End-of-Shift report
Timeframe: Donnerstag 23-03-2017 18:00 − Freitag 24-03-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
TROOPERS 2017 Day #4 Wrap-Up
I'm just back from Heidelberg so here is the last wrap-up for the TROOPERS 2017 edition.
https://blog.rootshell.be/2017/03/23/troopers-2017-day-4-wrap/
Google slaps Symantec for sloppy certs, slow show of SNAFUs
Certs will keep working, but Chrome will be suspicious, soon Googles Chrome development team has posted a stinging criticism of Symantecs certificate-issuance practices, saying it has lost confidence in the companys practices and therefore in the safety of sessions hopefully-secured by Symantec-issued certificates.
http://go.theregister.com/feed/www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/
Referrer spoofing with iframe injection
Last year we've been playing with a very simple method to spoof the referrer on Edge, which allowed us of course to spoof the referrer and -as a bonus- other neat things like bypass the XSS filter. Today I found out that it was patched, so I decided to give it a try and find a way around the patch. Honestly I don't feel it's a bypass but clearly a variation. From a practical point of view, it works again and bypasses the patch...
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
VMSA-2017-0004.6
VMware product updates resolve remote code execution vulnerability via Apache Struts 2
https://www.vmware.com/security/advisories/VMSA-2017-0004.html
Betrugsnetzwerk: Kinox.to-Nutzern Abofallen andrehen
Eine Betrugskampagne nutzt Sicherheitslücken im Stock-Browser von Android aus, um Nutzern Abofallen und Premiumdienste zuzuschieben. Die Betrüger bauen gefälschte Webshops auf, um legitim zu erscheinen. (Abofallen, Server)
https://www.golem.de/news/betrugsnetzwerk-mit-fake-webshops-kinox-to-nutzern-abofallen-andrehen-1703-126909-rss.html
DFN-CERT-2017-0524/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff
Ein entfernter, nicht authentisierter Angreifer kann eine Schwachstelle im Traffic Management Microkernel (TMM) auf BIG-IP-Systemen durch die Versendung präparierten Netzwerkverkehrs für einen Denial-of-Service (DoS)-Angriff ausnutzen.
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0524/
Erpressung durch iCloud-Fernlöschung: Wie Sie Ihr iPhone schützen
Unbekannte drohen damit, wahllos iPhones zu löschen - wenn Apple nicht zahlt. Die Angreifer sind offenbar in Besitz von iCloud-Zugangsdaten. Mac & i erklärt, wie man sich gegen einen derartigen Angriff wappnen kann.
https://heise.de/-3663802
LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
This advisory contains mitigation details for a path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software.
https://ics-cert.us-cert.gov/advisories/ICSA-17-082-01
BD Kiestra PerformA and KLA Journal Service Applications Hard-Coded Passwords Vulnerability
This advisory contains mitigation details for a hard-coded password vulnerability in the Becton, Dickinson and Company (BD) Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01
Vuln: libpcre Multiple Security Vulnerabilities
libpcre is prone to the following multiple security vulnerabilities:
1. A denial-of-service vulnerability
2. Multiple stack-based buffer-overflow vulnerabilities
Attackers can exploit these issues to run arbitrary code within the context of the affected application. Failed exploit attempts may result in denial-of-service conditions.
libpcre1 in PCRE 8.40 is vulnerable; other versions may also be affected.
http://www.securityfocus.com/bid/97067
DFN-CERT-2017-0526/">F5 Networks BIG-IP Protocol Security Module (PSM): Eine Schwachstelle ermöglicht das Ausspähen von Informationen
Ein lokaler, einfach authentisierter Angreifer mit erweiterten Privilegien kann sensitive Daten ausspähen, die seit dem letzten Neustart betroffener Geräte angefallen sind. Dazu gehören beispielsweise die Passwörter zu kürzlich erstellten Benutzerkonten.
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0526/
IBM Security Bulletins
IBM Security Bulletin: Multiple Vulnerabilities in NTP affect Power Hardware Management Console
http://www.ibm.com/support/docview.wss?uid=nas8N1021868
IBM Security Bulletin: Vulnerabilities CVE-2016-5636 and CVE-2016-5699 in Python affect IBM i
http://www.ibm.com/support/docview.wss?uid=nas8N1021926
IBM Security Bulletin: Cross-Site Scripting Vulnerability in IBM WebSphere Portal (CVE-2017-1120)
http://www-01.ibm.com/support/docview.wss?uid=swg22000152
IBM Security Bulletin: A cross-site scripting vulnerablity has been addressed in IBM Kenexa LMS on Cloud 5.1
http://www.ibm.com/support/docview.wss?uid=swg21999483
IBM Security Bulletin: Multiple Security Vulnerabilties have been addressed in LCMS Premier on Cloud 11.0
http://www.ibm.com/support/docview.wss?uid=swg21998874
IBM Security Bulletin: Vulnerabilities in OpenSSL affect LCM8 & LCM16 KVM Switch Firmware and GCM16 & GCM32 KVM Switch Firmware
https://support.podc.sl.edst.ibm.com/support/home/docdisplay?lndocid=migr-5099552