[CERT-daily] Tageszusammenfassung - 21.12.2020

Mon Dec 21 18:36:49 CET 2020

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 18-12-2020 18:00 − Montag 21-12-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Aktuelle Welle mit Ping-Anrufen ∗∗∗
---------------------------------------------
Die Rundfunk und Telekom Regulierungs-GmbH (RTR) erhält derzeit vermehrt Meldungen zu Ping-Anrufen aus dem Ausland. Die Anrufe kommen insbesondere aus Tunesien (+216), Abchasien (+79407), der Schweiz (+41748) und Uganda (+256). Hier darf nicht zurückgerufen oder abgehoben werden, denn dies kann hohe Kosten verursachen.
---------------------------------------------
https://www.watchlist-internet.at/news/aktuelle-welle-mit-ping-anrufen/


∗∗∗ Gitpaste-12 worm botnet returns with 30+ vulnerability exploits ∗∗∗
---------------------------------------------
Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with over 30 vulnerability exploits, according to researchers at Juniper Labs.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/gitpaste-12-worm-botnet-returns-with-30-plus-vulnerability-exploits/


∗∗∗ Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow ∗∗∗
---------------------------------------------
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
---------------------------------------------
https://threatpost.com/ledger-dump-active-attacks-follow/162477/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-20-1452: (0Day) Microsoft 3D Builder GLB File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Builder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-20-1452/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (curl, influxdb, lxml, node-ini, php-pear, and postsrsd), Fedora (chromium, curl, firefox, matrix-synapse, mingw-jasper, phpldapadmin, and thunderbird), Mageia (openjpeg2), openSUSE (gcc7, openssh, PackageKit, python-urllib3, slurm_18_08, and webkit2gtk3), Oracle (fapolicydbug, firefox, nginx:1.16, nodejs:12, and thunderbird), Red Hat (libpq, openssl, and thunderbird), and SUSE (curl, firefox, openssh, ovmf, slurm_17_11, slurm_18_08, slurm_20_02, and [...]
---------------------------------------------
https://lwn.net/Articles/840972/


∗∗∗ Authentication Bypass Vulnerability Patched in Bouncy Castle Library ∗∗∗
---------------------------------------------
A high-severity authentication bypass vulnerability was recently addressed in the Bouncy Castle cryptography library. Founded in 2000, the project represents a collection of APIs used in cryptography for both Java and C#, with a strong emphasis on standards compliance and adaptability.
---------------------------------------------
https://www.securityweek.com/authentication-bypass-vulnerability-patched-bouncy-castle-library


∗∗∗ Treck TCP/IP Stack ∗∗∗
---------------------------------------------
This advisory contains mitigations for Heap-based Buffer Overflow, Out-of-bounds Read, and Out-of-bounds Write vulnerabilities in Trecks TCP/IP stack, which may also be known as Kasago TCP/IP, ELMIC, Net+ OS, Quadnet, GHNET v2, Kwiknet, or AMX.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-353-01


∗∗∗ December 21, 2020   TNS-2020-11   [R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2020-11


∗∗∗ HCL Domino und Notes: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1254


∗∗∗ Red Hat OpenShift: Schwachstelle ermöglicht Denial of Service und Codeausführung ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1252


∗∗∗ Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4794/


∗∗∗ Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/


∗∗∗ Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-check-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/


∗∗∗ Security Bulletin: IBM MQ could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. (CVE-2020-4592) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-could-allow-an-authenticated-user-under-nondefault-configuration-to-cause-a-data-corruption-attack-due-to-an-error-when-using-segmented-messages-cve-2020-4592/


∗∗∗ Security Bulletin: Vulnerability in BIND affects AIX (CVE-2020-8622) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-bind-affects-aix-cve-2020-8622/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-java-runtime-affect-ibm-rational-clearquest/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by denial of service vulnerabilities (CVE-2020-5481, CVE-2020-4580, CVE-2020-4579) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-denial-of-service-vulnerabilities-cve-2020-5481-cve-2020-4580-cve-2020-4579/


∗∗∗ Security Bulletin: Multiple vulnerabilities in middleware software affect IBM Cloud Pak for Automation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-middleware-software-affect-ibm-cloud-pak-for-automation-4/


∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/


∗∗∗ Security Bulletin: Financial Transaction Manager for Corporate Payment Services v2.1.1 is affected by a potential logout session timeout (CVE-2020-4555) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-financial-transaction-manager-for-corporate-payment-services-v2-1-1-is-affected-by-a-potential-logout-session-timeout-cve-2020-4555/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily