Tageszusammenfassung - 20.12.2019

End-of-Day report

Timeframe: Donnerstag 19-12-2019 18:00 - Freitag 20-12-2019 18:00 Handler: Robert Waldner Co-Handler: n/a

News

From dropbox(updater) to NT AUTHORITY\SYSTEM

In this post I-m going to show how to use the DropBoxUpdater service in order to get SYSTEM privileges starting from a simple Windows user.

https://decoder.cloud/2019/12/18/from-dropboxupdater-to-nt-authoritysystem/


Using WebRTC ICE Servers for Port Scanning in Chrome

Using the browser to scan a LAN isn-t a new idea. There are many implementations that use XHR requests, websockets, or plain HTML to discover and fingerprint LAN devices. But in this blog, I-ll introduce a new scanning technique using WebRTC ICE servers. This technique is fast and, unlike the other methods, bypasses the blocked ports list. Unfortunately, it only works when the victim is using Chrome.

https://medium.com/tenable-techblog/using-webrtc-ice-servers-for-port-scanning-in-chrome-ce17b19dd474

Vulnerabilities

DSA-4590 cyrus-imapd - security update

It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the fileinto [sieve directive] was used, bypassing ACL checks.

https://www.debian.org/security/2019/dsa-4590


Field Notice: FN - 70489 - PKI Self-Signed Certificate Expiration in Cisco IOS and Cisco IOS XE Software - Software Upgrade Recommended

Self-signed X.509 PKI certificates (SSC) that were generated on devices that run affected Cisco IOS® or Cisco IOS XE software releases expire on 2020-01-01 00:00:00 UTC. New self-signed certificates cannot be created on affected devices after 2020-01-01 00:00:00 UTC. Any service that relies on these self-signed certificates to establish or terminate a secure connection might not work after the certificate expires.

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html


OpenSSL version 1.0.2u published

The OpenSSL project team is pleased to announce the release of version 1.0.2u of our open source toolkit for SSL/TLS.

https://mta.openssl.org/pipermail/openssl-announce/2019-December/000165.html


VMSA-2019-0023

VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue (CVE-2019-5539)

https://www.vmware.com/security/advisories/VMSA-2019-0023.html


Critical Vulnerability Patched in 301 Redirects - Easy Redirect Manager

On Friday December 13th, our Threat Intelligence team discovered vulnerabilities present in "301 Redirects - Easy Redirect Manager", a WordPress plugin installed on over 70,000 websites. These weaknesses allowed any authenticated user, even subscribers, to modify, delete, and inject redirect rules that could potentially result in a loss of site availability. We privately disclosed the issue to the plugin-s developer, who was incredibly quick to respond and release a patch.

https://www.wordfence.com/blog/2019/12/critical-vulnerability-patched-in-301-redirects-easy-redirect-manager/


Security updates for Friday

Security updates have been issued by Debian (cyrus-imapd and gdk-pixbuf), Fedora (cacti, cacti-spine, and fribidi), Red Hat (fribidi, git, and openstack-keystone), Scientific Linux (fribidi), Slackware (wavpack), and SUSE (firefox, kernel, mariadb, spectre-meltdown-checker, and trousers).

https://lwn.net/Articles/807851/


Atlassian Jira Software: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Atlassian Jira Software ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

http://www.cert-bund.de/advisoryshort/CB-K19-1105


Moxa EDS Ethernet Switches

https://www.us-cert.gov/ics/advisories/icsa-19-353-01


Equinox Control Expert

https://www.us-cert.gov/ics/advisories/icsa-19-353-02


WECON PLC Editor

https://www.us-cert.gov/ics/advisories/icsa-19-353-03


Reliable Controls MACH-ProWebCom/Sys

https://www.us-cert.gov/ics/advisories/icsa-19-353-04


Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilties

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilties/


Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09 + ICAM Synthetic 3.0

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09-icam-synthetic-3-0/


Security Bulletin: Various security vulnerabilities in IBM Financial Transaction Manager for SWIFT Services

https://www.ibm.com/blogs/psirt/security-bulletin-various-security-vulnerabilities-in-ibm-financial-transaction-manager-for-swift-services/


Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilties

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-business-intelligence-has-addressed-multiple-vulnerabilties/


Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM i

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-openssl-affect-ibm-i/


Security Bulletin: Multiple vulnerabilities of Mozzila Firefox (less than Firefox 68.2.0 ESR) have affected Synthetic Playback Agent 8.1.4.0 - 8.1.4 IF09

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-of-mozzila-firefox-less-than-firefox-68-2-0-esr-have-affected-synthetic-playback-agent-8-1-4-0-8-1-4-if09/


The BIG-IP DNS system may erroneously display the TSIG key secret in plain text form

https://support.f5.com/csp/article/K36328238?utm_source=f5support&utm_medium=RSS


ASM Cloud Security Services authentication vulnerability CVE-2019-6687

https://support.f5.com/csp/article/K59957337?utm_source=f5support&utm_medium=RSS


Synology-SA-19:42 Intel Processor Vulnerability

https://www.synology.com/en-global/support/security/Synology_SA_19_42


Synology-SA-19:41 WordPress

https://www.synology.com/en-global/support/security/Synology_SA_19_41