[CERT-daily] Tageszusammenfassung - 09.11.2018

Fri Nov 9 18:08:47 CET 2018

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 08-11-2018 18:00 − Freitag 09-11-2018 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Root-Zertifikat: Sennheiser-Software hebelt HTTPS-Sicherheit aus ∗∗∗
---------------------------------------------
Eine Software für Headsets des Herstellers Sennheiser installiert ein Root-Zertifikat und sorgt damit dafür, dass HTTPS-Verbindungen nicht mehr sicher sind. In neueren Versionen ist die Lücke etwas weniger schlimm, einen Fix gibt es bisher nicht. (TLS, Sound-Hardware)
---------------------------------------------
https://www.golem.de/news/root-zertifikat-sennheiser-software-hebelt-https-sicherheit-aus-1811-137603-rss.html


∗∗∗ Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets ∗∗∗
---------------------------------------------
Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of [...]
---------------------------------------------
https://cloudblogs.microsoft.com/microsoftsecure/2018/11/08/attack-uses-malicious-inpage-document-and-outdated-vlc-media-player-to-give-attackers-backdoor-access-to-targets/


∗∗∗ AR18-312A: JexBoss – JBoss Verify and EXploitation Tool ∗∗∗
---------------------------------------------
JBoss Verify and EXploitation tool (JexBoss) is an open-source tool used by cybersecurity hunt teams (sometimes referred to as "red teams") and auditors to conduct authorized security assessments. Threat actors use this tool maliciously to test and exploit vulnerabilities in JBoss Application Server [...]
---------------------------------------------
https://www.us-cert.gov/ncas/analysis-reports/AR18-312A


∗∗∗ Passive DNS for the Bad ∗∗∗
---------------------------------------------
Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data.
---------------------------------------------
https://blog.rootshell.be/2018/11/09/passive-dns-for-the-bad/


∗∗∗ UAC Bypass by Mocking Trusted Directories ∗∗∗
---------------------------------------------
During research for some new User Account Control (UAC) bypass techniques, I discovered what I believe to be a new bypass method (at the time of this writing). It is worth mentioning that Microsoft doesnt consider UAC a security boundary, however we still reported the bug to Microsoft and want to share its details here.
---------------------------------------------
https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Philips iSite and IntelliSpace PACS ∗∗∗
---------------------------------------------
This medical device advisory includes mitigations for a weak password Requirements vulnerability in the Philips iSite and IntelliSpace PACS.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01


∗∗∗ PostgreSQL 11.1, 10.6, 9.6.11, 9.5.15, 9.4.20, and 9.3.25 released ∗∗∗
---------------------------------------------
There is a whole new set of PostgreSQL releases out there, the main purpose of which is to include an important security fix. "Using a purpose-crafted trigger definition, an attacker can run arbitrary SQL statements with superuser privileges when a superuser runs `pg_upgrade` on the database or during a pg_dump dump/restore cycle. This attack requires [...]
---------------------------------------------
https://lwn.net/Articles/771145/


∗∗∗ VMSA-2018-0027 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation, and Fusion updates address uninitialized stack memory usage
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0027.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nginx), Fedora (icu, java-1.8.0-openjdk-aarch32, libgit2, php-pear-CAS, roundcubemail, and ruby), Gentoo (firefox, libX11, openssl, and python), openSUSE (thunderbird), Oracle (java-11-openjdk, kernel, and spice-server), Red Hat (java-1.8.0-ibm and thunderbird), Scientific Linux (spice-server), SUSE (curl, libepubgen, liblangtag, libmwaw, libnumbertext, libreoffice, libstaroffice, libwps, myspell-dictionaries, xmlsec1, libxkbcommon, openssh, and [...]
---------------------------------------------
https://lwn.net/Articles/771324/


∗∗∗ Upcoming Security Updates for Adobe Acrobat and Reader (APSB18-40) ∗∗∗
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1654


∗∗∗ Roche Diagnostics Point of Care Handheld Medical Devices (Update A) ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01


∗∗∗ Security Updates for OTRS Framework ∗∗∗
---------------------------------------------
https://community.otrs.com/security-advisory-2018-09-security-update-for-otrs-framework/
https://community.otrs.com/security-advisory-2018-08-security-update-for-otrs-framework/
https://community.otrs.com/security-advisory-2018-07-security-update-for-otrs-framework/


∗∗∗ Field Notice: FN - 70319 - ASA and FXOS Software - Change in Root Certificate Might Affect Smart Licensing and Smart Call Home Functionality - Software Upgrade Recommended ∗∗∗
---------------------------------------------
https://www.cisco.com/c/en/us/support/docs/field-notices/703/fn70319.html


∗∗∗ IBM Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-denial-of-service-vulnerability-affects-ibm-spectrum-protect-client-and-ibm-spectrum-protect-for-virtual-environments-cve-2018-1786/


∗∗∗ IBM Security Bulletin: Vulnerability in FreeBSD affects AIX (CVE-2018-6922) Security Bulletin ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-freebsd-affects-aix-cve-2018-6922-security-bulletin/


∗∗∗ IBM Security Bulletin: Potential cross-site scripting vulnerability in WebSphere Application Server using SIBMsgMigration Utility (CVE-2018-1798) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-potential-cross-site-scripting-vulnerability-in-websphere-application-server-using-sibmsgmigration-utility-cve-2018-1798/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-spectrum-protect-for-virtual-environments-cve-2018-1656-cve-2018-12539/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology Affect IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-oracle-outside-in-technology-affect-ibm-connections/


∗∗∗ IBM Security Bulletin: Security Bulletin: A Zip Slip vulnerability is exposed in Case Manager (CVE-2018-1884) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-bulletin-a-zip-slip-vulnerability-is-exposed-in-case-manager-cve-2018-1884/


∗∗∗ IBM Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-in-ibm-websphere-application-server-liberty-affects-ibm-spectrum-protect-for-virtual-environments-cve-2018-1553/


∗∗∗ IBM Security Bulletin: OpenSSL Vulnerability Affects IBM Contact Optimization (CVE-2016-8610) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-openssl-vulnerability-affects-ibm-contact-optimization-cve-2016-8610/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily