[CERT-daily] Tageszusammenfassung - 02.08.2019

Fri Aug 2 18:25:23 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 01-08-2019 18:00 − Freitag 02-08-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Orgs network connect to GitHub and Pastebin much? Its a Rocke road to cryptojacking country ∗∗∗
---------------------------------------------
You might also be slurping Chinese malware Palo Alto Networks has spotted a new cryptomining malware technique that not only wipes out any other miners present on the target machine but uses GitHub and Pastebin as part of its command-and-control (C2) infrastructure.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/08/01/palo_alto_networks_rocke_malware/


∗∗∗ Google Project Zero: 95.8% of all bug reports are fixed before deadline expires ∗∗∗
---------------------------------------------
Google Project Zero: Disclosing technical bug reports and PoCs help defenders more than attackers.
---------------------------------------------
https://www.zdnet.com/article/google-project-zero-95-8-of-all-bug-reports-are-fixed-before-deadline-expires/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Veritas Resiliency Platform (VRP) Traversal / Command Execution ∗∗∗
---------------------------------------------
Topic: Veritas Resiliency Platform (VRP) Traversal / Command Execution Risk: High Text:Four vulnerabilities have been fixed in VRP 3.4 HF1, one of which is of critical severity. Directory traversal vulnerability...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2019080002


∗∗∗ Advantech WebAccess HMI Designer ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an out-of-bounds write vulnerability reported in the Advantech WebAccess HMI Designer product.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-213-01


∗∗∗ Fuji Electric FRENIC Loader ∗∗∗
---------------------------------------------
This advisory includes mitigations for an out-of-bounds read vulnerability reported in the Fuji Electric FRENIC Loader AC drive.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-213-02


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 ∗∗∗
---------------------------------------------
This advisory includes mitigations for two vulnerabilities, unverified ownership and uncontrolled memory allocation, reported in the 3S-Smart Software Solutions GmbH CODESYS V3 products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-213-03


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 ∗∗∗
---------------------------------------------
This advisory includes mitigations for an insufficiently protected credentials vulnerability reported in the 3S-Smart Software Solutions GmbH CODESYS V3 products.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-213-04


∗∗∗ Rockwell Automation Arena Simulation Software ∗∗∗
---------------------------------------------
This advisory provides information about, and mitigation recommendations for, two vulnerabilities reported in the Rockwell Automation Arena Automation software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-213-05


∗∗∗ SSA-632562 (Last Update: 2019-08-02): Vulnerabilities in SIPROTEC 5 Ethernet plug-in communication modules and devices ∗∗∗
---------------------------------------------
The SIPROTEC 5 Ethernet plug-in communication modules and devices are affected by multiple security vulnerabilities. These vulnerabilities could allow an attacker to leverage various attacks, e.g. to execute arbitrary code over the network.Eleven of these vulnerabilities affect the underlying Wind River VxWorks network stack and were recently patched by Wind River.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-632562.txt


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr and thunderbird), openSUSE (openexr and rmt-server), Oracle (bind, container-tools:rhel8, cyrus-imapd, dotnet, edk2, firefox, flatpak, freeradius:3.0, ghostscript, gvfs, httpd:2.4, java-1.8.0-openjdk, java-11-openjdk, kernel, mod_auth_mellon, pacemaker, pki-deps:10.6, python-jinja2, python27:2.7, python3, python36:3.6, systemd, thunderbird, vim, virt:rhel, WALinuxAgent, and wget), Slackware (mariadb), SUSE (java-1_8_0-openjdk, polkit, and [...]
---------------------------------------------
https://lwn.net/Articles/795223/


∗∗∗ HPESBST03946 rev.1 - HPE 3PAR StoreServ Management Console (SSMC), Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03946en_us


∗∗∗ HPESBST03942 rev.1 - 3PAR Service Processor 5.0.5, Multiple remote Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us


∗∗∗ QEMU: Schwachstelle ermöglicht Codeausführung ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0683


∗∗∗ PHP: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0684


∗∗∗ IBM Security Bulletin: IBM Cloud Private ingress log files contain sensitive information (CVE-2019-4284) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-private-ingress-log-files-contain-sensitive-information-cve-2019-4284/


∗∗∗ IBM Security Bulletin: IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages (CVE-2019-4261) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-clients-are-vulnerable-to-a-denial-of-service-attack-caused-by-consuming-specifically-crafted-messages-cve-2019-4261/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-12/


∗∗∗ IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-security-vulnerability-cve-2018-5391/


∗∗∗ IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-digital-payments-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-15494/


∗∗∗ IBM Security Bulletin: IBM WebSphere Application Server Security Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4046, CVE-2018-1902, CVE-2018-10237) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-websphere-application-server-security-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2019-4046-cve-2018-1902-cve-2018-10237/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-linux-kernel-affect-the-ibm-flashsystem-models-v840-and-v9000/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily