
---------------------------------------------
https://lwn.net/Articles/764182/


∗∗∗ Synology-SA-18:52 Android Moments ∗∗∗
---------------------------------------------
A vulnerability allows man-in-the-middle attackers to execute arbitrary code via a susceptible version of Android Moments.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_18_52


∗∗∗ Red Hat Gluster Storage Wed Administration, tendrl-api: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1790/


∗∗∗ Red Hat Virtualization: Mehrere Schwachstellen ermöglichen u. a. das Ausführen beliebigen Programmcodes ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1798/


∗∗∗ cURL: Eine Schwachstelle ermöglicht u. a. einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
https://adv-archiv.dfn-cert.de/adv/2018-1796/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-01-frpbypass-en


∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180905-01-smartphone-en


∗∗∗ Python vulnerability CVE-2014-9365 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K11068141


∗∗∗ HPESBST03884 rev.1 - HPE ConvergedSystem 700 Solutions Using HPE 3PAR Service Processor, Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily