[CERT-daily] Tageszusammenfassung - 09.07.2019

Tue Jul 9 18:21:47 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 08-07-2019 18:00 − Dienstag 09-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ FPM-Sicherheitslücke: Daten exfiltrieren mit Facebooks HHVM ∗∗∗
---------------------------------------------
Server für den sogenannten FastCGI Process Manager (FPM) können, wenn sie übers Internet erreichbar sind, unbefugten Zugriff auf Dateien eines Systems geben. Das betrifft vor allem HHVM von Facebook, bei PHP sind die Risiken geringer.
---------------------------------------------
https://www.golem.de/news/fpm-sicherheitsluecke-daten-exfiltrieren-mit-facebooks-hhvm-1907-142418-rss.html


∗∗∗ Fileless Attack Attempts to Run Astaroth Backdoor Directly in Memory ∗∗∗
---------------------------------------------
Microsoft says it recently detected and stopped a fileless campaign looking to deliver the Astaroth Trojan to unsuspecting victims.  read more
---------------------------------------------
https://www.securityweek.com/fileless-attack-attempts-run-astaroth-backdoor-directly-memory


∗∗∗ Fake-Shops entertaini.eu & gartenhimmel.eu mit gefälschtem Klarna-Checkout! ∗∗∗
---------------------------------------------
Vorsicht vor betrügerischen Online-Shops, die vorgeben, Klarnas Sofort-Überweisung anzubieten, Konsument/innen aber auf eine gefälschte Klarna-Website weiterleiten. Das geschieht bei entertaini.eu, der Gaming- und Entertainment-Artikel anbietet, sowie gartenhimmel.eu, der Haushaltsware und Sportartikel führt. Nicht bestellen! Eingegebene Daten sind in Gefahr und die Ware existiert nicht.
---------------------------------------------
https://www.watchlist-internet.at/news/fake-shops-entertainieu-gartenhimmeleu-mit-gefaelschtem-klarna-checkout/


∗∗∗ IT-Security - Videokonferenz-App gibt Unbekannten Zugriff auf Mac-Webcam ∗∗∗
---------------------------------------------
Lücke in Zoom erlaubte "Videoanrufe", selbst wenn das Programm nicht mehr installiert war – Millionen User und bis zu 750.000 Firmen betroffen
---------------------------------------------
https://derstandard.at/2000106075694/Videokonferenz-App-gibt-Unbekannten-Zugriff-auf-Mac-Webcam


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Bridge CC (APSB19-37), Adobe Experience Manager (APSB19-38) and Adobe Dreamweaver (APSB19-40). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1765


∗∗∗ [20190701] - Core - Filter attribute in subform fields allows remote code execution ∗∗∗
---------------------------------------------
Project: Joomla! SubProject: CMS Impact: Moderate Severity: Low Versions: 3.9.7 - 3.9.8 Exploit type: Remote Code Execution Reported Date: 2019-June-20 Fixed Date: 2019-July-09 CVE Number: CVE-2019-xxx  Description Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/6jkIqCFwOTE/787-20190701-core-filter-attribute-in-subform-fields-allows-remote-code-execution.html


∗∗∗ Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to insufficient validation of input SIP traffic.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190703-cucm-dos


∗∗∗ Xen Security Advisory XSA-300 ∗∗∗
---------------------------------------------
Guest may be able to crash domain 0 (Host Denial-of-Service); or may be able to starve out I/O requests from other guests (Guest Denial-of-Service).
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-300.html


∗∗∗ Xpdf: CERT-Bund warnt vor ungepatchten Schwachstellen in freiem PDF-Viewer ∗∗∗
---------------------------------------------
Die aktuelle Version des freien PDF-Betrachters enthält mehrere Schwachstellen. Fixes gibt es bislang noch nicht.
---------------------------------------------
https://heise.de/-4465908


∗∗∗ Linux kernel vulnerability CVE-2019-11811 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01512680


∗∗∗ HPESBST03918 rev.1 - HPE 3PAR Service Processor (SP), remote Disclosure of Privileged Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03918en_us


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).
---------------------------------------------
https://lwn.net/Articles/793235/


∗∗∗ SAP Patchday Juli: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0580


∗∗∗ Citrix Hypervisor Security Update. ∗∗∗
---------------------------------------------
CTX256725 NewApplicable Products :  Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A vulnerability has been found in Citrix Hypervisor (formerly Citrix XenServer) that may allow an unauthenticated attacker with the ability to send traffic to a host over a management or storage network to cause the host to crash.
---------------------------------------------
https://support.citrix.com/article/CTX256725


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Identity Governance and Intelligence ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-security-identity-governance-and-intelligence-2/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-2/


∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect Rational Publishing Engine ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerabilities-in-ibm-java-runtime-affect-rational-publishing-engine/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11/


∗∗∗ IBM Security Bulletin: IBM Multicloud Manager contains sensitive information upon deployment (CVE-2019-4118) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-multicloud-manager-contains-sensitive-information-upon-deployment-cve-2019-4118/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus, IBM App Connect Enterpise v11 and WebSphere Message Broker ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-ibm-app-connect-enterpise-v11-and-websphere-message-broker-2/


∗∗∗ SSA-121293 (Last Update: 2019-07-09): Code Upload Vulnerability in SIMATIC WinCC and SIMATIC PCS7 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-121293.txt


∗∗∗ SSA-307392 (Last Update: 2019-07-09): Denial-of-Service in OPC UA in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-307392.txt


∗∗∗ SSA-556833 (Last Update: 2019-07-09): TLS Vulnerabilities in SIMATIC RF6XXR ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-556833.txt


∗∗∗ SSA-616472 (Last Update: 2019-07-09): ZombieLoad and Microarchitectural Data Sampling Vulnerabilities in Industrial Products ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-616472.txt


∗∗∗ SSA-697412 (Last Update: 2019-07-09): Multiple Vulnerabilities in SIMATIC WinCC, SIMATIC WinCC Runtime, SIMATIC PCS 7, SIMATIC TIA Portal ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-697412.txt


∗∗∗ SSA-721298 (Last Update: 2019-07-09): Missing Authentication Vulnerability in TIA Administrator (TIA Portal) ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-721298.txt


∗∗∗ SSA-747162 (Last Update: 2019-07-09): Cross-Site Scripting Vulnerability in Spectrum Power™ ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-747162.txt


∗∗∗ SSA-899560 (Last Update: 2019-07-09): Vulnerabilities in SIPROTEC 5 relays and DIGSI 5 ∗∗∗
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-899560.txt

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily