[CERT-daily] Tageszusammenfassung - 22.03.2018

Thu Mar 22 18:09:16 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 21-03-2018 18:00 − Donnerstag 22-03-2018 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ 10 Steps to Detect Lateral Movement in a Data Breach ∗∗∗
---------------------------------------------
Many enterprises spend millions of dollars on solutions that promise to
bolster their security. However, much less focus is placed on the
ability to detect lateral movement during a breach.
---------------------------------------------
http://resources.infosecinstitute.com
   /10-steps-detect-lateral-movement-data-breach/


∗∗∗ Siri plaudert geheime Nachrichten von iPhone-Nutzern aus ∗∗∗
---------------------------------------------
Neu entdeckter Bug unterwandert zentrale Sicherheitssperren des
Apple-Smartphones
---------------------------------------------
http://derstandard.at/2000076603171


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Bugtraq: ModSecurity WAF 3.0 for Nginx - Denial of Service ∗∗∗
---------------------------------------------
During one of the engagements my team tested a WAF running in
production Nginx + ModSecurity + OWASP Core Rule Set. In the system
logs I found information about the Nginx worker processes being
terminated due to memory corruption errors.
---------------------------------------------
http://www.securityfocus.com/archive/1/541886


∗∗∗ JSON API - Moderately critical - Access Bypass -
SA-CONTRIB-2018-016 ∗∗∗
---------------------------------------------
This module provides a JSON API standards-compliant API for accessing
and manipulating Drupal content and configuration entities.
The module doesn't sufficiently check access when viewing related
resources or relationships, thereby causing an access bypass
vulnerability.
---------------------------------------------
https://www.drupal.org/sa-contrib-2018-016


∗∗∗ DFN-CERT-2018-0557/">Oracle Solaris: Mehrere Schwachstellen
ermöglichen verschiedene Denial-of-Service-Angriffe ∗∗∗
---------------------------------------------
Mehrere Schwachstellen in ISC BIND, ISC DHCP und Wireshark für Oracle
Solaris 11.3 ermöglichen einem entfernten, nicht authentisierten
Angreifer die Durchführung verschiedener Denial-of-Service
(DoS)-Angriffe.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0557/


∗∗∗ Drupal stellt Sicherheitsupdate für extrem kritische Lücke in
Aussicht ∗∗∗
---------------------------------------------
Wer das CMS Drupal einsetzt, sollte sich den 28. März im Kalender
markieren, um wichtige Sicherheitsupdates für verschiedene Versionen zu
installieren.
---------------------------------------------
https://heise.de/-4001063


∗∗∗ Flaws in ManageEngine apps opens enterprise systems to compromise
∗∗∗
---------------------------------------------
Researchers have discovered multiple severe vulnerabilities in
ManageEngine’s line of tools for internal IT support teams, which are
used by over half of Fortune 500 companies. About the vulnerabilities
The first flaw affects EventLog Analyzer 11.8 and Log360 5.3, and could
be exploited to achieve remote code execution with the same privileges
as the user that started the application, by uploading a web shell to
be written to the web root.
---------------------------------------------
https://www.helpnetsecurity.com/2018/03/22/manageengine-apps-flaws/


∗∗∗ TMM WebSocket vulnerability CVE-2018-5504 ∗∗∗
---------------------------------------------
In some circumstances, the Traffic Management Microkernel (TMM) does
not properly handle certain malformed WebSocket requests/responses,
which allows remote attackers to cause a denial of service (DoS) or
possible remote code execution on the BIG-IP system. (CVE-2018-5504)
This vulnerability allows unauthorized remote code execution and
disruption of service through an unspecified crafted WebSocket packet.
---------------------------------------------
https://support.f5.com/csp/article/K11718033


∗∗∗ Multiple Wireshark vulnerabilities ∗∗∗
---------------------------------------------
A remote attacker can transmit crafted packets while a BIG-IP
administrator account runs the tshark utility with the affected
protocol parsers via Advanced Shell (bash). This causes the tshark
utility to stop responding and may allow remote code execution from the
BIG-IP administrator account.
---------------------------------------------
https://support.f5.com/csp/article/K34035645


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (lib32-libvorbis),
Debian (exempi and polarssl), Gentoo (collectd and webkit-gtk),
openSUSE (postgresql96), SUSE (qemu), and Ubuntu (libvorbis).
---------------------------------------------
https://lwn.net/Articles/749958/


∗∗∗ IBM Security Bulletin: IBM MQ Appliance is affected by a cross-site
scripting vulnerability ( CVE-2018-1429). ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014046


∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used
by Windows and z/OS Security Identity Adapters (CVE-2017-3736) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014629


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK
affect IBM Fabric Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099781


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime
affect IBM Security Network Protection ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011787


∗∗∗ IBM Security Bulletin: Vulnerability in GNU C Library affects IBM
Integrated Management Module II (IMM2) for System x, Flex and
BladeCenter Systems (CVE-2017-15670) ∗∗∗
---------------------------------------------
https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099788


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by a
denial of service vulnerability in cURL (CVE-2017-1000257) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011740


∗∗∗ IBM Security Bulletin: IBM QRadar Network Security is affected by
vulnerabilities in Linux kernel ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22011746


∗∗∗ IBM Security Bulletin: Vulnerability found in OpenSSL release used
by Windows and z/OS Security Identity Adapters (CVE-2017-3735) ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22014628


∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact is affected by
multiple vulnerabilities in IBM Tivoli Integrated Portal (TIP) ∗∗∗
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg22014253

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily