Daily

daily@lists.cert.at

1 participants
3087 discussions

Tageszusammenfassung - 14.03.2018
by Daily end-of-shift report 14 Mar '18

14 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 13-03-2018 18:00 − Mittwoch 14-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ BlackBerry powered by Android Security Bulletin - March 2018 ∗∗∗ --------------------------------------------- March 2018 Android Security Bulletin --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ Websicherheit: Apple-Datei auf Webservern verrät Verzeichnisinhalte ∗∗∗ --------------------------------------------- Mittels Parser lassen sich aus .DS_Store-Dateien sensible Informationen auslesen. Das Projekt Internetwache.org hat sich die proprietäre Lösung von Apple genauer angeschaut - und Erstaunliches zutage gefördert. --------------------------------------------- https://www.golem.de/news/websicherheit-apple-datei-auf-webservern-verraet-… ∗∗∗ Spectre-Lücke: Intels Microcode-Updates für Linux und Windows ∗∗∗ --------------------------------------------- Endlich hat es Intel geschafft, die zum Stopfen der Spectre-V2-Lücke nötigen Updates für Core-i-Prozessoren seit 2011 (Sandy Bridge) zu veröffentlichen - vor allem für Linux-Distributionen. --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Intels-Microcode-Updates-fuer-L… ∗∗∗ Lets Encrypt stellt ab sofort Wildcard-Zertifikate aus ∗∗∗ --------------------------------------------- Die kostenlose Zertifizierungsstelle Lets Encrypt stellt ab sofort auch Zertifikate ohne explizit benannte Subdomains aus. Durch solche Wildcards können Admins mit weniger unterschiedlichen Zertifikaten HTTPS aktivieren. --------------------------------------------- https://www.heise.de/meldung/Let-s-Encrypt-stellt-ab-sofort-Wildcard-Zertif… ===================== = Vulnerabilities = ===================== ∗∗∗ Security Bulletins Posted ∗∗∗ --------------------------------------------- Adobe has published security bulletins for Adobe Flash Player (APSB18-05), Adobe Connect (APSB18-06) and Adobe Dreamweaver CC (APSB18-07). Adobe recommends users update their product .. --------------------------------------------- https://blogs.adobe.com/psirt/?p=1535 ∗∗∗ Microsoft - March 2018 Security Updates ∗∗∗ --------------------------------------------- The March security release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft Office and Microsoft Office Services and .. --------------------------------------------- https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail… ∗∗∗ Mozilla Foundation Security Advisory 2018-06 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox 59 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/ ∗∗∗ Mozilla Foundation Security Advisory 2018-07 ∗∗∗ --------------------------------------------- Security vulnerabilities fixed in Firefox ESR 52.7 --------------------------------------------- https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/ ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (calibre, dovecot, and postgresql), CentOS (dhcp and mailman), Fedora (freetype, kernel, leptonica, mariadb, mingw-leptonica, net-snmp, .. --------------------------------------------- https://lwn.net/Articles/749288/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 13.03.2018
by Daily end-of-shift report 13 Mar '18

13 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 12-03-2018 18:00 − Dienstag 13-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Phishing bei Amazon Prime-Kunden ∗∗∗ --------------------------------------------- Kriminelle versenden betrügerische Amazon Prime-Schreiben an Unternehmen. Darin behaupten sie, dass diese ihre Mitgliedschaft nicht bezahlen konnten. Aus diesem Grund sollen Verkäufer/innen auf einer Website ihre Zahlungsdaten aktualisieren. In Wahrheit müssen Empfänger/innen keine Reaktion zeigen und können die Nachricht löschen, denn es handelt sich um eine Phishingmail. --------------------------------------------- https://www.watchlist-internet.at/news/phishing-bei-amazon-prime-kunden/ ===================== = Vulnerabilities = ===================== ∗∗∗ [20180301] - Core - SQLi vulnerability User Notes ∗∗∗ --------------------------------------------- Project: Joomla! SubProject: CMS Impact: High Severity: Low Versions: 3.5.0 through 3.8.5 Exploit type: SQLi Reported Date: 2018-March-08 Fixed Date: 2018-March-12 CVE Number: CVE-2018-8045 --------------------------------------------- https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnera… ∗∗∗ TYPO3 8.7.11 and 7.6.25 released ∗∗∗ --------------------------------------------- The TYPO3 Community announces the versions 8.7.11 LTS and 7.6.25 LTS of the TYPO3 Enterprise Content Management System. All versions are maintenance releases and contain bug fixes only. --------------------------------------------- https://typo3.org/news/article/typo3-8711-and-7625-released ∗∗∗ Achtung Admins: Netzwerküberwachung PRTG speichert Passwörter unverschlüsselt ∗∗∗ --------------------------------------------- Wer die Netzwerküberwachung PRTG von Paessler nutzt, muss jetzt handeln, ansonsten könnten Angreifer Passwörter auslesen. --------------------------------------------- https://heise.de/-3992126 ∗∗∗ Sicherheitsforscher beschreiben 12 Lücken in AMD-Prozessoren ∗∗∗ --------------------------------------------- Die Firma CTS-Labs meldet 12 Sicherheitslücken, die aktuelle AMD-Prozessoren wie Ryzen, Ryzen Pro und Epyc betreffen beziehungsweise deren integrierte AMD Secure Processors (PSP). --------------------------------------------- https://heise.de/-3993807 ∗∗∗ rt-sa-2017-012 ∗∗∗ --------------------------------------------- Shopware Cart Accessible by Third-Party Websites --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2017-012.txt ∗∗∗ SAP Security Patch Day - March 2018 ∗∗∗ --------------------------------------------- This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. --------------------------------------------- https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/ ∗∗∗ Kritische Sicherheitslücke in Samba4 - Patches verfügbar ∗∗∗ --------------------------------------------- Kritische Sicherheitslücke in Samba4 - Patches verfügbar 13. März 2018 Beschreibung Wie das Samba-Projekt bekanntgegeben hat, gibt es 2 Sicherheitsprobleme in allen aktuellen Samba-Versionen, eine davon stufen wir als kritisch ein. CVE-Nummern: CVE-2018-1057 CVE-2018-1050 Auswirkungen Durch Ausnutzen von CVE-2018-1057 kann ein angemeldeter Benutzer auf einem Samba Domain Controller die Passwörter beliebiger Benutzerkonten ändern. Dies inkludiert Dienst-Accounts von --------------------------------------------- http://www.cert.at/warnings/all/20180313.html ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (samba), Fedora (tor), openSUSE (glibc, mysql-connector-java, and shadow), Oracle (dhcp), Red Hat (bind, chromium-browser, and dhcp), Scientific Linux (dhcp), and SUSE (java-1_7_0-openjdk, java-1_8_0-ibm, and java-1_8_0-openjdk). --------------------------------------------- https://lwn.net/Articles/749177/ ∗∗∗ BSRT-2018-001 Vulnerability in UEM Management Console impacts UEM ∗∗∗ --------------------------------------------- http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013951 ∗∗∗ IBM Security Bulletin: IBM i is affected by networking BIND vulnerability CVE-2017-3145 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022495 ∗∗∗ IBM Security Bulletin: Security Bulletin: Information disclosure in IBM HTTP Server (CVE-2018-1388) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014196 ∗∗∗ IBM Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022490 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 12.03.2018
by Daily end-of-shift report 12 Mar '18

12 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 09-03-2018 18:00 − Montag 12-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Qwerty Ransomware Utilizes GnuPG to Encrypt a Victims Files ∗∗∗ --------------------------------------------- A new ransomware has been discovered that utilizes the legitimate GnuPG, or GPG, encryption program to encrypt a victims files. Currently in the wild, this ransomware is called Qwerty Ransomware and will encrypt a victims files, overwrite the originals, and the append the .qwerty extension to an encrypted files name. --------------------------------------------- https://www.bleepingcomputer.com/news/security/qwerty-ransomware-utilizes-g… ∗∗∗ Coinminer Campaigns Target Redis, Apache Solr, and Windows Servers ∗∗∗ --------------------------------------------- Windows Server, Apache Solr, and Redis servers have been targeted this week by cyber-criminals looking to take over unpatched machines and install malware that mines cryptocurrency (known as a coinminer). --------------------------------------------- https://www.bleepingcomputer.com/news/security/coinminer-campaigns-target-r… ∗∗∗ SmartCam: Kritische Sicherheitslücken in Cloud-Anbindung von Samsung-IP-Kameras ∗∗∗ --------------------------------------------- Lücken in der IP-Kamera SNH-V6410PN/PNW ermöglichen es, das Linux darauf zu kapern. Da die Sicherheitslücke in der Cloud-Anbindung liegt, sind wahrscheinlich weitere SmartCam-Modelle betroffen. Der Cloud-Dienst verwaltet die Kameras per Jabber-Server. --------------------------------------------- https://www.heise.de/security/meldung/SmartCam-Kritische-Sicherheitsluecken… ∗∗∗ TLS 1.3 and Proxies ∗∗∗ --------------------------------------------- I'll generally ignore the internet froth in a given week as much as possible, but when Her Majesty's Government starts repeating misunderstandings about TLS 1.3 it is necessary to write something, if only to have a pointer ready for when people start citing it as evidence. --------------------------------------------- http://www.imperialviolet.org/2018/03/10/tls13.html ===================== = Vulnerabilities = ===================== ∗∗∗ Multiple Critical Vulnerabilities in SecurEnvoy SecurMail ∗∗∗ --------------------------------------------- Several vulnerabilities in the SecurEnvoy SecurMail encrypted mail transfer solution allow an attacker to read other users' encrypted e-mails and overwrite or delete e-mails stored in other users' inboxes. --------------------------------------------- https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabil… ∗∗∗ Security updates for Monday ∗∗∗ --------------------------------------------- Security updates have been issued by CentOS (389-ds-base, dhcp, kernel, libreoffice, php, quagga, and ruby), Debian (ming, util-linux, vips, and zsh), Fedora (community-mysql, php, ruby, and transmission), Gentoo (newsbeuter), Mageia (libraw and mbedtls), openSUSE (php7 and python-Django), Red Hat (MRG Realtime 2.5), and SUSE (kernel). --------------------------------------------- https://lwn.net/Articles/749087/ ∗∗∗ IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2018-1444) ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22014392 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects MegaRAID Storage Manager (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099769 ∗∗∗ IBM Security Bulletin: Security vulnerabilities have been identified in OpenSSL, IBM Java JRE and the microcode shipped with the DS8000 Hardware Management Console (HMC) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009613 ∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013943 ∗∗∗ IBM Security Bulletin: Vulnerability in WebSphere Application Server affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2017-1681) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013339 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server January 2018 CPU ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013818 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM HTTP Server Response Time module is affected by JavaScript injection vulnerability. ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013557 ∗∗∗ IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by OpenSSL vulnerabilities (CVE-2017-3735, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011110 ∗∗∗ IBM Security Bulletin: SetGID and SetUID programs in IBM Workload Scheduler can be exploited to obtain privilege escalation (CVE-2018-1386) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22012171 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 09.03.2018
by Daily end-of-shift report 09 Mar '18

09 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 08-03-2018 18:00 − Freitag 09-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ LLVM 6.0: Clang bekommt Maßnahme gegen Spectre-Angriff ∗∗∗ --------------------------------------------- Die neue Version der LLVM-Compiler wie Clang bringt mit Retpolines eine wichtige Maßnahme gegen Angriffe über Spectre. Davon profitieren auch künftige Windows-Versionen von Google Chrome. Optimierungen gibt es außerdem bei der Diagnose von Quelltexten. --------------------------------------------- https://www.golem.de/news/llvm-6-0-clang-bekommt-massnahme-gegen-spectre-an… ∗∗∗ Avast: CCleaner-Infektion enthielt Keylogger-Funktion ∗∗∗ --------------------------------------------- Die im vergangenen Jahr mit CCleaner verteilte Malware sollte Unternehmen wohl auch per Keylogger ausspionieren. Avast hat im eigenen Netzwerk die Shadowpad-Malware gefunden, geht aber davon aus, dass diese bei Kunden nicht installiert wurde. --------------------------------------------- https://www.golem.de/news/avast-ccleaner-infektion-enthielt-keylogger-funkt… ∗∗∗ Look-Alike Domains and Visual Confusion ∗∗∗ --------------------------------------------- How good are you at telling the difference between domain names you know and trust and imposter or look-alike domains? The answer may depend on how familiar you are with the nuances of internationalized domain names (IDNs), as well .. --------------------------------------------- https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/ ∗∗∗ Researchers Demonstrate Ransomware Attack on Robots ∗∗∗ --------------------------------------------- IOActive security researchers today revealed a ransomware attack on robots, demonstrating not only that such assaults are possible, but also their potential financial impact. read more --------------------------------------------- https://www.securityweek.com/researchers-demonstrate-ransomware-attack-robo… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet Module ∗∗∗ --------------------------------------------- This advisory includes mitigations for missing authentication for critical function, and inadequate encryption strength vulnerabilities in Siemens SIPROTEC 4, SIPROTEC Compact, DIGSI 4, and EN100 Ethernet module. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-01 ∗∗∗ Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle Devices using the EN100 Ethernet Communication Module Extension ∗∗∗ --------------------------------------------- This advisory includes mitigation details for a missing authentication for critical function vulnerability in the Siemens SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices using the EN100 Ethernet communication module extension. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-067-02 ∗∗∗ Security Advisory - Information Disclosure Vulnerability on Honor Smart Scale Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability in eNSP Software ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180309-… ∗∗∗ IBM Security Bulletin: IBM Notes Privilege Escalation in IBM Notes System Diagnostics service (CVE-2018-1437) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014201 ∗∗∗ IBM Security Bulletin: IBM Notes Remote Code Execution Vulnerability (CVE-2018-1435) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014198 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 08.03.2018
by Daily end-of-shift report 08 Mar '18

08 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 07-03-2018 18:00 − Donnerstag 08-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours ∗∗∗ --------------------------------------------- Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018. --------------------------------------------- https://www.bleepingcomputer.com/news/security/microsoft-stops-malware-camp… ∗∗∗ Memcached Amplification: Neue Hacker-Tools verursachen Rekord-DDoS-Angriffe ∗∗∗ --------------------------------------------- DDoS-Angriffe per Memcached Amplification sind erst seit etwa einer Woche bekannt, nun existieren einfach zu bedienende Werkzeuge für solche Attacken. Unter anderem wurde auf diese Art GitHub mit einem Rekord-Angriff aus dem Internet geschwemmt. --------------------------------------------- https://www.heise.de/security/meldung/Memcached-Amplification-Neue-Hacker-T… ∗∗∗ Distrust of the Symantec PKI: Immediate action needed by site operators ∗∗∗ --------------------------------------------- We previously announced plans to deprecate Chrome’s trust in the Symantec certificate authority (including Symantec-owned brands like Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL). This post outlines how site operators can determine if they’re affected by this .. --------------------------------------------- https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.… ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco Releases Security Updates for Multiple Products ∗∗∗ --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/07/Cisco-Releases-Sec… ∗∗∗ DFN-CERT-2018-0455/">Red Hat JBoss Web Server: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0455/ ∗∗∗ rt-sa-2018-001 ∗∗∗ --------------------------------------------- https://www.redteam-pentesting.de/advisories/rt-sa-2018-001.txt -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 07.03.2018
by Daily end-of-shift report 07 Mar '18

07 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Dienstag 06-03-2018 18:00 − Mittwoch 07-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Encryption 101: How to break encryption ∗∗∗ --------------------------------------------- Continuing on in our Encryption 101 series, where we gave a malware analyst’s primer on encryption and demonstrated encryption techniques using ShiOne ransomware, we now look at what it takes to break an encryption. In order for something as powerful as encryption to break, there needs to be some kind of secret flaw. That flaw is often a result of an error in implementation. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to… ===================== = Vulnerabilities = ===================== ∗∗∗ Google Releases Security Update for Chrome ∗∗∗ --------------------------------------------- Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. --------------------------------------------- https://www.us-cert.gov/ncas/current-activity/2018/03/06/Google-Releases-Se… ∗∗∗ DFN-CERT-2018-0444/">Citrix NetScaler Application Delivery Controller, Citrix NetScaler Gateway: Mehrere Schwachstellen ermöglichen u.a. die Übernahme des Systems ∗∗∗ --------------------------------------------- Eine Schwachstelle in Citrix VPX ermöglicht einem entfernten, einfach authentisierten Angreifer die Ausführung beliebigen Programmcodes und damit letztlich die Übernahme des Systems. Weitere Schwachstellen ermöglichen einem entfernten, vermutlich nicht authentisierten Angreifer das Ausspähen beliebiger Dateien, die Eskalation von Privilegien sowie einen Cross-Site-Scripting (XSS)-Angriff. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0444/ ∗∗∗ FortiWebs cookie tampering protection can be bypassed by erasing the FortiWeb session cookie ∗∗∗ --------------------------------------------- FortiWeb 5.6.0 introduced a feature called "Signed Security Mode", which, when enabled, would prevent an attacker from tampering with "regular" cookies set by the web-sites protected by FortiWeb; in effect, access to the protected web-site can be blocked when cookie tampering is detected (depending on the "Action" selected by the FortiWeb admin).This protection can however be made inoperant if the attacker removes FortiWebs own session cookie. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-279 ∗∗∗ RSA Archer eGRC Bugs Let Remote Users Redirect Users to an Arbitrary Site and Let Remote Authenticated Users Obtain Username Information ∗∗∗ --------------------------------------------- A remote authenticated user can exploit an access control flaw in an API to determine valid usernames on the target system [CVE-2018-1219]. A remote user can exploit a flaw in the QuickLinks feature to redirect the target user to an arbitrary site [CVE-2018-1220]. --------------------------------------------- http://www.securitytracker.com/id/1040457 ∗∗∗ Security updates for Wednesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (python-django and python2-django), Debian (leptonlib), Fedora (bugzilla, cryptopp, electrum, firefox, freexl, glibc, jhead, libcdio, libsamplerate, libXcursor, libXfont, libXfont2, mingw-wavpack, nx-libs, php, python-crypto, quagga, sharutils, unzip, x2goserver, and xen), Gentoo (exim), openSUSE (cups, go1.8, ImageMagick, jgraphx, leptonica, openexr, tor, and wavpack), Red Hat (389-ds-base, java-1.7.1-ibm, kernel, kernel-rt, libreoffice, and --------------------------------------------- https://lwn.net/Articles/748741/ ∗∗∗ Hirschmann Automation and Control GmbH Classic Platform Switches ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 ∗∗∗ Schneider Electric SoMove Software and DTM Software Components ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-02 ∗∗∗ Eaton ELCSoft ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-065-03 ∗∗∗ Security Advisory - Information Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Permission Control Vulnerability in Huawei Video Application ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ Security Advisory - Authentication Bypass Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180307-… ∗∗∗ IBM Security Bulletin: Information disclosure in WebSphere Application Server Admin Console (CVE-2017-1741) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22012342 ∗∗∗ IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server Affects IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management and IBM Emptoris Service Procurement ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014257 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 06.03.2018
by Daily end-of-shift report 06 Mar '18

06 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Montag 05-03-2018 18:00 − Dienstag 06-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ E-Mail-Clients für Android: Kennwörter werden an Entwickler der App übermittelt ∗∗∗ --------------------------------------------- Der E-Mail-Client sollte mit Bedacht gewählt werden. Zwei Apps für Android übermitteln die Kennwörter an den Anbieter der App. Der Entdecker des Sicherheitsrisikos rät zur Deinstallation der Apps und zur Zurücksetzung des E-Mail-Kennworts. --------------------------------------------- https://www.golem.de/news/e-mail-clients-fuer-android-kennwoerter-werden-im… ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0432/">NetIQ Identiy Manager: Eine Schwachstelle ermöglicht das Ausspähen von Passwörtern ∗∗∗ --------------------------------------------- Ein vermutlich lokaler, einfach authentisierter Angreifer kann Passwörter ausspähen, welche unter Umständen in Logdateien gespeichert werden. NetIQ stellt den NetIQ Identiy Manager in der Version 4.6 zur Behebung der Schwachstelle bereit. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0432/ ∗∗∗ DFN-CERT-2018-0431/">GitLab: Mehrere Schwachstellen ermöglichen u.a. einen kompletten Denial-of-Service (DoS)-Angriff ∗∗∗ --------------------------------------------- Zwei Schwachstellen betreffen GitLab Enterprise und ermöglichen einem vermutlich entfernten und einfach authentisierten Angreifer das Bewirken kompletter Denial-of-Service (DoS)-Zustände. Weitere Schwachstellen ermöglichen dem Angreifer das Umgehen von Sicherheitsvorkehrungen, das Ausspähen von Informationen und Darstellen falscher Informationen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0431/ ∗∗∗ Android: März-Update schließt Fülle an kritischen Lücken ∗∗∗ --------------------------------------------- Den ersten Montag des Monats nutzt Google üblicherweise, um Sicherheitslücken in Android zu bereinigen. Und so gibt es auch jetzt wieder ein neues Update, das sich vor allem der Bereinigung solcher Probleme bereinigt. --------------------------------------------- http://derstandard.at/2000075574454 ∗∗∗ Security updates for Tuesday ∗∗∗ --------------------------------------------- Security updates have been issued by Arch Linux (dhclient and dhcp), Debian (tomcat7 and xen), Fedora (dhcp), Mageia (glibc and xerces-c), SUSE (xen), and Ubuntu (irssi, memcached, postgresql-9.3, postgresql-9.5, postgresql-9.6, and twisted). --------------------------------------------- https://lwn.net/Articles/748625/ ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Product Attributes ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541839 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Stored Cross-Site Scripting - Downloadable Products ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541838 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Multiple Stored Cross-Site Scripting Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541840 ∗∗∗ Bugtraq: DefenseCode Security Advisory: Magento Backups Cross-Site Request Forgery ∗∗∗ --------------------------------------------- http://www.securityfocus.com/archive/1/541837 ∗∗∗ IBM Security Bulletin: IBM Tivoli Federated Identity Manager is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443 ) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014161 ∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a Security Assertion Markup Language (SAML)-based single sign-on (SSO) systems vulnerability (CVE-2018-1443) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014160 ∗∗∗ IBM Security Bulletin: IBM Security Guardium has released patch in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013322 ∗∗∗ IBM Security Bulletin: Response Time Monitoring Agent is affected by a NoSQL Injection vulnerability ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013500 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-14746, CVE-2017-15275) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1012067 ∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects Rational Asset Analyzer ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013972 ∗∗∗ IBM Security Bulletin: Monitoring Agent for WebSphere Applications is affected by a potential for sensitive personal information to be visible when you use the diagnostics or transaction tracking capability of the agent ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014035 ∗∗∗ IBM Security Bulletin: Rational Asset Analyzer (RAA) is affected by a vulnerability in WAS ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22013974 ∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014235 ∗∗∗ IBM Security Bulletin: IBM’s Pulse App for QRadar is vulnerable to sensitive information exposure. (CVE-2017-1625) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22014284 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2016-0706 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K18174924 ∗∗∗ Apache Tomcat 6.x vulnerabilities CVE-2016-0714 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K58084500 ∗∗∗ Apache Tomcat 6.x vulnerability CVE-2015-5345 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K34341852 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 05.03.2018
by Daily end-of-shift report 05 Mar '18

05 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Freitag 02-03-2018 18:00 − Montag 05-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Spring break! Critical vuln in Pivotal frameworks Data parts plugged ∗∗∗ --------------------------------------------- Similar to Apache Struts flaw that stuffed Equifax Pivotals Spring Data REST project has a serious security hole that needs patching. --------------------------------------------- www.theregister.co.uk/2018/03/05/rest_vuln/ ∗∗∗ Bei 40 günstigen Android-Smartphones ist ein Trojaner ab Werk inklusive ∗∗∗ --------------------------------------------- Sicherheitsforscher listen über 40 Android-Smartphones auf, die einen von Angreifern modifizierbaren Trojaner an Bord haben. Dieser soll sich nicht ohne Weiteres entfernen lassen. --------------------------------------------- https://www.heise.de/meldung/Bei-40-guenstigen-Android-Smartphones-ist-ein-… ∗∗∗ Powerful New DDoS Method Adds Extortion ∗∗∗ --------------------------------------------- Attackers have seized on a relatively new method for executing distributed denial-of-service (DDoS) attacks of unprecedented disruptive power, using it to launch record-breaking DDoS assaults over the past week. Now evidence .. --------------------------------------------- https://krebsonsecurity.com/2018/03/powerful-new-ddos-method-adds-extortion/ ∗∗∗ Gefälschte Klarna-Rechnung verbreitet Schadsoftware ∗∗∗ --------------------------------------------- Kriminelle versenden eine Rechnung mit dem Betreff „Automatische Konto-Lastschrift von Klarna Bank konnte nicht durchgeführt werden“. Sie fordern die Empfänger/innen der Nachricht dazu auf, dass sie weiterführende Informationen zur offenen Forderung einer ZIP-Datei entnehmen. Sie verbirgt Schadsoftware. Aus diesem Grund dürfen Adressat/innen die angebliche Rechnung nicht öffnen. --------------------------------------------- https://www.watchlist-internet.at//themen/e-mail/ ∗∗∗ LTE: Massive Lücke erlaubt SMS- und Standort-Spionage ∗∗∗ --------------------------------------------- Angreifer könnten auch gefälschte Katastrophenwarnungen an großen Zahl von Nutzern gleichzeitig verschicken --------------------------------------------- http://derstandard.at/2000075435289 ∗∗∗ 700 Gbit/s: Bislang größte DDoS-Attacke auf Österreich gemessen ∗∗∗ --------------------------------------------- Galt "internationalem Service-Provider" – Zeitgleich zu Angriff auf Github und andere Seiten --------------------------------------------- http://derstandard.at/2000075492832 ===================== = Vulnerabilities = ===================== ∗∗∗ Drupal core - Critical - Multiple Vulnerabilities - SA-CORE-2018-001 ∗∗∗ --------------------------------------------- https://www.drupal.org/sa-core-2018-001 ∗∗∗ IBM Security Bulletin: IBM MessageSight V1.2 has released 1.2.0.3-IBM-IMA-IFIT24219 in response to the vulnerabilities known as Spectre and Meltdown ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 02.03.2018
by Daily end-of-shift report 02 Mar '18

02 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 01-03-2018 18:00 − Freitag 02-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Stephan Richter ===================== = News = ===================== ∗∗∗ Banking Trojan Found in Over 40 Models of Low-Cost Android Smartphones ∗∗∗ --------------------------------------------- Over 40 models of low-cost Android smartphones are sold already infected with the Triada banking trojan, says Dr.Web, a Russia-based antivirus vendor. --------------------------------------------- https://www.bleepingcomputer.com/news/security/banking-trojan-found-in-over… ∗∗∗ Chromes WebUSB Feature Leaves Some Yubikeys Vulnerable to Attack ∗∗∗ --------------------------------------------- While still the best protection against phishing attacks, some Yubikey models are vulnerable after a recent update to Google Chrome. --------------------------------------------- https://www.wired.com/story/chrome-yubikey-phishing-webusb ∗∗∗ Spectre-Lücke: Microcode-Updates nun doch als Windows Update ∗∗∗ --------------------------------------------- So wie einige Linux-Distributionen (re-)aktiviert Microsoft die Möglichkeit, Microcode-Updates mit IBC-Patches gegen Spectre als Update des Betriebssystems einzuspielen – vorerst nur für Core i-6000 (Skylake). --------------------------------------------- https://www.heise.de/meldung/Spectre-Luecke-Microcode-Updates-nun-doch-als-… ∗∗∗ Rekord-DDoS-Attacke mit 1,35 Terabit pro Sekunde gegen Github.com ∗∗∗ --------------------------------------------- Die Webseite von Github hat die bislang heftigste dokumentierte DDoS-Attacke überstanden. Die Angreifer setzten dabei auf einen erst kürzlich bekanntgewordenen Angriffsvektor. --------------------------------------------- https://www.heise.de/meldung/Rekord-DDoS-Attacke-mit-1-35-Terabit-pro-Sekun… ∗∗∗ Financial Cyber Threat Sharing Group Phished ∗∗∗ --------------------------------------------- The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry forum for sharing data about critical cybersecurity threats facing the banking and finance industries, said today that a successful phishing attack on one of its employees was used to launch additional phishing attacks against FS-ISAC members. The fallout from the back-to-back phishing attacks appears to have been limited and contained, as many FS-ISAC members who received the phishing attack quickly detected [...] --------------------------------------------- https://krebsonsecurity.com/2018/03/financial-cyber-threat-sharing-group-ph… ∗∗∗ Warnung vor gefälschter Raiffeisen Bank-Kundeninformation ∗∗∗ --------------------------------------------- Datendiebe versenden eine gefälschte Raiffeisen Bank-Kundeninformation. Darin fordern sie Empfänger/innen dazu auf, dass sie eine angebliche Sicherheits-App für die weitere Nutzung ihres ELBA Internet-Kontos installieren. Die Anwendung ist Schadsoftware. Sie ermöglicht es den Kriminellen, auf das Konto ihrer Opfer zuzugreifen und Geld zu stehlen. --------------------------------------------- http://www.watchlist-internet.at/index.php?id=6&tx_news_pi1[overwriteDemand… ∗∗∗ Vulnerability Spotlight: Simple DirectMedia Layer’s SDL2_Image ∗∗∗ --------------------------------------------- OverviewTalos is disclosing several vulnerabilities identified in Simple DirectMedia Layers SDL2_Image library that could allow code execution. Simple DirectMedia Layer is a cross-platform development library designed to provide low level access to audio, keyboard, mouse, joystick, and graphics hardware via OpenGL and Direct3D. It is used by video playback software, emulators, and popular games including Valves award winning catalog and many Humble Bundle games. SDL officially supports Windows, --------------------------------------------- http://blog.talosintelligence.com/2018/03/vulnerability-spotlight-simple.ht… ===================== = Vulnerabilities = ===================== ∗∗∗ Siemens SIMATIC, SIMOTION, and SINUMERIK ∗∗∗ --------------------------------------------- This advisory contains mitigation details for stack-based buffer overflow and permissions, privileges, and access controls vulnerabilities in the Siemens SIMATIC, SIMOTION, and SINUMERIK Industrial PCs. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-01 ∗∗∗ Moxa OnCell G3100-HSPA Series ∗∗∗ --------------------------------------------- This advisory contains mitigation details for reliance on cookies without validation and integrity checking, improper handling of length parameter inconsistency, and NULL pointer dereference vulnerabilities in the Moxa OnCell G3100-HSPA Series IP gateway. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02 ∗∗∗ Delta Electronics Delta Industrial Automation DOPSoft ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a stack-based buffer overflow vulnerability in the Delta Electronics Delta Industrial Automation DOPSoft human machine interface. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-18-060-03 ∗∗∗ MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) ∗∗∗ --------------------------------------------- A potential security vulnerability has been identified in Micro Focus Operations Orchestration. The vulnerability could be remotely exploited to allow Denial of Service (DoS). --------------------------------------------- https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM0… ∗∗∗ Security updates for Friday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (freexl and simplesamlphp), Fedora (krb5, libvirt, php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser, and phpMyAdmin), Mageia (krb5, leptonica, and libvirt), Slackware (dhcp and ntp), and Ubuntu (isc-dhcp). --------------------------------------------- https://lwn.net/Articles/748422/ ∗∗∗ Vuln: Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://www.securityfocus.com/bid/103201 ∗∗∗ DFN-CERT-2018-0399: PHP: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0399/ ∗∗∗ DFN-CERT-2018-0418: SimpleSAMLphp: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0418/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.03.2018
by Daily end-of-shift report 01 Mar '18

01 Mar '18

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 28-02-2018 18:00 − Donnerstag 01-03-2018 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ DDoS-Reflection mit Memcached ∗∗∗ --------------------------------------------- Auf diesen Seiten war schon viel über DDoS zu lesen, insbesondere der Variante, bei der schlecht betriebene Services im Netz sich als Reflektoren/Verstärker missbrauchen lassen. Übliche Vektoren in den letzten Jahren waren DNS, NTP, SSDP, SNMP und auch LDAP. Jetzt ist hier was neues am Radar aufgetaucht: Memcached. --------------------------------------------- http://www.cert.at/services/blog/20180228181107-2150.html ∗∗∗ Trustico/Digicert: Chaos um 23.000 Zertifikate und private Schlüssel ∗∗∗ --------------------------------------------- Der Zertifikatsreseller Trustico bittet aus unklaren Gründen darum, dass 50.000 Zertifikate zurückgezogen werden. Zu knapp der Hälfte davon besaß Trustico offenbar die privaten Schlüssel - die ein Zertifikatshändler eigentlich nie haben sollte. --------------------------------------------- https://www.golem.de/news/trustico-digicert-chaos-um-23-000-zertifikate-und… ∗∗∗ Spectre-Attacken auch auf Sicherheitsfunktion Intel SGX möglich ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen zwei Szenarien auf, in denen sie Intels Software Guard Extensions (SGX) erfolgreich über die Spectre-Lücke angreifen. --------------------------------------------- https://heise.de/-3983848 ===================== = Vulnerabilities = ===================== ∗∗∗ DFN-CERT-2018-0400/">ISC Bind Supported Preview Edition: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗ --------------------------------------------- Die BIND Supported Preview Edition ist ein spezieller BIND Feature Preview Branch für ISC Support Kunden. Keine der allgemein veröffentlichten BIND Versionen ist von der jetzt behobenen Schwachstelle betroffen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0400/ ∗∗∗ DFN-CERT-2018-0401/">ISC DHCP: Zwei Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- Ein entfernter, nicht authentisierter Angreifer kann zwei Schwachstellen in ISC DHCP ausnutzen, um verschiedene Denial-of-Service (DoS)-Angriffe durchzuführen. Eine der Schwachstellen kann eventuell auch die Ausführung beliebigen Programmcodes ermöglichen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0401/ ∗∗∗ DFN-CERT-2018-0407/">Sophos UTM: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗ --------------------------------------------- Verschiedene Schwachstellen in den Komponenten Exim und SSH Server von Sophos Unified Threat Management (UTM) ermöglichen unter anderem einem entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes und das Ausspähen von Informationen. Weitere Schwachstellen ermöglichen diese Angriffe auch einem lokalen einfach authentisierten Angreifer. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0407/ ∗∗∗ DFN-CERT-2018-0408/">NTP: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in NTP ermöglichen einem entfernten, zumeist nicht authentisierten Angreifer das Ausführen beliebigen Programmcodes, die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe, das Fälschen von Zeitinformationen und das Ausspähen von Informationen. (Note: Remote Code Execution betrifft nur das ntpq Tool) --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0408/ ∗∗∗ DFN-CERT-2018-0409/">PostgreSQL: Eine Schwachstelle ermöglicht die Eskalation von Privilegien ∗∗∗ --------------------------------------------- Ein entfernter, einfach authentifizierter Angreifer kann eine Schwachstelle in PostgreSQL ausnutzen, um die beabsichtigten Funktionen von PostgreSQL zu ändern. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2018-0409/ ∗∗∗ Security updates for Thursday ∗∗∗ --------------------------------------------- Security updates have been issued by Debian (xmltooling), Fedora (mbedtls), openSUSE (freexl), Oracle (quagga and ruby), Red Hat (.NET Core, quagga, and ruby), Scientific Linux (quagga and ruby), SUSE (glibc), and Ubuntu (libreoffice). --------------------------------------------- https://lwn.net/Articles/748350/ ∗∗∗ IBM Security Bulletin: IBM Cloud Private has released a patch in response to the vulnerabilities known as Spectre and Meltdown(CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=isg3T1027210 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in XMLsoft Libxml2 and OpenSSL affect IBM Netezza Analytics ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013398 ∗∗∗ IBM Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza SQL Extensions ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22013399 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Information disclosure in WebSphere Application Server (CVE-2017-1681) vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014125 ∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Poi vulnerability (CVE-2017-5644) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22014107 ∗∗∗ Authentication Bypass Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway ∗∗∗ --------------------------------------------- https://support.citrix.com/article/CTX232199 ∗∗∗ TMM vulnerability CVE-2018-5500 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K33211839 ∗∗∗ DNS TCP virtual server vulnerability CVE-2018-5501 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K44200194 ∗∗∗ BIG-IP TMM vulnerability CVE-2017-6150 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K62712037 ∗∗∗ BIG-IP ASM data processing vulnerability CVE-2017-6154 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K38243073 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily