[CERT-daily] Tageszusammenfassung - 19.12.2018

[Daily end-of-shift report]

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 18-12-2018 18:00 − Mittwoch 19-12-2018 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Gefälschte Energie AG-Rechnung verbreitet Schadsoftware ∗∗∗
---------------------------------------------
Kriminelle versenden ein gefälschtes Energie AG-Schreiben. Darin behaupten sie, dass Kund/innen ihre aktuelle Rechnung herunterladen und ausdrucken können. Dazu sollen sie eine unbekannte Website aufrufen und eine ZIP-Datei öffnen. Diese verbirgt Schadsoftware. Konsument/innen, die die vermeintliche Rechnung öffnen, installieren diese auf ihrem Computer.
---------------------------------------------
https://www.watchlist-internet.at/news/gefaelschte-energie-ag-rechnung-verbreitet-schadsoftware/


∗∗∗ Searching statically-linked vulnerable library functions in executable code ∗∗∗
---------------------------------------------
Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world [...]
---------------------------------------------
https://googleprojectzero.blogspot.com/2018/12/searching-statically-linked-vulnerable.html


∗∗∗ Das letzte Silvester für PHP 5.6 ∗∗∗
---------------------------------------------
PHP 5.6 steht kurz vor dem Ende seiner Lebenszeit. Mit 31.12.2018 endet der Security-Support für die letzte Version der PHP 5 Familie, ab dann wird nur noch PHP 7 weiterentwickelt. Das bedeutet, dass ab dem Jahreswechsel neu entdeckte Sicherheitslücken in PHP 5.6 Upstream nicht mehr gepatcht werden. Die uns zur Verfügung stehenden Daten von Shodan zeigen, dass derzeit die Mehrheit der Server in Österreich noch PHP 5 im [...]
---------------------------------------------
http://www.cert.at/services/blog/20181219120223-2326.html



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (ghostscript), Fedora (ansible and wireshark), openSUSE (go1.11, pdns, and pdns-recursor), Oracle (firefox), Red Hat (java-1.8.0-ibm), Scientific Linux (firefox), and SUSE (crash, libqt5-qtbase, perl, and qemu).
---------------------------------------------
https://lwn.net/Articles/775230/


∗∗∗ Advantech WebAccess/SCADA ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper input validation vulnerability identified in Advantechs WebAccess/SCADA software platform.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-02


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS Control V3 Products ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for an improper access control vulnerability identified in the 3S-Smart Software Solutions CODESYS Control V3 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-03


∗∗∗ 3S-Smart Software Solutions GmbH CODESYS V3 Products ∗∗∗
---------------------------------------------
This advisory provides mitigation recommendations for use of insufficiently random values and improper restriction of communication channel to intended endpoints vulnerabilities identified in the 3S-Smart Software Solutions GmbH CODESYS V3 products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04


∗∗∗ BSRT-2018-005 Vulnerabilities in Management Console Impact Affected Versions of BlackBerry UEM ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000054162


∗∗∗ Multiple vulnerabilities in Toshiba Lighting & Technology Corporation Home gateway ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN99810718/


∗∗∗ Vuln: Symfony Local File Include and Open Redirection Vulnerabilities ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/106249


∗∗∗ Cisco Adaptive Security Appliance Software Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181219-asa-privesc


∗∗∗ Security Notice - Statement on Information Leak Vulnerability in Huawei HG Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20181219-01-hg-en


∗∗∗ IBM Security Bulletin: Privilege Escalation in Notes System Diagnostic Service of both IBM Notes and Domino (CVE-2018-1771) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-privilege-escalation-in-notes-system-diagnostic-service-of-both-ibm-notes-and-domino-cve-2018-1771/


∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-critical-privilege-escalation-vulnerability-in-kubernetes-cve-2018-1002105/


∗∗∗ IBM Security Bulletin: IBM API Connect V5 – Admin Users Can Elevate Own Permissions (CVE-2018-1973) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-v5-admin-users-can-elevate-own-permissions-cve-2018-1973/


∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a NoSQL Injection in MongoDB connector for the LoopBack framework (CVE-2018-1784) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-nosql-injection-in-mongodb-connector-for-the-loopback-framework-cve-2018-1784/


∗∗∗ IBM Security Bulletin: IBM API Connect is affected by authentication bypass vulnerability in LoopBack (CVE-2018-1778) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-authentication-bypass-vulnerability-in-loopback-cve-2018-1778/


∗∗∗ IBM Security Bulletin: IBM Lotus Protector for Mail Security has released fixes in response to the public disclosed vulnerability from Network Time Protocol (NTP) (CVE-2018-12327) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-lotus-protector-for-mail-security-has-released-fixes-in-response-to-the-public-disclosed-vulnerability-from-network-time-protocol-ntp-cve-2018-12327/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a Denial of Service vulnerability (CVE-2018-1677) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-is-affected-by-a-denial-of-service-vulnerability-cve-2018-1677/


∗∗∗ IBM Security Bulletin: IBM DataPower Gateway is affected by a CSRF vulnerability (CVE-2018-1661) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-datapower-gateway-is-affected-by-a-csrf-vulnerability-cve-2018-1661/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily