[CERT-daily] Tageszusammenfassung - 20.12.2019

Daily end-of-shift report team at cert.at
Fri Dec 20 18:15:10 CET 2019 

=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 19-12-2019 18:00 − Freitag 20-12-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ From dropbox(updater) to NT AUTHORITY\SYSTEM ∗∗∗
---------------------------------------------
In this post I’m going to show how to use the DropBoxUpdater service in order to get SYSTEM privileges starting from a simple Windows user.
---------------------------------------------
https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/


∗∗∗ Using WebRTC ICE Servers for Port Scanning in Chrome ∗∗∗
---------------------------------------------
Using the browser to scan a LAN isn’t a new idea. There are many implementations that use XHR requests, websockets, or plain HTML to discover and fingerprint LAN devices. But in this blog, I’ll introduce a new scanning technique using WebRTC ICE servers. This technique is fast and, unlike the other methods, bypasses the blocked ports list. Unfortunately, it only works when the victim is using Chrome.
---------------------------------------------
https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474



=====================
=  Vulnerabilities  =
=====================

∗∗∗ DSA-4590 cyrus-imapd - security update ∗∗∗
---------------------------------------------
It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the fileinto [sieve directive] was used, bypassing ACL checks.
---------------------------------------------
https://www.debian.org/security/2019/dsa-4590


∗∗∗ Field Notice: FN - 70489 - PKI Self-Signed Certificate Expiration in Cisco IOS and Cisco IOS XE Software - Software Upgrade Recommended ∗∗∗
---------------------------------------------
Self-signed X.509 PKI certificates (SSC) that were generated on devices that run affected Cisco IOS® or Cisco IOS XE software releases expire on 2020-01-01 00:00:00 UTC. New self-signed certificates cannot be created on affected devices after 2020-01-01 00:00:00 UTC. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires.
---------------------------------------------
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html


∗∗∗ OpenSSL version 1.0.2u published ∗∗∗
---------------------------------------------
The OpenSSL project team is pleased to announce the release of version 1.0.2u of our open source toolkit for SSL/TLS.
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-announce/2019-December/000165.html


∗∗∗ VMSA-2019-0023 ∗∗∗
---------------------------------------------
VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue (CVE-2019-5539)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0023.html


∗∗∗ Critical Vulnerability Patched in 301 Redirects – Easy Redirect Manager ∗∗∗
---------------------------------------------
On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in "301 Redirects – Easy Redirect Manager", a WordPress plugin installed on over 70,000 websites. These weaknesses allowed any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability. We privately disclosed the issue to the plugin’s developer, who was incredibly quick to respond and release a patch.
---------------------------------------------
https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).
---------------------------------------------
https://lwn.net/Articles/807851/


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-1105


∗∗∗ Moxa EDS Ethernet Switches ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-353-01


∗∗∗ Equinox Control Expert ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-353-02


∗∗∗ WECON PLC Editor ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-353-03


∗∗∗ Reliable Controls MACH-ProWebCom/Sys ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-353-04


∗∗∗ Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF09 + ICAM Synthetic 3.0 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09-icam-synthetic-3-0/


∗∗∗ Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-various-security-vulnerabilities-in-ibm-financial-transaction-manager-for-swift-services/


∗∗∗ Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilties/


∗∗∗ Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-i/


∗∗∗ Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF09 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09/


∗∗∗ The BIG-IP DNS system may erroneously display the TSIG key secret in plain text form ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36328238?utm_source=f5support&utm_medium=RSS


∗∗∗ ASM Cloud Security Services authentication vulnerability CVE-2019-6687 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K59957337?utm_source=f5support&utm_medium=RSS


∗∗∗ Synology-SA-19:42 Intel Processor Vulnerability ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_42


∗∗∗ Synology-SA-19:41 WordPress ∗∗∗
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_41

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily

More information about the Daily mailing list