[CERT-daily] Tageszusammenfassung - 21.02.2019

Daily end-of-shift report team at cert.at
Thu Feb 21 18:16:49 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 20-02-2019 18:00 − Donnerstag 21-02-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Schadcode: 19 Jahre alte Sicherheitslücke in Winrar ∗∗∗
---------------------------------------------
Vorsicht beim Entpacken von ACE-Archiven: Sie können Dateien an beliebige Orte des Systems schreiben - und damit auch Code ausführen. Ein stabiles Update von Winrar wurde noch nicht veröffentlicht.
---------------------------------------------
https://www.golem.de/news/schadcode-19-jahre-alte-sicherheitsluecke-in-winrar-1902-139548-rss.html


∗∗∗ The new developments Of the FBot ∗∗∗
---------------------------------------------
Background introductionBeginning on February 16, 2019, 360Netlab has discovered that a large number of HiSilicon DVR/NVR Soc devices have been exploited by attackers to load an updated Fbot botnet program. Fbot was originally discovered and disclosed by 360Netlab [1] , it has been active and is constantly being upgraded.
---------------------------------------------
https://blog.netlab.360.com/the-new-developments-of-the-fbot-en/


∗∗∗ Achtung bei angeblichen Anrufen von Apple ∗∗∗
---------------------------------------------
Kriminelle kontaktieren iPhone-Nutzer/innen und erklären, dass es bei Apple angeblich zu einer Datenpanne gekommen sei und ihre Apple-ID betroffen sei. Sie werden aufgefordert eine weitere Service-Nummer anzurufen, um das Problem zu beheben. Das tückische dahinter: Auf Ihrem Bildschirm scheint die Apple-Support-Nummer samt Logo auf. Brechen Sie das Gespräch ab oder gehen Sie nicht ran!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-bei-angeblichen-anrufen-von-apple/


∗∗∗ nordischesdesign.com ist unseriös ∗∗∗
---------------------------------------------
Der Online-Shop nordischesdesign.com bietet moderne Möbel, Lampen, Dekorationsartikel und Geschirr im nordischen Design. Wir raten von einer Bestellung ab, da nicht sicher ist, ob Sie die bestellte Ware erhalten. nordischesdesign.com hat kein Impressum und bietet Konsument/innen keine Kontaktmöglichkeit.
---------------------------------------------
https://www.watchlist-internet.at/news/nordischesdesigncom-ist-unserioes/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates available for Adobe Acrobat and Reader (APSB19-13) ∗∗∗
---------------------------------------------
Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive [...]
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1711


∗∗∗ Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003 ∗∗∗
---------------------------------------------
Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
---------------------------------------------
https://www.drupal.org/sa-core-2019-003


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, flatpak, and systemd), Fedora (createrepo_c, dnf, dnf-plugins-core, dnf-plugins-extras, docker, libcomps, libdnf, and runc), Mageia (giflib, irssi, kernel, kernel-linus, libexif, poppler, tcpreplay, and zziplib), and SUSE (php5, procps, and qemu).
---------------------------------------------
https://lwn.net/Articles/780454/


∗∗∗ Microsoft Internet Information Services (IIS): Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0159


∗∗∗ Linux kernel vulnerability CVE-2018-5953 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K94735334


∗∗∗ Linux kernel vulnerability CVE-2018-10883 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K94735334


∗∗∗ libcurl vulnerability CVE-2016-8618 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K10196624


∗∗∗ cURL and libcurl vulnerability CVE-2017-2628 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K35453761


∗∗∗ IBM Security Bulletin: Vulnerabilities CVE-2018-17199, CVE-2018-17189, and CVE-2019-0190 in the IBM i HTTP Server affect IBM i. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-cve-2018-17199-cve-2018-17189-and-cve-2019-0190-in-the-ibm-i-http-server-affect-ibm-i/


∗∗∗ IBM Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-in-node-js-affect-ibm-voice-gateway/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-kernel-vulnerability-cve-2018-5391/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-krb5-vulnerabilities-cve-2018-5730-and-cve-2018-5729/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by GnuTLS vulnerabilities (CVE-2018-10845 and CVE-2018-10844) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-gnutls-vulnerabilities-cve-2018-10845-and-cve-2018-10844/


∗∗∗ IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-websphere-application-server-affects-ibm-spectrum-scale-cve-2018-1901/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-mozilla-network-security-services-nss-vulnerability-cve-2018-12384/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a UI message injection vulnerability (CVE-2018-1666) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-ui-message-injection-vulnerability-cve-2018-1666/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by an unauthorized access vulnerability (CVE-2018-1668) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-an-unauthorized-access-vulnerability-cve-2018-1668/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site request forgery vulnerability (CVE-2018-1661) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-appliance-is-affected-by-a-cross-site-request-forgery-vulnerability-cve-2018-1661/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list