[CERT-daily] Tageszusammenfassung - 12.01.2018

Fri Jan 12 18:13:22 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗
---------------------------------------------
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.
---------------------------------------------
https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microcode-updates-for-spectre-flaw-this-week/


∗∗∗ PowerStager Analysis ∗∗∗
---------------------------------------------
Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments
---------------------------------------------
https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/


∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗
---------------------------------------------
In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls.
---------------------------------------------
https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-3-scope-vulnerability-search/


∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗
---------------------------------------------
Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln.
---------------------------------------------
https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-angeblichen-Meltdown-Spectre-Patches-3939783.html


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗
---------------------------------------------
NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01


∗∗∗ Advantech WebAccess (Update A) ∗∗∗
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A


∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗
---------------------------------------------
This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01


∗∗∗ Moxa MXview ∗∗∗
---------------------------------------------
This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02


∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗
---------------------------------------------
This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode).
---------------------------------------------
https://lwn.net/Articles/744175/rss


∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/


∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-01-cryptography-en


∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012454


∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012458


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012358


∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22012355


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22012406


∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22008807


∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗
---------------------------------------------
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html


∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644.pdf

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily