[CERT-daily] Tageszusammenfassung - 13.11.2019

Wed Nov 13 18:11:04 CET 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 12-11-2019 18:00 − Mittwoch 13-11-2019 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ Network Traffic Analysis for IR: Address Resolution Protocol (ARP) with Wireshark ∗∗∗
---------------------------------------------
Introduction to the Address Resolution Protocol The Address Resolution Protocol (ARP) was first defined in RFC 826. As the name suggests, it is designed to resolve IP addresses into a form usable by other systems within a subnet. Network addressing works at a couple of different layers of the OSI model.
---------------------------------------------
https://resources.infosecinstitute.com/address-resolution-protocol-arp-with-wireshark/


∗∗∗ Schlüssel aus TPM-Chips lassen sich extrahieren ∗∗∗
---------------------------------------------
Mit einem Timing-Angriff lassen sich Signaturschlüssel auf Basis elliptischer Kurven aus TPM-Chips extrahieren. ... TPM-Chips sind in allen modernen PCs vorhanden und teilweise umstritten, da sie auch dazu genutzt werden können, Schutzmechanismen gegen den Willen des Nutzers umzusetzen. Trotz ihrer Verbreitung werden die Chips eher selten für kritische Applikationen genutzt, die Auswirkungen der Lücke dürften sich in Grenzen halten.
---------------------------------------------
https://www.golem.de/news/tpm-fail-schluessel-aus-tpm-chips-lassen-sich-extrahieren-1911-144955.html


∗∗∗ GSM Traffic and Encryption: A5/1 Stream Cipher ∗∗∗
---------------------------------------------
This write-up documents some of my follow-up research with regard to analyzing the GSM traffic packets I captured using Software Defined Radio. My attempt was to better understand the GSM mobile network protocols and procedures, with an emphasis on the authentication and ciphering algorithms being deployed.
---------------------------------------------
https://www.blackhillsinfosec.com/gsm-traffic-and-encryption-a5-1-stream-cipher/


∗∗∗ Angriffe über USB und Bluetooth: Android-Smartphones verwundbar ∗∗∗
---------------------------------------------
Sicherheitsforscher haben Schwachstellen in mehreren älteren Android-Smartphones entdeckt, die sie über USB- und Bluetooth-Verbindungen ausnutzen konnten.
---------------------------------------------
https://heise.de/-4584690


∗∗∗ Seriöses Job-Angebot oder Auftrag zur Geldwäsche? ∗∗∗
---------------------------------------------
Auf diversen Job-Börsen und Kleinanzeigenportalen stoßen Arbeitssuchende momentan auf Angebote zur freien Mitarbeit der „TideBit Deutschland LTD“. Die Firma existiert in dieser Form nicht. Kriminelle missbrauchen den Namen eines Kryptowährungsunternehmens, um BewerberInnen zur Geldwäsche zu bringen. Wer die Aufgaben erfüllt, macht sich womöglich selbst strafbar.
---------------------------------------------
https://www.watchlist-internet.at/news/serioeses-job-angebot-oder-auftrag-zur-geldwaesche/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ November 2019 security updates are available! ∗∗∗
---------------------------------------------
We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020. 
---------------------------------------------
https://msrc-blog.microsoft.com:443/2019/11/12/november-2019-security-updates-are-available/


∗∗∗ Intel fixt Sicherheitslücken und enthüllt nebenbei eine neue ZombieLoad-Variante ∗∗∗
---------------------------------------------
Zum Patch Tuesday hat Intel 77 teils kritische Lücken gefixt, unter denen sich auch ein bislang geheim gehaltener Seitenkanalangriff befand.
---------------------------------------------
https://heise.de/-4584543


∗∗∗ VMSA-2019-0020 ∗∗∗
---------------------------------------------
VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0020.html


∗∗∗ VMSA-2019-0021 ∗∗∗
---------------------------------------------
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541, CVE-2019-5542)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0021.html


∗∗∗ VMSA-2019-0008.2 ∗∗∗
---------------------------------------------
VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2019-0008.html


∗∗∗ Xen Security Advisory CVE-2019-11135 / XSA-305 ∗∗∗
---------------------------------------------
A new way to sample data from microarchitectural structures has been identified.  A TSX Asynchronous Abort is a state which occurs between a transaction definitely aborting (usually for reasons outside of the pipeline's control e.g. receiving an interrupt), and architectural state being rolled back to start of the transaction. During this period, speculative execution may be able to infer the value of data in the microarchitectural structures.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-305.html


∗∗∗ Xen Security Advisory CVE-2018-12207 /  XSA-304 ∗∗∗
---------------------------------------------
An erratum exists across some CPUs whereby an instruction fetch may cause a machine check error if the pagetables have been updated in a specific manner without invalidating the TLB. ... This corner case can be triggered by guest kernels.
---------------------------------------------
https://xenbits.xen.org/xsa/advisory-304.html


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, ..., webkit2gtk)
---------------------------------------------
https://lwn.net/Articles/804641/


∗∗∗ Citrix Hypervisor Security Update ∗∗∗
---------------------------------------------
CTX263684 - A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.
---------------------------------------------
https://support.citrix.com/article/CTX263684


∗∗∗ Citrix ADC and Citrix Gateway Security Update (CVE-2019-0140) ∗∗∗
---------------------------------------------
CTX263807 - A vulnerability has been identified affecting Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, platforms which could result in privilege escalation via layer 2 network access on all network interfaces.
---------------------------------------------
https://support.citrix.com/article/CTX263807


∗∗∗ Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex


∗∗∗ Cisco Identity Services Engine Cross-Site Scripting Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss


∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei Products ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-01-homerouter-en


∗∗∗ Security Advisory - Improper File Management Vulnerability in Huawei Share ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-02-share-en


∗∗∗ Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities/


∗∗∗ Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2019-1559) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-controller-fpc-is-affected-by-vulnerability-in-openssl-cve-2019-1559/


∗∗∗ libpcap vulnerability CVE-2019-15163 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS


∗∗∗ Hotfix XS80E008 - For Citrix Hypervisor 8.0 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX263663


∗∗∗ Hotfix XS76E012 - For XenServer 7.6 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX263662


∗∗∗ Hotfix XS71ECU2024 - For XenServer 7.1 Cumulative Update 2 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX263661


∗∗∗ Hotfix XS70E075 - For XenServer 7.0 ∗∗∗
---------------------------------------------
https://support.citrix.com/article/CTX263660

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily