[CERT-daily] Tageszusammenfassung - 11.09.2019

Wed Sep 11 19:03:44 CEST 2019

=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 10-09-2019 18:00 − Mittwoch 11-09-2019 18:00
Handler:     Dimitri Robl
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ OpenDMARC: Aktiv ausgenutzte DMARC-Sicherheitslücke ohne Fix ∗∗∗
---------------------------------------------
Mitarbeiter von Protonmail haben in OpenDMARC eine Sicherheitslücke entdeckt, mit der sich die Signaturprüfung austricksen lässt. Angreifer haben die Lücke bereits für Phishingangriffe gegen Journalisten genutzt. OpenDMARC wird offenbar nicht weiterentwickelt und es gibt kein Update.
---------------------------------------------
https://www.golem.de/news/opendmarc-aktiv-ausgenutzte-dmarc-sicherheitsluecke-ohne-fix-1909-143798-rss.html


∗∗∗ Office 365: prone to security breaches? ∗∗∗
---------------------------------------------
Author: Willem Zeeman "Office 365 again?". At the Forensics and Incident Response department of Fox-IT, this is heard often. Office 365 breach investigations are common at our department. You'll find that this blog post actually doesn't make a case for Office 365 being inherently insecure – rather, it discusses some of the predictability of Office [...]
---------------------------------------------
https://blog.fox-it.com/2019/09/11/office-365-prone-to-security-breaches/


∗∗∗ NetCAT ∗∗∗
---------------------------------------------
NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). With NetCAT, we show this threat extends to untrusted clients over the network, which can now leak sensitive data such as keystrokes in a SSH session from remote servers with no local access.
---------------------------------------------
https://www.vusec.net/projects/netcat/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Patchday: Angreifer attackieren Windows und machen sich zum Admin ∗∗∗
---------------------------------------------
Microsoft hat wichtige Sicherheitsupdates für Office, Windows & Co. veröffentlicht. Einige Lücken gelten als kritisch.
---------------------------------------------
https://heise.de/-4519699


∗∗∗ Patchday: SAP behebt unter anderem kritische Lücke in NetWeaver ∗∗∗
---------------------------------------------
Am September-Patchday hat SAP zahlreiche Lücken geschlossen und überdies einige ältere Security Advisories aktualisiert.
---------------------------------------------
https://heise.de/-4519758


∗∗∗ Delta Electronics TPEditor ∗∗∗
---------------------------------------------
This advisory contains mitigations for stack-based buffer overflow, heap-based buffer overflow, and out-of-bounds write vulnerabilities in Delta Electronics TPEditor, a programming software for Delta text panels.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-253-01


∗∗∗ OSIsoft PI SQL Client ∗∗∗
---------------------------------------------
This advisory contains mitigations for an integer overflow or wraparound vulnerability in OSIsofts PI SQL Client component interface.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-19-253-06


∗∗∗ Intel Releases Security Updates ∗∗∗
---------------------------------------------
Original release date: September 10, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to gain an escalation of privileges on a previously infected machine.
---------------------------------------------
https://www.us-cert.gov/ncas/current-activity/2019/09/10/intel-releases-security-updates


∗∗∗ OpenSSL Security Advisory [10 September 2019] ∗∗∗
---------------------------------------------
ECDSA remote timing attack (CVE-2019-1547)
Fork Protection (CVE-2019-1549)
Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563)
---------------------------------------------
https://openssl.org/news/secadv/20190910.txt


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Fedora (python38), openSUSE (nginx, nodejs10, nodejs8, python-Twisted, python-Werkzeug, SDL2_image, SDL_image, and util-linux and shadow), Oracle (firefox and nghttp2), Red Hat (.NET Core, firefox, kernel, libwmf, pki-deps:10.6, and poppler), Scientific Linux (firefox), SUSE (ghostscript, libgcrypt, podman, python-SQLAlchemy, qemu, and webkit2gtk3), and Ubuntu (curl, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, systemd, and tomcat8).
---------------------------------------------
https://lwn.net/Articles/798966/


∗∗∗ Citrix SD-WAN Security Update ∗∗∗
---------------------------------------------
CTX256918 NewApplicable Products :  Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console.
---------------------------------------------
https://support.citrix.com/article/CTX256918


∗∗∗ IBM Security Bulletin: Spectrum Protect Operations Center vulnerable to Logjam (CVE-2015-4000) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-spectrum-protect-operations-center-vulnerable-to-logjam-cve-2015-4000/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily