End-of-Shift report
Timeframe: Dienstag 23-05-2017 18:00 − Mittwoch 24-05-2017 18:00
Handler: Robert Waldner
Co-Handler: n/a
FIRST releases version 1.1 of the CSIRT Services Framework
The leading association of incident response and security teams released a new version of its CSIRT Services Framework. This is a formal list of services a Computer Security Incident Response Team (CSIRT) may consider implementing to address the needs of their constituency.
https://www.first.org/newsroom/releases/20170524
B. Braun Medical SpaceCom Open Redirect Vulnerability
This advisory was originally posted to the NCCIC Portal on March 23, 2017, and is being released to the ICS-CERT web site. This advisory contains mitigation details for an open redirect vulnerability in B. Braun Medical's SpaceCom module, which is integrated into the SpaceStation docking station.
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02
Trend Micro ServerProtect for Linux Multiple Bugs Let Remote Users Execute Arbitrary Code and Conduct Cross-Site Scripting and Cross-Site Request Forgery Attacks and Let Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1038548
OpenVPN Access Server Input Validation Flaw Lets Remote Users Conduct Session Fixation Attacks to Hijack a Target Users Session
A remote user can create a specially crafted URL containing the '%0A' character that, when loaded by the target user prior to authentication, will inject headers and set the session cookie to a specified value. After the target user authenticates to the target OpenVPN Access Server, the remote user can hijack the target user's session.
http://www.securitytracker.com/id/1038547
DFN-CERT-2017-0901/">Puppet, Puppet Enterprise: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes
Betroffene Software
Puppet < 4.10.1
Puppet Enterprise < 2016.4.5
Puppet Enterprise < 2017.2.1
https://portal.cert.dfn.de/adv/DFN-CERT-2017-0901/
[Announce] Samba 4.6.4, 4.5.10 and 4.4.14 Available for Download
CVE-2017-7494: All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
https://lists.samba.org/archive/samba-announce/2017/000406.html
Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones
There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. (Vulnerability ID: HWPSIRT-2017-02036). This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-2710.
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170524-01-frp-en
Jaff ransomware gets a makeover
With all the recent news about WannaCry ransomware, people might forget Jaff is an ongoing threat. Worse yet, some people might not know about it at all since its debut about 2 weeks ago. Jaff has already gotten a makeover, so an infected host looks noticeably different now.
https://isc.sans.edu/diary/Jaff+ransomware+gets+a+makeover/22446
IBM Security Bulletins
IBM Security Bulletin: multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Security Guardium Data Redaction. .
http://www-01.ibm.com/support/docview.wss?uid=swg22003466
IBM Security Bulletin: IBM Maximo Asset Management generates error messages that could reveal sensitive information that could be used in further attacks against the system (CVE-2017-1292)
http://www-01.ibm.com/support/docview.wss?uid=swg22003414
IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to HTTP response splitting attacks (CVE-2017-1291)
http://www.ibm.com/support/docview.wss?uid=swg22003413
IBM Security Bulletin: Fix Available for IBM iNotes Cross-Site Scripting Vulnerability (CVE-2017-1325)
http://www-01.ibm.com/support/docview.wss?uid=swg22003497
IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Notes
http://www-01.ibm.com/support/docview.wss?uid=swg22000602
IBM Security Bulletin: Multiple Vulnerabilities in the IBM SDK Java Technology Edition affect IBM Domino
http://www-01.ibm.com/support/docview.wss?uid=swg22000516