[CERT-daily] Tageszusammenfassung - 15.09.2021

Daily end-of-shift report team at cert.at
Wed Sep 15 18:16:54 CEST 2021


=====================
= End-of-Day report =
=====================

Timeframe:   Dienstag 14-09-2021 18:00 − Mittwoch 15-09-2021 18:00
Handler:     Dimitri Robl
Co-Handler:  Robert Waldner

=====================
=       News        =
=====================

∗∗∗ Phishing-Alarm: Kriminelle behaupten Ihr Amazon-Konto sei gesperrt! ∗∗∗
---------------------------------------------
BetrügerInnen verschicken derzeit ein vermeintliches E-Mail von Amazon. Darin behaupten sie, dass Ihr Amazon-Konto und alle ausstehenden Bestellungen gesperrt wurden. Wer gerade etwas bestellt hat, ärgert sich natürlich über diese E-Mail. Doch es besteht kein Grund zur Sorge. Kriminelle versuchen nur an Ihre Zugangsdaten zu kommen.
---------------------------------------------
https://www.watchlist-internet.at/news/phishing-alarm-kriminelle-behaupten-ihr-amazon-konto-sei-gesperrt/


∗∗∗ The September 2021 Security Update Review ∗∗∗
---------------------------------------------
It’s the second Tuesday of the month, and that means the latest security updates from Adobe and Microsoft have been released. Apple and Google Chrome also released updates yesterday to fix bugs under active attack. Take a break from your regularly scheduled activities and join us as we review the details for their latest security offerings. 
---------------------------------------------
https://www.thezdi.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb



=====================
=  Vulnerabilities  =
=====================

∗∗∗ ZDI-21-1066: (0Day) Parallels Desktop virtio-net Memory Corruption Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-21-1066/


∗∗∗ Cisco IOS XR Software IP Service Level Agreements and Two-Way Active Measurement Protocol Denial of Service Vulnerability ∗∗∗
---------------------------------------------
A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause device packet memory to become exhausted or cause the IP SLA process to crash, resulting in a denial of service (DoS) condition. 
Version 1.1: Added additional SMUs.
---------------------------------------------
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipsla-ZA3SRrpP


∗∗∗ Vulnerabilities in the Autodesk FBX Review software ∗∗∗
---------------------------------------------
Applications and Services that utilize the Autodesk FBX Review have been affected by Use-After-Free, Memory Corruption, Out-Of-Bounds Read, Untrusted Pointer Dereference, Out-Of-Bounds Write, and Directory Traversal vulnerabilities. Exploitation of these vulnerabilities could lead to remote code execution and/or denial-of-service.
---------------------------------------------
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0001


∗∗∗ Patchday: Microsoft schließt von Angreifern ausgenutzte Lücke in Windows ∗∗∗
---------------------------------------------
Seit Anfang September haben Angreifer eine Windows-Lücke im Visier. Nun gibt es Sicherheitsupdates. Auch PrintNightmare spielt am Patchday nochmal eine Rolle.
---------------------------------------------
https://heise.de/-6192327


∗∗∗ SAP schließt ungewohnt viele kritische Sicherheitslücken zum Patchday ∗∗∗
---------------------------------------------
Admins aufgepasst: SAPs Security Advisory zum Patchday im September beinhaltet gleich fünf Hinweise zu kritischen Lücken in NetWeaver und weiteren Produkten.
---------------------------------------------
https://heise.de/-6192352


∗∗∗ Patchday: Adobe schließt Schadcode-Lücken in Photoshop & Co. ∗∗∗
---------------------------------------------
Es sind wichtige Sicherheitsupdates für verschiedene Anwendungen von Adobe erschienen. Der Softwarehersteller stuft viele Schwachstellen als kritisch ein.
---------------------------------------------
https://heise.de/-6192382


∗∗∗ Mozilla NSS vulnerability CVE-2020-12413 ∗∗∗
---------------------------------------------
This can lead to an attacker being able to compute the pre-master secret in connections that have used a Diffie-Hellman (DH)-based cipher suite. In such a case, this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.
Affected products: F5OS, Traffix SDC
---------------------------------------------
https://support.f5.com/csp/article/K28409184


∗∗∗ Security updates for Wednesday ∗∗∗
---------------------------------------------
Security updates have been issued by Arch Linux (chromium, element-desktop, element-web, firefox, ghostscript, and hedgedoc), Fedora (kernel and openssl), openSUSE (ghostscript, htmldoc, and openssl-1_0_0), Oracle (libtirpc), Red Hat (cyrus-imapd, kernel, and kernel-rt), SUSE (ghostscript), and Ubuntu (apport, curl, and squashfs-tools).
---------------------------------------------
https://lwn.net/Articles/869301/


∗∗∗ Linux Kernel: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0970


∗∗∗ cURL: Mehrere Schwachstellen ∗∗∗
---------------------------------------------
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen oder die Kryptographie zu umgehen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0969


∗∗∗ Internet Systems Consortium BIND: Schwachstelle ermöglicht Denial of Service ∗∗∗
---------------------------------------------
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0968


∗∗∗ AMD Prozessoren und Chipsätze: Schwachstelle ermöglicht Offenlegung von Informationen ∗∗∗
---------------------------------------------
Ein lokaler Angreifer kann eine Schwachstelle im AMD Prozessoren und Chipsätzen ausnutzen, um Informationen offenzulegen.
---------------------------------------------
http://www.cert-bund.de/advisoryshort/CB-K21-0967


∗∗∗ SYSS-2021-040: TechRadar for Confluence Server 5.6 - 7.13.0 – Persistent Cross-Site Scripting (XSS) in Feld "Title" (CVE-2021-37412) ∗∗∗
---------------------------------------------
Das Atlassian Confluence Plug-in “TechRadar” verwendet bis Version 1.1 keine ausreichende Eingabevalidierung. Dadurch sind Persistent XSS-Angriffe möglich.
---------------------------------------------
https://www.syss.de/pentest-blog/syss-2021-040-techradar-for-confluence-server-56-7130-persistent-cross-site-scripting-xss-in-feld-title-cve-2021-37412


∗∗∗ Microsoft Azure-Schwachstelle OMIGOD in Linux VMs patchen ∗∗∗
---------------------------------------------
Wer unter Microsoft Azure für Linux-VMs verantwortlich ist, muss dringend reagieren. Dort wurden stillschweigen einen Verwaltungsagenten installiert, der RCE- und LPE-Schwachstellen aufweisen. Die OMIGOD genannte Sicherheitslücke muss manuell gepatcht werden, da kein Azure-update-Mechanismus existiert.
---------------------------------------------
https://www.borncity.com/blog/2021/09/15/microsoft-azure-schwachstelle-omigod-in-linux-vms-patchen/


∗∗∗ Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11, V12 (CVE-2021-2161) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-runtime-affect-ibm-integration-bus-and-ibm-app-connect-enterpise-v11-v12-cve-2021-2161/


∗∗∗ Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-in-ibm-java-sdk-affects-ibm-voice-gateway-5/


∗∗∗ Security Bulletin: Security Vulnerabilities in IBM® Java SDK July 2021 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-in-ibm-java-sdk-july-2021-cpu-affect-multiple-ibm-continuous-engineering-products-based-on-ibm-jazz-technology/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-34558 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-denial-of-service-via-cve-2021-34558/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-33198 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-denial-of-service-via-cve-2021-33198/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by the following vulnerabilities ( CVE-2021-29773, CVE-2021-2161) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-the-following-vulnerabilities-cve-2021-29773-cve-2021-2161/


∗∗∗ Security Bulletin: IBM QRadar SIEM is vulnerable to using weaker than expected cryptographic algorithms (CVE-2021-29750) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-weaker-than-expected-cryptographic-algorithms-cve-2021-29750/


∗∗∗ Security Bulletin: IBM Security Guardium is affected by an Information Exposure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-an-information-exposure-vulnerability/


∗∗∗ Security Bulletin: IBM App Connect Enterprise Certified Container may be vulnerable to Denial of Service via CVE-2021-33196 ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-app-connect-enterprise-certified-container-may-be-vulnerable-to-denial-of-service-via-cve-2021-33196/


∗∗∗ Digi PortServer TS 16 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-01


∗∗∗ Johnson Controls Sensormatic Electronics KT-1 ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-02-0


∗∗∗ Schneider Electric Struxureware Data Center Expert ∗∗∗
---------------------------------------------
https://us-cert.cisa.gov/ics/advisories/icsa-21-257-03

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily




More information about the Daily mailing list