End-of-Day report
Timeframe: Donnerstag 11-01-2018 18:00 − Freitag 12-01-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
∗∗∗ AMD Will Release CPU Microcode Updates for Spectre Flaw This Week ∗∗∗
AMD officially admitted today that its processors are not vulnerable to the Meltdown bug, but are affected by both variants of the Spectre flaw.
https://www.bleepingcomputer.com/news/hardware/amd-will-release-cpu-microcode-updates-for-spectre-flaw-this-week/
∗∗∗ PowerStager Analysis ∗∗∗
Unit 42 analyzes PowerStager and the unique obfuscation technique it was employing for its PowerShell segments
https://researchcenter.paloaltonetworks.com/2018/01/unit42-powerstager-analysis/
∗∗∗ Perfect SAP Penetration testing. Part 3: The Scope of Vulnerability Search ∗∗∗
In this part we will demonstrate that sometimes traditional approach does not work. If SAP pentesters know a number of SAP vulnerabilities and downloaded free tools from the Internet, they won’t be able to hack a system because some companies have applied the latest patches and they don’t have at least the most common issues (e.g. Gateway bypass, Verb Tampering, or default passwords). [...] This article will show what we did to break the walls.
https://erpscan.com/press-center/blog/perfect-sap-penetration-testing-part-3-scope-vulnerability-search/
∗∗∗ Vorsicht vor Fake-Mails vom BSI mit angeblichen Meltdown-/Spectre-Patches ∗∗∗
Betrügerische Mails im Namen des Bundesamt für Sicherheit in der Informationstechnik wollen Opfern einen als Meltdown-/Spectre-Patch getarnten Trojaner unterjubeln.
https://www.heise.de/security/meldung/Vorsicht-vor-Fake-Mails-vom-BSI-mit-angeblichen-Meltdown-Spectre-Patches-3939783.html
Vulnerabilities
∗∗∗ Meltdown and Spectre Vulnerabilities ∗∗∗
NCCIC/ICS-CERT is referencing CERT/CC’s vulnerability note VU#584653 CPU hardware vulnerable to side-channel attacks to enhance the awareness of critical infrastructure asset owners/operators and to identify affected product vendors that have contacted ICS-CERT for help disseminating customer notifications/recommendations to mitigate the risk associated with cache side-channel attacks known as Meltdown and Spectre.
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01
∗∗∗ Advantech WebAccess (Update A) ∗∗∗
This updated advisory is a follow-up to the original advisory titled ICSA-18-004-02 Advantech WebAccess that was published January 4, 2018, on the NCCIC/ICS-CERT web site. This updated advisory contains mitigation details for untrusted pointer dereference, stack-based buffer overflow, path traversal, SQL injection, improper input validation, unrestricted upload of file with dangerous type, and use after free vulnerabilities in Advantech’s WebAccess products.
https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02A
∗∗∗ WECON Technology Co., Ltd. LeviStudio HMI Editor ∗∗∗
This advisory contains mitigation details for stack-based and heap-based buffer overflow vulnerabilities in the WECON LeviStudio HMI Editor software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-01
∗∗∗ Moxa MXview ∗∗∗
This advisory contains mitigation details for an unquoted search path or element vulnerability in the Moxa MXview network management software.
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02
∗∗∗ PHOENIX CONTACT FL SWITCH ∗∗∗
This advisory contains mitigation details for improper authorization and information exposure vulnerabilities in the PHOENIX CONTACT FL SWITCH.
https://ics-cert.us-cert.gov/advisories/ICSA-18-011-03
∗∗∗ Security updates for Friday ∗∗∗
Security updates have been issued by Arch Linux (intel-ucode), Debian (gifsicle), Fedora (awstats and kernel), Gentoo (icoutils, pysaml2, and tigervnc), Mageia (dokuwiki and poppler), Oracle (kernel), SUSE (glibc, kernel, microcode_ctl, tiff, and ucode-intel), and Ubuntu (intel-microcode).
https://lwn.net/Articles/744175/rss
∗∗∗ DFN-CERT-2018-0080: Wireshark: Mehrere Schwachstellen ermöglichen Denial-of-Service-Angriffe ∗∗∗
https://portal.cert.dfn.de/adv/DFN-CERT-2018-0080/
∗∗∗ Security Advisory - Weak Cryptography Vulnerability in Some Huawei Products ∗∗∗
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171222-01-cryptography-en
∗∗∗ IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affects Rational Publishing Engine ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012454
∗∗∗ IBM Security Bulletin: Vulnerability in Apache Commons FileUpload Affects IBM Sterling Secure Proxy ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012458
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a cURL vulnerability (CVE-2016-7167) ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012358
∗∗∗ IBM Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in Python (CVE-2014-9365) ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22012355
∗∗∗ IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM B2B Advanced Communications ∗∗∗
http://www-01.ibm.com/support/docview.wss?uid=swg22012406
∗∗∗ IBM Security Bulletin: Vulnerability in IBM HTTP Server affects Netezza Performance Portal ∗∗∗
http://www.ibm.com/support/docview.wss?uid=swg22008807
∗∗∗ Critical Patch Update - January 2018 - Pre-Release Announcement ∗∗∗
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
∗∗∗ SSB-068644 (Last Update 2018-01-11): General Customer Information for Spectre and Meltdown ∗∗∗
https://www.siemens.com/cert/pool/cert/siemens_security_bulletin_ssb-068644.pdf