[CERT-daily] Tageszusammenfassung - 19.11.2020

Daily end-of-shift report team at cert.at
Thu Nov 19 18:18:44 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 18-11-2020 18:00 − Donnerstag 19-11-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Android chat app with 100 million installs exposes private messages ∗∗∗
---------------------------------------------
GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/android-chat-app-with-100-million-installs-exposes-private-messages/


∗∗∗ CodeQL: Github findet Sicherheitslücke in Corona-Warn-App-Server ∗∗∗
---------------------------------------------
Das Sicherheitsteam von Github hat eine Remote Code Execution im Server-Code der Corona-Warn-App gefunden
---------------------------------------------
https://www.golem.de/news/codeql-github-findet-sicherheitsluecke-in-corona-warn-app-server-2011-152244-rss.html


∗∗∗ Egregor-Ransomware bombardiert Nutzer mit gedruckten Lösegeldforderungen ∗∗∗
---------------------------------------------
Die Cyberkriminellen wenden die Taktik erstmals bei einem Angriff auf einen chilenischen Handelskonzern an. Sie begnügen sich nicht nur mit Office-Druckern und geben ihre Lösegeldforderung sogar auf Quittungsdruckern aus. Unklar ist, wie die Hacker dabei vorgehen.
---------------------------------------------
https://www.zdnet.de/88389908/egregor-ransomware-bombardiert-nutzer-mit-gedruckten-loesegeldforderungen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Drupal core - Critical - Remote code execution - SA-CORE-2020-012 ∗∗∗
---------------------------------------------
Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting [...]
---------------------------------------------
https://www.drupal.org/sa-core-2020-012


∗∗∗ SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-038


∗∗∗ Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-037


∗∗∗ Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-036


∗∗∗ Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035 ∗∗∗
---------------------------------------------
https://www.drupal.org/sa-contrib-2020-035


∗∗∗ VMware SD-WAN Orchestrator updates address multiple security vulnerabilities ∗∗∗
---------------------------------------------
Multiple vulnerabilities in SD-WAN Orchestrator were privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products. VMware-hosted SD-WAN Orchestrators have been patched for these issues.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0025.html


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares).
---------------------------------------------
https://lwn.net/Articles/837767/


∗∗∗ ICS Advisory (ICSA-20-324-03) Real Time Automation EtherNet/IP ∗∗∗
---------------------------------------------
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03


∗∗∗ Trend Micro Apex One: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1136


∗∗∗ F5 BIG-IP: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K20-1140


∗∗∗ [webapps] Nagios Log Server 2.1.7 - Persistent Cross-Site Scripting ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/49082


∗∗∗ Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-01-smartphone-en


∗∗∗ Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-01-fusioncompute-en


∗∗∗ Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-tls-protocol-dhe_export-ciphers-downgrade-mitm-logjam-vulnerability-in-ibm-cloud-pak-for-data-streams/


∗∗∗ Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-the-web-server-or-application-server-are-configured-in-an-insecure-way-in-ibm-cloud-pak-for-data-streams/


∗∗∗ Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect-ibm-sdk-java-technology-edition/


∗∗∗ Security Bulletin: App Connect for Manufacturing 2.0 is affected by vulnerabilities of ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.6 (CVE-2019-17359) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufacturing-2-0-is-affected-by-vulnerabilities-of-asn-1-parser-in-bouncy-castle-crypto-aka-bc-java-1-6-cve-2019-17359/


∗∗∗ Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701/


∗∗∗ Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4718) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4718/


∗∗∗ Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-lucky-13-attack-vulnerability-in-ibm-cloud-pak-for-data-streams/


∗∗∗ Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-4/


∗∗∗ Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system-3/


∗∗∗ Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-17638-jetty-double-release-of-a-byte-buffer/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list