[CERT-daily] Tageszusammenfassung - 24.06.2019
Daily end-of-shift report
team at cert.at
Mon Jun 24 18:21:07 CEST 2019
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 21-06-2019 18:00 − Montag 24-06-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Microsoft: Were fighting Windows malware spread via Excel in email with bad macro ∗∗∗
---------------------------------------------
Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn't require Windows users to enable macros.
However, a new malware campaign that doesn't exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs.
---------------------------------------------
https://www.zdnet.com/article/microsoft-were-fighting-windows-malware-spread-via-excel-in-email-with-bad-macro/
=====================
= Vulnerabilities =
=====================
∗∗∗ Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar ∗∗∗
---------------------------------------------
Kritische Schwachstelle in bzip2 - je nach Setup für RCE ausnutzbar 24. Juni 2019 Beschreibung In der Kompressions-Software bzip2 gibt es eine Lücke, durch die sich in manchen Konfigurationen beliebiger Code mit den Rechten des Benutzers ausführen lässt. CVSS3 Score: 9.8 (laut NIST NVD) CVE-Nummer: CVE-2019-12900 Auswirkungen Angreifer müssen es schaffen, entsprechend präparierte komprimierte Dateien zur Dekompression zu bringen. Dies kann zB durch Versand solcher
---------------------------------------------
http://www.cert.at/warnings/all/20190624.html
∗∗∗ Tor Browser 8.5.3 Fixes a Sandbox Escape Vulnerability in Firefox ∗∗∗
---------------------------------------------
Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.
---------------------------------------------
https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sandbox-escape-vulnerability-in-firefox/
∗∗∗ Sicherheitslücke: Outlook-App ermöglichte Auslesen von E-Mails ∗∗∗
---------------------------------------------
Eigentlich sollte in E-Mails eingebetteter Javascript-Code nicht ausgeführt werden. Mit der Android-Version von Microsofts Outlook war dies durch einen Trick möglich. Mit einer präparierten E-Mail konnte unter anderem das Mailkonto ausgelesen werden.
---------------------------------------------
https://www.golem.de/news/sicherheitsluecke-outlook-app-ermoeglichte-auslesen-von-e-mails-1906-142096-rss.html
∗∗∗ Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer ∗∗∗
---------------------------------------------
If you use VLC media player on your computer and havent updated it recently, dont you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. Thats because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities...
---------------------------------------------
https://thehackernews.com/2019/06/vlc-media-player-hacking.html
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (jackson-databind, libvirt, pdns, and vim), Fedora (evince, firefox, gjs, libxslt, mozjs60, and poppler), openSUSE (dbus-1, firefox, ImageMagick, netpbm, openssh, and thunderbird), Oracle (libssh2, libvirt, and python), Scientific Linux (python), SUSE (compat-openssl098 , dbus-1 , evince , exempi , firefox , glib2 , gstreamer-0_10-plugins-base , gstreamer-plugins-base , java-1_8_0-ibm , libssh2_org , libvirt , netpbm , samba , SDL2 , sqlite3 , thunderbird, wireshark), Ubuntu (web2py)
---------------------------------------------
https://lwn.net/Articles/791921/
∗∗∗ cURL: Windows OpenSSL engine code injection ∗∗∗
---------------------------------------------
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
This flaw exists in the official curl-for-windows binaries built and hosted by the curl project (all versions up to and including 7.65.1_1). It does not exist in the curl executable shipped by Microsoft, bundled with Windows 10. It possibly exists in other curl builds for Windows too that uses OpenSSL.
---------------------------------------------
https://curl.haxx.se/docs/CVE-2019-5443.html
∗∗∗ Nagios Enterprises Nagios XI: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Nagios XI ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder vertrauliche Daten einzusehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K19-0534
∗∗∗ Mattermost security update 5.11.1 / 5.10.2 / 5.9.2 / 4.10.10 (ESR) released ∗∗∗
---------------------------------------------
We are releasing a recommended security update via Mattermost Team Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR) and Mattermost Enterprise Edition 5.11.1, 5.10.2, 5.9.2 and 4.10.10 (ESR). This security update addresses a medium-level vulnerability discovered during a security research review by Zonduu.
---------------------------------------------
https://mattermost.com/blog/mattermost-security-update-5-11-1-5-10-2-5-9-2-4-10-10-esr-released/
∗∗∗ Secure Hub accepts 10 digit worxpin when "PIN Length Requirement" Client Property is set to more than 10 ∗∗∗
---------------------------------------------
Secure Hub when enrolling would prompt for Worxpin post successful enrollment and you would observe that Worxpin requirement is met as soon as 10 Digit PIN is set while XM console has PIN Length Requirement set to more than 10.
---------------------------------------------
https://support.citrix.com/article/CTX256810
∗∗∗ IBM Security Bulletin: Vulnerability affects IBM Cloud Object Storage SDK Java (June 2019) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-affects-ibm-cloud-object-storage-sdk-java-june-2019/
∗∗∗ IBM Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Access Manager Appliance ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-fixed-in-ibm-security-access-manager-appliance/
∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Host On-Demand ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-host-on-demand-4/
∗∗∗ IBM Security Bulletin: Vulnerabilities in cURL affect QLogic Virtual Fabric Extension Module for IBM BladeCenter ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-curl-affect-qlogic-virtual-fabric-extension-module-for-ibm-bladecenter/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list