End-of-Shift report
Timeframe: Freitag 18-11-2016 18:00 − Montag 21-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Vuln: Huawei Smart Phones Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/94404
Vuln: Multiple Lenovo ThinkPad Products CVE-2016-8222 Local Security Bypass Vulnerability
Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
http://www.securityfocus.com/bid/94409
Security Advisory: PHP vulnerability CVE-2016-6289
https://support.f5.com:443/kb/en-us/solutions/public/k/52/sol52430518.html?ref=rss
SSA-672373 (Last Update 2016-11-18): Vulnerabilities in SIMATIC CP 1543-1
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf
SSA-701708 (Last Update 2016-11-18): Local Privilege Escalation in Industrial Products
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf
SAP NetWeaver AS ABAP 7.4 Directory Traversal
The code provides access to the file specified after the READ DATASET
statement. The variable transmitted to the input of the statement is
entered in it by user input. Thus, the user can access the files
stored on the operating system. This vulnerability is called a
Directory Traversal.
https://cxsecurity.com/issue/WLB-2016110168
Update wichtig: Sicherheitswarnung zu Symantec-Software
Das BSI hat eine Sicherheitswarnung der Stufe 4 bezüglich der Symantec-Produkte Endpoint Security herausgegeben und empfiehlt ein sofortiges Update.
https://heise.de/-3492125
Second Chinese Firm In a Week Found Hiding a Backdoor In Android Firmware
An anonymous reader quotes Bleeping Computer: Security researchers have discovered that third-party firmware included with over 2.8 million low-end Android smartphones allows attackers to compromise Over-the-Air (OTA) update operations and execute commands on the targets phone with root privileges. This is the second issue of its kind that came to light this week after researchers from Kryptowire discovered a similar secret backdoor in the firmware of Chinese firm Shanghai Adups Technology Co.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/A1TnPdkseTU/second-chinese-firm-in-a-week-found-hiding-a-backdoor-in-android-firmware
Putty Cleartext Password Storage
Putty.exe stores Passwords unencrypted for sessions that use a Proxy connection and specify a password to save.
https://cxsecurity.com/issue/WLB-2016110172
WordPress Plugin MailChimp 4.0.7 - Cross-Site Request Forgery / XSS
https://cxsecurity.com/issue/WLB-2016110174
Vuln: Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
Apache OpenOffice is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges.
Apache OpenOffice 4.1.2 and prior versions are vulnerable.
http://www.securityfocus.com/bid/94418
DFN-CERT-2016-1916/">GStreamer-Plugin: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes
Ein entfernter, nicht authentifizierter Angreifer kann mit Hilfe einer speziell präparierten Mediendatei einen Pufferüberlauf auf dem Heap erzeugen, dadurch große Speicherbereiche kontrollieren und in der Folge beliebigen Programmcode ausführen.
Die Schwachstelle kann im Kombination mit anderen Sicherheitslücken und Design-Entscheidungen auf bestimmten Linux-Systemen einfach durch den Besuch einer speziell präparierten Webseite ausgenutzt werden. Es ist dabei keine Interaktion des Benutzers notwendig.
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1916/
Bugtraq: [security bulletin] HPSBHF03675 rev.1 - HPE Integrated Lights-Out 3 and 4 (iLO 3, iLO 4), Cross-Site Scripting (XSS)
HPE has made the following firmware updates available to resolve the
vulnerability in iLO 3 and iLO 4:
For iLO3, please upgrade to firmware v1.88
For iLO4, please upgrade to firmware v2.44
http://www.securityfocus.com/archive/1/539791
Oil and Gas Cybersecurity part 3: Midstream Security for Oil
I hope you enjoyed the previous parts of Oil and Gas Cyber Security series (Upstream Cyber Security and Oil and Gas Cyber Security 101). Today we will talk about OT and ICS with a special focus on the Midstream sector of the petroleum industry.
http://resources.infosecinstitute.com/oil-and-gas-cybersecurity-part-3-midstream-security-for-oil/
Nemucod Infections Spreading Locky Over Facebook
Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.
http://threatpost.com/nemucod-infections-spreading-locky-over-facebook/122062/
IBM Security Bulletins
IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM Social Rendering Templates for Digital Data Connector (CVE-2016-8936)
http://www-01.ibm.com/support/docview.wss?uid=swg21993895
IBM Security Bulletin: IBM Tivoli Netcool Configuration Manager (ITNCM) is affected by a vulnerability discovered in XSTREAM (CVE-2016-3674)
http://www-01.ibm.com/support/docview.wss?uid=swg21992217
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and Switches (CVE-2016-0701, CVE-2015-3197)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009610
IBM Security Bulletin: Security Bulletin: Vulnerabilities in OpenSSL affect IBM Cisco MDS Directors and switches (CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009608