End-of-Day report
Timeframe: Donnerstag 19-12-2019 18:00 - Freitag 20-12-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
From dropbox(updater) to NT AUTHORITY\SYSTEM
In this post I-m going to show how to use the DropBoxUpdater service in order to get SYSTEM privileges starting from a simple Windows user.
https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/
Using WebRTC ICE Servers for Port Scanning in Chrome
Using the browser to scan a LAN isn-t a new idea. There are many implementations that use XHR requests, websockets, or plain HTML to discover and fingerprint LAN devices. But in this blog, I-ll introduce a new scanning technique using WebRTC ICE servers. This technique is fast and, unlike the other methods, bypasses the blocked ports list. Unfortunately, it only works when the victim is using Chrome.
https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474
Vulnerabilities
DSA-4590 cyrus-imapd - security update
It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the fileinto [sieve directive] was used, bypassing ACL checks.
https://www.debian.org/security/2019/dsa-4590
Field Notice: FN - 70489 - PKI Self-Signed Certificate Expiration in Cisco IOS and Cisco IOS XE Software - Software Upgrade Recommended
Self-signed X.509 PKI certificates (SSC) that were generated on devices that run affected Cisco IOS® or Cisco IOS XE software releases expire on 2020-01-01 00:00:00 UTC. New self-signed certificates cannot be created on affected devices after 2020-01-01 00:00:00 UTC. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires.
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
OpenSSL version 1.0.2u published
The OpenSSL project team is pleased to announce the release of version 1.0.2u of our open source toolkit for SSL/TLS.
https://mta.openssl.org/pipermail/openssl-announce/2019-December/000165.html
VMSA-2019-0023
VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue (CVE-2019-5539)
https://www.vmware.com/security/advisories/VMSA-2019-0023.html
Critical Vulnerability Patched in 301 Redirects - Easy Redirect Manager
On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in "301 Redirects - Easy Redirect Manager", a WordPress plugin installed on over 70,000 websites. These weaknesses allowed any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability. We privately disclosed the issue to the plugin-s developer, who was incredibly quick to respond and release a patch.
https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/
Security updates for Friday
Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).
https://lwn.net/Articles/807851/
Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
http://www.cert-bund.de/advisoryshort/CB-K19-1105
Moxa EDS Ethernet Switches
https://www.us-cert.gov/ics/advisories/icsa-19-353-01
Equinox Control Expert
https://www.us-cert.gov/ics/advisories/icsa-19-353-02
WECON PLC Editor
https://www.us-cert.gov/ics/advisories/icsa-19-353-03
Reliable Controls MACH-ProWebCom/Sys
https://www.us-cert.gov/ics/advisories/icsa-19-353-04
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties/
Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09 + ICAM Synthetic 3.0
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09-icam-synthetic-3-0/
Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services
https://www.ibm.com/blogs/psirt/security-bulletin-various-security-vulnerabilities-in-ibm-financial-transaction-manager-for-swift-services/
Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilties/
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-i/
Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09/
The BIG-IP DNS system may erroneously display the TSIG key secret in plain text form
https://support.f5.com/csp/article/K36328238?utm_source=f5support&utm_medium=RSS
ASM Cloud Security Services authentication vulnerability CVE-2019-6687
https://support.f5.com/csp/article/K59957337?utm_source=f5support&utm_medium=RSS
Synology-SA-19:42 Intel Processor Vulnerability
https://www.synology.com/en-global/support/security/Synology_SA_19_42
Synology-SA-19:41 WordPress
https://www.synology.com/en-global/support/security/Synology_SA_19_41