Tageszusammenfassung - 25.05.2018

End-of-Day report

Timeframe: Donnerstag 24-05-2018 18:00 - Freitag 25-05-2018 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

News

Z-Shave Attack Could Impact Over 100 Million IoT Devices

The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.

https://www.bleepingcomputer.com/news/security/z-shave-attack-could-impact-over-100-million-iot-devices/

Electron: Was es mit dem Patch des Patches auf sich hat...

Die Entwickler von Electron haben in der vorigen Woche einen Patch für den Januar-Patch ihres Cross-Plattform-Frameworks zur Erstellung von Desktop-Apps veröffentlicht. Ein Sicherheitsforscher von Doyensec erläuterte nun, warum das notwendig war.

https://www.heise.de/-4058755

Gefälschter Überweisungsauftrag für Vereins-Kassier/innen

Vereins-Kassier/innen erhalten eine angebliche Benachrichtigung ihrer Obfrau oder ihres Obmanns, in der es heißt, dass der Verein dringend Geld ins Ausland überweisen müsse. Kommen sie der Aufforderung nach, verliert der Verein Geld, denn das Schreiben stammt von Kriminellen.

https://www.watchlist-internet.at/news/gefaelschter-ueberweisungsauftrag-fuer-vereins-kassierinnen/

Vulnerabilities

VU#338343: strongSwan VPN charon server vulnerable to buffer underflow

[...] strongSwan VPNs charon server prior to version 5.6.3 does not check packet length and may allow buffer underflow, resulting in denial of service.

http://www.kb.cert.org/vuls/id/338343

BeaconMedaes TotalAlert Scroll Medical Air Systems

This medical device advisory includes mitigations for improper access controls, insufficiently protected credentials, and unprotected storage of credentials vulnerabilities in the BeaconMedaes TotalAlert Scroll Medical Air Systems web application.

https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01

Schneider Electric Floating License Manager

This advisory includes mitigations for heap-based buffer overflow, improper restriction of operations within the bounds of a memory buffer, and open redirect vulnerabilities in the Schneider Electric Floating License Manager.

https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01

Security updates for Friday

Security updates have been issued by Arch Linux (bind, libofx, and thunderbird), Debian (thunderbird, xdg-utils, and xen), Fedora (procps-ng), Mageia (gnupg2, mbedtls, pdns, and pdns-recursor), openSUSE (bash, GraphicsMagick, icu, and kernel), Oracle (thunderbird), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, and thunderbird), Scientific Linux (thunderbird), and Ubuntu (curl).

https://lwn.net/Articles/755667/

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Application Error vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg22016515

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by an Incorrect Permission Assignment for Critical Resource vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg22016132

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Query Parameter in SSL Request vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg22016131

IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity Center) is affected by a vulnerability in Apache CXF (CVE-2017-12624)

http://www.ibm.com/support/docview.wss?uid=swg22014053

IBM Security Bulletin: Open Source Apache CXF Vulnerabilities affects IBM Spectrum LSF Explorer

http://www-01.ibm.com/support/docview.wss?uid=isg3T1027368

IBM Security Bulletin: API Connect Developer Portal is affected by a PHP vulnerability (CVE-2017-7272)

http://www-01.ibm.com/support/docview.wss?uid=swg22016607

IBM Security Bulletin: IBM Spectrum Control (formerly IBM Tivoli Storage Productivity is affected by an OpenSSL vulnerabilitiy (CVE-2018-0739)

http://www.ibm.com/support/docview.wss?uid=swg22015614

IBM Security Bulletin: IBM FileNet Image Services is affected by GSKit and GSKit-Crypto vulnerabilities

https://www-01.ibm.com/support/docview.wss?uid=swg22014741

IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2017-1788

http://www.ibm.com/support/docview.wss?uid=swg22014729

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Cross-Site Scripting vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg22016512

IBM Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Session Identifier Not Updated vulnerability

http://www-01.ibm.com/support/docview.wss?uid=swg22016513