[CERT-daily] Tageszusammenfassung - 30.11.2017

Thu Nov 30 18:13:15 CET 2017

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 29-11-2017 18:00 − Donnerstag 30-11-2017 18:00
Handler:     Nina Bieringer
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Gefälschter Bluescreen: "Troubleshooter"-Malware zockt Windows-Nutzer ab ∗∗∗
---------------------------------------------
Derzeit ist eine Windows-Malware im Umlauf, die auf infizierten Rechnern einen Bluescreen simuliert und den Bildschirm sperrt. Sie beendet sich erst, wenn Opfer Geld für eine nicht existente Sicherheitssoftware überweisen. Außerdem fertigt sie einen Screenshot des Desktops – genauer: des Fensters im Vordergrund – an, um ihn an eine feste IP-Adresse zu verschicken. Das geht aus einem Blogeintrag eines Sicherheitsforschers von Malwarebytes hervor, der den von ihm entdeckten Schädling auf den Namen Troubleshooter getauft hat.
---------------------------------------------
https://heise.de/-3905456


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Cisco WebEx Network Recording Player Buffer Overflow Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to launch the file.Exploitation of this vulnerability could cause a buffer overflow condition on the targeted system, causing the Network Recording Player to crash, resulting in a denial of service (DoS)
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-webex


∗∗∗ libcurl Out-of-Bounds Memory Read Error in FTP Wildcard Function Lets Remote Users Redirect the Target Client to an Arbitrary Site ∗∗∗
---------------------------------------------
Version(s): 7.21.0 - 7.56.1
A remote server can return specially crafted data to trigger an out-of-bounds memory read error in the FTP wildcard matching function (CURLOPT_WILDCARDMATCH) and cause the target connected libcurl client to be redirected. libcurl applications that use HTTP or HTTPS URLs, allow libcurl redirects, and has FTP wildcards enabled are affected.
---------------------------------------------
https://www.securitytracker.com/id/1039897


∗∗∗ WordPress 4.9.1 Security and Maintenance Release ∗∗∗
---------------------------------------------
WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1
---------------------------------------------
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/


∗∗∗ Security Advisory - Remote Code Execution Vulnerability in Microsoft Windows Server Service ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-windows-en


∗∗∗ Security Advisory - Memory Leak Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171129-01-xml-en


∗∗∗ Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-en


∗∗∗ Security Advisory - Multiple Vulnerabilities of WPA and WPA2 Protocol in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171117-01-wpa-en


∗∗∗ Security Advisory - Three OpenSSL Vulnerabilities in Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170503-01-openssl-en


∗∗∗ IBM Security Bulletin: Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22009849


∗∗∗ IBM Security Bulletin: Apache Commons FileUpload Vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2016-1000031) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010587


∗∗∗ IBM Security bulletin: IBM Sterling File Gateway is vulnerable to cross-site scripting (CVE-2017-1632) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010549


∗∗∗ IBM Security bulletin: Access control security vulnerability affects IBM Sterling File Gateway (CVE-2017-1550) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010758


∗∗∗ IBM Security bulletin: Cross-site scripting. security vulnerability affects IBM Sterling File Gateway (CVE-2017-1549) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010759


∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1548, CVE-2017-1497) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010738


∗∗∗ IBM Security bulletin: Information disclosure vulnerability affects IBM Sterling File Gateway (CVE-2017-1487) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010552


∗∗∗ IBM Security bulletin: Cross-site scripting security vulnerability affects IBM Sterling B2B Integrator (CVE-2017-1482) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22010762


∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management vulnerable to SQL injection. ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22005835


∗∗∗ IBM Security Bulletin: IBM Atlas eDiscovery Process Management affected by vulnerability due to sensitive information stored in URL parameters. ∗∗∗
---------------------------------------------
https://www-01.ibm.com/support/docview.wss?uid=swg22005836


∗∗∗ SSA-350846 (Last Update 2017-11-30): Vulnerabilities in SWT3000 ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-350846.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily