Tageszusammenfassung - 20.12.2017

End-of-Day report

Timeframe: Dienstag 19-12-2017 18:00 − Mittwoch 20-12-2017 18:00 Handler: Nina Bieringer Co-Handler: Alexander Riepl

News

∗∗∗ Verschlüsselung: Audit findet schwerwiegende Sicherheitslücken in Enigmail ∗∗∗ Mozillas Secure Open Source Fund und der Berliner E-Mail-Anbieter Posteo haben einen Security-Audit für Thunderbird und die Erweiterung Enigmail in Auftrag gegeben. Dabei sind einige kritische und schwerwiegende Lücken gefunden worden.

https://www.golem.de/news/verschluesselung-audit-findet-schwerwiegende-sicherheitsluecken-in-enigmail-1712-131778.html ∗∗∗ Avast veröffentlicht Maschinencode-Decompiler als Open Source ∗∗∗ Der Virenschutz-Hersteller Avast hat ein Werkzeug entwickelt, mit dem sich ausführbarer Maschinencode in lesbaren Quelltext zurückübersetzen lassen soll. Damit lässt sich das Verhalten von Programmen analysieren, ohne sie auszuführen.

https://heise.de/-3923397 ∗∗∗ Backdoor in Captcha Plugin Affects 300K WordPress Sites ∗∗∗ The WordPress repository recently removed the plugin Captcha over what initially appeared to be a trademark issue with the current author using “WordPress” [Editors note: the original page has been removed, we’re now linking to a screen shot.] in their brand name. Whenever the WordPress repository removes a plugin with a large user base, we check ..

https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/

Vulnerabilities

∗∗∗ Ecava IntegraXor ∗∗∗ This advisory contains mitigation details for SQL injection vulnerabilities in Ecava’s IntegraXor.

https://ics-cert.us-cert.gov/advisories/ICSA-17-353-03 ∗∗∗ Siemens LOGO! Soft Comfort ∗∗∗ This advisory contains mitigation details for a download of code without integrity check vulnerability in Siemens LOGO! Soft Comfort software.

https://ics-cert.us-cert.gov/advisories/ICSA-17-353-04 ∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI ∗∗∗ This advisory contains mitigation details for a heap-based buffer overflow vulnerability in WECON’s LeviStudio HMI.

https://ics-cert.us-cert.gov/advisories/ICSA-17-353-05 ∗∗∗ Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol) ∗∗∗ It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting.

https://typo3.org/news/article/multiple-vulnerabilities-in-extension-jobcontrol-dmmjobcontrol/ ∗∗∗ Captcha 4.3.6–4.4.4 - Backdoored ∗∗∗

https://wpvulndb.com/vulnerabilities/8980 ∗∗∗ DFN-CERT-2017-2302/">TYPO3 Extensions: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-2302/ ∗∗∗ DFN-CERT-2017-2305/">VMware ESXi, Workstation, Fusion, vCenter Server Appliance: Mehrere Schwachstellen ermöglichen u.a. das Erlangen von Administratorrechten ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-2305/ ∗∗∗ Huawei Security Advisories ∗∗∗

http://www.huawei.com/en/psirt/security-advisories ∗∗∗ IBM Security Bulletin: IBM Connections Docs is affected by libxml2 vulnerabilty (CVE-2017-16932 CVE-2017-16931) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22011831 ∗∗∗ IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2017-3735 CVE-2017-14919) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22011851 ∗∗∗ BIG-IP APM Portal Access vulnerability CVE-2017-0301 ∗∗∗

https://support.f5.com/csp/article/K54358225 ∗∗∗ TMM vulnerability CVE-2017-6140 ∗∗∗

https://support.f5.com/csp/article/K55102452