[CERT-daily] Tageszusammenfassung - 03.07.2019

Wed Jul 3 18:44:05 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 02-07-2019 18:00 − Mittwoch 03-07-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Trickbot Trojan Now Has a Separate Cookie Stealing Module ∗∗∗
---------------------------------------------
Trickbot trojan now comes with a separate module for stealing browser cookies, threat researchers found on Tuesday, marking new progress in the malwares development.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/trickbot-trojan-now-has-a-separate-cookie-stealing-module/


∗∗∗ Heres a great idea: Why dont we hardcode the same private key into all our smart home hubs? ∗∗∗
---------------------------------------------
Another day, another appalling Internet of S**t security flaw Smart home company Zipato hardcoded the same private SSH key into every one of its hubs, leaving its system open to hacking, researchers revealed this week.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/07/03/zipato_hardcoded_key/


∗∗∗ Vulnerabilities in Nexus Repository left thousands of artifacts exposed ∗∗∗
---------------------------------------------
In the Nexus repository there are 2 main problems (unrelated to each other) that arise from the default settings: * The default user is always set to be admin/admin123 – CWE-521 * Any unauthenticated user can read/download resources from Nexus – CWE-276 This means all the images in the repository can be download just by accessing the repository, with no authentication needed, or by authenticating as the default admin account if unchanged.
---------------------------------------------
https://www.twistlock.com/labs-blog/vulnerabilities-nexus-repository-left-thousands-artifacts-exposed/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Security Camera Firm Arlo Zaps High-Severity Bugs ∗∗∗
---------------------------------------------
Bugs in Arlo Technologies’ equipment allow a local attacker to take control of Alro wireless home video security cameras.
---------------------------------------------
https://threatpost.com/arlo-zaps-high-severity-bugs/146216/


∗∗∗ Magento 2.3.1: Unauthenticated Stored XSS to RCE ∗∗∗
---------------------------------------------
This blog post shows how the combination of a HTML sanitizer bug and a Phar Deserialization in the popular eCommerce solution Magento <=2.3.1 lead to a high severe exploit chain. This chain can be abused by an unauthenticated attacker to fully takeover certain Magento stores and to redirect payments.
---------------------------------------------
https://blog.ripstech.com/2019/magento-rce-via-xss/


∗∗∗ Websites can feed Tridactyl fake key events ∗∗∗
---------------------------------------------
Malicious websites could feed keys to Tridactyl which it would execute as if a user had pressed them, outside of the command line. If the native messenger was installed, an attacker could execute arbitrary programs ... All Tridactyl versions released between September 2018 and June 14th 2019 were affected, i.e. 1.14.0 <= v <= 1.14.10 and 1.15.0.
---------------------------------------------
https://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (pdns), Fedora (kernel and kernel-headers), Mageia (cgit and firefox), Oracle (libssh2 and qemu-kvm), Red Hat (openstack-ironic-inspector, openstack-tripleo-common, and qemu-kvm-rhev), Scientific Linux (libssh2 and qemu-kvm), SUSE (bzip2, cronie, libtasn1, nmap, php7, php72, python-Twisted, and taglib), and Ubuntu (thunderbird and znc).
---------------------------------------------
https://lwn.net/Articles/792705/


∗∗∗ QEMU: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen ∗∗∗
---------------------------------------------
QEMU ist eine freie Virtualisierungssoftware, die die gesamte Hardware eines Computers emuliert.
Ein lokaler Angreifer kann eine Schwachstelle in QEMU ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0563


∗∗∗ FreeBSD Project FreeBSD OS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann mehrere Schwachstellen in FreeBSD Project FreeBSD OS ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand hervorrufen, Informationen einzusehen oder seine Privilegien zu eskalieren.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0561


∗∗∗ Vuln: Schneider Electric Modicon Controllers CVE-2019-6819 Denial of Service Vulnerability ∗∗∗
---------------------------------------------
http://www.securityfocus.com/bid/109004


∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Virtual Domain Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-prime-privescal


∗∗∗ IBM Security Bulletin: Security vulnerability in IBM Java SDK affect Rational Build Forge (CVE-2019-2684) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-security-vulnerability-in-ibm-java-sdk-affect-rational-build-forge-cve-2019-2684/


∗∗∗ IBM Security Bulletin:IBM Content Navigator is affected by a local file inclusion vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-content-navigator-is-affected-by-a-local-file-inclusion-vulnerability/


∗∗∗ IBM Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-kernel-affects-power-hardware-management-console-cve-2018-14633/


∗∗∗ IBM Security Bulletin: Guardium StealthBits Integration is affected by an SQLite vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-guardium-stealthbits-integration-is-affected-by-an-sqlite-vulnerability-2/


∗∗∗ IBM Security Bulletin: IBM Tivoli Netcool Impact Session Management – Session Fixation ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-tivoli-netcool-impact-session-management-session-fixation/


∗∗∗ IBM Security Bulletin: IBM Application Performance Management could allow a remote attacker to induce the application to perform server-side DNS lookups of arbitrary domain names (CVE-2019-4131) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-application-performance-management-could-allow-a-remote-attacker-to-induce-the-application-to-perform-server-side-dns-lookups-of-arbitrary-domain-names-cve-2019-4131/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM® WebSphere™ Application Server and IBM WebSphere Application Server Liberty affects IBM SPSS Analytic Server (CVE-2018-1901) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-websphere-application-server-and-ibm-websphere-application-server-liberty-affects-ibm-spss-analytic-server-cve-2018-1901/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Collaboration and Deployment Services ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-collaboration-and-deployment-services-3/


∗∗∗ IBM Security Bulletin: It is possible to download arbitrary server files via ViewONE server (CVE-2019-4260) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-it-is-possible-to-download-arbitrary-server-files-via-viewone-server-cve-2019-4260/


∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects IBM Netezza Performance Portal ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-http-server-affects-ibm-netezza-performance-portal/


∗∗∗ HPESBHF03943 rev.1 - Certain HPE Servers using AMD EPYC 7001 series Processors, Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03943en_us

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily