[CERT-daily] Tageszusammenfassung - Donnerstag 23-03-2017

Thu Mar 23 18:34:15 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 22-03-2017 18:00 − Donnerstag 23-03-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Google: Die Hälfte aller Android-Geräte erhält unsere Sicherheitspakete nicht ***
---------------------------------------------
Google macht Fortschritte im Kampf gegen Malware im Play Store, muss aber eingestehen, dass mehr als eine halbe Milliarde Android-Geräte die regelmäßigen Sicherheitsupdates der Firma nicht erhält. Viele dieser Geräte haben eklatante Sicherheitslücken.
---------------------------------------------
https://heise.de/-3662665


*** AIX for Penetration Testers ***
---------------------------------------------
This was my first encounter with privilege escalation on AIX and I was pretty surprised by how little information I found online on enumerating AIX systems. ... It took me a little time going through various AIX system administration guides and command cheatsheets (links at the bottom of the post) and putting together a list of various post-exploitation techniques to use on the box. I decided to put this blog-post up with the hope that it will one day help another clueless pentester/red teamer.
---------------------------------------------
https://thevivi.net/2017/03/19/aix-for-penetration-testers/


*** Avatar Rootkit: Decryption of the Key and Data ***
---------------------------------------------
In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below. 
---------------------------------------------
http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-2/


*** [R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities ***
---------------------------------------------
Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243.
---------------------------------------------
http://www.tenable.com/security/tns-2017-09


*** Vuln: libavcodec CVE-2017-7206 Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/97006


*** VMware AirWatch Input Validation Flaw in Shared Filenames Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1038116


*** Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en


*** DFN-CERT-2017-0508/">Apple iTunes: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0508/


*** Vuln: NfSen CVE-2017-6972 Unspecified Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/97016


*** DFN-CERT-2017-0506/">NTP: Mehrere Schwachstellen ermöglichen u.a. die Auführung beliebigen Programmcodes mit den Rechten des Dienstes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0506/


*** DFN-CERT-2017-0518/">Samba: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0518/


*** DFN-CERT-2017-0515/">Git: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0515/


*** DFN-CERT-2017-0520/">BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0520/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21999563
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology ***
http://www.ibm.com/support/docview.wss?uid=swg21999820
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance ***
http://www.ibm.com/support/docview.wss?uid=swg22000304
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Cross-Site Scripting (XSS) (CVE-2016-9737) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996200
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21996836
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306) ***
http://www.ibm.com/support/docview.wss?uid=swg22000209
---------------------------------------------
*** IBM Security Bulletin: IBM Jazz for Service Management (Jazz SM) is affected by a code execution vulnerability in IBM Tivoli Common Reporting (TCR) (CVE-2016-5983) ***
http://www.ibm.com/support/docview.wss?uid=swg22000719
---------------------------------------------