Tageszusammenfassung - 20.09.2017

End-of-Day report

Timeframe: Dienstag 19-09-2017 18:00 − Mittwoch 20-09-2017 18:00 Handler: Stephan Richter Co-Handler: n/a

News

∗∗∗ iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests ∗∗∗ iTerm2, a popular Mac application that comes as a replacement for Apples official Terminal app, just received a security fix minutes ago for a severe security issue that leaked terminal content via DNS requests. [...]

https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/ ∗∗∗ New tool: mac-robber.py, (Tue, Sep 19th) ∗∗∗ On a recent forensic investigation where we couldn't take the Linux system down to image the disks, I was forced to do live response. Fortunately, I was able to get a memory image, but I also wanted a filesystem timeline. I first went to my old friend fls from The SleuthKit (TSK), but for some reason, it failed. So, I tried mac-robber (also from TSK) and it, too, failed. Not one to give up easily, I decided to write my own version of mac-robber in Python. Like the TSK mac-robber, [...]

https://isc.sans.edu/diary/rss/22844

Advisories

∗∗∗ PHOENIX CONTACT mGuard Device Manager ∗∗∗ This advisory contains mitigation details for improper access control vulnerabilities within PHOENIX CONTACTs mGuard Device Manager associated with Oracle Java SE.

https://ics-cert.us-cert.gov/advisories/ICSA-17-262-01 ∗∗∗ WordPress 4.8.2 Security and Maintenance Release ∗∗∗ WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/ ∗∗∗ Apple Security Updates ∗∗∗ iOS 11: https://support.apple.com/en-us/HT208112 Safari 11: https://support.apple.com/en-us/HT208116 Xcode 9: https://support.apple.com/en-us/HT208103 ∗∗∗ DFN-CERT-2017-1665: Apache Foundation Tomcat: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2017-1665/ ∗∗∗ Security Advisory - Two Vulnerabilities in Some Huawei CPE Devices ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-cpe-en ∗∗∗ Security Advisory - Information Exposure Vulnerability in Huawei Products ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-encryption-en ∗∗∗ Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-frpbypass-en ∗∗∗ Security Advisory - Information Exposure Vulnerability on FusionSphere OpenStack ∗∗∗

http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170920-01-fusionsphere-en ∗∗∗ F5 TMM vulnerability CVE-2017-6147 ∗∗∗

https://support.f5.com/csp/article/K43945001