End-of-Day report
Timeframe: Mittwoch 04-12-2019 18:00 - Donnerstag 05-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Security prenotification for Adobe Acrobat and Reader | APSB19-55
Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Tuesday, December 10, 2019.
https://helpx.adobe.com/security/products/acrobat/apsb19-55.html
Atlassian scrambles to fix zero-day security hole accidentally disclosed on Twitter
Twitter security celeb SwiftOnSecurity on Tuesday inadvertently disclosed a zero-day vulnerability affecting enterprise software biz Atlassian, a flaw that may be echoed in IBM's Aspera software.
https://go.theregister.co.uk/feed/www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
NTLMRecon
A fast NTLM reconnaissance tool without external dependencies. Useful to find out information about NTLM endpoints when working with a large set of potential IP addresses and domains.
https://github.com/sachinkamath/ntlmrecon
xHunt Actor-s Cheat Sheet
Unit 42 found evidence that the developers who created the Sakabota tool had carried out two sets of testing activities on Sakabota in an attempt to evade detection. Within one sample created during this testing process, we uncovered a cheat sheet meant to assist operators of the tool to carry out activities on the compromised system and network, which weve never seen before.
https://unit42.paloaltonetworks.com/xhunt-actors-cheat-sheet/
Vulnerabilities
Authentication vulnerabilities in OpenBSD
We discovered an authentication-bypass vulnerability in OpenBSDs authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms. (CVE-2019-19521)
https://www.openwall.com/lists/oss-security/2019/12/04/5
Security updates for Thursday
Security updates have been issued by Arch Linux (firefox), Fedora (cyrus-imapd, freeipa, haproxy, ImageMagick, python-pillow, rubygem-rmagick, sqlite, squid, and tnef), openSUSE (haproxy), Oracle (microcode_ctl), and Ubuntu (squid, squid3).
https://lwn.net/Articles/806384/
Weidmueller multiple vulnerabilities in various Industrial Ethernet managed switches
CVE-2019-16670: The Authentication mechanism has no brute-force prevention.
CVE-2019-16671: Remote authenticated users can crash a device with a special packet because of Uncontrolled Resource Consumption.
CVE-2019-16672: Sensitive Credentials data is transmitted in cleartext.
...
CVSS-Scores: bis 9.8
https://cert.vde.com/de-de/advisories/vde-2019-018
Mozilla Thunderbird: Mehrere Schwachstellen
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Mozilla Thunderbird ausnutzen, um beliebigen Programmcode mit Benutzerrechten auszuführen, vertrauliche Daten einzusehen oder einen Denial of Service Angriff durchzuführen.
http://www.cert-bund.de/advisoryshort/CB-K19-1040
Wireshark: Schwachstelle ermöglicht Denial of Service
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Wireshark ausnutzen, um einen Denial of Service Angriff durchzuführen.
http://www.cert-bund.de/advisoryshort/CB-K19-1039
Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities.
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-toolscenter-dynamic-system-analysis-dsa-preboot-is-affected-by-multiple-vulnerabilities/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-tivoli-business-service-manager/
Intel MCE vulnerability CVE-2018-12207
https://support.f5.com/csp/article/K17269881