[CERT-daily] Tageszusammenfassung - 29.10.2019

Tue Oct 29 18:49:32 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 28-10-2019 18:00 − Dienstag 29-10-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Sicherheitslücke in EU-Authentifizierungssoftware (eIDAS Node) ∗∗∗
---------------------------------------------
SEC Consult identifizierte kritische Schwachstellen in eIDAS-Node, die es einem Angreifer ermöglichen könnten, sich als beliebiger EU-Bürger auszugeben.
---------------------------------------------
https://www.sec-consult.com/blog/2019/10/sicherheitsluecke-in-eu-authentifizierungssoftware-eidas-node/


∗∗∗ File Inclusions: kleiner Programmierfehler, fatale Wirkung ∗∗∗
---------------------------------------------
Angriffe über File Inclusions sind vor allem in PHP und JSP nach wie vor möglich und können verheerende Folgen haben.
---------------------------------------------
https://heise.de/-4570773


∗∗∗ MikroTik Router Vulnerabilities Can Lead to Backdoor Creation ∗∗∗
---------------------------------------------
A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTiks RouterOS software, and ends with enabling a backdoor. read more
---------------------------------------------
https://www.securityweek.com/mikrotik-router-vulnerabilities-can-lead-backdoor-creation


∗∗∗ Achtung Abo-Falle: endlich-windelfrei.de & baby-endlich-schlafen.de ∗∗∗
---------------------------------------------
Die Websites endlich-windelfrei.de und baby-endlich-schlafen.de versprechen Eltern große Erleichterungen beim Abgewöhnen der Windel und Schlafenlegen der Kinder. Die Systeme „Endlich Schlaf für Ihr Baby“ und „Von der Windel zum Töpfchen – in nur 3 Tagen“ können um nur 1 Euro erworben werden. Doch Vorsicht: Der Kauf führt in eine Abo-Falle!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-abo-falle-endlich-windelfreide-baby-endlich-schlafende/


∗∗∗ Modern Wireless Tradecraft Pt I ∗∗∗
---------------------------------------------
The past few years have seen some exciting developments in the subtle art of forcing wireless devices to connect to malicious access points. We’ve seen the resurgence of karma-style attacks with Dominic White’s and Ian de Villiers’ work on MANA, as well George Chatzisofroniou’s Lure10 and Known Beacon attacks, which can be used to target devices that are immune to karma [1][2].
---------------------------------------------
https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Trend Micro schließt zwei Schwachstellen in Sicherheitssoftware für Windows ∗∗∗
---------------------------------------------
Patches für Apex One, OfficeScan und WFBS fixen zwei Schwachstellen. Trend Micro hat Exploit-Versuche beobachtet und rät zum zügigen Update.
---------------------------------------------
https://heise.de/-4571304


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).
---------------------------------------------
https://lwn.net/Articles/803381/


∗∗∗ WebKitGTK and WPE WebKit Security Advisory WSA-2019-0005 ∗∗∗
---------------------------------------------
Date Reported: October 29, 2019   Advisory ID: WSA-2019-0005   CVE identifiers: CVE-2019-8625, CVE-2019-8674,CVE-2019-8707, CVE-2019-8719,CVE-2019-8720, CVE-2019-8726,CVE-2019-8733, CVE-2019-8735,CVE-2019-8763, CVE-2019-8768,CVE-2019-8769, CVE-2019-8771. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8625  Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before2.26.0. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted [...]
---------------------------------------------
https://webkitgtk.org/security/WSA-2019-0005.html


∗∗∗ Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC ∗∗∗
---------------------------------------------
As part of its features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-014/


∗∗∗ Unsafe Storage of Credentials in Carel pCOWeb HVAC ∗∗∗
---------------------------------------------
The Carel pCOWeb card stores password hashes in the file "/etc/passwd",allowing privilege escalation by authenticated users. Additionally,plaintext copies of the passwords are stored.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-013/


∗∗∗ BlackBerry Powered by Android Security Bulletin - October 2019 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000058898


∗∗∗ tcpdump vulnerability CVE-2018-14880 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS


∗∗∗ Open Redirect Vulnerability Patched In Bridge Theme ∗∗∗
---------------------------------------------
https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/


∗∗∗ PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-020


∗∗∗ Samba: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0945


∗∗∗ McAfee Total Protection: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0944

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily