Daily

daily@lists.cert.at

1 participants
3189 discussions

Tageszusammenfassung - 04.12.2017
by Daily end-of-shift report 04 Dec '17

04 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 01-12-2017 18:00 − Montag 04-12-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Visualise Event Logs to Identify Compromised Accounts - LogonTracer ∗∗∗ --------------------------------------------- JPCERT/CC has developed and released a tool “LogonTracer” which supports such event log analysis. This entry introduces how it works and how to launch it. ... LogonTracer associates a host name (or an IP address) and account name found in logon-related events and displays it as a graph. This way, it is possible to see in which account login attempt occurs and which host is used. --------------------------------------------- http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromis… ∗∗∗ Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’ ∗∗∗ --------------------------------------------- Scripts are becoming the weapon of choice of sophisticated activity groups responsible for targeted attacks as well as malware authors who indiscriminately deploy commodity threats. Scripting engines such as JavaScript, VBScript, and PowerShell offer tremendous benefits to attackers. They run through legitimate processes and are perfect tools for “living off the land”—staying away from the disk and using common tools to run code directly in memory. --------------------------------------------- https://blogs.technet.microsoft.com/mmpc/2017/12/04/windows-defender-atp-ma… ∗∗∗ Europäisches Parlament will Mediaplayer VLC sicherer machen ∗∗∗ --------------------------------------------- EU-Projekt FOSSA (Free Open Source Software Analysis) ist für das Bug-Bounty-Programm mitverantwortlich. --------------------------------------------- https://heise.de/-3907536 ∗∗∗ An IRISSCON 2017 roundup ∗∗∗ --------------------------------------------- This post contains links to many of the top-rated talks from the event, along with links to additional content. --------------------------------------------- https://blog.malwarebytes.com/security-world/2017/11/an-irisscon-2018-round… ∗∗∗ Avalanche-Botnetz: BSI weitet Schutzmaßnahmen aus ∗∗∗ --------------------------------------------- Das Bundesamt für Sicherheit in der Informationstechnik (BSI) weitet die Schutz- und Informationsmaßnahmen aus, die im Rahmen der Zerschlagung der weltweit größten Botnetzinfrastruktur Avalanche Ende 2016 initiiert wurden, und verlängert diese zudem. Das im Zuge der Avalanche-Abschaltung im Jahr 2016 vom BSI aufgesetzte Sinkholing-System wurde dabei um Domänen des Andromeda-Botnetzes erweitert. --------------------------------------------- https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2017/Avalanche_E… ===================== = Vulnerabilities = ===================== ∗∗∗ [openssl-announce] Forthcoming OpenSSL release ∗∗∗ --------------------------------------------- The OpenSSL project team would like to announce the forthcoming release of OpenSSL version 1.0.2n. ... This is a security-fix release. The highest severity issue fixed in this release is MODERATE. --------------------------------------------- https://mta.openssl.org/pipermail/openssl-announce/2017-December/000108.html ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010801 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010702 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010735 ∗∗∗ IBM Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by vulnerabilities in Oracle MySQL (Multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010736 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium (multiple CVEs) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010421 ∗∗∗ IBM Security Bulletin: Open Source GNU glibc Vulnerabilities affects IBM Security Guardium (CVE-2017-1000366) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22008897 ∗∗∗ IBM Security Bulletin: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vulnerabilities (CVE-2016-4658) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010734 ∗∗∗ IBM Security Bulletin: Selection of Less-Secure Algorithm During Negotiation vulnerability affects IBM Security Guardium (CVE-2017-1271) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010435 ∗∗∗ Asterisk chan_skinny Driver Bug Lets Remote Users Consume Excessive Memory Resources ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039948 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 01.12.2017
by Daily end-of-shift report 01 Dec '17

01 Dec '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 30-11-2017 18:00 − Freitag 01-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Petr Sikuta ===================== = News = ===================== ∗∗∗ Thousands of Serial-To-Ethernet Devices Leak Telnet Passwords ∗∗∗ --------------------------------------------- A security researcher has identified thousands of Serial-to-Ethernet devices connected online that leak Telnet passwords that could be used to attack the equipment that is placed behind them. [...] --------------------------------------------- https://www.bleepingcomputer.com/news/security/thousands-of-serial-to-ether… ===================== = Vulnerabilities = ===================== ∗∗∗ Geovap Reliance SCADA ∗∗∗ --------------------------------------------- This advisory contains mitigation details for a cross-site scripting vulnerability in Geovap's Reliance SCADA. --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02 ∗∗∗ DFN-CERT-2017-2180 - Apache Software Foundation Struts: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2180/ ∗∗∗ DFN-CERT-2017-2181 - Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2181/ ∗∗∗ Security Advisory - Multiple Vulnerabilities in Intel Management Engine Firmware ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Double Free Vulnerability in GPU Driver of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Two DOS Vulnerabilities of XML Parser in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Advisory - Multiple Buffer Overflow Vulnerabilities in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171201-… ∗∗∗ Security Notice - Statement About the Vulnerabilities in Huawei SmartCare Products Disclosed by Bhaskar Borman ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20171201-01-… ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by a Nginx vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011149 ∗∗∗ IBM Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010618 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, Faspex on Demand, Server on Demand, Application on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010689 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, Connect Server, Point to Point Client, Desktop Client, Faspstream, Cargo, and Sync ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011142 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Orchestrator, IBM Aspera Virtual Catcher, IBM Aspera Faspex, IBM Aspera Shares ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011143 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011146 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011145 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Transfer Clustered Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011148 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Aspera Enterprise Server, IBM Aspera Connect Server, IBM Aspera Point to Point Client, IBM Aspera Desktop Client and IBM Aspera Connect Browser Plugin ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011150 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22011151 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by vulnerability issues caused by libxml2 ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009408 ∗∗∗ IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects IBM InfoSphere Information Server ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010019 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010227 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA is Missing HTTP Strict-Transport-Security Header ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006185 ∗∗∗ IBM Security Bulletin: IBM TRIRIGA default login page has no defenses against clickjacking ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22006184 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 30.11.2017
by Daily end-of-shift report 30 Nov '17

30 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 29-11-2017 18:00 − Donnerstag 30-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Gefälschter Bluescreen: "Troubleshooter"-Malware zockt Windows-Nutzer ab ∗∗∗ --------------------------------------------- Derzeit ist eine Windows-Malware im Umlauf, die auf infizierten Rechnern einen Bluescreen simuliert und den Bildschirm sperrt. Sie beendet sich erst, wenn Opfer Geld für eine nicht existente Sicherheitssoftware überweisen. Außerdem fertigt sie einen Screenshot des Desktops – genauer: des Fensters im Vordergrund – an, um ihn an eine feste IP-Adresse zu verschicken. Das geht aus einem Blogeintrag eines Sicherheitsforschers von Malwarebytes hervor, der den von ihm entdeckten Schädling auf den Namen Troubleshooter getauft hat. --------------------------------------------- https://heise.de/-3905456 ===================== = Vulnerabilities = ===================== ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file.Exploitation of this vulnerability could cause a buffer overflow condition on the targeted system, causing the Network Recording Player to crash, resulting in a denial of service (DoS) --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ libcurl Out-of-Bounds Memory Read Error in FTP Wildcard Function Lets Remote Users Redirect the Target Client to an Arbitrary Site ∗∗∗ --------------------------------------------- Version(s): 7.21.0 - 7.56.1 A remote server can return specially crafted data to trigger an out-of-bounds memory read error in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH) and cause the target connected libcurl client to be redirected. libcurl applications that use HTTP or HTTPS URLs, allow libcurl redirects, and has FTP wildcards enabled are affected. --------------------------------------------- https://www.securitytracker.com/id/1039897 ∗∗∗ WordPress 4.9.1 Security and Maintenance Release ∗∗∗ --------------------------------------------- WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1 --------------------------------------------- https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance… ∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170503-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009849 ∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010587 ∗∗∗ IBM Security bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting (CVE-2017-1632) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010549 ∗∗∗ IBM Security bulletin: Access control security vulnerability affects IBM Sterling File Gateway (CVE-2017-1550) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010758 ∗∗∗ IBM Security bulletin: Cross-site scripting. security vulnerability affects IBM Sterling File Gateway (CVE-2017-1549) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010759 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1548, CVE-2017-1497) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010738 ∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1487) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010552 ∗∗∗ IBM Security bulletin: Cross-site scripting security vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1482) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010762 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005835 ∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management affected by vulnerability due to sensitive information stored in URL parameters. ∗∗∗ --------------------------------------------- https://www-01.ibm.com/support/docview.wss?uid=swg22005836 ∗∗∗ SSA-350846 (Last Update 2017-11-30): Vulnerabilities in SWT3000 ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-350846… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 29.11.2017
by Daily end-of-shift report 29 Nov '17

29 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 28-11-2017 18:00 − Mittwoch 29-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Annual Incident Analysis Report for the Trust Service Providers ∗∗∗ --------------------------------------------- One year after the eIDAS Regulation entered into force, ENISA publishes the first comprehensive overview of the annual summary reporting by the Member States. --------------------------------------------- https://www.enisa.europa.eu/news/enisa-news/annual-incident-analysis-report… ∗∗∗ Teure Angriffe auf ISDN-Anlagen ∗∗∗ --------------------------------------------- Neuartige Angriffe auf ISDN-Anlagen unterlaufen die Betrugserkennung der Telefongesellschaften durch die Nutzung von Call-by-Call-Vorwahlen und maximieren damit den Schaden. Gefährdet sind auch Besitzer älterer Anlagen ohne Internetanbindung. --------------------------------------------- https://www.heise.de/newsticker/meldung/Teure-Angriffe-auf-ISDN-Anlagen-390… ===================== = Vulnerabilities = ===================== ∗∗∗ Apple Security Update 2017-001 ∗∗∗ --------------------------------------------- Available for: macOS High Sierra 10.13.1 Impact: An attacker may be able to bypass administrator authentication without supplying the administrator’s password --------------------------------------------- https://support.apple.com/kb/HT208315 ∗∗∗ [webapps] Synology StorageManager 5.2 - Root Remote Command Execution ∗∗∗ --------------------------------------------- Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. --------------------------------------------- https://www.exploit-db.com/exploits/43190/?rss ∗∗∗ RSA Authentication Agent SDK for C Error Handling Flaw May Let Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- In applications that do not properly handle return codes from the API/SDK, a remote user may be able to trigger an error handling flaw and bypass authentication on the target system. Systems with the API/SDK used in TCP asynchronous mode may be affected. The RSA Authentication Agent API/SDK for Java is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039877 ∗∗∗ RSA Authentication Agent for Web for Apache Web Server Lets Remote Users Bypass Authentication on the Target System ∗∗∗ --------------------------------------------- A remote user can supply specially crafted data to trigger an input validation flaw and bypass authentication and gain access to resources ostensibly protected by the target agent. Agents configured to use the TCP protocol to communicate with the RSA Authentication Manager server are affected. The default configuration (UDP) is not affected. --------------------------------------------- http://www.securitytracker.com/id/1039876 ∗∗∗ Siemens SCALANCE W1750D, M800, and S615 ∗∗∗ --------------------------------------------- https://ics-cert.us-cert.gov/advisories/ICSA-17-332-01 ∗∗∗ Vuln: Multiple EMC RSA products CVE-2017-14378 Authentication Bypass Vulnerability ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101979 ∗∗∗ Vuln: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities ∗∗∗ --------------------------------------------- http://www.securityfocus.com/bid/101977 ∗∗∗ Cisco Secure Access Control System Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center URL Redirection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Event Center Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Meeting Server Unauthorized Welcome Message Modification Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco UCS Central Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Prime Service Catalog SQL Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Interactive TCL Shell Escape Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Image Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Guest Shell Unauthorized Internal Interface Access Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco NX-OS System Software Patch Signature Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Nexus Series Switches CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Jabber Clients Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IP Phone 8800 Series Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Email Security Appliance Malformed MIME Header Bypass Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Multiple Vulnerabilities in Cisco Data Center Network Manager Software ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Unified Communications Manager Cross-Site Scripting Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Meeting Server Denial of Service Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Cisco Application Policy Infrastructure Controller Local Command Injection and Privilege Escalation Vulnerability ∗∗∗ --------------------------------------------- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco… ∗∗∗ Security Advisory - Use After Free Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Multiple NTPd Vulnerabilities in Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Two Vulnerabilities in H323 protocol of Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - DoS Vulnerability in Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - A CGI application vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Network Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Samba Remote Code Execution Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Insufficient Input Validation Vulnerability in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Denial of Service Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ Security Advisory - Integer Overflow Vulnerability on Several Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-… ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009183 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security AppScan Enterprise ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010003 ∗∗∗ IBM Security Bulletin: Vulnerability in OpenSSL affects QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module and QLogic Virtual Fabric Extension Module for IBM BladeCenter systems (CVE-2016-7055) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099697 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 28.11.2017
by Daily end-of-shift report 28 Nov '17

28 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 27-11-2017 18:00 − Dienstag 28-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Further abusing the badPwdCount attribute ∗∗∗ --------------------------------------------- ... what happens if you store your password on all sorts of devices (for authenticating with Exchange, Skype For Business, etc.) and you change your password? That would result in Exchange, Windows or any other service trying to authenticate with an invalid password. If everything works correctly, you should be locked out very soon because of this. However, this is not the case. --------------------------------------------- https://blog.fox-it.com/2017/11/28/further-abusing-the-badpwdcount-attribut… ===================== = Vulnerabilities = ===================== ∗∗∗ Sicherheitsupdate: Thunderbird als Einfallstor für Schadcode ∗∗∗ --------------------------------------------- Nutzen Angreifer als kritisch eingestufte Sicherheitslücken in Thunderbird aus, könnten sie aus der Ferne Schadcode auf Computern ausführen. Eine abgesicherte Version löst diese Probleme. --------------------------------------------- https://heise.de/-3903023 ∗∗∗ Cisco Unified Computing System Manager and Cisco Firepower 9000 Remote Command Execution Vulnerability ∗∗∗ --------------------------------------------- A vulnerability in a CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance.The vulnerability is due to unprotected calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 --------------------------------------------- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-… ∗∗∗ DFN-CERT-2017-2131/">Foxit Reader, Foxit PhantomPDF: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗ --------------------------------------------- Mehrere Schwachstellen in Foxit Reader und Foxit PhantomPDF bis inklusive Version 8.3.2.25013 für Windows ermöglichen einem in den meisten Fällen entfernten, nicht authentisierten Angreifer die Ausführung beliebigen Programmcodes, die Durchführung von Denial-of-Service (DoS)-Angriffen und das Ausspähen von Informationen. Voraussetzung für erfolgreiche Angriffe ist, dass es dem Angreifer gelingt, einen Benutzer dazu zu verleiten, eine schädlich manipulierte Datei zu öffnen. Zwei weitere Schwachstellen können vermutlich nur von einem lokalen Angreifer ausgenutzt werden, um Informationen auszuspähen. --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2131/ ∗∗∗ [Xen-announce] Xen Security Advisory 246 - x86: infinite loop due to missing PoD error checking ∗∗∗ --------------------------------------------- A malicious HVM guest can cause one pcpu to permanently hang. This normally cascades into the whole system freezing, resulting in a a host Denial of Service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-246.html ∗∗∗ [Xen-announce] Xen Security Advisory 247 - Missing p2m error checking in PoD code ∗∗∗ --------------------------------------------- An unprivileged guest can retain a writable mapping of freed memory. Depending on how this page is used, it could result in either an information leak, or full privilege escalation. Alternatively, an unprivileged guest can cause Xen to hit a BUG(), causing a clean crash - ie, host-wide denial-of-service (DoS). --------------------------------------------- https://xenbits.xen.org/xsa/advisory-247.html ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15671 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K30314331 ∗∗∗ GNU C Library (glibc) vulnerability CVE-2017-15670 ∗∗∗ --------------------------------------------- https://support.f5.com/csp/article/K35129173 ∗∗∗ IBM Security Bulletin: Vulnerabilities in ntp affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099664 ∗∗∗ IBM Security Bulletin: Vulnerability in bash affects IBM Chassis Management Module (CVE-2016-9401) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099641 ∗∗∗ IBM Security Bulletin: Vulnerabilities in curl affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099665 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongSwan affect IBM Chassis Management Module (CVE-2017-9022, CVE-2017-9023) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099642 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxslt affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099666 ∗∗∗ IBM Security Bulletin: Vulnerabilities in strongswan affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099668 ∗∗∗ IBM Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099644 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099667 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2016-9318) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099643 ∗∗∗ IBM Security Bulletin: Vulnerability in bind affects IBM Chassis Management Module (CVE-2017-3142) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099645 ∗∗∗ IBM Security Bulletin: Vulnerabilities in bind affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099669 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099671 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-5969) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099660 ∗∗∗ IBM Security Bulletin: Vulnerability in libgcrypt affects IBM Chassis Management Module (CVE-2017-7526) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099652 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM Flex System Networking Switch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099693 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in expat (CVE-2012-6702 CVE-2016-5300) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099657 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libxml2 (CVE-2016-9318 CVE-2016-9597) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099655 ∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099703 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099702 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libs ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099653 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099696 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Flex System Networking Switch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099694 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM RackSwitch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099695 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bind (CVE-2016-9131 CVE-2016-9147 CVE-2016-9444) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099654 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM RackSwitch Products (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099704 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Flex System Networking Switch Products ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099701 ∗∗∗ IBM Security Bulletin: Vulnerability in X.Org libICE affects IBM Chassis Management Module (CVE-2017-2626) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099661 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099698 ∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter (CVE-2017-8872) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099700 ∗∗∗ IBM Security Bulletin: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch Module for IBM BladeCenter ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099699 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXrender (CVE-2016-7949 CVE-2016-7950) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099650 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXv ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099649 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libX11 ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099648 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in bind (CVE-2017-3135) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099658 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in bash (CVE-2014-6277 CVE-2014-6278 CVE-2016-0634 CVE-2016-7543) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099656 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in X.Org libXfixes (CVE-2016-7944 CVE-2013-1983) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099651 ∗∗∗ IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS. ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010856 ∗∗∗ IBM Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12615, CVE-2017-12616, CVE-2017-12617) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010577 ∗∗∗ IBM Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Scale SMB protocol access method (CVE-2017-12163, CVE-2017-12151, CVE-2017-12150) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010703 ∗∗∗ IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2017-12163) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010855 ∗∗∗ IBM Security Bulletin: IBM Cognos Controller 2017Q4 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010679 ∗∗∗ IBM Security Bulletin: IBM Connections Docs is Vulnerable to Denial of Service Issue in IBM WebSphere Application Server (CVE-2016-8919) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22005319 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 27.11.2017
by Daily end-of-shift report 27 Nov '17

27 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Freitag 24-11-2017 18:00 − Montag 27-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ Mobile Menace Monday: Chrome declares war on unwanted redirects ∗∗∗ --------------------------------------------- Google is initiating their plan to implement a few new changes in Chrome to defend against unwanted web redirects. A redirect happens when a different website from the URL that was entered opens in the browser. Sometimes redirects are intentional, as in when an organization/website is bought out by another entity and their traffic is redirected to the new owner. However, sometimes redirects are malicious and unwanted. --------------------------------------------- https://blog.malwarebytes.com/cybercrime/2017/11/chrome-declares-war-unwant… ===================== = Vulnerabilities = ===================== ∗∗∗ [Pdns-announce] PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 Available ∗∗∗ --------------------------------------------- We're happy to release PowerDNS Authoritative Server 4.0.5 and Recursor 4.0.7 which contain a lot of backports from the 4.1.x branch. These releases also drop support for Botan 1.10 in favor of Botan 2.x. More importantly there are fixes for the following security advisories: - Authoritative Server - PowerDNS Security Advisory 2017-04[1]: Missing check on API operations (CVE-2017-15091) - Recursor - PowerDNS Security Advisory 2017-03[2]: Insufficient validation of DNSSEC signatures (CVE-2017-15090) - PowerDNS Security Advisory 2017-05[3]: Cross-Site Scripting in the web interface (CVE-2017-15092) - PowerDNS Security Advisory 2017-06[4]: Configuration file injection in the API (CVE-2017-15093) - PowerDNS Security Advisory 2017-07[5]: Memory leak in DNSSEC parsing (CVE-2017-15094) --------------------------------------------- https://mailman.powerdns.com/pipermail/pdns-announce/2017-November/001077.h… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Mailserver-Software Exim - Workaround verfügbar ∗∗∗ --------------------------------------------- Das Exim-Projekt hat am 25. 11. 2017 Informationen zu einer schwerwiegenden Sicherheitslücke veröffentlicht. Details: Durch Ausnutzen eines Use-after-free Fehlers können Angreifer potentiell beliebigen Code auf betroffenen Mailservern ausführen. CVE-Nummern dazu: CVE-2017-16943, CVE-2017-16944 --------------------------------------------- http://www.cert.at/warnings/all/20171127.html ∗∗∗ Security Advisory - Improper Access Control Vulnerability in Some Huawei OceanStor products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171122-… ∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-… ∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗ --------------------------------------------- http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-… ∗∗∗ IBM Security Bulletin: Security Bulletin: Samba vulnerability affects IBM SONAS (CVE-2017-9461) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=ssg1S1010656 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-15906 in OpenSSH affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022349 ∗∗∗ IBM Security Bulletin: Vulnerability CVE-2017-14919 in Node.js affects IBM i ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=nas8N1022348 ∗∗∗ IBM Security Bulletin: Vulnerability in curl affects IBM Chassis Management Module (CVE-2017-7407) ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099640 ∗∗∗ IBM Security Bulletin: Vulnerabilities in NTP affect IBM Chassis Management Module ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099639 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 24.11.2017
by Daily end-of-shift report 24 Nov '17

24 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Donnerstag 23-11-2017 18:00 − Freitag 24-11-2017 18:00 Handler: Robert Waldner Co-Handler: n/a ===================== = News = ===================== ∗∗∗ Treat infosec fails like plane crashes – but hopefully with less death and twisted metal ∗∗∗ --------------------------------------------- We never learn from incidents, says Europol security adviser The world has never been so dependent on computers, networks and software so ensuring the security and availability of those systems is critical.… --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2017/11/24/infosec_dis… ∗∗∗ VB2017 video: FinFisher: New techniques and infection vectors revealed ∗∗∗ --------------------------------------------- Today, we publish the video of the VB2017 presentation by ESET researcher Filip Kafka, who looked at recent changes in the FinFisher government malware, including its infection vectors. --------------------------------------------- https://www.virusbulletin.com:443/blog/2017/11/vb2017-video-finfisher-new-t… ∗∗∗ 31 lückenhafte Banking-Apps: Forscher entlarven App-TAN-Verfahren abermals als unsicher ∗∗∗ --------------------------------------------- Sicherheitsforscher zeigen eine nicht ganz triviale Methode auf, über die Angreifer Online-Banking-Apps manipulieren könnten. Auch in Deutschland sind Banken betroffen. --------------------------------------------- https://heise.de/-3900945 ∗∗∗ Gefälschte BAWAG PSK-Sicherheits-App im Umlauf ∗∗∗ --------------------------------------------- Kriminelle versenden eine gefälschte BAWAG PSK-E-Mail. Darin fordern sie von Kund/innen, dass diese eine Sicherheits-App installieren. Sie ist Schadsoftware und ermöglicht es den Betrüger/innen, Zugriff auf das OnlineBanking-Konto ihrer Opfer zu erlangen. Kund/innen dürfen die angebliche Sicherheits-App nicht installieren. --------------------------------------------- https://www.watchlist-internet.at/phishing/gefaelschte-bawag-psk-sicherheit… ===================== = Vulnerabilities = ===================== ∗∗∗ Lancom: Wichtiges LCOS-Update stopft Sicherheitslücke ∗∗∗ --------------------------------------------- Die aktuelle Version von Lancoms Betriebssoftware für Router, Access Points und Switches beseitigt eine Sicherheitslücke, die Angreifern bei bestimmten Firmware-Versionen Zugriff auf Verwaltungsfunktionen ermöglicht. --------------------------------------------- https://www.heise.de/newsticker/meldung/Lancom-Wichtiges-LCOS-Update-stopft… ∗∗∗ FortiOS: Updates schützen unter anderem vor Cross-Site-Scripting ∗∗∗ --------------------------------------------- Fortinet warnt vor einer Lücke in seinem Betriebssystem FortiOS für FortiGate-Produkte. Einige Updates stehen schon bereit; weitere folgen in Kürze. --------------------------------------------- https://heise.de/-3901201 ∗∗∗ DFN-CERT-2017-2115/">OTRS: Zwei Schwachstellen ermöglichen u.a. die Ausführung beliebiger Kommandozeilenbefehle ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2115/ ∗∗∗ DFN-CERT-2017-2119/">FortiGate: Eine Schwachstelle ermöglicht u.a. einen Cross-Site-Scripting-Angriff ∗∗∗ --------------------------------------------- https://portal.cert.dfn.de/adv/DFN-CERT-2017-2119/ ∗∗∗ IBM Security Bulletin: OpenSSL command line utility in IBM Workload Scheduler can run with elevated priviliges (CVE-2017-1716) ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22010947 ∗∗∗ SSA-346262 (Last Update 2017-11-23): Denial-of-Service in Industrial Products ∗∗∗ --------------------------------------------- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-346262… -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 23.11.2017
by Daily end-of-shift report 23 Nov '17

23 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Mittwoch 22-11-2017 18:00 − Donnerstag 23-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Amazon Key Bug Lets Rogue Deliverymen Re-Enter Homes Without Being Recorded ∗∗∗ --------------------------------------------- A month after Amazon launched Amazon Key, security experts have already identified a flaw in the devices mode of operation that could allow rogue deliverymen to re-enter customer homes without being recorded. --------------------------------------------- https://www.bleepingcomputer.com/news/security/amazon-key-bug-lets-rogue-de… ∗∗∗ Firefox Nightly Build 58: Firefox warnt künftig vor Webseiten mit Datenlecks ∗∗∗ --------------------------------------------- Im Nightly Build 58 testet Mozillaeinige neue Funktionen: So sollen Nutzer bald personalisierte Artikelvorschläge von Pocket bekommen. Außerdem werden Nutzer womöglich bald vor Webseiten gewarnt, die im großen Stil Nutzerdaten verloren haben. --------------------------------------------- https://www.golem.de/news/firefox-nightly-build-58-firefox-warnt-kuenftig-v… ∗∗∗ systemd Vulnerability Leads to Denial of Service on Linux ∗∗∗ --------------------------------------------- Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/systemd-vulnerab… ∗∗∗ Advisory: Turla group malware ∗∗∗ --------------------------------------------- This report provides new intelligence derived from NCSC investigations into two tools used by the Turla group to target the UK, known as Neuron and Nautilus. --------------------------------------------- https://www.ncsc.gov.uk/alerts/turla-group-malware ∗∗∗ Erpressungstrojaner qkG manipuliert Word-Template zur weiteren Verbreitung ∗∗∗ --------------------------------------------- Sicherheitsforscher sind auf eine neue Ransomware gestoßen, die es vorrangig auf Word-Nutzer abgesehen hat. --------------------------------------------- https://heise.de/-3899132 ∗∗∗ Mac-Malware Proton gibt sich als "Symantec Malware Detector" aus ∗∗∗ --------------------------------------------- Getarnt als Malware-Erkennung wurde der Mac-Trojaner über ein vermeintliches Symantec-Blog vertrieben. Eine über soziale Netze verbreitete Falschmeldung soll Nutzer zur Installation bringen. --------------------------------------------- https://heise.de/-3900056 ∗∗∗ Schwerer Bug erlaubt, macOS via USB-Stick zu knacken ∗∗∗ --------------------------------------------- Apple hat Fehler bereits geschlossen – Reparaturwerkzeug als Angriffspunkt --------------------------------------------- http://derstandard.at/2000068349782 ===================== = Vulnerabilities = ===================== ∗∗∗ FortiWebManager 5.8.0 improperly handles admin login access ∗∗∗ --------------------------------------------- FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string. --------------------------------------------- http://fortiguard.com/psirt/FG-IR-17-248 ∗∗∗ TablePress <= 1.8 - Authenticated XML External Entity (XXE) ∗∗∗ --------------------------------------------- https://wpvulndb.com/vulnerabilities/8963 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in sudo. ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099647 ∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in curl ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099663 ∗∗∗ IBM Security Bulletin: IBM Flex System FC5022 16Gb SAN Scalable Switch is affected by vulnerabilities in OpenSSH ∗∗∗ --------------------------------------------- https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099674 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 22.11.2017
by Daily end-of-shift report 22 Nov '17

22 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Dienstag 21-11-2017 18:00 − Mittwoch 22-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl ===================== = News = ===================== ∗∗∗ Verbraucherschutz: Sportuhr-Hersteller gehen unsportlich mit Daten um ∗∗∗ --------------------------------------------- Herzfrequenz und Schlafphasen: Apple, Garmin und andere Hersteller von Sportuhren und Fitnesstrackern speichern auf ihren Portalen sehr persönliche Nutzerdaten. Bei einem Praxistest sind nur zwei Hersteller korrekt mit dem Auskunftsrecht des Kunden umgegangen. --------------------------------------------- https://www.golem.de/news/verbraucherschutz-sportuhr-hersteller-gehen-unspo… ∗∗∗ Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability ∗∗∗ --------------------------------------------- Intel recently released a security advisory detailing several security flaws in its Management Engine (ME). The advisory provides critical ME, Trusted Execution Technology (TXT), and Server Platform Services (SPS) firmware .. --------------------------------------------- http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-cve-2… ∗∗∗ Sicherheitslücke in HP-Druckern – Firmware-Updates stehen bereit ∗∗∗ --------------------------------------------- Unter Verwendung spezieller Malware können Angreifer aus der Ferne auf Drucker von HP zugreifen und dort unter anderem gerätespezifische Befehle ausführen. Der Hersteller hat Updates bereitgestellt und empfiehlt die umgehende Aktualisierung. --------------------------------------------- https://heise.de/-3897679 ∗∗∗ Deutsche Behörde: Staat muss digital zurückschlagen können ∗∗∗ --------------------------------------------- In der Schweiz erlaubte "Hackbacks" als Beispiel genannt --------------------------------------------- http://derstandard.at/2000068302436 ===================== = Vulnerabilities = ===================== ∗∗∗ ZDI-17-927: Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability ∗∗∗ --------------------------------------------- This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. --------------------------------------------- http://www.zerodayinitiative.com/advisories/ZDI-17-927/ ∗∗∗ IBM Security Bulletin: Security Vulnerabilities in IBM HTTP Server (CVE-2017-9798, CVE-2017-12618) ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22009782 ∗∗∗ RSA Authentication Manager Input Validation Flaw in Security Console Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗ --------------------------------------------- http://www.securitytracker.com/id/1039853 ∗∗∗ USN-3489-2: Berkeley DB vulnerability ∗∗∗ --------------------------------------------- http://www.ubuntu.com/usn/usn-3489-2/ -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Tageszusammenfassung - 21.11.2017
by Daily end-of-shift report 21 Nov '17

21 Nov '17

===================== = End-of-Day report = ===================== Timeframe: Montag 20-11-2017 18:00 − Dienstag 21-11-2017 18:00 Handler: Nina Bieringer Co-Handler: Robert Waldner ===================== = News = ===================== ∗∗∗ SSL Certificate Provider StartCom Shuts Down After Browser Ban ∗∗∗ --------------------------------------------- Certificate Authority (CA) StartCom announced last week, on Friday, its intention to cease operations by 2018, and completely shut down its certificate infrastructure by .. --------------------------------------------- https://www.bleepingcomputer.com/news/security/ssl-certificate-provider-sta… ∗∗∗ Factsheet Building a SOC: start small ∗∗∗ --------------------------------------------- An increasingly common way to achieve visibility and control of information security is to implement a Security Operations Centre (SOC). In order for a SOC to function successfully, it must be tied in with the business processes. This makes building a SOC .. --------------------------------------------- https://www.ncsc.nl/english/current-topics/factsheets/factsheet-building-a-… ∗∗∗ The Art of Fuzzing – Slides and Demos ∗∗∗ --------------------------------------------- Over the last weeks I presented talks on the topic of fuzzing at conferences such as DefCamp, Heise Dev Sec, IT-SeCX and BSides Vienna. As promised, I make my slides and demos available to the public with this blog post . --------------------------------------------- https://www.sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-d… ∗∗∗ Kritische Sicherheitslücke: Traffic von F5 BIG-IP-Appliances lässt sich entschlüsseln ∗∗∗ --------------------------------------------- Firewalls, Load-Balancer und andere BIG-IP-Systeme sind anfällig für einen Angriff, bei dem dritte den verschlüsselten SSL-Traffic zwischen Client und Appliance abhören können. Admins, die solche Systeme im Einsatz haben .. --------------------------------------------- https://heise.de/-3895060 ∗∗∗ Intel stopft neue Sicherheitslücken der Management Engine (SA-00086) ∗∗∗ --------------------------------------------- Intels Security Advisory SA-00086 beschreibt mehrere Fehler in der Firmware der Management Engine (ME 11.0 bis 11.7), in Trusted Execution Engine 3.0 und in den Server Platform Services (SPS 4.0). --------------------------------------------- https://heise.de/-3895175 ∗∗∗ OSX.Proton spreading through fake Symantec blog ∗∗∗ --------------------------------------------- A new variant of the OSX.Proton malware is being promoted via a fake Symantec blog site. --------------------------------------------- https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/o… ∗∗∗ Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren ∗∗∗ --------------------------------------------- Schwerwiegende Sicherheitsprobleme in Systemen mit aktuellen Intel-Prozessoren 21. November 2017 Beschreibung Wie Intel meldet (INTEL-SA-00086), gibt es aktuell mehrere Schwachstellen in Systemen mit .. --------------------------------------------- http://www.cert.at/warnings/all/20171121.html ===================== = Vulnerabilities = ===================== ∗∗∗ Security Advisory 2017-07: Security Update for OTRS Framework ∗∗∗ --------------------------------------------- Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities .. --------------------------------------------- https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framewo… ∗∗∗ Samba: Use-after-free vulnerability ∗∗∗ --------------------------------------------- All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-14746.html ∗∗∗ Samba: Server heap memory information leak ∗∗∗ --------------------------------------------- All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared. --------------------------------------------- https://www.samba.org/samba/security/CVE-2017-15275.html ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron ∗∗∗ --------------------------------------------- http://www.ibm.com/support/docview.wss?uid=swg22009696 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗ --------------------------------------------- http://www-01.ibm.com/support/docview.wss?uid=swg22010685 -- CERT.at Daily mailing list Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Daily