[CERT-daily] Tageszusammenfassung - 24.02.2020
Daily end-of-shift report
team at cert.at
Mon Feb 24 18:07:47 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Freitag 21-02-2020 18:00 − Montag 24-02-2020 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Windows 10 Gets Temp Fix for Critical Security Vulnerability ∗∗∗
---------------------------------------------
Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/windows-10-gets-temp-fix-for-critical-security-vulnerability/
∗∗∗ Celebrating Milestones (European CERT/CSIRT Report Coverage) ∗∗∗
---------------------------------------------
Celebrating a particularly significant long term milestone - our 107th National CERT/CSIRT recently signed up for Shadowservers free daily networking reporting service, which takes us to 136 countries and over 90% of the IPv4 Internet by IP space/ASN. This has finally changed our internal CERT reporting coverage map of Europe entirely green.
---------------------------------------------
https://www.shadowserver.org/news/celebrating-milestones-european-cert-csirt-report-coverage/
∗∗∗ Microsoft stellt Domaincontroller langsam auf LDAPS um ∗∗∗
---------------------------------------------
Microsoft bereitet eine Umstellung auf LDAPS im Active Directory vor. Admins sollten rechtzeitig Einstellungen und Logs prüfen, um Ausfälle zu vermeiden.
---------------------------------------------
https://heise.de/-4666079
∗∗∗ Emotet: Sicherheitsrisiko Microsoft Office 365 ∗∗∗
---------------------------------------------
Dokumentiert aber wenig bekannt: Den Business-Versionen von Office 365 fehlt eine wichtige Schutzfunktion, die unter anderem Emotet-Infektionen verhindern kann.
---------------------------------------------
https://heise.de/-4665197
∗∗∗ Betrügerisches Wettbüro: sportbetting-365.com ∗∗∗
---------------------------------------------
Vorsicht vor betrügerischen Wettbüros im Internet wie sportbetting-365.com. Die Website erinnert auf den ersten Blick an zahlreiche echte Wettangebote und Online-Casinos. Bei genauerem Hinsehen fallen aber grobe Mängel auf: So gibt es beispielsweise kein Impressum. Einzahlungen funktionieren äußerst einfach, Auszahlungen hingegen sind praktisch unmöglich.
---------------------------------------------
https://www.watchlist-internet.at/news/betruegerisches-wettbuero-sportbetting-365com/
=====================
= Vulnerabilities =
=====================
∗∗∗ OpenSMTPD 6.6.4p1 Security Release ∗∗∗
---------------------------------------------
An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
---------------------------------------------
https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.4p1
∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libpam-radius-auth, pillow, ppp, proftpd-dfsg, and python-pysaml2), Fedora (firefox, glib2, hiredis, http-parser, libuv, mingw-openjpeg2, nghttp2, nodejs, openjpeg2, python-pillow, skopeo, and webkit2gtk3), Mageia (patch, postgresql, and systemd), Red Hat (ksh, nodejs:10, openjpeg2, python-pillow, systemd, and thunderbird), and SUSE (java-1_7_1-ibm, libsolv, libzypp, zypper, pdsh, slurm_18_08, and php53).
---------------------------------------------
https://lwn.net/Articles/813153/
∗∗∗ Bugtraq: [TZO-16-2020] - F-SECURE Generic Malformed Container bypass (GZIP) ∗∗∗
---------------------------------------------
http://www.securityfocus.com/archive/1/542240
∗∗∗ Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability ∗∗∗
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
∗∗∗ Security Advisory - Privilege Escalation Vulnerability in Huawei PCManager Product ∗∗∗
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200221-01-pcmanager-en
∗∗∗ Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v2) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-cloud-object-storage-systems-february-2020v2/
∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Path Disclosure (CVE-2019-4745) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-path-disclosure-cve-2019-4745/
∗∗∗ Security Bulletin: Vulnerabilities in Curl affect PowerSC (CVE-2019-5481, CVE-2019-5482) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-curl-affect-powersc-cve-2019-5481-cve-2019-5482/
∗∗∗ Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerablility. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-http2-implementation-vulnerablility/
∗∗∗ Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Spectrum Protect Plus (CVE-2019-12402). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-apache-commons-compress-affects-ibm-spectrum-protect-plus-cve-2019-12402/
∗∗∗ Security Bulletin: Command injection vulnerabilities in IBM Spectrum Protect Plus (CVE-2020-4210, CVE-2020-4213, CVE-2020-4222, CVE-2020-4212, CVE-2020-4211) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-command-injection-vulnerabilities-in-ibm-spectrum-protect-plus-cve-2020-4210-cve-2020-4213-cve-2020-4222-cve-2020-4212-cve-2020-4211/
∗∗∗ Security Bulletin: Vulnerabilities in Samba affect IBM Spectrum Protect Plus (CVE-2019-14833, CVE-2019-14847, CVE-2019-10218) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-samba-affect-ibm-spectrum-protect-plus-cve-2019-14833-cve-2019-14847-cve-2019-10218/
∗∗∗ Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM Spectrum Protect Plus ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-linux-kernel-affect-ibm-spectrum-protect-plus/
∗∗∗ Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2019-4703) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-in-ibm-spectrum-protect-plus-cve-2019-4703/
∗∗∗ Security Bulletin: Multiple vulnerabilities in FasterXML Jackson-databind affect IBM Spectrum Protect Plus (CVE-2019-16943, CVE-2019-16942, CVE-2019-17531, CVE-2019-17267, CVE-2019-14540, CVE-2019-16335, CVE-2019-14379, CVE-2019-14439) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-fasterxml-jackson-databind-affect-ibm-spectrum-protect-plus-cve-2019-16943-cve-2019-16942-cve-2019-17531-cve-2019-17267-cve-2019-14540-cve-2019-163/
∗∗∗ Security Bulletin: A security vulnerability has been identified in libjpeg-turbo shipped with PowerAI. ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-libjpeg-turbo-shipped-with-powerai/
∗∗∗ HPESBGN03984 rev.1 - HPE OpenCall Media Platform (OCMP), Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03984en_us
∗∗∗ HPESBHF03985 rev.1 - Certain HPE Servers with Intel Xeon SP-based processors, Local Disclosure of Information ∗∗∗
---------------------------------------------
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03985en_us
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list