[CERT-daily] Tageszusammenfassung - 06.11.2017

Daily end-of-shift report team at cert.at
Mon Nov 6 18:11:12 CET 2017


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 03-11-2017 18:00 − Montag 06-11-2017 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

=====================
=  Vulnerabilities  =
=====================

∗∗∗ DFN-CERT-2017-1961/">Tor Browser: Eine Schwachstelle ermöglicht das Ausspähen von Informationen ∗∗∗
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten URL, die von einem Benutzer des Tor Browsers aufgerufen wird, eine direkte Verbindung des Systems zu entfernten Hosts erzwingen und dadurch die echte IP-Adresse des betroffenen Systems ausspähen.
Das Tor Projekt informiert über die Schwachstelle im Tor Browser auf Linux- und macOS-Systemen und stellt die Versionen 7.0.7 und 7.5a7 als Sicherheitsupdates zur Verfügung. Benutzer von Tails und dem vom Tor Projekt veröffentlichten Sandboxed Tor Browser sind nicht betroffen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2017-1961/


∗∗∗ Bugtraq: Webmin v1.850 Remote Code Execution (hyp3rlinx / apparitionsec) ∗∗∗
---------------------------------------------
The following advisory describes three (3) vulnerabilities found in Webmin version 1.850
...
XSS vulnerability that leads to Remote Code Execution
CSRF Schedule arbitrary commands
Server Side Request Forgery
---------------------------------------------
http://www.securityfocus.com/archive/1/541481


∗∗∗ Vuln: Avaya IP Office Contact Center CVE-2017-12969 Remote Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
Avaya IP Office Contact Center is prone to a remote buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition.
Avaya IP Office (IPO) versions 9.1.0 through 10.1 are vulnerable. 
---------------------------------------------
http://www.securityfocus.com/bid/101667


∗∗∗ IBM Security Bulletin: IBM Web Experience Factory is affected by an Apache Commons FileUpload vulnerability ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010215


∗∗∗ IBM Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22009870


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009242


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009240


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site request forgery vulnerability (CVE-2017-1194) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009591


∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Business Process Manager affects IBM Cloud Orchestrator (CVE-2017-1140) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000354


∗∗∗ IBM Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2017-1137) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg2C1000349


∗∗∗ BIG-IP FastL4 TMM vulnerability CVE-2017-6166 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K65615624


∗∗∗ PHP vulnerability CVE-2017-11628 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K75543432

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list