End-of-Day report
Timeframe: Freitag 05-04-2019 18:00 - Montag 08-04-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
ThinkPHP 5.x - Remote Code Execution Actively Exploited In The Wild
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP. ThinkPHP is a PHP framework that is very popular in Asia. If you keep track of your site-s activity, the following log may look familiar: ]]>
http://labs.sucuri.net/?note=2019-04-08
Vulnerabilities
SQL Injection in Duplicate-Page WordPress Plugin
While investigating the Duplicate Page plugin we have discovered a dangerous SQL Injection vulnerability. It was not being abused externally and impacts over 800,000 sites. It-s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of this vulnerability is that it-s exploitable by any users with an account on the vulnerable site (regardless of the privileges
https://blog.sucuri.net/2019/04/sql-injection-in-duplicate-page-wordpress-plugin.html
Jetzt patchen: Sicherheitssoftware von Trend Micro birgt kritische Schwachstelle
Updates für Apex One, OfficeScan und Worry-Free Business Security schützen unter anderem vor Remote-Angriffen. Nutzer sollten die Software zügig aktualisieren.
http://heise.de/-4365964
Via Dovecot zu Root-Rechten
Die Entwickler des Linux-Mailservers Dovecot haben einen Fehler gefunden und beseitigt, über den sich ein Angreifer Root-Rechte verschaffen könnte.
http://heise.de/-4366806
Security updates for Monday
Security updates have been issued by Debian (roundup, samba, tryton-server, and wget), Fedora (evolution-data-server, evolution-ews, glpi, ntp, poppler, pspp, and wget), Mageia (advancecomp, cfitsio, firefox, ghostscript, gnutls, libjpeg, libpng, ocaml, python-yaml, ruby-ox, SDL12, and thunderbird), openSUSE (adcli, sssd, go1.11, liblouis, nodejs6, openssl, ovmf, sqlite3, sysstat, thunderbird, tiff, and znc), Red Hat (chromium-browser and python), Slackware (httpd, openjpeg, and wget), SUSE
https://lwn.net/Articles/785238/
Samba: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
CB-K19/0277: Samba: Mehrere Schwachstellen ermöglichen Manipulation von Dateien
http://www.cert-bund.de/advisoryshort/CB-K19-0277
IBM Security Bulletin: IBM InfoSphere Metadata Asset Manager is affected by an SQL Injection vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-metadata-asset-manager-is-affected-by-an-sql-injection-vulnerability/
IBM Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-sterling-connectdirect-for-unix-allows-a-user-with-sudo-access-restricted-to-certain-connectdirect-executable-files-to-expand-access-beyond-the-restriction-cve-2018-1903/
IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-1871)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-corporate-payment-services-is-affected-by-a-potential-cross-site-scripting-xss-vulnerability-cve-2018-1871/
IBM Security Bulletin: A reflected cross-site scripting (XSS) vulnerability affects IBM Performance Management products
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-reflected-cross-site-scripting-xss-vulnerability-affects-ibm-performance-management-products/
HPESBHF03916 rev.1 - HPE Virtual Connect SE 16Gb Fibre Channel Module for Synergy, Local or Remote Unauthorized Elevation of Privilege
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03916en_us