[CERT-daily] Tageszusammenfassung - 08.01.2018
Daily end-of-shift report
team at cert.at
Mon Jan 8 18:12:43 CET 2018
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 05-01-2018 18:00 − Montag 08-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Meltdown and Spectre: clearing up the confusion, (Mon, Jan 8th) ∗∗∗
---------------------------------------------
Unless youve been living under a rock (or on a remote island, with no Internet connection), youve heard about the latest vulnerabilities that impact modern processors. Im sure that most of our readers are scrambling in order to assess the risk, patch systems and what not, so we have decided to write a diary that will clear the confusion a bit and point out some important things that people might not be aware of.
---------------------------------------------
https://isc.sans.edu/diary/rss/23197
∗∗∗ Meltdown und Spectre: Die Sicherheitshinweise und Updates von Hardware- und Software-Herstellern ∗∗∗
---------------------------------------------
Hersteller von Hard- und Software sind von den Sicherheitslücken Meltdown und Spectre gleichermaßen betroffen. Eine Linkübersicht zu Stellungnahmen, weiterführenden Informationen und Update-Hinweisen.
---------------------------------------------
https://heise.de/-3936141
=====================
= Vulnerabilities =
=====================
∗∗∗ Backdoor Account Removed from Western Digital NAS Hard Drives ∗∗∗
---------------------------------------------
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/backdoor-account-removed-from-western-digital-nas-hard-drives/
∗∗∗ AMD PSP fTPM Remote Code Execution ∗∗∗
---------------------------------------------
Topic: AMD PSP fTPM Remote Code Execution Risk: High Text:Introduction AMD PSP [1] is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isola...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2018010061
∗∗∗ CPU Side-Channel Information Disclosure Vulnerabilities ∗∗∗
---------------------------------------------
Cisco is investigating its product line to determine which products may be affected by these vulnerabilities. As the investigation progresses, Cisco will update this advisory with information about affected products, including the Cisco bug ID for each affected product.
-----
Vulnerable Products
Cisco 800 Industrial Integrated Services Routers
Cisco UCS B-Series M2 Blade Servers
Cisco UCS B-Series M3 Blade Servers
Cisco UCS B-Series M4 Blade Servers (except B260, B460)
Cisco UCS B-Series M5 Blade Servers
Cisco UCS B260 M4 Blade Server
Cisco UCS B460 M4 Blade Server
Cisco UCS C-Series M2 Rack Servers
Cisco UCS C-Series M3 Rack Servers
Cisco UCS C-Series M4 Rack Servers
Cisco UCS C-Series M5 Rack Servers
Cisco UCS C460 M4 Rack Server
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
∗∗∗ Juniper: Out of Cycle Security Bulletin: Meltdown & Spectre: CPU Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method ∗∗∗
---------------------------------------------
The following products may be impacted if deployed in a way that allows unsigned code execution:
Junos OS based platforms
Junos Space appliance
Qfabric Director
CTP Series
NSMXpress/NSM3000/NSM4000 appliances
STRM/Juniper Secure Analytics (JSA) appliances
SRC/C Series
The following products are not impacted:
ScreenOS / Netscreen platforms
JUNOSe / E Series platforms
BTI platforms
---------------------------------------------
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842&actp=RSS
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (linux-hardened, linux-lts, linux-zen, and mongodb), Debian (gdk-pixbuf, gifsicle, graphicsmagick, kernel, and poppler), Fedora (dracut, electron-cash, and firefox), Gentoo (backintime, binutils, chromium, emacs, libXcursor, miniupnpc, openssh, optipng, and webkit-gtk), Mageia (kernel, kernel-linus, kernel-tmb, openafs, and python-mistune), openSUSE (clamav-database, ImageMagick, kernel-firmware, nodejs4, and qemu), Red Hat (linux-firmware,
---------------------------------------------
https://lwn.net/Articles/743575/rss
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to cross site scripting. (CVE-2017-1623) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012344
∗∗∗ IBM Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to sensitive information leakage. (CVE-2017-10115) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012301
∗∗∗ IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect permission assignment. (CVE-2016-9722) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012293
∗∗∗ IBM Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022320
∗∗∗ IBM Security Bulletin: Vulnerabilities in httpd affect Power Hardware Management Console ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=nas8N1022321
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability (CVE-2017-1459) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012331
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by an open redirect vulnerability (CVE-2017-1534) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008936
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cross-site scripting vulnerability (CVE-2017-1533) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012327
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and WebSphere Message Broker ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011534
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list