End-of-Day report
Timeframe: Mittwoch 19-06-2019 18:00 - Freitag 21-06-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Botnet Uses SSH and ADB to Create Android Cryptomining Army
Researchers discovered a cryptocurrency mining botnet that uses the Android Debug Bridge (ADB) Wi-Fi interface and SSH connections to hosts stored in the known_hosts list to spread to other devices.
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
Vulnerabilities
PHOENIX CONTACT Automation Worx Software Suite
This advisory includes mitigations for access of uninitialized pointer, out-of-bounds read, and use after free vulnerabilities reported in Phoenix Contacts Automation Worx Software Suite.
https://ics-cert.us-cert.gov/advisories/ICSA-19-171-01
Cisco schließt zwei kritische und zahlreiche weitere Schwachstellen
Updates für Ciscos SD-WAN-Lösung und DNA Center beseitigen kritische Sicherheitsprobleme. Aber auch zahlreiche weitere Produkte wurden frisch gepatcht.
https://heise.de/-4451734
Security updates for Thursday
Security updates have been issued by Debian (firefox-esr, gvfs, intel-microcode, and python-urllib3), Fedora (advancecomp, firefox, freeradius, kubernetes, pam-u2f, and rubygem-jquery-ui-rails), openSUSE (elfutils and sssd), Red Hat (chromium-browser), SUSE (doxygen and samba), and Ubuntu (evince, firefox, Gunicorn, libvirt, and sqlite3).
https://lwn.net/Articles/791572/
Security updates for Friday
Security updates have been issued by CentOS (libvirt and python), Debian (intel-microcode, php-horde-form, and znc), Fedora (firefox), Mageia (firefox, flash-player-plugin, git, graphicsmagick, kernel, kernel-linus, kernel-tmb, phpmyadmin, and thunderbird), Oracle (libssh2, libvirt, and python), Red Hat (libvirt and python), Scientific Linux (libvirt), Slackware (bind and mozilla), SUSE (enigmail), and Ubuntu (bind9, intel-microcode, mosquitto, postgresql-10, postgresql-11, and thunderbird).
https://lwn.net/Articles/791669/
Synology-SA-19:28 Linux kernel
CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 allow remote attackers to conduct denial-of-service attacks via a susceptible version of DiskStation Manager (DSM) or Synology Router Manager (SRM).
https://www.synology.com/en-global/support/security/Synology_SA_19_28
Multiple vulnerabilities in VAIO Update
https://jvn.jp/en/jp/JVN13555032/
Intel-SA-00213: Intel CSME, Intel SPS, Intel TXE, Intel DAL, and Intel AMT vulnerabilities
https://support.f5.com/csp/article/K42117350
Security vulnerabilities fixed in Firefox 67.0.4 and Firefox ESR 60.7.2
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
Security vulnerabilities fixed in Thunderbird 60.7.2
https://www.mozilla.org/en-US/security/advisories/mfsa2019-20/
AirPort Base Station Firmware Update 7.8.1
https://support.apple.com/kb/HT210091
CVE-2019-10072 Apache Tomcat HTTP/2 DoS
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201906.mbox/browser
DSA-2019-084: Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs Security Update for PC Doctor Vulnerability
https://www.dell.com/support/article/at/de/atdhs1/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
[webapps] WebERP 4.15 - SQL injection
https://www.exploit-db.com/exploits/47013
DoS Vulnerability in Huawei S Series Switch Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190522-01-switch-en
IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-messagegateway-is-affected-by-the-following-jquery-vulnerability/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collector-5/
IBM Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-a-denial-of-service-vulnerability-in-node-js-cve-2019-5737/
IBM Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-is-affected-by-the-following-four-ibm-java-vulnerabilities-2/
IBM Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-cloud-transformation-advisor-is-affected-by-a-node-js-lodash-module-vulnerability-cve-2018-16487/
IBM Security Bulletin: IBM MessageSight/MessageGateway is affected by the following WebSphere Application Server vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-messagesight-messagegateway-is-affected-by-the-following-websphere-application-server-vulnerability/
IBM Security Bulletin: This Power System update is being released to address CVE-2018-5390
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-this-power-system-update-is-being-released-to-address-cve-2018-5390/
IBM Security Bulletin: Vulnerabilities in OpenSSL affect QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerabilities-in-openssl-affect-qlogic-8gb-intelligent-pass-thru-module-and-san-switch-module-for-ibm-bladecenter-and-qlogic-virtual-fabric-extension-module-for-ibm-bladecente/