[CERT-daily] Tageszusammenfassung - 17.12.2019

Daily end-of-shift report team at cert.at
Tue Dec 17 18:08:08 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Montag 16-12-2019 18:00 − Dienstag 17-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ #include ∗∗∗
---------------------------------------------
Recently I saw a tweet where someone mentioned that you can include /dev/stdin in C code compiled with gcc. This is, to say the very least, surprising. When you see something like this with an IT security background you start to wonder if this can be abused for an attack.
---------------------------------------------
https://blog.hboeck.de/archives/898-include-etcshadow.html


∗∗∗ Is it Possible to Identify DNS over HTTPs Without Decrypting TLS? ∗∗∗
---------------------------------------------
Aside from the session length, I found that the payload length for DoH is somewhat telling. DNS queries and responses are usually a couple of hundred bytes long. HTTPS connections, on the other hand, tend to "fill" the MTU.
---------------------------------------------
https://isc.sans.edu/diary/rss/25616


∗∗∗ ESET BlueKeep (CVE‑2019‑0708) Detection‑Tool ∗∗∗
---------------------------------------------
Obwohl die BlueKeep-Schwachstelle (CVE-2019-0708) bisher nicht für weitverbreitetes Chaos sorgte, befindet sie sich doch noch in einem recht frühen Stadium der Exploit-Lebensdauer. Tatsächlich ist es so, dass viele Systeme noch nicht gepatcht sind und eine Version des Exploits als Wurm noch auftauchen könnte. Aufgrund dieser Faktoren stellt ESET ein kostenloses Detection-Tool bereit, das checken soll, ob ein System in Bezug auf BlueKeep verwundbar ist.
---------------------------------------------
https://www.welivesecurity.com/deutsch/2019/12/17/eset-bluekeep-detection-tool/


∗∗∗ Weihnachtseinkäufe auf Amazon: Vorsicht vor Kriminellen ∗∗∗
---------------------------------------------
Eine Bestellung auf Amazon ist für viele bereits selbstverständlich und mit einer überwiegend positiven Kauferfahrung verbunden. Doch auf Amazon finden sich auch betrügerische Angebote: werden Sie aufgefordert, HändlerInnen vorab per E-Mail zu kontaktieren oder die Zahlung über ein externes Konto und nicht über Amazon abzuwickeln, können Sie von einem unseriösen Angebot ausgehen!
---------------------------------------------
https://www.watchlist-internet.at/news/weihnachtseinkaeufe-auf-amazon-vorsicht-vor-kriminellen/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Joomla - [20191202] - Core - Various SQL injections through configuration parameters ∗∗∗
---------------------------------------------
Versions: 2.5.0 - 3.9.13
CVE Number: CVE-2019-19846
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. 
---------------------------------------------
https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters.html


∗∗∗ Joomla - [20191201] - Core - Path Disclosure in framework files ∗∗∗
---------------------------------------------
Versions: 3.8.0 - 3.9.13
Number: CVE-2019-19845
Missing access check in framework files could lead to a path disclosure.
---------------------------------------------
https://developer.joomla.org/security-centre/796-20191201-core-path-disclosure-in-framework-files.html


∗∗∗ This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members ∗∗∗
---------------------------------------------
WhatsApp, the worlds most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned.
...
Check Point responsibly reported this crash bug to the WhatsApp security team back in late August this year, and the company patched the issue with the release of WhatsApp version 2.19.58 in mid-September.
---------------------------------------------
https://thehackernews.com/2019/12/whatsapp-group-crash.html


∗∗∗ CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI ∗∗∗
---------------------------------------------
Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications. It insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the softwares underlying host.
---------------------------------------------
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui


∗∗∗ Vulnerabilities in multiple third party TYPO3 CMS extensions ∗∗∗
---------------------------------------------
several vulnerabilities have been found in the following third party TYPO3 extensions: - "MKSamlAuth" (mksamlauth) - "Change password for frontend users" (fe_change_pwd) - "File List" (file_list) - "femanager direct mail subscription" (femanager_dmail_subscribe) - "femanager" (femanager)
---------------------------------------------
http://lists.typo3.org/pipermail/typo3-announce/2019/000455.html


∗∗∗ TYPO3 10.2.2, 9.5.13 and 8.7.30 security releases published ∗∗∗
---------------------------------------------
We are announcing the release of the following TYPO3 updates: TYPO3 10.2.2 TYPO3 9.5.13 LTS TYPO3 8.7.30 LTS All versions are security releases and contain important security fixes
---------------------------------------------
https://typo3.org/article/typo3-1022-9513-and-8730-security-releases-published/


∗∗∗ Sicherheitsupdate: Passwortabfrage von TP-Links Archer-Routern umgehbar ∗∗∗
---------------------------------------------
Angreifer könnten eine kritische Sicherheitslücke ausnutzen, um mit Admin-Rechten auf einige Router der Archer-Serie zu zugreifen.
---------------------------------------------
https://heise.de/-4616996


∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libssh, ruby2.3, and ruby2.5), Fedora (kernel and libgit2), openSUSE (chromium and libssh), Oracle (openslp), Red Hat (container-tools:1.0, container-tools:rhel8, freetype, kernel, and kpatch-patch), Scientific Linux (openslp), SUSE (git and LibreOffice), and Ubuntu (graphicsmagick).
---------------------------------------------
https://lwn.net/Articles/807505/


∗∗∗ Intel Patches Privilege Escalation Flaw in Rapid Storage Technology ∗∗∗
---------------------------------------------
A vulnerability Intel has addressed in the Rapid Storage Technology (RST) could allow a local user to escalate privileges to System. Intel RST is a Windows-based application that is provided with many computers that feature Intel chips to deliver improved performance and reliability when SATA disks are used.
---------------------------------------------
https://www.securityweek.com/intel-patches-privilege-escalation-flaw-rapid-storage-technology


∗∗∗ Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-lodash-shipped-with-powerai/


∗∗∗ Security Bulletin: IBM MQ Appliance is affected by a libcgroup vulnerability (CVE-2018-14348) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-libcgroup-vulnerability-cve-2018-14348/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator/


∗∗∗ Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-sqlite-shipped-with-powerai/


∗∗∗ Security Bulletin: IBM SDK Oracle Java vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson™ Speech Services 1.1) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-oracle-java-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list