[CERT-daily] Tageszusammenfassung - 12.07.2017

Daily end-of-shift report team at cert.at
Wed Jul 12 18:15:55 CEST 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 11-07-2017 18:00 − Mittwoch 12-07-2017 18:00
Handler:     Stephan Richter
Co-Handler:  

=====================
=        News       =
=====================

∗∗∗ NTLM Relay Attacks Still Causing Problems in 2017 ∗∗∗
---------------------------------------------
Microsofts July 2017 Patch Tuesday includes a fix for an issue with the NT LAN Manager (NTLM) Authentication Protocol that can be exploited to allow attackers to create admin accounts on a local networks domain controller (DC). [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/ntlm-relay-attacks-still-causing-problems-in-2017/


∗∗∗ HTTPS: Private Schlüssel auf dem Webserver ∗∗∗
---------------------------------------------
Zu einem Zertifikat für verschlüsselte HTTPS-Verbindungen gehört ein privater Schlüssel. Doch was, wenn der Schlüssel auf dem Webserver landet - und dann nicht mehr privat ist? Wir fanden zahlreiche Webseiten, die ihren privaten Schlüssel zum Herunterladen anbieten. (SSL, Technologie)
---------------------------------------------
https://www.golem.de/news/https-private-schluessel-auf-dem-webserver-1707-128860-rss.html


∗∗∗ Telegram-Controlled Hacking Tool Targets SQL Injection at Scale ∗∗∗
---------------------------------------------
The Katyusha Scanner can find SQL injection bugs at scale, and is managed via the Telegram messenger on any smartphone.
---------------------------------------------
http://threatpost.com/telegram-controlled-hacking-tool-targets-sql-injection-at-scale/126763/


∗∗∗ July 2017 security update release ∗∗∗
---------------------------------------------
Today, we released security updates to provide additional protections against malicious attackers. By default, Windows 10 receives these updates automatically, and for customers running previous versions, we recommend they turn on automatic updates as a best practice. More information about this month’s security updates can be found on the Security Update Guide. MSRC team
---------------------------------------------
https://blogs.technet.microsoft.com/msrc/2017/07/11/july-2017-security-update-release/


∗∗∗ Who Controls The Internet? ∗∗∗
---------------------------------------------
The title of the paper Who controls the Internet? Analyzing global threats using property traversal graphs is enough to ensnare any Internet researcher. The control plane for a number of attacks, as the paper points out, is the DNS due to the role it plays in mapping names to resources. MX records in the DNS control [...]
---------------------------------------------
http://dyn.com/blog/who-controls-the-internet/


∗∗∗ Julys Microsoft Patch Tuesday, (Tue, Jul 11th) ∗∗∗
---------------------------------------------
TodaysMicrosoft Patch Tuesdayfixes critical and important flaws that, if exploited, could give an attacker a range of possibilities - from privilege escalation to remote code execution (RCE) - on different Windows OS and Microsoft Office versions.
---------------------------------------------
https://isc.sans.edu/diary/rss/22602


∗∗∗ Backup Scripts, the FIM of the Poor, (Wed, Jul 12th) ∗∗∗
---------------------------------------------
File Integrity Management or FIM is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often.
---------------------------------------------
https://isc.sans.edu/diary/rss/22606


∗∗∗ Systemic Vulnerabilities in Customer-Premises Equipment (CPE) Routers ∗∗∗
---------------------------------------------
Customer-premises equipment (CPE)—specifically small office/home office (SOHO) routers—has become ubiquitous. CPE routers are notorious for their web interface vulnerabilities, old versions of software components with known vulnerabilities, default and hard-coded credentials, and other security issues.
---------------------------------------------
http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=502613


∗∗∗ What will it take to improve the ICS patch process? ∗∗∗
---------------------------------------------
While regular patching is indisputably good advice for IT networks, one of the main takeaways from the Petya and WannaCry attacks is that a lot of companies don’t do it. And with even more NSA exploits like EternalBlue scheduled to be released by The Shadow Brokers (TSB), it’s certainly not going to get any better. Patching IT systems is hard enough, but it’s even more difficult to patch industrial control systems (ICS), commonly found in [...]
---------------------------------------------
https://www.helpnetsecurity.com/2017/07/12/ics-patch-process/



=====================
=    Advisories     =
=====================

∗∗∗ Security Update for Windows Kernel (3186973) ∗∗∗
---------------------------------------------
V1.0 (September 13, 2016): Bulletin published. 
V2.0 (July 11, 2017): Revised Windows Affected Software and Vulnerability Severity Ratings table to include Windows 10 Version 1703 for 32-bit Systems and Windows 10 Version 1703 for x64-based Systems because they are affected by CVE-2016-3305. Microsoft recommends that customers running Windows 10 Version 1703 should install update 4025342 to be protected from this vulnerability.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS16-111


∗∗∗ [2017-07-12] Multiple critical vulnerabilities in AGFEO smart home ES 5xx/6xx products ∗∗∗
---------------------------------------------
The AGFEO ES 5xx/6xx SmartHome product lines are prone to multiple critical vulnerabilities. It is possible to read the whole user database by an active debug web service in order to reveal all passwords even from the administrative account. Furthermore, many debug services are active which enable an attacker to reconfigure the whole device without such administrative permissions. A hardcoded cryptographic key pair is embedded in the firmware which is used for HTTPS communication. Those keys [...]
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170712-0_AGFEO_Smart_Home_Multiple_critical_vulnerabilities_v10.txt


∗∗∗ Fuji Electric V-Server ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02


∗∗∗ ABB VSN300 WiFi Logger Card ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-03


∗∗∗ OSIsoft PI Coresight ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-04


∗∗∗ Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622 ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06


∗∗∗ OSIsoft PI ProcessBook and PI ActiveView ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-192-05


∗∗∗ NetIQ Privileged Account Manager 3.1 Patch Update 3 (3.1.0.3) ∗∗∗
---------------------------------------------
https://download.novell.com/Download?buildid=MtsbTyzebZw~


∗∗∗ DFN-CERT-2017-1206/">FreeBSD, Heimdal: Eine Schwachstelle ermöglicht die vollständige Kompromittierung des Dienstes ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1206/


∗∗∗ Security Advisory - Directory Traversal Vulnerability in Push Module of Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170712-01-push-en


∗∗∗ Security Advisory - Escalation of Privilege Vulnerability in Intel AMT, Intel ISM and Intel SMT ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170712-01-intel-en


∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Push Module of Huawei Smart Phone ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170712-02-push-en


∗∗∗ IBM Security Bulletin: Daeja ViewONE arbitrary files can be accessed ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22003806


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22004602


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Functional Tester (CVE-2017-3511, CVE-2017-3514, CVE-2017-3539) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005085


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in zlib affects IBM Common Inventory Technology (CIT) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005841


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities addressed in the IBM Emptoris Sourcing product (CVE-2017-1447, CVE-2017-1449, CVE-2017-1450, CVE-2017-1444) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22005834


∗∗∗ IBM Security Bulletin: Vulnerability in account lockout affects IBM License Metric Tool v9.x and IBM BigFix Inventory v9.x (CVE-2016-8964) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21995024


∗∗∗ IBM Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL ∗∗∗
---------------------------------------------
http://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=MIGR-5099631


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities addressed in IBM Emptoris Strategic Supply Management (CVE-2016-6019, CVE-2016-8951, CVE-2016-8952 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22005839


∗∗∗ IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM WebSphere MQ (CVE-2016-3485 ) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22001630


∗∗∗ JSA10806 - 2017-07 Security Bulletin: Junos OS: SRX Series: Cluster configuration synch failures occur if the root user account is locked out (CVE-2017-10604) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10806&actp=RSS


∗∗∗ JSA10775 - 2017-07 Security Bulletin: OpenSSL Security Advisory [26 Jan 2017] ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10775&actp=RSS


∗∗∗ JSA10779 - 2017-07 Security Bulletin: Junos: RPD crash due to malformed BGP OPEN message (CVE-2017-2314) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10779&actp=RSS


∗∗∗ JSA10782 - 2017-07 Security Bulletin: ScreenOS: Multiple XSS vulnerabilities in ScreenOS Firewall ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10782&actp=RSS


∗∗∗ JSA10787 - 2017-07 Security Bulletin: Junos: VM to host privilege escalation in platforms with Junos OS running in a virtualized environment. (CVE-2017-2341) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787&actp=RSS


∗∗∗ JSA10789 - 2017-07 Security Bulletin: Junos: SRX Series denial of service vulnerability in flowd due to crafted DHCP packet (CVE-2017-10605) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10789&actp=RSS


∗∗∗ JSA10790 - 2017-07 Security Bulletin: SRX Series: MACsec failure to report errors (CVE-2017-2342) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10790&actp=RSS


∗∗∗ JSA10791 - 2017-07 Security Bulletin: SRX Series: Hardcoded credentials in Integrated UserFW feature. (CVE-2017-2343) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10791&actp=RSS


∗∗∗ JSA10792 - 2017-07 Security Bulletin: Junos: Buffer overflow in sockets library (CVE-2017-2344) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10792&actp=RSS


∗∗∗ JSA10793 - 2017-07 Security Bulletin: Junos: snmpd denial of service upon receipt of crafted SNMP packet (CVE-2017-2345) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10793&actp=RSS


∗∗∗ JSA10794 - 2017-07 Security Bulletin: MS-MPC or MS-MIC crash when passing large fragmented traffic through an ALG (CVE-2017-2346) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10794&actp=RSS


∗∗∗ JSA10797 - 2017-07 Security Bulletin: Junos OS: Incorrect argument handling in sendmsg() affects Junos OS (CVE-2016-1887) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10797&actp=RSS


∗∗∗ HPE Performance Center Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038868


∗∗∗ HPE LoadRunner Input Validation Flaw Lets Remote Users Conduct Cross-Site Scripting Attacks ∗∗∗
---------------------------------------------
http://www.securitytracker.com/id/1038867


∗∗∗ Linux kernel vulnerability CVE-2017-1000365 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15412203


∗∗∗ Linux kernel vulnerability CVE-2016-8399 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23030550


∗∗∗ IPv6 fragmentation vulnerability CVE-2016-10142 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K57211290

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list