End-of-Day report
Timeframe: Freitag 18-05-2018 18:00 - Dienstag 22-05-2018 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Sicherheitsupdates: Attacken auf DrayTek-Router
Unbekannte Angreifer haben es derzeit auf verschiedene Router von DrayTek abgesehen. Ist ein Übergriff erfolgreich, verbiegen sie die DNS-Einstellungen.
https://heise.de/-4053059
Vulnerabilities
VU#180049: CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Also known as "Variant 4" or "SpectreNG".
http://www.kb.cert.org/vuls/id/180049
Firewall information leak to regular SSL VPN web portal users
A SSL VPN user logged in via the web portal can access internal FortiOS configuration information (eg: addresses) via specifically crafted URLs.
https://fortiguard.com/psirt/FG-IR-17-231
Xen Security Advisory CVE-2018-3639 / XSA-263
However, in most configurations, within-guest information leak is
possible. Mitigation for this generally depends on guest changes (for
which you must consult your OS vendor) *and* on hypervisor support,
provided in this advisory.
http://xenbits.xen.org/xsa/advisory-263.html
HPSBHF02981 rev.3 - HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)
A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4, 5 (iLO 2, iLO 3, iLO 4, and iLO 5) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information.
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764
Security updates for Monday
Security updates have been issued by Arch Linux (lib32-curl, lib32-libcurl-compat, lib32-libcurl-gnutls, libcurl-compat, and libcurl-gnutls), CentOS (firefox), Debian (imagemagick), Fedora (exiv2, LibRaw, and love), Gentoo (chromium), Mageia (kernel, librelp, and miniupnpc), openSUSE (curl, enigmail, ghostscript, libvorbis, lilypond, and thunderbird), Red Hat (Red Hat OpenStack Platform director), and Ubuntu (firefox).
https://lwn.net/Articles/755076/
Security vulnerabilities fixed in Thunderbird 52.8
* CVE-2018-5183: Backport critical security fixes in Skia
* CVE-2018-5184: Full plaintext recovery in S/MIME via chosen-ciphertext attack
* CVE-2018-5154: Use-after-free with SVG animations and clip paths
* CVE-2018-5155: Use-after-free with SVG animations and text paths
...
https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/
Security Notice -Statement on the Side-Channel Vulnerability Variants 3a and 4
http://www.huawei.com//www.huawei.com/en/psirt/security-notices/2018/huawei-sn-20180522-01-cpu-en
Security Advisory - Stack Overflow Vulnerability in Baseband Module of Some Huawei Smart Phones
http://www.huawei.com//www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171125-01-baseband-en
IBM Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony, IBM Spectrum Symphony (CVE-2017-15698, CVE-2017-15706, CVE-2018-1323, CVE-2018-1305, CVE-2018-1304)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1027633
IBM Security Bulletin: Multiple vulnerabilities in the GSKit component of Tivoli Netcool/OMNIbus
http://www-01.ibm.com/support/docview.wss?uid=swg21974627
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
http://www-01.ibm.com/support/docview.wss?uid=swg22012415
IBM Security Bulletin: A vulnerability in Apache Commons FileUpload affects the IBM Performance Management product (CVE-2016-1000031)
http://www.ibm.com/support/docview.wss?uid=swg22016122
IBM Security Bulletin: Atlas eDiscovery Process Management is affected by Apache Open Source Commons FileUpload Vulnerability
https://www-01.ibm.com/support/docview.wss?uid=swg22014477
IBM Security Bulletin: Open Source Commons FileUpload Apache Vulnerabilities (CVE-2016-1000031)
http://www.ibm.com/support/docview.wss?uid=swg22016234
IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server Liberty affects the IBM Performance Management product (CVE-2017-1681)
http://www-01.ibm.com/support/docview.wss?uid=swg22015310
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012317
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
http://www.ibm.com/support/docview.wss?uid=swg22016185
IBM Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM SONAS
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012291
IBM Security Bulletin: Multiple Samba vulnerabilities affect IBM SONAS
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1012292
Java Bouncy Castle vulnerability CVE-2015-7940
https://support.f5.com/csp/article/K10105323