[CERT-daily] Tageszusammenfassung - 10.11.2021

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 09-11-2021 18:00 − Mittwoch 10-11-2021 18:00
Handler:     Stephan Richter
Co-Handler:  Wolfgang Menezes

=====================
=       News        =
=====================

∗∗∗ Researcher Details Vulnerabilities Found in AWS API Gateway ∗∗∗
---------------------------------------------
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
---------------------------------------------
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway


∗∗∗ Unboxing BusyBox – 14 new vulnerabilities uncovered by Claroty and JFrog ∗∗∗
---------------------------------------------
Using static and dynamic techniques, Claroty’s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. All vulnerabilities were privately disclosed and fixed by BusyBox in version 1.34.0.
---------------------------------------------
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/


∗∗∗ Patchday: Microsoft warnt vor Attacken auf Excel und Exchange ∗∗∗
---------------------------------------------
Abermals haben es Angreifer Exchange Server abgesehen. Außerdem gibt es wichtige Sicherheitsupdates für Azure, Office, Windows & Co.
---------------------------------------------
https://heise.de/-6263036


∗∗∗ Patchday: SAP schließt kritische Sicherheitslücke ∗∗∗
---------------------------------------------
Am Patch-Tuesday hat auch SAP Aktualisierungen für seine Produkte veröffentlicht. Ein Fix behandelt eine kritische Lücke im ABAP Platform Kernel.
---------------------------------------------
https://heise.de/-6263099


∗∗∗ Cisco Talos finds 10 vulnerabilities in Azure Sphere’s Linux kernel, Security Monitor and Pluton ∗∗∗
---------------------------------------------
Today, we’re disclosing another 10 vulnerabilities in Azure Sphere — two of which are on the Linux side, seven that exist in Security Monitor and one in the Pluton security subsystem.
---------------------------------------------
https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html


∗∗∗ Achtung: Momentan kursieren zahlreiche E-Mails mit Schadsoftware ∗∗∗
---------------------------------------------
Kriminelle versenden momentan gefälschte E-Mails im Namen von Electrolux, Weitzer Parkett Vertriebs GmbH und der TU Wien. Wer ein komisches E-Mail mit der Aufforderung einen Anhang zu öffnen erhält, sollte besonders vorsichtig sein. Im Anhang befindet sich Schadsoftware!
---------------------------------------------
https://www.watchlist-internet.at/news/achtung-momentan-kursieren-zahlreiche-e-mails-mit-schadsoftware/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ AMD Server Vulnerabilities – November 2021 ∗∗∗
---------------------------------------------
During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC™ AGESA™ PI packages.
---------------------------------------------
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
Cloud Pak for Multicloud Management Infrastructure Management, Cloud Pak for Multicloud Management Managed Services, Rational Business Developer, InfoSphere Information Server
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Open Design Alliance (ODA) Security Advisories ∗∗∗
---------------------------------------------
ODA PRC SDK, Drawings SDK, ODA Viewer
---------------------------------------------
https://www.opendesign.com/security-advisories


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (openjdk-8 and samba), Fedora (community-mysql, firefox, and vim), openSUSE (binutils, kernel, and tinyxml), Red Hat (annobin, autotrace, babel, bind, binutils, bluez, compat-exiv2-026, container-tools:2.0, container-tools:3.0, container-tools:rhel8, cups, curl, dnf, dnsmasq, edk2, exiv2, file, file-roller, firefox, gcc, gcc-toolset-10-annobin, gcc-toolset-10-binutils, gcc-toolset-10-gcc, gcc-toolset-11-annobin, gcc-toolset-11-binutils,[...]
---------------------------------------------
https://lwn.net/Articles/875708/


∗∗∗ Adobe Releases Security Updates for Multiple Products ∗∗∗
---------------------------------------------
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
---------------------------------------------
https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/adobe-releases-security-updates-multiple-products


∗∗∗ BSRT-2021-003 Vulnerabilities Impact BlackBerry Protect for Windows ∗∗∗
---------------------------------------------
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000088685


∗∗∗ ZDI-21-1302: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1302/


∗∗∗ ZDI-21-1301: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1301/


∗∗∗ ZDI-21-1300: Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1300/


∗∗∗ ZDI-21-1299: Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1299/


∗∗∗ ZDI-21-1298: Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1298/


∗∗∗ Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571) ∗∗∗
---------------------------------------------
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/


∗∗∗ INTEL-SA-00481 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00481.html


∗∗∗ INTEL-SA-00560 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html


∗∗∗ INTEL-SA-00568 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00568.html


∗∗∗ INTEL-SA-00569 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html


∗∗∗ INTEL-SA-00567 ∗∗∗
---------------------------------------------
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00567.html


∗∗∗ VMSA-2021-0025 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2021-0025.html


∗∗∗ Samba 4.15.2, 4.14.10, 4.13.14 security releases available ∗∗∗
---------------------------------------------
https://lwn.net/Articles/875565/


∗∗∗ Philips MRI 1.5T and 3T ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01


∗∗∗ OSIsoft PI Vision ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05


∗∗∗ OSIsoft PI Web API ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06


∗∗∗ NVIDIA GPU Display Driver Advisory - October 2021 ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500449-NVIDIA-GPU-DISPLAY-DRIVER-ADVISORY-OCTOBER-2021


∗∗∗ NetApp Clustered Data ONTAP Vulnerabilities ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500448-NETAPP-CLUSTERED-DATA-ONTAP-VULNERABILITIES


∗∗∗ Realtek Driver Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500447-REALTEK-DRIVER-PRIVILEGE-ESCALATION-VULNERABILITY


∗∗∗ Multi-vendor BIOS Security Vulnerabilities (November 2021) ∗∗∗
---------------------------------------------
http://support.lenovo.com/product_security/PS500446-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2021

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily