End-of-Shift report
Timeframe: Mittwoch 09-11-2016 18:00 − Donnerstag 10-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
VMSA-2016-0018 VMware product updates address local privilege escalation vulnerability in linux kernel
Relevant Products
* VMware Identity Manager
* vRealize Automation
* vRealize Operations
https://www.vmware.com/security/advisories/VMSA-2016-0018.html
FortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named core which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system.
Impact: Unauthorized read/write remote access
Affected Products: FortiWLC 7.0-9-1, 7.0-10-0, 8.1-2-0, 8.1-3-2 and 8.2-4-0
https://fortiguard.com/advisory/fortiwlc-undocumented-hardcoded-core-account
Deepsec: "Unternehmen interessieren sich nicht für Privacy, außer zum Marketing"
Sicherheitsexperte Marcus J. Ranum übt auch scharfe Kritik an eigener Branche: Teure Lösungen für wenig Nutzen
http://derstandard.at/2000047306876
OpenSSL Security Advisory [10 Nov 2016] (CVE-2016-7054, CVE-2016-7053, CVE-2016-7055)
CVE-2016-7054: TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.
CVE-2016-7053: Applications parsing invalid CMS structures can crash with a NULL pointer dereference.
https://www.openssl.org/news/secadv/20161110.txt
ICMP Unreachable DoS Attacks (aka "Black Nurse"), (Thu, Nov 10th)
It is not recommended to block all Type 3 ICMP messages. In particular Type 3 Code 4 (Fragmentation Needed and Don't Fragment was Set) messages are requied for path MTU discovery, which many modern operating systems use.
...
So what should you do?
* Don't panic. This is not a big deal. Test your firewall if you can, or check if is on the vulnerable list
* You are vulnerable if you use a smaller Cisco ASA firewall. Newer/Larger multi-core versions appear to be fine. SonicWall and "some" Palo Alto firewalls appear to be vulnerable too.
https://isc.sans.edu/diary.html?storyid=21699&rss
Bugtraq: Secunia Research: Oracle Outside In "GetTxObj()" Use-After-Free Vulnerability
http://www.securityfocus.com/archive/1/539732
Bugtraq: Secunia Research: Oracle Outside In "VwStreamRead()" Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/539731
Internet Of Things: Sorgenkind Sicherheit
Das Geschäft mit smarten Devices und vernetzten Produktionsanlagen brummt, doch die Sicherheit ist oft nur Nebensache. Auf einer Konferenz in Köln zeichneten Branchenvertreter ein düsteres Bild.
https://heise.de/-3463589
Windows Mobile Application Penetration Testing Part 2: Understanding Applications
In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators. In this article, we will discuss the basics of Windows Phone 8.1 applications and UWP applications.
http://resources.infosecinstitute.com/windows-mobile-application-penetration-testing-part-2-understanding-applications/
[R3] Nessus 6.9 Fixes Multiple Vulnerabilities
http://www.tenable.com/security/tns-2016-16
F5 Security Advisories
Security Advisory: BIG-IP ASM Proactive Bot Defense vulnerability CVE-2016-7472
https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?ref=rss
Security Advisory: SSL renegotiation vulnerability CVE-2011-1473
https://support.f5.com:443/kb/en-us/solutions/public/15000/200/sol15278.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in lquerylv in LVM impacts AIX (CVE-2016-6079)
http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc
IBM Security Bulletin: IBM Resilient Cross Site Scripting Vulnerability (CVE-2016-6062)
https://success.resilientsystems.com/hc/en-us/articles/213457065-Security-Bulletin-IBM-Resilient-Cross-Site-Scripting-Vulnerability-CVE-2016-6062-
IBM Security Bulletin: Vulnerabilities in Apache Struts affect IBM WebSphere Portal (CVE-2015-0899, CVE-2016-1181, CVE-2016-1182)
http://www-01.ibm.com/support/docview.wss?uid=swg21988770
IBM Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty which may impact IBM Streams (CVE-2016-0378)
http://www-01.ibm.com/support/docview.wss?uid=swg21993571
IBM Security Bulletin: HTTP response splitting attack affects IBM TS7700 Virtualization Engine (CVE-2015-2017)
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1008115