Tageszusammenfassung - 13.11.2019

End-of-Day report

Timeframe: Dienstag 12-11-2019 18:00 - Mittwoch 13-11-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

Network Traffic Analysis for IR: Address Resolution Protocol (ARP) with Wireshark

Introduction to the Address Resolution Protocol The Address Resolution Protocol (ARP) was first defined in RFC 826. As the name suggests, it is designed to resolve IP addresses into a form usable by other systems within a subnet. Network addressing works at a couple of different layers of the OSI model.

https://resources.infosecinstitute.com/address-resolution-protocol-arp-with-wireshark/

Schlüssel aus TPM-Chips lassen sich extrahieren

Mit einem Timing-Angriff lassen sich Signaturschlüssel auf Basis elliptischer Kurven aus TPM-Chips extrahieren. ... TPM-Chips sind in allen modernen PCs vorhanden und teilweise umstritten, da sie auch dazu genutzt werden können, Schutzmechanismen gegen den Willen des Nutzers umzusetzen. Trotz ihrer Verbreitung werden die Chips eher selten für kritische Applikationen genutzt, die Auswirkungen der Lücke dürften sich in Grenzen halten.

https://www.golem.de/news/tpm-fail-schluessel-aus-tpm-chips-lassen-sich-extrahieren-1911-144955.html

GSM Traffic and Encryption: A5/1 Stream Cipher

This write-up documents some of my follow-up research with regard to analyzing the GSM traffic packets I captured using Software Defined Radio. My attempt was to better understand the GSM mobile network protocols and procedures, with an emphasis on the authentication and ciphering algorithms being deployed.

https://www.blackhillsinfosec.com/gsm-traffic-and-encryption-a5-1-stream-cipher/

Angriffe über USB und Bluetooth: Android-Smartphones verwundbar

Sicherheitsforscher haben Schwachstellen in mehreren älteren Android-Smartphones entdeckt, die sie über USB- und Bluetooth-Verbindungen ausnutzen konnten.

https://heise.de/-4584690

Seriöses Job-Angebot oder Auftrag zur Geldwäsche?

Auf diversen Job-Börsen und Kleinanzeigenportalen stoßen Arbeitssuchende momentan auf Angebote zur freien Mitarbeit der -TideBit Deutschland LTD-. Die Firma existiert in dieser Form nicht. Kriminelle missbrauchen den Namen eines Kryptowährungsunternehmens, um BewerberInnen zur Geldwäsche zu bringen. Wer die Aufgaben erfüllt, macht sich womöglich selbst strafbar.

https://www.watchlist-internet.at/news/serioeses-job-angebot-oder-auftrag-zur-geldwaesche/

Vulnerabilities

November 2019 security updates are available!

We have released the November security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month-s security updates can be found in the Security Update Guide. As a reminder, Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.

https://msrc-blog.microsoft.com:443/2019/11/12/november-2019-security-updates-are-available/

Intel fixt Sicherheitslücken und enthüllt nebenbei eine neue ZombieLoad-Variante

Zum Patch Tuesday hat Intel 77 teils kritische Lücken gefixt, unter denen sich auch ein bislang geheim gehaltener Seitenkanalangriff befand.

https://heise.de/-4584543

VMSA-2019-0020

VMware ESXi, Workstation, and Fusion patches provide Hypervisor-Specific Mitigations for Speculative-Execution Vulnerabilities (CVE-2018-12207, CVE-2019-11135)

https://www.vmware.com/security/advisories/VMSA-2019-0020.html

VMSA-2019-0021

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541, CVE-2019-5542)

https://www.vmware.com/security/advisories/VMSA-2019-0021.html

VMSA-2019-0008.2

VMware product updates enable Hypervisor-Specific Mitigations, Hypervisor-Assisted Guest Mitigations, and Operating System-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091)

https://www.vmware.com/security/advisories/VMSA-2019-0008.html

Xen Security Advisory CVE-2019-11135 / XSA-305

A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous Abort is a state which occurs between a transaction definitely aborting (usually for reasons outside of the pipeline's control e.g. receiving an interrupt), and architectural state being rolled back to start of the transaction. During this period, speculative execution may be able to infer the value of data in the microarchitectural structures.

https://xenbits.xen.org/xsa/advisory-305.html

Xen Security Advisory CVE-2018-12207 / XSA-304

An erratum exists across some CPUs whereby an instruction fetch may cause a machine check error if the pagetables have been updated in a specific manner without invalidating the TLB. ... This corner case can be triggered by guest kernels.

https://xenbits.xen.org/xsa/advisory-304.html

Security updates for Wednesday

Security updates have been issued by Debian (dpdk, intel-microcode, kernel, libssh2, qemu, and webkit2gtk), Fedora (apache-commons-beanutils, bluez, iwd, kernel, kernel-headers, kernel-tools, libell, and microcode_ctl), openSUSE (gdb), Oracle (kernel), Red Hat (kernel and kernel-rt), SUSE (dhcp, evolution, kernel, libcaca, python, python-xdg, qemu, sysstat, ucode-intel, and xen), and Ubuntu (dpdk, intel-microcode, kernel, linux, linux-aws, ..., webkit2gtk)

https://lwn.net/Articles/804641/

Citrix Hypervisor Security Update

CTX263684 - A security issue has been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the hypervisor that are, or have recently been, running on the same CPU core.

https://support.citrix.com/article/CTX263684

Citrix ADC and Citrix Gateway Security Update (CVE-2019-0140)

CTX263807 - A vulnerability has been identified affecting Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC, and Citrix Gateway, formerly known as NetScaler Gateway, platforms which could result in privilege escalation via layer 2 network access on all network interfaces.

https://support.citrix.com/article/CTX263807

Cisco Prime Infrastructure and Evolved Programmable Network Manager Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-pi-epn-codex

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191002-ise-xss

Security Advisory - Two Vulnerabilities in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-01-homerouter-en

Security Advisory - Improper File Management Vulnerability in Huawei Share

http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20191113-02-share-en

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-kernel-vulnerabilities/

Security Bulletin: IBM NeXtScale Fan Power Controller (FPC) is affected by vulnerability in OpenSSL (CVE-2019-1559)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-nextscale-fan-power-controller-fpc-is-affected-by-vulnerability-in-openssl-cve-2019-1559/

libpcap vulnerability CVE-2019-15163

https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS

Hotfix XS80E008 - For Citrix Hypervisor 8.0

https://support.citrix.com/article/CTX263663

Hotfix XS76E012 - For XenServer 7.6

https://support.citrix.com/article/CTX263662

Hotfix XS71ECU2024 - For XenServer 7.1 Cumulative Update 2

https://support.citrix.com/article/CTX263661

Hotfix XS70E075 - For XenServer 7.0

https://support.citrix.com/article/CTX263660