[CERT-daily] Tageszusammenfassung - 05.12.2019

Thu Dec 5 18:12:42 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Mittwoch 04-12-2019 18:00 − Donnerstag 05-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Security prenotification for Adobe Acrobat and Reader | APSB19-55 ∗∗∗
---------------------------------------------
Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, December 10, 2019.
---------------------------------------------
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html


∗∗∗ Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter ∗∗∗
---------------------------------------------
Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software.
---------------------------------------------
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/


∗∗∗ NTLMRecon ∗∗∗
---------------------------------------------
A fast NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains.
---------------------------------------------
https://github.com/sachinkamath/ntlmrecon


∗∗∗ xHunt Actor’s Cheat Sheet ∗∗∗
---------------------------------------------
Unit 42 found evidence that the developers who created the Sakabota tool had carried out two sets of testing activities on Sakabota in an attempt to evade detection. Within one sample created during this testing process, we uncovered a cheat sheet meant to assist operators of the tool to carry out activities on the compromised system and network, which weve never seen before.
---------------------------------------------
https://unit42.paloaltonetworks.com/xhunt-actors-cheat-sheet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Authentication vulnerabilities in OpenBSD ∗∗∗
---------------------------------------------
We discovered an authentication-bypass vulnerability in OpenBSDs authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms. (CVE-2019-19521)
---------------------------------------------
https://www.openwall.com/lists/oss-security/2019/12/04/5


∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3).
---------------------------------------------
https://lwn.net/Articles/806384/


∗∗∗ Weidmueller multiple vulnerabilities in various Industrial Ethernet managed switches ∗∗∗
---------------------------------------------
CVE-2019-16670: The Authentication mechanism has no brute-force prevention.
CVE-2019-16671: Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.
CVE-2019-16672: Sensitive Credentials data is transmitted in cleartext.
...
CVSS-Scores: bis 9.8
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-018


∗∗∗ Mozilla Thunderbird: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, vertrauliche Daten einzusehen oder einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1040


∗∗∗ Wireshark: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Wireshark ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1039


∗∗∗ Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-toolscenter-dynamic-system-analysis-dsa-preboot-is-affected-by-multiple-vulnerabilities/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-business-service-manager/


∗∗∗ Intel MCE vulnerability CVE-2018-12207 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K17269881

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily