[CERT-daily] Tageszusammenfassung - 19.10.2020

Daily end-of-shift report team at cert.at
Mon Oct 19 18:17:35 CEST 2020


=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 16-10-2020 18:00 − Montag 19-10-2020 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Hackers now abuse BaseCamp for free malware hosting ∗∗∗
---------------------------------------------
Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/


∗∗∗ Enumerate AWS API Permissions Without Logging to CloudTrail ∗∗∗
---------------------------------------------
The following is a technical writeup for a bug I found in the AWS API that allows you to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 different API actions across 40 different AWS services. This would be beneficial for a Penetration Tester or a Red Teamer to enumerate what permissions the role or user they’ve compromised has access to without alerting the blue team as no logs are generated in CloudTrail.
---------------------------------------------
https://frichetten.com/blog/aws-api-enum-vuln/


∗∗∗ Secret fragments: Remote code execution on Symfony based websites ∗∗∗
---------------------------------------------
This configuration value, secret, is also used, for instance, to build CSRF tokens and remember-me tokens. Given its importance, this value must obviously be very random. Unfortunately, we discovered that oftentimes, the secret either has a default value, or there exist ways to obtain the value, bruteforce it offline, or to purely and simply bypass the security check that it is involved with. It most notably affects Bolt, eZPlatform, and eZPublish.
---------------------------------------------
https://www.ambionics.io/blog/symfony-secret-fragment



=====================
=  Vulnerabilities  =
=====================

∗∗∗ Magento, Visual Studio Code users: You need to patch! ∗∗∗
---------------------------------------------
* Microsoft has fixed CVE-2020-17023, a remote code execution vulnerability in Visual Studio Code, its free and extremely popular source-code editor that’s available for Windows, macOS and Linux.
* Microsoft has also fixed a RCE (CVE-2020-17022) in the way that Microsoft Windows Codecs Library handles objects in memory, which could be triggered by a program processing a specially crafted image file. It only affects Windows 10 users, and only if they installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store. 
* After fixing just one Adobe Flash Player flaw on October 2020 Patch Tuesday, Adobe has followed up with security updates for several Magento Commerce and Magento Open Source versions.
---------------------------------------------
https://www.helpnetsecurity.com/2020/10/19/magento-visual-studio-code-users-you-need-to-patch/


∗∗∗ Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen (CVE-2020-14185) ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in der Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K20-1002


∗∗∗ Discord desktop app vulnerability chain triggered remote code execution attacks ∗∗∗
---------------------------------------------
Discord has patched a critical issue in the desktop version of the messaging app which left users vulnerable to remote code execution (RCE) attacks.  
---------------------------------------------
https://www.zdnet.com/article/discord-desktop-app-vulnerable-to-remote-code-execution-bug/


∗∗∗ FRITZ!Box DNS Rebinding Protection Bypass ∗∗∗
---------------------------------------------
RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism.
---------------------------------------------
https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-003/


∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Unauthenticated Remote Code Execution ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5602.php


∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Remote Denial of Service ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5601.php


∗∗∗ ReQuest Serious Play F3 Media Server 7.0.3 Debug Log Disclosure ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5600.php


∗∗∗ ReQuest Serious Play Media Player 3.0 Directory Traversal File Disclosure Vulnerability ∗∗∗
---------------------------------------------
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5599.php


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Supplier Lifecycle Mgmt ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-supplier-lifecycle-mgmt-4/


∗∗∗ Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affects IBM Performance Management products Q3 2020 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-sdk-java-technology-edition-affects-ibm-performance-management-products-q3-2020/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Program Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-program-management-4/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Sourcing ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-sourcing-4/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Contract Management ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-contract-management-4/


∗∗∗ Security Bulletin: Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-oracle-database-server-security-vulnerabilities-affect-ibm-emptoris-strategic-supply-management-platform-4/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by a DB2 jar vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-a-db2-jar-vulnerability/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list