[CERT-daily] Tageszusammenfassung - 30.08.2021

Mon Aug 30 18:11:01 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 27-08-2021 18:00 − Montag 30-08-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exchange Server: Authentifizierungs-Bypass mit ProxyToken ∗∗∗
---------------------------------------------
Im Juni 2021 hat Microsoft mit den kumulativen Updates eine Schwachstelle in seinen on-premises Exchange Servern beseitigt, über die Angreifer ohne Authentifizierung die Konfigurierung verändern konnten. So wäre es für einen nicht authentifizierten Angreifer möglich gewesen, die Konfiguration für Postfächer beliebiger Benutzer zu ändern. So hätten alle an ein E-Mail-Konto adressierten E-Mails kopiert und an ein vom Angreifer kontrolliertes Konto weitergeleitet werden können.
---------------------------------------------
https://www.borncity.com/blog/2021/08/30/exchange-server-authentifizierungs-bypass-mit-proxytoken/


∗∗∗ [SANS ISC] Cryptocurrency Clipboard Swapper Delivered With Love ∗∗∗
---------------------------------------------
I published the following diary on isc.sans.edu: “Cryptocurrency Clipboard Swapper Delivered With Love“: Be careful if you’re a user of cryptocurrencies. My goal is not to re-open a debate about them and their associated financial risks. No, I’m talking here about technical risk.
---------------------------------------------
https://blog.rootshell.be/2021/08/30/sans-isc-cryptocurrency-clipboard-swapper-delivered-with-love/


∗∗∗ Understanding Cobalt Strike Profiles ∗∗∗
---------------------------------------------
I really enjoy the process of red teaming especially when it comes to evading detection and lining up against a good blue team. Probably one of the most common commercially available Command and Control(C2) frameworks used today is Cobalt Strike(CS). So popular in fact it is classified on its own as a malware family by many defensive security products. Using CS in red team operations is common practice for a lot of companies offering red teaming to their clients and my milage is no different [...]
---------------------------------------------
https://blog.zsec.uk/cobalt-strike-profiles/


∗∗∗ Cobalt Strike, a Defender’s Guide ∗∗∗
---------------------------------------------
In our research, we expose adversarial Tactics, Techniques and Procedures (TTPs) as well as the tools they use to execute their mission objectives. In most of our cases, we [...]
---------------------------------------------
https://thedfirreport.com/2021/08/29/cobalt-strike-a-defenders-guide/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-1052: Trend Micro Maximum Security Directory Junction Denial-of-Service Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1052/


∗∗∗ ZDI-21-1051: NETGEAR Multiple Routers mini_httpd Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1051/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (exiv2, grilo, gthumb, and redis), Fedora (krb5, nbdkit, and rubygem-addressable), Mageia (libass and opencontainers-runc), openSUSE (cacti, cacti-spine, go1.15, opera, qemu, and spectre-meltdown-checker), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, libsndfile, and libX11), SUSE (389-ds, qemu, and spectre-meltdown-checker), and Ubuntu (grilo).
---------------------------------------------
https://lwn.net/Articles/867791/


∗∗∗ Out-of-Bounds Read Vulnerability in OpenSSL ∗∗∗
---------------------------------------------
An out-of-bounds read vulnerability in OpenSSL has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-40


∗∗∗ Out-of-Bounds Vulnerabilities in OpenSSL ∗∗∗
---------------------------------------------
Two out-of-bounds vulnerabilities in OpenSSL have been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync).
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-21-39


∗∗∗ Security Bulletin: IBM API Connect V5 is impacted by a vulnerability in nginx. (CVE-2021-23017) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-v5-is-impacted-by-a-vulnerability-in-nginx-cve-2021-23017/


∗∗∗ Security Bulletin: Vulnerability in IBM Java SDK and IBM Java Runtime affects Rational Business Developer ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-and-ibm-java-runtime-affects-rational-business-developer-5/


∗∗∗ Atlassian Jira Software: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
https://www.cert-bund.de/advisoryshort/CB-K21-0920


∗∗∗ ZDI-21-1038: (0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1038/


∗∗∗ ZDI-21-1037: (0Day) Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1037/


∗∗∗ ZDI-21-1036: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1036/


∗∗∗ ZDI-21-1035: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1035/


∗∗∗ ZDI-21-1034: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1034/


∗∗∗ ZDI-21-1033: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1033/


∗∗∗ ZDI-21-1032: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1032/


∗∗∗ ZDI-21-1031: (0Day) Fuji Electric Tellus Lite V-Simulator 6 V9 File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1031/


∗∗∗ ZDI-21-1050: (0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1050/


∗∗∗ ZDI-21-1049: (0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1049/


∗∗∗ ZDI-21-1048: (0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Uninitialized Pointer Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1048/


∗∗∗ ZDI-21-1047: (0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1047/


∗∗∗ ZDI-21-1046: (0Day) Fuji Electric Tellus Lite V-Simulator V8 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1046/


∗∗∗ ZDI-21-1045: (0Day) Fuji Electric Tellus Lite V9 File Parsing Memory Corruption Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1045/


∗∗∗ ZDI-21-1044: (0Day) Fuji Electric Tellus Lite V9 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1044/


∗∗∗ ZDI-21-1043: (0Day) Fuji Electric Tellus Lite V9 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-21-1043/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily