[CERT-daily] Tageszusammenfassung - 15.11.2019
Daily end-of-shift report
team at cert.at
Fri Nov 15 18:10:39 CET 2019
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 14-11-2019 18:00 − Freitag 15-11-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ How the Linux kernel balances the risks of public bug disclosure ∗∗∗
---------------------------------------------
A serious Wi-Fi flaw shows how Linux handles security in plain sight.
---------------------------------------------
https://nakedsecurity.sophos.com/2019/11/15/how-the-linux-kernel-balances-the-risks-of-public-bug-disclosure/
∗∗∗ A Tale of Rootkits and Other Backdoors ∗∗∗
---------------------------------------------
In this post, we will focus on software backdoors commonly seen in Linux environments, we will attempt to outline some representative examples, and we will discuss common techniques backdoor authors use to hide their malicious payloads.
---------------------------------------------
https://capsule8.com/blog/dont-get-kicked-out-a-tale-of-rootkits-and-other-backdoors/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Advisory 2019-15: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
OTRS can be put into an endless loop by providing filenames with overly long extensions. This applies to the PostMaster (sending in email) and also upload (attaching files to mails, for example).
---------------------------------------------
https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/
∗∗∗ Security Advisory 2019-14: Security Update for OTRS Framework ∗∗∗
---------------------------------------------
An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, which are in the queue where attacker doesn’t have permissions.
---------------------------------------------
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
∗∗∗ A heap overflow vulnerability has been found in wolfssl ∗∗∗
---------------------------------------------
Wolfssl is an TLS library mostly used in embedded Linux devices. It is also used in the popular tool curl. ... The vulnerability has been given the CVE of CVE-2019–18840.
---------------------------------------------
https://medium.com/@social_62682/heap-overflow-in-wolfssl-cve-2019-18840-185d233c27de
∗∗∗ Lücke in älteren WhatsApp-Versionen erlaubte Codeausführung aus der Ferne ∗∗∗
---------------------------------------------
Facebook weist auf eine Lücke in dem Messenger WhatsApp hin. Viele Geräte sollten dank automatischer Updates bereits seit einiger Zeit geschützt sein.
---------------------------------------------
https://heise.de/-4587119
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by CentOS (kernel), Debian (ghostscript, mesa, and postgresql-common), Fedora (chromium, php-robrichards-xmlseclibs, php-robrichards-xmlseclibs3, samba, scap-security-guide, and wpa_supplicant), Mageia (cpio, fribidi, libapreq2, python-numpy, webkit2, and zeromq), openSUSE (ImageMagick, kernel, libtomcrypt, qemu, ucode-intel, and xen), Oracle (kernel), Red Hat (ghostscript, kernel, and kernel-rt), Scientific Linux (ghostscript and kernel), SUSE (bash, enigmail, ghostscript, kernel, libjpeg-turbo, openconnect, squid), Ubuntu (ghostscript, imagemagick, postgresql-common).
---------------------------------------------
https://lwn.net/Articles/804904/
∗∗∗ Philips IntelliBridge EC40/80 ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsma-19-318-01
∗∗∗ Omron CX-Supervisor ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-318-04
∗∗∗ ABB Power Generation Information Manager (PGIM) and Plant Connect ∗∗∗
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-318-05
∗∗∗ Security Bulletin: CSV Injection (CVE-2019-4490) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-csv-injection-cve-2019-4490/
∗∗∗ Security Bulletin: Multiple vulnerabilities in jackson-databind affect IBM Platform Symphony and IBM Spectrum Symphony ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-databind-affect-ibm-platform-symphony-and-ibm-spectrum-symphony/
∗∗∗ Security Bulletin: Security vulnerabilities affect IBM Cloud Object Storage SDK Java (November 2019 Bulletin) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-object-storage-sdk-java-november-2019-bulletin/
∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-performance-management-products/
∗∗∗ Security Bulletin: IBM OS Images for RedHat Enterprise System is vulnerable to Intel Microarchitectural Data Sampling (MDS) Vulnerabilites (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-os-images-for-redhat-enterprise-system-is-vulnerable-to-intel-microarchitectural-data-sampling-mds-vulnerabilites-cve-2018-12126-cve-2018-12127-cve-2018-12130-cve-2019-110/
∗∗∗ Security Bulletin: OpenSSL vulnerabilites impacting IBM Aspera Connect 3.7.4 and earlier (CVE-2017-3732, CVE-2016-7055) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-openssl-vulnerabilites-impacting-ibm-aspera-connect-3-7-4-and-earlier-cve-2017-3732-cve-2016-7055/
∗∗∗ Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable (CVE-2015-7450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-commons-collections-library-in-websphere-application-server-knowledge-center-is-vulnerable-cve-2015-7450/
∗∗∗ iControl REST logs a plaintext password when the syntax of a cURL request is incorrect ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61105950
∗∗∗ BIG-IP / BIG-IQ / Enterprise Manager / F5 iWorkflow Configuration utility vulnerability CVE-2019-6663 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K76052144
∗∗∗ TMM vulnerability CVE-2019-6660 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K23860356
∗∗∗ TLS 1.3 vulnerability CVE-2019-6659 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K34450231
∗∗∗ BIG-IP restjavad vulnerability CVE-2019-6662 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01049383
∗∗∗ TMOS vulnerability CVE-2019-6664 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K03126093
∗∗∗ BIG-IP APM apd vulnerability CVE-2019-6661 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61705126
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list