Tageszusammenfassung - 27.03.2018

End-of-Day report

Timeframe: Montag 26-03-2018 18:00 − Dienstag 27-03-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

News

∗∗∗ Academics Discover New CPU Side-Channel Attack Named BranchScope ∗∗∗ A team of academics from four US universities have discovered a new side-channel attack that takes advantage of the speculative execution feature in modern processors to recover data from users CPUs.

https://www.bleepingcomputer.com/news/security/academics-discover-new-cpu-side-channel-attack-named-branchscope/ ∗∗∗ Exploit kit development has gone to sh$t... ever since Adobe Flash was kicked to the curb ∗∗∗ Coinkidink? Nah. Crooks are switching tactics There was a big drop in exploit kit development last year, and experts have equated this to the phasing out of Adobe Flash.

http://go.theregister.com/feed/www.theregister.co.uk/2018/03/27/exploit_kit_decline/ ∗∗∗ E-Mail-Verschlüsselung: Enigmail 2.0 ist da ∗∗∗ Mit der neuen Enigmail-Version 2.0 für den Mail-Client Thunderbird kann man unter anderem neben Text in Mails nun auch die Betreffzeile verschlüsseln.

https://heise.de/-4005589 ∗∗∗ The Last Windows XP Security White Paper ∗∗∗ Using the strategies and procedures we present in our paper could help prevent an attacker from taking control of your computer

https://www.welivesecurity.com/2018/03/27/last-windows-xp-security-white-paper/

Vulnerabilities

∗∗∗ Mozilla Releases Security Updates for Firefox ∗∗∗ Original release date: March 27, 2018 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 59.0.2 and Firefox ESR 52.7.3 and apply the necessary updates.

https://www.us-cert.gov/ncas/current-activity/2018/03/27/Mozilla-Releases-Security-Updates-Firefox ∗∗∗ 2018-02-06 (updated 2018-03-27): Vulnerability in MicroSCADA Pro SYS600 9.x - Improper Access Control ∗∗∗ 3.2.2018 Original document, 16.3.2018 Fix for SYS600 9.3 systems is available. Clarified file system permissions for created Windows groups, see FAQ.

http://search.abb.com/library/Download.aspx?DocumentID=1MRS257731&LanguageCode=en&DocumentPartId=&Action=Launch ∗∗∗ OpenSSL Security Advisory [27 Mar 2018] ∗∗∗ Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739) Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733) rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

https://openssl.org/news/secadv/20180327.txt ∗∗∗ Security updates for Tuesday ∗∗∗ Security updates have been issued by Debian (firefox-esr, irssi, and librelp), Gentoo (busybox and plib), Mageia (exempi and jupyter-notebook), openSUSE (clamav, dhcp, nginx, python-Django, python3-Django, and thunderbird), Oracle (slf4j), Red Hat (slf4j), Scientific Linux (slf4j), Slackware (firefox), SUSE (librelp), and Ubuntu (screen-resolution-extra).

https://lwn.net/Articles/750207/ ∗∗∗ Bugtraq: Microsoft Skype Mobile v81.2 & v8.13 - Remote Denial of Service Vulnerability ∗∗∗

http://www.securityfocus.com/archive/1/541897 ∗∗∗ DFN-CERT-2018-0574: Librelp: Eine Schwachstelle ermöglicht das Ausführen beliebigen Programmcodes mit den Rechten des Dienstes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0574/ ∗∗∗ DFN-CERT-2018-0573: Jenkins-Plugins: Mehrere Schwachstellen ermöglichen u.a. die Ausführung beliebigen Programmcodes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0573/ ∗∗∗ DFN-CERT-2018-0575: Sophos UTM: Eine Schwachstelle ermöglicht die Ausführung beliebigen Programmcodes ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0575/ ∗∗∗ DFN-CERT-2018-0581: Apache Struts: Eine Schwachstelle ermöglicht einen Denial-of-Service-Angriff ∗∗∗

https://portal.cert.dfn.de/adv/DFN-CERT-2018-0581/ ∗∗∗ Security Notice - Statement on Command Injection Vulnerability in Huawei HG655m Product ∗∗∗

http://www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180327-01-hg655m-en ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager ∗∗∗

https://www.ibm.com/support/home/docdisplay?lndocid=MIGR-5099782 ∗∗∗ IBM Security Bulletin: ∗∗∗

http://www-01.ibm.com/support/docview.wss?uid=isg3T1027315 ∗∗∗ IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22014717 ∗∗∗ IBM Security Bulletin: IBM B2B Advanced Communications is Affected by an XML External Entity Injection (XXE) Attack when Processing XML Data ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22014656 ∗∗∗ IBM Security Bulletin: Security Bulletin: IBM Security Privileged Identity Manager is affected by sensitive information in page comments vulnerability (CVE-2017-1705) ∗∗∗

http://www.ibm.com/support/docview.wss?uid=swg22014988 ∗∗∗ NTP vulnerability CVE-2018-7184 ∗∗∗

https://support.f5.com/csp/article/K13540723