End-of-Day report
Timeframe: Montag 28-10-2019 18:00 - Dienstag 29-10-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Sicherheitslücke in EU-Authentifizierungssoftware (eIDAS Node)
SEC Consult identifizierte kritische Schwachstellen in eIDAS-Node, die es einem Angreifer ermöglichen könnten, sich als beliebiger EU-Bürger auszugeben.
https://www.sec-consult.com/blog/2019/10/sicherheitsluecke-in-eu-authentifizierungssoftware-eidas-node/
File Inclusions: kleiner Programmierfehler, fatale Wirkung
Angriffe über File Inclusions sind vor allem in PHP und JSP nach wie vor möglich und können verheerende Folgen haben.
https://heise.de/-4570773
MikroTik Router Vulnerabilities Can Lead to Backdoor Creation
A chain of vulnerabilities in MikroTik routers could allow an attacker to gain a backdoor. The chain starts with DNS poisoning, goes on to downgrading the installed version of MikroTiks RouterOS software, and ends with enabling a backdoor. read more
https://www.securityweek.com/mikrotik-router-vulnerabilities-can-lead-backdoor-creation
Achtung Abo-Falle: endlich-windelfrei.de & baby-endlich-schlafen.de
Die Websites endlich-windelfrei.de und baby-endlich-schlafen.de versprechen Eltern große Erleichterungen beim Abgewöhnen der Windel und Schlafenlegen der Kinder. Die Systeme -Endlich Schlaf für Ihr Baby- und -Von der Windel zum Töpfchen - in nur 3 Tagen- können um nur 1 Euro erworben werden. Doch Vorsicht: Der Kauf führt in eine Abo-Falle!
https://www.watchlist-internet.at/news/achtung-abo-falle-endlich-windelfreide-baby-endlich-schlafende/
Modern Wireless Tradecraft Pt I
The past few years have seen some exciting developments in the subtle art of forcing wireless devices to connect to malicious access points. We-ve seen the resurgence of karma-style attacks with Dominic White-s and Ian de Villiers- work on MANA, as well George Chatzisofroniou-s Lure10 and Known Beacon attacks, which can be used to target devices that are immune to karma [1][2].
https://posts.specterops.io/modern-wireless-attacks-pt-i-basic-rogue-ap-theory-evil-twin-and-karma-attacks-35a8571550ee
Vulnerabilities
Trend Micro schließt zwei Schwachstellen in Sicherheitssoftware für Windows
Patches für Apex One, OfficeScan und WFBS fixen zwei Schwachstellen. Trend Micro hat Exploit-Versuche beobachtet und rät zum zügigen Update.
https://heise.de/-4571304
Security updates for Tuesday
Security updates have been issued by Debian (php7.0, php7.3, ruby-loofah, and spip), Fedora (proftpd), openSUSE (lz4 and sysstat), Red Hat (chromium-browser, jss, kernel, kernel-alt, kpatch-patch, pango, polkit, sudo, systemd, and thunderbird), SUSE (graphite-web, python3, and samba), and Ubuntu (php5, php7.0, php7.2, php7.3, and samba).
https://lwn.net/Articles/803381/
WebKitGTK and WPE WebKit Security Advisory WSA-2019-0005
Date Reported: October 29, 2019 Advisory ID: WSA-2019-0005 CVE identifiers: CVE-2019-8625, CVE-2019-8674,CVE-2019-8707, CVE-2019-8719,CVE-2019-8720, CVE-2019-8726,CVE-2019-8733, CVE-2019-8735,CVE-2019-8763, CVE-2019-8768,CVE-2019-8769, CVE-2019-8771. Several vulnerabilities were discovered in WebKitGTK and WPE WebKit. CVE-2019-8625 Versions affected: WebKitGTK before 2.26.0 and WPE WebKit before2.26.0. Credit to Sergei Glazunov of Google Project Zero. Impact: Processing maliciously crafted [...]
https://webkitgtk.org/security/WSA-2019-0005.html
Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC
As part of its features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-014/
Unsafe Storage of Credentials in Carel pCOWeb HVAC
The Carel pCOWeb card stores password hashes in the file "/etc/passwd",allowing privilege escalation by authenticated users. Additionally,plaintext copies of the passwords are stored.
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-013/
BlackBerry Powered by Android Security Bulletin - October 2019
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000058898
tcpdump vulnerability CVE-2018-14880
https://support.f5.com/csp/article/K56551263?utm_source=f5support&utm_medium=RSS
Open Redirect Vulnerability Patched In Bridge Theme
https://www.wordfence.com/blog/2019/10/open-redirect-vulnerability-patched-in-bridge-theme/
PHOENIX CONTACT improper access control exists on FL NAT devices when using MAC-based port security
https://cert.vde.com/de-de/advisories/vde-2019-020
Samba: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K19-0945
McAfee Total Protection: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
http://www.cert-bund.de/advisoryshort/CB-K19-0944