[CERT-daily] Tageszusammenfassung - 05.06.2019

Wed Jun 5 18:33:38 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 04-06-2019 18:00 − Mittwoch 05-06-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ We Decide What You See: Remote Code Execution on a Major IPTV Platform ∗∗∗
---------------------------------------------
Check Point Research discerned there to be over 1000 providers of this service with quite likely very high numbers of worldwide customers. As this vulnerability has been patched, we can now reveal what was involved.
---------------------------------------------
https://research.checkpoint.com/we-decide-what-you-see-remote-code-execution-on-a-major-iptv-platform/


∗∗∗ Its alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign ∗∗∗
---------------------------------------------
Cisco Talos recently identified a series of documents that we believe are part of a coordinated series of cyber attacks that we are calling the "Frankenstein" campaign. We assess that the attackers carried out these operations between January and April 2019 in an effort to install malware on users machines via malicious documents. 
---------------------------------------------
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html


∗∗∗ Warnung vor den Geschäftspraktiken bei FutureNet ∗∗∗
---------------------------------------------
FutureNet der BCU Trading LLC aus Dubai verspricht User/innen leicht zu verdienendes Geld. Zum einen soll durch das Kaufen von ‚AdPacks‘ und Anklicken von Werbungen, zum anderen durch das Anwerben neuer Nutzer/innen Geld verdient werden können. Es häufen sich aber die Meldungen zu ausbleibenden Zahlungen und das polnische Amt für Wettbewerb und Verbraucherschutz (UOKIK) warnt wegen dem Verdacht auf ein Pyramidensystem vor dem Unternehmen.
---------------------------------------------
https://www.watchlist-internet.at/news/warnung-vor-den-geschaeftspraktiken-bei-futurenet/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Sicherheitslücke: VIM-Modelines erlauben Codeausführung ∗∗∗
---------------------------------------------
Im Texteditor VIM wurde eine Sicherheitslücke gefunden, bei der ein speziell präpariertes Dokument Code ausführen kann. Die dafür genutzte Funktion der Modelines ist nur auf manchen Systemen aktiv.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-vim-modelines-erlauben-codeausfuehrung-1906-141710-rss.html


∗∗∗ phpmyadmin: PMASA-2019-4 ∗∗∗
---------------------------------------------
CSRF vulnerability in login form
Affected Versions: All versions prior to phpMyAdmin 4.9.0 are affected, probably at least as old as version 4.0 (perhaps even earlier)
CVE ID: CVE-2019-12616
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2019-4/


∗∗∗ phpmyadmin: PMASA-2019-3 ∗∗∗
---------------------------------------------
SQL injection in Designer feature
Affected Versions: phpMyAdmin versions prior to 4.8.6 are affected.
CVE ID: CVE-2019-11768
---------------------------------------------
https://www.phpmyadmin.net/security/PMASA-2019-3/


∗∗∗ Django security releases issued: 2.2.2, 2.1.9 and 1.11.21 ∗∗∗
---------------------------------------------
* CVE-2019-12308: AdminURLFieldWidget XSS
* Patched bundled jQuery for CVE-2019-11358: Prototype pollution
---------------------------------------------
https://www.djangoproject.com/weblog/2019/jun/03/security-releases/


∗∗∗ Wireless Presenter von Logitech und Inateck anfällig für Angriffe über Funk ∗∗∗
---------------------------------------------
Die Pentesting-Firma SySS hat bereits zum wiederholten Male Sicherheitslücken in Wireless-Presenter-Systemen gefunden, über die sich Systeme kapern lassen.
---------------------------------------------
https://heise.de/-4439795


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (python-django), openSUSE (curl and libtasn1), Oracle (kernel), Red Hat (etcd, kernel-alt, and rh-python36-python-jinja2), Scientific Linux (thunderbird), SUSE (libvirt), and Ubuntu (db5.3, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-gcp, linux-kvm, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-aws-hwe, linux-hwe, linux-oracle, linux-hwe, and linux-raspi2,  linux-snapdragon).
---------------------------------------------
https://lwn.net/Articles/790411/


∗∗∗ PHOENIX CONTACT PLCNext AXC F 2152 ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-01


∗∗∗ PHOENIX CONTACT FL NAT SMx ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-02


∗∗∗ Geutebrück G-Cam and G-Code ∗∗∗
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-155-03


∗∗∗ 2019-06-05: Multiple Vulnerabilities in ABB CP635 HMI ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-06-05: Vulnerabilities in ABB PB610 ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010377&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ 2019-06-05: Vulnerabilities in ABB CP651 HMI ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402&LanguageCode=en&DocumentPartId=&Action=Launch


∗∗∗ Security Advisory - XSS Vulnerability in Huawei HedEx products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190605-01-hedex-en


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server in IBM Cloud April 2019 CPU ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-in-ibm-cloud-april-2019-cpu/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in the IBM HTTP Server used in IBM WebSphere Application Server in IBM Cloud (CVE-2019-0211 CVE-2019-0220) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-the-ibm-http-server-used-in-ibm-websphere-application-server-in-ibm-cloud-cve-2019-0211-cve-2019-0220/


∗∗∗ IBM Security Bulletin: IBM Security Information Queue reveals internal data in application error messages ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-reveals-internal-data-in-application-error-messages/


∗∗∗ IBM Security Bulletin: IBM Security Information Queue does not prevent caching of sensitive pages ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-does-not-prevent-caching-of-sensitive-pages/


∗∗∗ IBM Security Bulletin: IBM Security Information Queue web application is vulnerable to clickjacking attack ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-web-application-is-vulnerable-to-clickjacking-attack/


∗∗∗ IBM Security Bulletin: IBM Security Information Queue web server allows downgrading to non-secure HTTP ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-web-server-allows-downgrading-to-non-secure-http/


∗∗∗ IBM Security Bulletin: IBM Security Information Queue discloses internal data left over from the product development phases ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-information-queue-discloses-internal-data-left-over-from-the-product-development-phases/


∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in Watson Openscale (Liberty, Java, node.js) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-watson-openscale-liberty-java-node-js/


∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-rational-application-developer-for-websphere-software-7/


∗∗∗ IBM Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-java-runtime-environment-that-ibm-provides-affect-websphere-datapower-xc10-appliance-2/


∗∗∗ TECSON/GOK Improper Authentication and Access Control on multiple devices ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2019-012

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily