[CERT-daily] Tageszusammenfassung - 16.10.2020

Daily end-of-shift report team at cert.at
Fri Oct 16 18:29:40 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Donnerstag 15-10-2020 18:00 − Freitag 16-10-2020 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

=====================
=       News        =
=====================

∗∗∗ NPM nukes NodeJS malware opening Windows, Linux reverse shells ∗∗∗
---------------------------------------------
NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data. These 4 packages had collected over 1,000 total downloads over the course of the last few months up until being removed by NPM yesterday.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/


∗∗∗ CVE-2020-16898: Windows ICMPv6 Router Advertisement RRDNS Option Remote Code Execution Vulnerability, (Thu, Oct 15th) ∗∗∗
---------------------------------------------
Highlights
- Do not disable IPv6 entirely unless you want to break Windows in interesting ways.
- This can only be exploited from the local subnet.
- But it may lead to remote code execution / BSOD
- PoC exploit is easy, but actual RCE is hard.
- Patch
For more details, see also the YouTube video I just published: [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/26684


∗∗∗ Traffic Analysis Quiz: Ugly-Wolf.net, (Fri, Oct 16th) ∗∗∗
---------------------------------------------
It's that time of the month again...  Time for another traffic analysis quiz!  This one is from a Windows 10 client logged into an Active Directory (AD) environment.
---------------------------------------------
https://isc.sans.edu/diary/rss/26688


∗∗∗ CVE-2020-15157 "ContainerDrip" Write-up ∗∗∗
---------------------------------------------
CVE-2020-15157: If an attacker publishes a public image with a crafted manifest that directs one of the image layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used by ctr/containerd to access that registry. In some cases, this may be the user’s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other [...]
---------------------------------------------
https://darkbit.io/blog/cve-2020-15157-containerdrip


∗∗∗ CMS Drupal: OAuth Server-Modul anfällig für SQL-Injection-Angriffe ∗∗∗
---------------------------------------------
Das OAuth Server-Modul für Drupal 8 benötigt ein Update auf 8.x-1.1. Die neue Version schließt eine "moderat kritische" Lücke.
---------------------------------------------
https://heise.de/-4930778



=====================
=  Vulnerabilities  =
=====================

∗∗∗ VMware Horizon Client update addresses a denial-of-service vulnerability (CVE-2020-3991) ∗∗∗
---------------------------------------------
VMware Horizon Client for Windows contains a denial-of-service vulnerability due to a file system access control issue during install time. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2020-0022.html


∗∗∗ Kritische Lücke in SonicWall Firewall für Denial-of-Service-Angriffe ausnutzbar ∗∗∗
---------------------------------------------
Es stehen Updates für mehrere Versionen von SonicOS bereit, die eine kritische sowie zehn weitere Sicherheitslücken von "Medium" bis "High" beseitigen.
---------------------------------------------
https://heise.de/-4930351


∗∗∗ CVE-2020-17022 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
---------------------------------------------
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022


∗∗∗ Adobe patches Magento bugs that lead to code execution, customer list tampering ∗∗∗
---------------------------------------------
The out-of-band security update tackles eight critical and important vulnerabilities.
---------------------------------------------
https://www.zdnet.com/article/adobe-patches-magento-bugs-that-lead-to-code-execution-customer-list-tampering/


∗∗∗ BlackBerry Powered by Android Security Bulletin - September 2020 ∗∗∗
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000069642


∗∗∗ Security Bulletin: Multiple Vulnerabilities in Jackson Core affect IBM Maximo Asset Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-jackson-core-affect-ibm-maximo-asset-management/


∗∗∗ Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a 3RD PARTY Cryptographc vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-big-data-intelligence-sonarg-is-affected-by-a-3rd-party-cryptographc-vulnerability/


∗∗∗ Security Bulletin: IBM Maximo Asset Management is vulnerable to Authentication Bypass (CVE-2020-4493) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-maximo-asset-management-is-vulnerable-to-authentication-bypass-cve-2020-4493-2/


∗∗∗ Security Bulletin: Vulnerabilities in Apache ActiveMQ affect IBM Operations Analytics Predictive Insights (CVE-2020-11998, CVE-2020-13920) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-activemq-affect-ibm-operations-analytics-predictive-insights-cve-2020-11998-cve-2020-13920/


∗∗∗ Security Bulletin: IBM Resilient SOAR could allow a privileged user to inject malicious commands through Python3 scripting (CVE-2020-4636). ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-could-allow-a-privileged-user-to-inject-malicious-commands-through-python3-scripting-cve-2020-4636/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list