[CERT-daily] Tageszusammenfassung - 04.11.2019

Daily end-of-shift report team at cert.at
Mon Nov 4 18:13:49 CET 2019


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 31-10-2019 18:00 − Montag 04-11-2019 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Windows: Schadsoftware nutzt erstmals Bluekeep-Sicherheitslücke aus ∗∗∗
---------------------------------------------
Als eine Sicherheitslücke wie Wanna Cry beschreibt Microsoft Bluekeep. Nun entdeckten Sicherheitsforscher die erste Schadsoftware, die die Lücke ausnutzt. Diese ist jedoch noch weit entfernt von dem Worst-Case-Szenario.
---------------------------------------------
https://www.golem.de/news/windows-schadsoftware-nutzt-erstmals-bluekeep-sicherheitsluecke-aus-1911-144784-rss.html


∗∗∗ Malware "QSnatch" attackiert QNAP-Netzwerkspeicher – auch in Deutschand ∗∗∗
---------------------------------------------
QSnatch hat es auch hierzulande auf NAS von QNAP abgesehen. Ob ein Firmware-Update hilft, ist unklar – durchführen sollte man es dennoch.
---------------------------------------------
https://heise.de/-4573483


∗∗∗ Android Beam erlaubt Einschleusen fremder Apps ∗∗∗
---------------------------------------------
Über NFC könnten fast unbemerkt gefährliche Apps auf Android-Geräte gelangen. Betroffen sind Android 8, 9 und 10. Es gibt Abhilfe.
---------------------------------------------
https://heise.de/-4574396



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advantech WISE-PaaS/RMM ∗∗∗
---------------------------------------------
This advisory contains mitigations for path traversal, missing authorization, improper restriction of XML external entity reference, and SQL injection vulnerabilities in Advantech’s WISE-PaaS/RMM IoT device remote monitoring and management platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-304-01


∗∗∗ Honeywell equIP Series IP Cameras ∗∗∗
---------------------------------------------
This advisory contains mitigations for an improper input validation vulnerability in Honeywells equIP series IP cameras.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-304-02


∗∗∗ Honeywell equIP and Performance Series IP Cameras ∗∗∗
---------------------------------------------
This advisory contains mitigations for a missing authentication for critical function vulnerability in Honeywells equIP series and Performance series IP cameras.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-304-03


∗∗∗ Honeywell equIP and Performance Series IP Cameras and Recorders ∗∗∗
---------------------------------------------
This advisory contains mitigations for an authentication bypass by capture-relay vulnerability in Honeywells equIP series and Performance series IP cameras and recorders.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-304-04


∗∗∗ Watch Out IT Admins! Two Unpatched Critical RCE Flaws Disclosed in rConfig ∗∗∗
---------------------------------------------
If youre using the popular rConfig network configuration management utility to protect and manage your network devices, here we have an important and urgent warning for you. A cybersecurity researcher has recently published details and proof-of-concept exploits for two unpatched, critical remote code execution vulnerabilities in the rConfig utility, at least one of which could allow [...]
---------------------------------------------
https://thehackernews.com/2019/11/rConfig-network-vulnerability.html


∗∗∗ Microsoft Office for Mac cannot properly disable XLM macros ∗∗∗
---------------------------------------------
The Microsoft Office for Mac option "Disable all macros without notification" enables XLM macros without prompting, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
---------------------------------------------
https://kb.cert.org/vuls/id/125336/


∗∗∗ Update verfügbar: MikroTik sichert Router gegen vier Schwachstellen ab ∗∗∗
---------------------------------------------
Schwachstellen in RouterOS lassen sich zu einer Exploit-Chain zusammenbauen. Gerätebesitzer sollten jetzt updaten.
---------------------------------------------
https://heise.de/-4573749


∗∗∗ Xcode: Lücken in Entwicklungsumgebung erlaubten beliebige Codeausführung ∗∗∗
---------------------------------------------
Zwei Lücken in der macOS-Entwicklungsumgebung Xcode vor Version 11.2 erlaubten die beliebige Programmcode-Ausführung – möglicherweise auch aus der Ferne.
---------------------------------------------
https://heise.de/-4575632


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (firefox, sudo, and thunderbird), Debian (libarchive and qtbase-opensource-src), Oracle (php), Red Hat (php, rh-php71-php, and rh-php72-php), Scientific Linux (firefox and php), and SUSE (kernel and samba).
---------------------------------------------
https://lwn.net/Articles/803651/


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium and qt5-webengine), CentOS (firefox and php), Fedora (file, java-latest-openjdk, nspr, nss, php, t1utils, and webkit2gtk3), Mageia (ansible, aspell, golang, libsoup, and libxslt), openSUSE (chromium and chromium, re2), Oracle (php), and Ubuntu (apport and file).
---------------------------------------------
https://lwn.net/Articles/803785/


∗∗∗ Synology-SA-19:36 PHP ∗∗∗
---------------------------------------------
CVE-2019-11043 allows remote attackers to execute arbitrary code via a susceptible version of PHP 7.2, or PHP 7.3.
---------------------------------------------
https://www.synology.com/en-global/support/security/Synology_SA_19_36


∗∗∗ [remote] Microsoft Windows Server 2012 - Group Policy Security Feature Bypass ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47559


∗∗∗ [remote] Microsoft Windows Server 2012 - Group Policy Remote Code Execution ∗∗∗
---------------------------------------------
https://www.exploit-db.com/exploits/47558


∗∗∗ Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator (CVE-2019-4442) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-websphere-application-server-shipped-with-ibm-cloud-orchestrator-cve-2019-4442/


∗∗∗ Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in PHP (CVE-2019-6978, CVE-2019-6977) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-php-cve-2019-6978-cve-2019-6977/


∗∗∗ Security Bulletin: IBM Navigator for i is affected by CVE-2019-4450 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4450/


∗∗∗ Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libssh2 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerabilities-in-libssh2/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-tcp-sack-panic-kernel-vulnerability/


∗∗∗ Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerability in PHP. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-flex-system-chassis-management-module-cmm-is-affected-by-vulnerability-in-php/


∗∗∗ Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache Commons Beanutils (CVE-2019-10086) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-content-navigator-is-affected-by-a-vulnerability-in-apache-commons-beanutils-cve-2019-10086/


∗∗∗ Security Bulletin: IBM Navigator for i is affected by CVE-2019-4450 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-navigator-for-i-is-affected-by-cve-2019-4450/


∗∗∗ BIG-IP TMUI XSS vulnerability CVE-2019-6657 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22441651


∗∗∗ BIG-IP AFM SQL injection vulnerability CVE-2019-6658 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K21121741


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX263477

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list