[CERT-daily] Tageszusammenfassung - 03.09.2021
Daily end-of-shift report
team at cert.at
Fri Sep 3 18:16:01 CEST 2021
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 02-09-2021 18:00 − Freitag 03-09-2021 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
=====================
= News =
=====================
∗∗∗ A deep-dive into the SolarWinds Serv-U SSH vulnerability ∗∗∗
---------------------------------------------
We're sharing technical information about the vulnerability tracked as CVE-2021-35211, which was used to attack the SolarWinds Serv-U FTP software in limited and targeted attacks.
---------------------------------------------
https://www.microsoft.com/security/blog/2021/09/02/a-deep-dive-into-the-solarwinds-serv-u-ssh-vulnerability/
∗∗∗ From RpcView to PetitPotam ∗∗∗
---------------------------------------------
In the previous post we saw how to set up a Windows 10 machine in order to manually analyze Windows RPC with RpcView. In this post, we will see how the information provided by this tool can be used to create a basic RPC client application in C/C++. Then, we will see how we can reproduce the trick used in the PetitPotam tool.
---------------------------------------------
https://itm4n.github.io/from-rpcview-to-petitpotam/
∗∗∗ PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers ∗∗∗
---------------------------------------------
The Exploit Chain Explained - ProxyShell refers to a chain of attacks that exploit three different vulnerabilities affecting on-premises Microsoft Exchange servers to achieve pre-authenticated remote code execution (RCE).
---------------------------------------------
http://www.fireeye.com/blog/threat-research/2021/09/proxyshell-exploiting-microsoft-exchange-servers.html
∗∗∗ Jetzt patchen! Krypto-Miner schlüpft durch Confluence-Lücke ∗∗∗
---------------------------------------------
Angreifer nutzen derzeit aktiv eine kritische Sicherheitslücke in der Wiki-Software Confluence aus. Ein Sicherheitsupdate ist verfügbar.
---------------------------------------------
https://heise.de/-6181023
∗∗∗ From open Guest Wi-Fi to pwning a lift or why validating network segregation is critical ∗∗∗
---------------------------------------------
TL;DR A recent engagement took quite an unexpected turn and led to me having remote control of a bunch of building services including a lift from the street outside, unauthenticated.
---------------------------------------------
https://www.pentestpartners.com/security-blog/from-open-guest-wi-fi-to-pwning-a-lift/
∗∗∗ Shodan Verified Vulns 2021-09-01 ∗∗∗
---------------------------------------------
Mit 2021-09-01 sah die Lage laut den Daten in unserer Shodan-Datenbank wie folgt aus: Während der Großteil sich zu den Vormonaten wenig verändert hat, gibt es zwei größere Änderungen:
* Im Zuge der BlackHat 2021 USA stellte der Sicherheitsforscher Orange Tsai eine neue Exploit-Chain gegen Microsoft Exchange Server vor, die "ProxyShell" genannt wurde...
* Außerdem neu ist CVE-2021-31206, eine – wie auch ProxyShell – im Zuge des diesjährigen Pwn2Own-Contests der Zero Day Initiative gefundene Schwachstelle, die ebenfalls zu einer Remote-Code-Execution führen kann.
---------------------------------------------
https://cert.at/de/aktuelles/2021/9/shodan-verified-vulns-2021-09-01
=====================
= Vulnerabilities =
=====================
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
IBM hat 19 Security Bulletins zu diversen Schwachstellen veröffentlicht.
---------------------------------------------
https://www.ibm.com/blogs/psirt/2021/09/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (qemu), Fedora (condor, grilo, libopenmpt, opencryptoki, and php), openSUSE (xen), and SUSE (ffmpeg, file, php72, rubygem-addressable, and xen).
---------------------------------------------
https://lwn.net/Articles/868282/
∗∗∗ Microsoft Edge: Mehrere Schwachstelle ∗∗∗
---------------------------------------------
Edge ist ein Web Browser von Microsoft.
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Microsoft Edge ausnutzen, um einen Angriff mit unbekannten Auswirkungen durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0934
∗∗∗ CVE-2021-2429: A Heap-based Buffer Overflow Bug in the MySQL InnoDB memcached Plugin ∗∗∗
---------------------------------------------
The vulnerability affects MySQL versions 8.0.25 and prior. It can be triggered remotely and without authentication. Attackers can leverage this vulnerability to execute arbitrary code on the MySQL database server. Oracle patched it in July and assigned it CVE-2021-2429, while ZDI’s identifier is ZDI-2021-889.
...
Although the InnoDB memcached plugin is not enabled by default, it is nonetheless wise to apply the patch as soon as possible. It would not surprise me to see a reliable full exploit in the near future.
---------------------------------------------
https://www.thezdi.com/blog/2021/9/2/cve-2021-2429-a-heap-based-buffer-overflow-bug-in-the-mysql-innodb-memcached-plugin
∗∗∗ 2021-06-03: Cybersecurity Advisory - Multiple Vulnerabilities in Automation Runtime NTP Service ∗∗∗
---------------------------------------------
https://www.br-automation.com/downloads_br_productcatalogue/assets/1621259206592-en-original-1.0.pdf
∗∗∗ SECURITY - ABB Base Software for SoftControl Remote Code Execution vulnerability ∗∗∗
---------------------------------------------
https://search.abb.com/library/Download.aspx?DocumentID=2PAA122974&LanguageCode=en&DocumentPartId=&Action=Launch
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2021-23839-cve-2021-23840-cve-2021-23841/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Elastic vulnerabilities (CVE-2020-7021 ) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-elastic-vulnerabilities-cve-2020-7021/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Node.js lodash vulnerabilities (CVE-2020-28500) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-node-js-lodash-vulnerabilities-cve-2020-28500/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL and Node.js vulnerabilities (CVE-2021-23840, CVE-2021-22884, CVE-2021-22883) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-and-node-js-vulnerabilities-cve-2021-23840-cve-2021-22884-cve-2021-22883/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to a Go vulnerability (CVE-2021-27919, CVE-2021-27918) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-a-go-vulnerability-cve-2021-27919-cve-2021-27918/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to OpenSSL vulnerabilities (CVE-2021-3449, CVE-2021-3450) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-openssl-vulnerabilities-cve-2021-3449-cve-2021-3450/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Apache vulnerabilities (CVE-2021-26296) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-apache-vulnerabilities-cve-2021-26296/
∗∗∗ Security Bulletin: IBM Cloud Private is vulnerable to Dojo vulnerabilities (CVE-2020-5258) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cloud-private-is-vulnerable-to-dojo-vulnerabilities-cve-2020-5258/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list