[CERT-daily] Tageszusammenfassung - 09.01.2020
Daily end-of-shift report
team at cert.at
Thu Jan 9 18:37:09 CET 2020
=====================
= End-of-Day report =
=====================
Timeframe: Mittwoch 08-01-2020 18:00 − Donnerstag 09-01-2020 18:00
Handler: Robert Waldner
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ SNAKE Ransomware Is the Next Threat Targeting Business Networks ∗∗∗
---------------------------------------------
Since network administrators didnt already have enough on their plate, they now have to worry about a new ransomware called SNAKE that is targeting their networks and aiming to encrypt all of the devices connected to it [...]
---------------------------------------------
https://www.bleepingcomputer.com/news/security/snake-ransomware-is-the-next-threat-targeting-business-networks/
∗∗∗ A tale of a lesser known NFS privesc ∗∗∗
---------------------------------------------
There are countless online examples of privilege escalation abusing bad NFS configuration. However they all rely on the same prerequisite: that you are able to mount the share from somewhere else. ... But it just so happens that there is another, lesser known local exploit.
---------------------------------------------
https://www.errno.fr/nfs_privesc
∗∗∗ What is the Linux Auditing System (aka AuditD)? ∗∗∗
---------------------------------------------
The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. ... Our goal is to present a neutral overview of the Linux Auditing System so anyone considering implementing it in their own organization knows what to consider before embarking on their quest and what challenges may lurk ahead.
---------------------------------------------
https://capsule8.com/blog/auditd-what-is-the-linux-auditing-system/
=====================
= Vulnerabilities =
=====================
∗∗∗ Schnell updaten: Sicherheitslücke in Firefox wird aktiv ausgenutzt ∗∗∗
---------------------------------------------
Firefox hat mit Version 72.0.1 ein wichtiges Sicherheitsupdate herausgegeben. Geschlossen wird eine Sicherheitslücke, die bereits aktiv ausgenutzt wird. Gemeldet wurde sie von einer chinesischen Sicherheitsfirma. (Firefox, Browser)
---------------------------------------------
https://www.golem.de/news/schnell-updaten-sicherheitsluecke-in-firefox-wird-aktiv-ausgenutzt-2001-145963-rss.html
∗∗∗ What is Cable Haunt? ∗∗∗
---------------------------------------------
Cable Haunt is a critical vulnerability found in cable modems from various manufacturers across the world. ... First, access to the vulnerable endpoint is gained through a client on the local network, such as a browser. Secondly the vulnerable endpoint is hit with a buffer overflow attack, which gives the attacker control of the modem. .. list of confirmed vulnerable modems: Sagemcom F at st 3890/3986, Technicolor TC7230, Netgear C6250EMR/CG3700EMR, COMPAL 7284E/7486E
---------------------------------------------
https://cablehaunt.com/
∗∗∗ Security updates for Thursday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (firefox-esr), Fedora (firefox), Oracle (kernel), Slackware (firefox and kernel), SUSE (apache2-mod_perl, git, java-1_7_0-ibm, java-1_7_1-ibm, log4j, mariadb, and nodejs8), and Ubuntu (gnutls28, graphicsmagick, and nss).
---------------------------------------------
https://lwn.net/Articles/809074/
∗∗∗ CVE-2020-6175 - Citrix SD-WAN Security Update ∗∗∗
---------------------------------------------
An information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned the following CVE number. CVE-2020-6175 – Information Disclosure in Citrix SD-WAN Appliance 10.2.x before 10.2.6 and 11.0.x before 11.0.3
---------------------------------------------
https://support.citrix.com/article/CTX263526
∗∗∗ JSA10979 - 2020-01 Security Bulletin: Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon. (CVE-2020-1600) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10979&actp=RSS
∗∗∗ JSA10980 - 2020-01 Security Bulletin: Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash. (CVE-2020-1601) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10980&actp=RSS
∗∗∗ JSA10982 - 2020-01 Security Bulletin: Junos OS: Improper handling of specific IPv6 packets sent by clients may cause client devices IPv6 traffic to be black holed, and eventually kernel crash (vmcore) the device. (CVE-2020-1603) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10982&actp=RSS
∗∗∗ JSA10981 - 2020-01 Security Bulletin: Junos OS and Junos OS Evolved: Multiple vulnerabilities in JDHCPD allow for OS command injection and code execution of JDHCPD. ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10981&actp=RSS
∗∗∗ JSA10983 - 2020-01 Security Bulletin: Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets (CVE-2020-1604) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10983&actp=RSS
∗∗∗ JSA10985 - 2020-01 Security Bulletin: Junos OS: Path traversal vulnerability in J-Web (CVE-2020-1606) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10985&actp=RSS
∗∗∗ JSA10986 - 2020-01 Security Bulletin: Junos OS: Cross-Site Scripting (XSS) in J-Web (CVE-2020-1607) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10986&actp=RSS
∗∗∗ JSA10987 - 2020-01 Security Bulletin: Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service (CVE-2020-1608) ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10987&actp=RSS
∗∗∗ JSA10990 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in OpenSSL ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10990&actp=RSS
∗∗∗ JSA10991 - 2020-01 Security Bulletin: SBR Carrier: Multiple Vulnerabilities in Net-SNMP ∗∗∗
---------------------------------------------
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10991&actp=RSS
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list