[CERT-daily] Tageszusammenfassung - 21.06.2019
Daily end-of-shift report
team at cert.at
Fri Jun 21 18:22:49 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 19-06-2019 18:00 − Freitag 21-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Botnet Uses SSH and ADB to Create Android Cryptomining Army ∗∗∗
---------------------------------------------
Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
=====================
= Vulnerabilities =
=====================
∗∗∗ PHOENIX CONTACT Automation Worx Software Suite ∗∗∗
---------------------------------------------
This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01
∗∗∗ Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen ∗∗∗
---------------------------------------------
Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht.
---------------------------------------------
https://heise.de/-4451734
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3).
---------------------------------------------
https://lwn.net/Articles/791572/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird).
---------------------------------------------
https://lwn.net/Articles/791669/
∗∗∗ Synology-SA-19:28 Linux kernel ∗∗∗
---------------------------------------------
CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_28
∗∗∗ Multiple vulnerabilities in VAIO Update ∗∗∗
---------------------------------------------
https://jvn.jp/en/jp/JVN13555032/
∗∗∗ Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K42117350
∗∗∗ Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
∗∗∗ Security vulnerabilities fixed in Thunderbird 60.7.2 ∗∗∗
---------------------------------------------
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/
∗∗∗ AirPort Base Station Firmware Update 7.8.1 ∗∗∗
---------------------------------------------
https://support.apple.com/kb/HT210091
∗∗∗ CVE-2019-10072 Apache Tomcat HTTP/2 DoS ∗∗∗
---------------------------------------------
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/browser
∗∗∗ DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability ∗∗∗
---------------------------------------------
https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
∗∗∗ [webapps] WebERP 4.15 - SQL injection ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47013
∗∗∗ DoS Vulnerability in Huawei S Series Switch Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-01-switch-en
∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-messagegateway-is-affected-by-the-following-jquery-vulnerability/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-5/
∗∗∗ IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-denial-of-service-vulnerability-in-node-js-cve-2019-5737/
∗∗∗ IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-affected-by-the-following-four-ibm-java-vulnerabilities-2/
∗∗∗ IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-lodash-module-vulnerability-cve-2018-16487/
∗∗∗ IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-messagegateway-is-affected-by-the-following-websphere-application-server-vulnerability/
∗∗∗ IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-5390/
∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-qlogic-8gb-intelligent-pass-thru-module-and-san-switch-module-for-ibm-bladecenter-and-qlogic-virtual-fabric-extension-module-for-ibm-bladecente/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list