End-of-Day report
Timeframe: Montag 16-12-2019 18:00 - Dienstag 17-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
#include
Recently I saw a tweet where someone mentioned that you can include /dev/stdin in C code compiled with gcc. This is, to say the very least, surprising. When you see something like this with an IT security background you start to wonder if this can be abused for an attack.
https://blog.hboeck.de/archives/898-include-etcshadow.html
Is it Possible to Identify DNS over HTTPs Without Decrypting TLS?
Aside from the session length, I found that the payload length for DoH is somewhat telling. DNS queries and responses are usually a couple of hundred bytes long. HTTPS connections, on the other hand, tend to "fill" the MTU.
https://isc.sans.edu/diary/rss/25616
ESET BlueKeep (CVE-2019-0708) Detection-Tool
Obwohl die BlueKeep-Schwachstelle (CVE-2019-0708) bisher nicht für weitverbreitetes Chaos sorgte, befindet sie sich doch noch in einem recht frühen Stadium der Exploit-Lebensdauer. Tatsächlich ist es so, dass viele Systeme noch nicht gepatcht sind und eine Version des Exploits als Wurm noch auftauchen könnte. Aufgrund dieser Faktoren stellt ESET ein kostenloses Detection-Tool bereit, das checken soll, ob ein System in Bezug auf BlueKeep verwundbar ist.
https://www.welivesecurity.com/deutsch/2019/12/17/eset-bluekeep-detection-tool/
Weihnachtseinkäufe auf Amazon: Vorsicht vor Kriminellen
Eine Bestellung auf Amazon ist für viele bereits selbstverständlich und mit einer überwiegend positiven Kauferfahrung verbunden. Doch auf Amazon finden sich auch betrügerische Angebote: werden Sie aufgefordert, HändlerInnen vorab per E-Mail zu kontaktieren oder die Zahlung über ein externes Konto und nicht über Amazon abzuwickeln, können Sie von einem unseriösen Angebot ausgehen!
https://www.watchlist-internet.at/news/weihnachtseinkaeufe-auf-amazon-vorsicht-vor-kriminellen/
Vulnerabilities
Joomla - [20191202] - Core - Various SQL injections through configuration parameters
Versions: 2.5.0 - 3.9.13
CVE Number: CVE-2019-19846
The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.
https://developer.joomla.org/security-centre/797-20191202-core-various-sql-injections-through-configuration-parameters.html
Joomla - [20191201] - Core - Path Disclosure in framework files
Versions: 3.8.0 - 3.9.13
Number: CVE-2019-19845
Missing access check in framework files could lead to a path disclosure.
https://developer.joomla.org/security-centre/796-20191201-core-path-disclosure-in-framework-files.html
This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members
WhatsApp, the worlds most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned.
...
Check Point responsibly reported this crash bug to the WhatsApp security team back in late August this year, and the company patched the issue with the release of WhatsApp version 2.19.58 in mid-September.
https://thehackernews.com/2019/12/whatsapp-group-crash.html
CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI
Telerik UI for ASP.NET AJAX is a widely used suite of UI components for web applications. It insecurely deserializes JSON objects in a manner that results in arbitrary remote code execution on the softwares underlying host.
https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui
Vulnerabilities in multiple third party TYPO3 CMS extensions
several vulnerabilities have been found in the following third party TYPO3 extensions: - "MKSamlAuth" (mksamlauth) - "Change password for frontend users" (fe_change_pwd) - "File List" (file_list) - "femanager direct mail subscription" (femanager_dmail_subscribe) - "femanager" (femanager)
http://lists.typo3.org/pipermail/typo3-announce/2019/000455.html
TYPO3 10.2.2, 9.5.13 and 8.7.30 security releases published
We are announcing the release of the following TYPO3 updates: TYPO3 10.2.2 TYPO3 9.5.13 LTS TYPO3 8.7.30 LTS All versions are security releases and contain important security fixes
https://typo3.org/article/typo3-1022-9513-and-8730-security-releases-published/
Sicherheitsupdate: Passwortabfrage von TP-Links Archer-Routern umgehbar
Angreifer könnten eine kritische Sicherheitslücke ausnutzen, um mit Admin-Rechten auf einige Router der Archer-Serie zu zugreifen.
https://heise.de/-4616996
Security updates for Tuesday
Security updates have been issued by Debian (libssh, ruby2.3, and ruby2.5), Fedora (kernel and libgit2), openSUSE (chromium and libssh), Oracle (openslp), Red Hat (container-tools:1.0, container-tools:rhel8, freetype, kernel, and kpatch-patch), Scientific Linux (openslp), SUSE (git and LibreOffice), and Ubuntu (graphicsmagick).
https://lwn.net/Articles/807505/
Intel Patches Privilege Escalation Flaw in Rapid Storage Technology
A vulnerability Intel has addressed in the Rapid Storage Technology (RST) could allow a local user to escalate privileges to System. Intel RST is a Windows-based application that is provided with many computers that feature Intel chips to deliver improved performance and reliability when SATA disks are used.
https://www.securityweek.com/intel-patches-privilege-escalation-flaw-rapid-storage-technology
Security Bulletin: A security vulnerability has been identified in lodash shipped with PowerAI
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-lodash-shipped-with-powerai/
Security Bulletin: IBM MQ Appliance is affected by a libcgroup vulnerability (CVE-2018-14348)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-a-libcgroup-vulnerability-cve-2018-14348/
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-rational-directory-server-tivoli-rational-directory-administrator/
Security Bulletin: A security vulnerability has been identified in SQLite shipped with PowerAI
https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerability-has-been-identified-in-sqlite-shipped-with-powerai/
Security Bulletin: IBM SDK Oracle Java vunerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson- Speech Services 1.1)
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-oracle-java-vunerabilities-affect-ibm-watson-text-to-speech-and-speech-to-text-ibm-watson-speech-services-1-1/