End-of-Shift report
Timeframe: Mittwoch 22-03-2017 18:00 − Donnerstag 23-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
Google: Die Hälfte aller Android-Geräte erhält unsere Sicherheitspakete nicht
Google macht Fortschritte im Kampf gegen Malware im Play Store, muss aber eingestehen, dass mehr als eine halbe Milliarde Android-Geräte die regelmäßigen Sicherheitsupdates der Firma nicht erhält. Viele dieser Geräte haben eklatante Sicherheitslücken.
https://heise.de/-3662665
AIX for Penetration Testers
This was my first encounter with privilege escalation on AIX and I was pretty surprised by how little information I found online on enumerating AIX systems. ... It took me a little time going through various AIX system administration guides and command cheatsheets (links at the bottom of the post) and putting together a list of various post-exploitation techniques to use on the box. I decided to put this blog-post up with the hope that it will one day help another clueless pentester/red teamer.
https://thevivi.net/2017/03/19/aix-for-penetration-testers/
Avatar Rootkit: Decryption of the Key and Data
In this second article on the dropper, we will resume our analysis right where we left off: the decryption of the key and data. After the decryption, two structures are initialized. The equivalent pseudo-code is presented below.
http://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-2/
[R1] LCE 5.0.1 Fixes Two Third-party Library Vulnerabilities
Log Correlation Engine (LCE) 5.0.0 is impacted by multiple vulnerabilities reported in a third-party library and an encryption algorithm. LCE was errantly using 3DES on TCP port 1243.
http://www.tenable.com/security/tns-2017-09
Vuln: libavcodec CVE-2017-7206 Denial of Service Vulnerability
http://www.securityfocus.com/bid/97006
VMware AirWatch Input Validation Flaw in Shared Filenames Lets Remote Authenticated Users Conduct Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1038116
Security Advisory - Bluetooth Unlock Bypassing Vulnerability in Some Huawei Mobile Phones
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170323-01-smartphone-en
DFN-CERT-2017-0508/">Apple iTunes: Mehrere Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0508/
Vuln: NfSen CVE-2017-6972 Unspecified Security Bypass Vulnerability
http://www.securityfocus.com/bid/97016
DFN-CERT-2017-0506/">NTP: Mehrere Schwachstellen ermöglichen u.a. die Auführung beliebigen Programmcodes mit den Rechten des Dienstes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0506/
DFN-CERT-2017-0518/">Samba: Eine Schwachstelle ermöglicht das Ausspähen von Informationen
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0518/
DFN-CERT-2017-0515/">Git: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0515/
DFN-CERT-2017-0520/">BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service Angriff
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0520/
IBM Security Bulletins
IBM Security Bulletin: IBM TRIRIGA Application Privilege Escalation (CVE-2017-1153)
http://www-01.ibm.com/support/docview.wss?uid=swg21999563
IBM Security Bulletin: Vulnerability in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology
http://www.ibm.com/support/docview.wss?uid=swg21999820
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance
http://www.ibm.com/support/docview.wss?uid=swg22000304
IBM Security Bulletin: IBM TRIRIGA Application Platform Cross-Site Scripting (XSS) (CVE-2016-9737)
http://www-01.ibm.com/support/docview.wss?uid=swg21996200
IBM Security Bulletin: Vulnerabilities in Mozilla Network Security Services (NSS) affect IBM MQ Appliance (CVE-2016-2834, CVE-2016-5285, CVE-2016-8635)
http://www-01.ibm.com/support/docview.wss?uid=swg21996836
IBM Security Bulletin: Vulnerabilities in OpenSSL affect Tivoli Storage FlashCopy Manager Unix (CVE-2016-6303, CVE-2016-2182, CVE-2016-2177, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-2178, CVE-2016-6306)
http://www.ibm.com/support/docview.wss?uid=swg22000209
IBM Security Bulletin: IBM Jazz for Service Management (Jazz SM) is affected by a code execution vulnerability in IBM Tivoli Common Reporting (TCR) (CVE-2016-5983)
http://www.ibm.com/support/docview.wss?uid=swg22000719