[CERT-daily] Tageszusammenfassung - 16.08.2018

Daily end-of-shift report team at cert.at
Thu Aug 16 18:34:58 CEST 2018


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-08-2018 18:00 − Donnerstag 16-08-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ VORACLE Attack Can Recover HTTP Data From VPN Connections ∗∗∗
---------------------------------------------
A new attack named VORACLE can recover HTTP traffic sent via encrypted VPN connections under certain conditions. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/


∗∗∗ Microsoft Flaw Allows Full Multi-Factor Authentication Bypass ∗∗∗
---------------------------------------------
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
---------------------------------------------
https://threatpost.com/microsoft-flaw-allows-full-multi-factor-authentication-bypass/135086/


∗∗∗ Linux: Kernel und Distributionen schützen vor Prozessorlücke Foreshadow/L1TF ∗∗∗
---------------------------------------------
Mit neuen Kernel-Updates kann man sich vor den als Foreshadow oder L1TF genannten Prozessorlücken schützen, die viele moderne Intel-Prozessoren betreffen.
---------------------------------------------
http://heise.de/-4137264


∗∗∗ Patchday Microsoft: Angreifer attackieren Internet Explorer ∗∗∗
---------------------------------------------
In diesem Monat veröffentlicht Microsoft Sicherheitsupdates für 60 Lücken in Windows & Co. Zwei Schwachstellen sind derzeit im Fokus von Angreifern.
---------------------------------------------
http://heise.de/-4137351
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/


∗∗∗ August 2018 Office Update Release ∗∗∗
---------------------------------------------
The August 2018 Public Update releases for Office are now available! This month, there are 23 security updates and 23 non-security updates. All of the security and non-security updates are listed in KB article 4346823. A new version of Office 2013 Click-To-Run is available: 15.0.5059.1000 A new version of Office 2010 Click-To-Run is available: 14.0.7212.5000
---------------------------------------------
https://blogs.technet.microsoft.com/office_sustained_engineering/2018/08/14/august-2018-office-update-release/


∗∗∗ Betrügerische E-Mail der Internet Domain Services Austria (IDSA) ∗∗∗
---------------------------------------------
Selbstständige, Vereine und Unternehmen erhalten von den Internet Domain Services Austria (IDSA) eine E-Mail. Sie sollen 197,50 Euro an idsa.at zahlen, damit Fremde keine Domain registrieren, die ihrer ähnelt. Empfänger/innen können die Nachricht ignorieren, denn ihr Inhalt ist betrügerisch und erfunden. Ebenso wenig gibt es die Internet Domain Services Austria.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerische-e-mail-der-internet-domain-services-austria-idsa/


∗∗∗ Pfändungstermine wegen Urheberrechtsverletzung ignorieren ∗∗∗
---------------------------------------------
KonsumentInnen erhalten von der ADVOKAT RECHTSANWALT AG eine Nachricht, in der ein Pfändungstermin wegen nicht Bezahlens einer Abmahnung zu einer Urheberrechtsverletzung genannt wird. Grund sei das illegale Streamen von Filmen auf kinox.to. KonsumentInnen müssen die 426,55 Euro nicht bezahlen und die angedrohte Pfändung findet nie statt.
---------------------------------------------
https://www.watchlist-internet.at/news/pfaendungstermine-wegen-urheberrechtsverletzung-ignorieren/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Philips IntelliSpace Cardiovascular Vulnerabilities ∗∗∗
---------------------------------------------
This medical advisory includes mitigation recommendations for improper privilege management and unquoted search path vulnerabilities in Philips IntelliSpace Cardiovascular (ISCV) software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01


∗∗∗ File (Field) Paths - Critical - Remote Code Execution - SA-CONTRIB-2018-056 ∗∗∗
---------------------------------------------
Project: File (Field) PathsDate: 2018-August-15Security risk: Critical 15∕25 AC:Basic/A:User/CI:Some/II:All/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: This module enables you to automatically sort and rename your uploaded files using token based replacement patterns to maintain a nice clean filesystem.The module doesnt sufficiently sanitize the path while a new file is uploading, allowing a remote attacker to execute arbitrary PHP code.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-056


∗∗∗ VMSA-2018-0020 ∗∗∗
---------------------------------------------
VMware vSphere, Workstation, and Fusion updates enable Hypervisor-Specific Mitigations for L1 Terminal Fault - VMM vulnerability.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0020.html


∗∗∗ VMSA-2018-0021 ∗∗∗
---------------------------------------------
Operating System-Specific Mitigations address L1 Terminal Fault - OS vulnerability in VMware Virtual Appliances.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0021.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (kernel, linux-4.9, postgresql-9.4, and ruby-zip), Fedora (cgit, firefox, knot-resolver, mingw-LibRaw, php-symfony, php-symfony3, php-symfony4, php-zendframework-zend-diactoros, php-zendframework-zend-feed, php-zendframework-zend-http, python2-django1.11, quazip, sox, and thunderbird-enigmail), openSUSE (python-Django and seamonkey), Oracle (kernel), Red Hat (kernel, kernel-rt, and redhat-virtualization-host), Scientific Linux [...]
---------------------------------------------
https://lwn.net/Articles/762706/


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (fuse), Fedora (cri-o, gdm, kernel-headers, postgresql, units, and wpa_supplicant), Mageia (iceaepe, kernel-linus, kernel-tmb, and libtomcrypt), openSUSE (aubio, libheimdal, nemo-extensions, and python-Django1), Red Hat (flash-plugin), SUSE (apache2, kernel, php7, qemu, samba, and ucode-intel), and Ubuntu (gnupg).
---------------------------------------------
https://lwn.net/Articles/762804/


∗∗∗ ZDI-18-939: Foxit Reader PDF File Parsing Type Confusion Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-18-939/


∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/


∗∗∗ Cisco Security Advisories ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/publicationListing.x


∗∗∗ Xen Security Advisories ∗∗∗
---------------------------------------------
https://xenbits.xen.org/xsa/


∗∗∗ F5 Security Advisories ∗∗∗
---------------------------------------------
https://support.f5.com/csp/new-updated-articles


∗∗∗ Security Advisory - Buffer Overflow Vulnerability on Several Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180725-01-dos-en


∗∗∗ Security Advisory - Side-Channel Vulnerability Variants 3a and 4 ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180615-01-cpu-en


∗∗∗ Security Advisory - CPU Side Channel Vulnerability "L1TF" ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180815-01-cpu-en


∗∗∗ Security Notice - Statement About the Side Channel Vulnerability "L1TF" of Chips ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180815-01-cpu-en


∗∗∗ VMSA-2018-0022 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0022.html


∗∗∗ VMSA-2018-0019.1 ∗∗∗
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0019.html


∗∗∗ HPESBHF03874 rev.1 - Certain HPE Products using Intel-based Processors, L1 Terminal Fault (L1TF) Speculative Side-channel Vulnerabilities, Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us


∗∗∗ HPESBHF03875 rev.1 - HPE Integrated Lights Out 4 and 5, (iLO 4, 5), Remote Denial of Service ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list