Tageszusammenfassung - 17.12.2019

End-of-Day report

Timeframe: Montag 16-12-2019 18:00 - Dienstag 17-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

#include

Recently I saw a tweet where someone mentioned that you can include /dev/stdin in C code compiled with gcc. This is, to say the very least, surprising. When you see something like this with an IT security background you start to wonder if this can be abused for an attack.

https://blog.hboeck.de/archives/898-include-etcshadow.html


Is it Possible to Identify DNS over HTTPs Without Decrypting TLS?

Aside from the session length, I found that the payload length for DoH is somewhat telling. DNS queries and responses are usually a couple of hundred bytes long. HTTPS connections, on the other hand, tend to "fill" the MTU.

https://isc.sans.edu/diary/rss/25616


ESET BlueKeep (CVE-2019-0708) Detection-Tool

Obwohl die BlueKeep-Schwachstelle (CVE-2019-0708) bisher nicht für weitverbreitetes Chaos sorgte, befindet sie sich doch noch in einem recht frühen Stadium der Exploit-Lebensdauer. Tatsächlich ist es so, dass viele Systeme noch nicht gepatcht sind und eine Version des Exploits als Wurm noch auftauchen könnte. Aufgrund dieser Faktoren stellt ESET ein kostenloses Detection-Tool bereit, das checken soll, ob ein System in Bezug auf BlueKeep verwundbar ist.

https://www.welivesecurity.com/deutsch/2019/12/17/eset-bluekeep-detection-tool/


Weihnachtseinkäufe auf Amazon: Vorsicht vor Kriminellen

Eine Bestellung auf Amazon ist für viele bereits selbstverständlich und mit einer überwiegend positiven Kauferfahrung verbunden. Doch auf Amazon finden sich auch betrügerische Angebote: werden Sie aufgefordert, HändlerInnen vorab per E-Mail zu kontaktieren oder die Zahlung über ein externes Konto und nicht über Amazon abzuwickeln, können Sie von einem unseriösen Angebot ausgehen!

https://www.watchlist-internet.at/news/weihnachtseinkaeufe-auf-amazon-vorsicht-vor-kriminellen/

Vulnerabilities

Joomla - [20191202] - Core - Various SQL injections through configuration parameters

Versions: 2.5.0 - 3.9.13 CVE Number: CVE-2019-19846 The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.

https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters.html


Joomla - [20191201] - Core - Path Disclosure in framework files

Versions: 3.8.0 - 3.9.13 Number: CVE-2019-19845 Missing access check in framework files could lead to a path disclosure.

https://developer.joomla.org/security-centre/796-20191201-core-path-disclosure-in-framework-files.html


This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members

WhatsApp, the worlds most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned. ... Check Point responsibly reported this crash bug to the WhatsApp security team back in late August this year, and the company patched the issue with the release of WhatsApp version 2.19.58 in mid-September.

https://thehackernews.com/2019/12/whatsapp-group-crash.html


CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI

Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications. It insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the softwares underlying host.

https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui


Vulnerabilities in multiple third party TYPO3 CMS extensions

several vulnerabilities have been found in the following third party TYPO3 extensions: - "MKSamlAuth" (mksamlauth) - "Change password for frontend users" (fe_change_pwd) - "File List" (file_list) - "femanager direct mail subscription" (femanager_dmail_subscribe) - "femanager" (femanager)

http://lists.typo3.org/pipermail/typo3-announce/2019/000455.html


TYPO3 10.2.2, 9.5.13 and 8.7.30 security releases published

We are announcing the release of the following TYPO3 updates: TYPO3 10.2.2 TYPO3 9.5.13 LTS TYPO3 8.7.30 LTS All versions are security releases and contain important security fixes

https://typo3.org/article/typo3-1022-9513-and-8730-security-releases-published/


Sicherheitsupdate: Passwortabfrage von TP-Links Archer-Routern umgehbar

Angreifer könnten eine kritische Sicherheitslücke ausnutzen, um mit Admin-Rechten auf einige Router der Archer-Serie zu zugreifen.

https://heise.de/-4616996


Security updates for Tuesday

Security updates have been issued by Debian (libssh, ruby2.3, and ruby2.5), Fedora (kernel and libgit2), openSUSE (chromium and libssh), Oracle (openslp), Red Hat (container-tools:1.0, container-tools:rhel8, freetype, kernel, and kpatch-patch), Scientific Linux (openslp), SUSE (git and LibreOffice), and Ubuntu (graphicsmagick).

https://lwn.net/Articles/807505/


Intel Patches Privilege Escalation Flaw in Rapid Storage Technology

A vulnerability Intel has addressed in the Rapid Storage Technology (RST) could allow a local user to escalate privileges to System. Intel RST is a Windows-based application that is provided with many computers that feature Intel chips to deliver improved performance and reliability when SATA disks are used.

https://www.securityweek.com/intel-patches-privilege-escalation-flaw-rapid-storage-technology


Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-lodash-shipped-with-powerai/


Security Bulletin: IBM MQ Appliance is affected by a libcgroup vulnerability (CVE-2018-14348)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-libcgroup-vulnerability-cve-2018-14348/


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator/


Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI

https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-sqlite-shipped-with-powerai/


Security Bulletin: IBM SDK Oracle Java vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson- Speech Services 1.1)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-oracle-java-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/