[CERT-daily] Tageszusammenfassung - 20.03.2018

Daily end-of-shift report team at cert.at
Tue Mar 20 18:10:37 CET 2018 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 19-03-2018 18:00 − Dienstag 20-03-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Administrators Password Bad Practice, (Tue, Mar 20th) ∗∗∗
---------------------------------------------
Just a quick reminder about some bad practices while handling Windows Administrator credentials.
---------------------------------------------
https://isc.sans.edu/diary/rss/23465


∗∗∗ This Android malware redirects calls you make to your bank to go to scammers instead ∗∗∗
---------------------------------------------
Once installed the malware will intercept mobile calls you attempt to make to your bank, and instead direct them to a scammer impersonating an agent working for the bank. Furthermore, the malware will intercept calls from the *scammers*, and display a fake caller ID to make it appear as though the call is really from the legitimate bank. Very sneaky.
---------------------------------------------
https://www.grahamcluley.com/this-android-malware-redirects-calls-you-make-to-your-bank-to-go-to-scammers-instead/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Bugtraq: ES2018-05 Kamailio heap overflow ∗∗∗
---------------------------------------------
A specially crafted REGISTER message with a malformed `branch` or `From tag` triggers an off-by-one heap overflow.
Abuse of this vulnerability leads to denial of service in Kamailio. Further research may show that exploitation leads to remote code execution.
---------------------------------------------
http://www.securityfocus.com/archive/1/541874


∗∗∗ Bugtraq: CSNC-2017-026 Microsoft Intune - Preserved Keychain Entries ∗∗∗
---------------------------------------------
Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.
---------------------------------------------
http://www.securityfocus.com/archive/1/541875


∗∗∗ DFN-CERT-2018-0526/">Apache Commons Compress: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗
---------------------------------------------
Ein entfernter, nicht authentisierter Angreifer kann mit Hilfe einer speziell präparierten ZIP-Archivdatei einen Denial-of-Service-Angriff auf Apache Commons Compress und auf Software, die dessen ZIP-Paket verwendet, durchführen.
Der Hersteller veröffentlicht zur Behebung der Schwachstelle die Version Commons Compress 1.16.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0526/


∗∗∗ DFN-CERT-2018-0532/">SDL2, SDL2_image: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗
---------------------------------------------
Eine Vielzahl von Schwachstellen in verschiedenen Komponenten von SDL2_image ermöglicht einem entfernten, nicht authentisierten Angreifer mit Hilfe manipulierter Bilddateien, welche ein Benutzer anzeigen muss, die Ausführung beliebigen Programmcodes sowie die Durchführung verschiedener Denial-of-Service (DoS)-Angriffe.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0532/


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (clamav, curl, lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), openSUSE (various KMPs), Oracle (firefox), Scientific Linux (firefox), SUSE (java-1_7_1-ibm), and Ubuntu (memcached).
---------------------------------------------
https://lwn.net/Articles/749757/


∗∗∗ [R1] Nessus 7.0.3 Fixes One Vulnerability ∗∗∗
---------------------------------------------
When installing Nessus to a directory outside of the default location, Nessus did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the installation location. 
---------------------------------------------
http://www.tenable.com/security/tns-2018-01


∗∗∗ Geutebruck IP Cameras ∗∗∗
---------------------------------------------
This advisory includes mitigations for several vulnerabilities in the Geutebrück IP Cameras.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-079-01


∗∗∗ Siemens SIMATIC, SINUMERIK, and PROFINET IO ∗∗∗
---------------------------------------------
This advisory includes mitigations for an improper input validation vulnerability in the Siemens SIMATIC, SINUMERIK, and PROFINET IO products.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-18-079-02


∗∗∗ IBM Security Bulletin: Denial of Service attack affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems (CVE-2017-3768) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099791


∗∗∗ IBM Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099790


∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099766


∗∗∗ IBM Security Bulletin: Vulnerability in Linux Kernel affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099767


∗∗∗ IBM Security Bulletin: Vulnerabilities in HTTPD affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099759


∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSH affect IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=migr-5099758


∗∗∗ IBM Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099779


∗∗∗ IBM Security Bulletin: Vulnerabilities in expat affects IBM BladeCenter Advanced Management Module (AMM) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099765


∗∗∗ IBM Security Bulletin: Vulnerability in cURL affects IBM Chassis Management Module (CVE-2017-1000100) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099776


∗∗∗ IBM Security Bulletin: Vulnerability in libxml2 affects IBM Chassis Management Module (CVE-2017-8872) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099775

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list