[CERT-daily] Tageszusammenfassung - 27.03.2020

Daily end-of-shift report team at cert.at
Fri Mar 27 18:16:30 CET 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 26-03-2020 18:00 − Freitag 27-03-2020 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Bug: Kein durchgängiges VPN unter iOS ∗∗∗
---------------------------------------------
Alte Verbindungen werden unter iOS derzeit am VPN vorbeigeleitet.
---------------------------------------------
https://www.golem.de/news/bug-kein-durchgaengiges-vpn-unter-ios-2003-147552-rss.html


∗∗∗ Corona-Malware-Kampagne im Namen der WHO über manipulierte Routereinstellungen ∗∗∗
---------------------------------------------
Manipulierte DNS-Settings von D-Link- und Linksys-Routern leiten auf angebliche Warnhinweise der World Health Organization, hinter denen sich Malware verbirgt.
---------------------------------------------
https://heise.de/-4692092


∗∗∗ Micropatching Unknown 0days in Windows Type 1 Font Parsing ∗∗∗
---------------------------------------------
Three days ago, Microsoft published a security advisory alerting about two vulnerabilities in Windows font parsing, which were noticed as being exploited in "limited targeted Windows 7 based attacks." These vulnerabilities currently dont have an official vendor fix. As weve done before in a similar situation, we decided to provide our users with a micropatch to protect [...]
---------------------------------------------
https://blog.0patch.com/2020/03/micropatching-unknown-0days-in-windows.html


∗∗∗ Unseriöser Online-Shop: silahmall.com ∗∗∗
---------------------------------------------
Antiquitäten, Kleidung, Schmuck und Uhren, Möbel oder Computer-Zubehör. Der Online-Shop silahmall.com bietet eine breite Produktpalette an und verspricht hochwertige Qualität. Die Seite verlockt zum Einkaufen. Doch seien Sie vorsichtig! Wir raten von einer Bestellung ab, da es kein Impressum auf der Seite gibt und die einzige angegebene Kontaktmöglichkeit unseriös ist.
---------------------------------------------
https://www.watchlist-internet.at/news/unserioeser-online-shop-silahmallcom/



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Advantech WebAccess ∗∗∗
---------------------------------------------
This advisory contains mitigations for a stack-based buffer overflow vulnerability in Advantechs WebAccess HMI platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-086-01


∗∗∗ VISAM Automation Base (VBASE) ∗∗∗
---------------------------------------------
This advisory contains mitigations for several vulnerabilities in VISAMs VBASE automation platform.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-084-01


∗∗∗ Schneider Electric IGSS SCADA Software ∗∗∗
---------------------------------------------
This advisory contains mitigations for path traversal and missing authentication for critical function vulnerabilities in the Schneider Electric ICSS SCADA software.
---------------------------------------------
https://www.us-cert.gov/ics/advisories/icsa-20-084-02


∗∗∗ Critical CODESYS Bug Allows Remote Code Execution ∗∗∗
---------------------------------------------
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
---------------------------------------------
https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/


∗∗∗ [Wikitech-l] MediaWiki Extensions and Skins Security Release Supplement (1.31.7/1.33.3/1.34.1) ∗∗∗
---------------------------------------------
With the security/maintenance release of MediaWiki 1.31.7/1.33.3/1.34.1 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: [...]
---------------------------------------------
https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093245.html


∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (bluez and php5), Fedora (chromium, kernel, and PyYAML), Gentoo (adobe-flash, libvpx, php, qtcore, and unzip), openSUSE (chromium, kernel, and mcpp), Oracle (ipmitool and libvncserver), Red Hat (ipmitool and rh-postgresql10-postgresql), Slackware (kernel), and SUSE (ldns and tomcat6).
---------------------------------------------
https://lwn.net/Articles/816130/


∗∗∗ OTRS: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0268


∗∗∗ MediaWiki: Schwachstelle ermöglicht Cross-Site Scripting ∗∗∗
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-0271


∗∗∗ PHOENIX CONTACT Local Privilege Escalation in PC WORX SRT ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-012


∗∗∗ PHOENIX CONTACT Local Privilege Escalation in Portico Remote desktop control software ∗∗∗
---------------------------------------------
https://cert.vde.com/de-de/advisories/vde-2020-013


∗∗∗ Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-http2-implementation-vulnerabilities-2/


∗∗∗ Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-file-agent/


∗∗∗ Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-2/


∗∗∗ BIG-IP TMM Ram Cache vulnerability CVE-2020-5861 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K22113131


∗∗∗ BIG-IP HTTP profile vulnerability CVE-2020-5857 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K70275209


∗∗∗ BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K61367237


∗∗∗ BIG-IP AWS vulnerability CVE-2020-5862 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K01054113


∗∗∗ BIG-IP tmsh vulnerability CVE-2020-5858 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K36814487

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list