[CERT-daily] Tageszusammenfassung - 05.03.2019
Daily end-of-shift report
team at cert.at
Tue Mar 5 18:10:09 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Montag 04-03-2019 18:00 − Dienstag 05-03-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ RSAC 2019: Microsoft Zero-Day Allows Exploits to Sneak Past Sandboxes ∗∗∗
---------------------------------------------
The flaw allows attackers to hide exploits in weaponized Word documents in a way that won’t trigger most antivirus solutions, the researchers said. In a recent spam campaign observed by Mimecast, attached Word attachments contained a hidden exploit for an older vulnerability in Microsoft Equation Editor (CVE-2017-11882).
---------------------------------------------
https://threatpost.com/zero-day-exploit-microsoft/142327/
∗∗∗ SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability ∗∗∗
---------------------------------------------
Leakage ... is visible in all Intel generations starting from 1st-gen Intel Core CPUs Further demonstrating the computational risks of looking into the future, boffins have found another way to abuse speculative execution in Intel CPUs to leak secrets and other data from running applications.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2019/03/05/spoiler_intel_flaw/
∗∗∗ Keine Alibis und Urkundenfälschungen auf dokumenten-guru.de bestellen! ∗∗∗
---------------------------------------------
Auf dokumenten-guru.de finden Konsument/innen ein höchst zwielichtiges Angebot. Gegen Zahlung per Vorkasse werden gefälschte Alibis, Scheinrechnungen, Dokumente sowie die Fälschung von Zeugnissen und Zertifikaten angeboten. Die Dienste sollten auf keinen Fall in Anspruch genommen werden, denn während Lieferungen Erfahrungsberichten zufolge ohnedies ausbleiben, machen sich Konsument/innen durch die Nutzung gefälschter Urkunden und Zeugnisse strafbar!
---------------------------------------------
https://www.watchlist-internet.at/news/keine-alibis-und-urkundenfaelschungen-auf-dokumenten-gurude-bestellen/
∗∗∗ Keine Dienste von installateur-24.info nutzen ∗∗∗
---------------------------------------------
Bei der Google-Suche nach Installateursunternehmen stoßen Konsument/innen auf installateur-24.info. Die Betreiber/innen der Seite werben mit einem rund um die Uhr Notservice, fairen Preisen und viel Erfahrung. Wer die Dienste in Anspruch nimmt, wird böse überrascht, denn die Preise fallen extrem hoch aus und die erbrachten Leistungen lassen zu wünschen übrig.
---------------------------------------------
https://www.watchlist-internet.at/news/keine-dienste-von-installateur-24info-nutzen/
=====================
= Vulnerabilities =
=====================
∗∗∗ Android Security Bulletin - March 2019 ∗∗∗
---------------------------------------------
[...] The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
---------------------------------------------
https://source.android.com/security/bulletin/2019-03-01.html
∗∗∗ VMSA-2018-0023 ∗∗∗
---------------------------------------------
The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted.
The VMware Content Locker for iOS devices contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2018-0023.html
∗∗∗ Xen XSA-294 ∗∗∗
---------------------------------------------
Malicious 64bit PV guests may be able to cause a host crash (Denial of Service).
Additionally, vulnerable configurations are unstable even in the absence of an attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-294.html
∗∗∗ Xen XSA-293 ∗∗∗
---------------------------------------------
A malicious unprivileged guest userspace process can escalate its privilege to that of other userspace processes in the same guest, and potentially thereby to that of the guest operating system. Additionally, some guest software which attempts to use this CPU feature may trigger the bug accidentally, leading to crashes or corruption of other processes in the same guest.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-293.html
∗∗∗ Xen XSA-292 ∗∗∗
---------------------------------------------
Malicious PV guests may be able to cause a host crash (Denial of Service) or to gain access to data pertaining to other guests. Privilege escalation opportunities cannot be ruled out. Additionally, vulnerable configurations are likely to be unstable even
in the absence of an attack.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-292.html
∗∗∗ Xen XSA-291 ∗∗∗
---------------------------------------------
Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-291.html
∗∗∗ Xen XSA-290 ∗∗∗
---------------------------------------------
Malicious or buggy x86 PV guest kernels can mount a Denial of Service (DoS) attack affecting the whole system.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-290.html
∗∗∗ Xen XSA-288 ∗∗∗
---------------------------------------------
An untrusted PV domain with access to a physical device can DMA into its own pagetables, leading to privilege escalation.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-288.html
∗∗∗ Xen XSA-287 ∗∗∗
---------------------------------------------
A single PV guest can leak arbitrary amounts of memory, leading to a denial of service.
A cooperating pair of PV and HVM/PVH guests can get a writable pagetable entry, leading to information disclosure or privilege escalation.
Privilege escalation attacks using only a single PV guest or a pair of PV guests have not been ruled out.
Note that both of these attacks require very precise timing, which may be difficult to exploit in practice.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-287.html
∗∗∗ Xen XSA-285 ∗∗∗
---------------------------------------------
Malicious PV guests can escalate their privilege to that of the hypervisor.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-285.html
∗∗∗ Xen XSA-284 ∗∗∗
---------------------------------------------
The primary impact is a memory leak. Malicious or buggy guests with passed through PCI devices may also be able to escalate their privileges, crash the host, or access data belonging to other guests.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-284.html
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (nss), openSUSE (procps), Red Hat (redhat-virtualization-host, rhvm-appliance, and vdsm), SUSE (freerdp, kernel, and obs-service-tar_scm), and Ubuntu (openssh).
---------------------------------------------
https://lwn.net/Articles/781363/
∗∗∗ Security Advisory - FRP Bypass Vulnerability on Some Huawei Smartphones ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190305-01-frp-en
∗∗∗ IBM Security Bulletin: A vulnerability in Spice affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-spice-affects-powerkvm-3/
∗∗∗ IBM Security Bulletin: A vulnerability in Polkit affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-polkit-affects-powerkvm/
∗∗∗ IBM Security Bulletin: A vulnerability in Bind affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-bind-affects-powerkvm-3/
∗∗∗ IBM Security Bulletin: Vulnerabiliies in systemd affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-systemd-affect-powerkvm/
∗∗∗ IBM Security Bulletin: A vulnerability in Perl affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-perl-affects-powerkvm/
∗∗∗ IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4030) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-cross-site-scripting-vulnerability-in-websphere-application-server-admin-console-cve-2019-4030/
∗∗∗ IBM Security Bulletin: A vulnerability in keepalived affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-keepalived-affects-powerkvm/
∗∗∗ IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-the-linux-kernel-affect-powerkvm-14/
∗∗∗ IBM Security Bulletin: Vulnerabiliies in libmspack affect PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabiliies-in-libmspack-affect-powerkvm/
∗∗∗ IBM Security Bulletin: A vulnerability in NetworkManager affects PowerKVM ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-networkmanager-affects-powerkvm-2/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list