[CERT-daily] Tageszusammenfassung - Freitag 24-03-2017

Fri Mar 24 18:06:02 CET 2017

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-03-2017 18:00 − Freitag 24-03-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** TROOPERS 2017 Day #4 Wrap-Up ***
---------------------------------------------
I'm just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition.
---------------------------------------------
https://blog.rootshell.be/2017/03/23/troopers-2017-day-4-wrap/


*** Google slaps Symantec for sloppy certs, slow show of SNAFUs ***
---------------------------------------------
Certs will keep working, but Chrome will be suspicious, soon Googles Chrome development team has posted a stinging criticism of Symantecs certificate-issuance practices, saying it has lost confidence in the companys practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/


*** Referrer spoofing with iframe injection ***
---------------------------------------------
Last year we've been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give it a try and find a way around the patch. Honestly I don't feel it's a bypass but clearly a variation. From a practical point of view, it works again and bypasses the patch...
---------------------------------------------
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/


*** VMSA-2017-0004.6 ***
---------------------------------------------
VMware product updates resolve remote code execution vulnerability via Apache Struts 2
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2017-0004.html


*** Betrugsnetzwerk: Kinox.to-Nutzern Abofallen andrehen ***
---------------------------------------------
Eine Betrugskampagne nutzt Sicherheitslücken im Stock-Browser von Android aus, um Nutzern Abofallen und Premiumdienste zuzuschieben. Die Betrüger bauen gefälschte Webshops auf, um legitim zu erscheinen. (Abofallen, Server)
---------------------------------------------
https://www.golem.de/news/betrugsnetzwerk-mit-fake-webshops-kinox-to-nutzern-abofallen-andrehen-1703-126909-rss.html


*** DFN-CERT-2017-0524/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ***
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im Traffic Management Microkernel (TMM) auf BIG-IP-Systemen durch die Versendung präparierten Netzwerkverkehrs für einen Denial-of-Service (DoS)-Angriff ausnutzen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0524/


*** Erpressung durch iCloud-Fernlöschung: Wie Sie Ihr iPhone schützen ***
---------------------------------------------
Unbekannte drohen damit, wahllos iPhones zu löschen - wenn Apple nicht zahlt. Die Angreifer sind offenbar in Besitz von iCloud-Zugangsdaten. Mac & i erklärt, wie man sich gegen einen derartigen Angriff wappnen kann.
---------------------------------------------
https://heise.de/-3663802


*** LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA ***
---------------------------------------------
This advisory contains mitigation details for a path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01


*** BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a hard-coded password vulnerability in the Becton, Dickinson and Company (BD) Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01


*** Vuln: libpcre Multiple Security Vulnerabilities ***
---------------------------------------------
libpcre is prone to the following multiple security vulnerabilities:
1. A denial-of-service vulnerability
2. Multiple stack-based buffer-overflow vulnerabilities
Attackers can exploit these issues to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
libpcre1 in PCRE 8.40 is vulnerable; other versions may also be affected. 
---------------------------------------------
http://www.securityfocus.com/bid/97067


*** DFN-CERT-2017-0526/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht das Ausspähen von Informationen ***
---------------------------------------------
Ein lokaler, einfach authentisierter Angreifer mit erweiterten Privilegien kann sensitive Daten ausspähen, die seit dem letzten Neustart betroffener Geräte angefallen sind. Dazu gehören beispielsweise die Passwörter zu kürzlich erstellten Benutzerkonten.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0526/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021868
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021926
---------------------------------------------
*** IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120) ***
http://www-01.ibm.com/support/docview.wss?uid=swg22000152
---------------------------------------------
*** IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1 ***
http://www.ibm.com/support/docview.wss?uid=swg21999483
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0 ***
http://www.ibm.com/support/docview.wss?uid=swg21998874
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware ***
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099552
---------------------------------------------