End-of-Day report
Timeframe: Dienstag 24-09-2019 18:00 - Mittwoch 25-09-2019 18:00
Handler: Stephan Richter
Co-Handler: n/a
News
vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch
A zero-day exploit for the vBulletin forum platform was publicly disclosed and quickly used to attack affected versions of the forum software. It turns out, though, that this exploit has been known, utilized, and sold by researchers and attackers for years.
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Free Decryptors Released for Two Ransomware Families
Security researchers have released decryption tools which victims of two different ransomware families can use to recover their files for free. On 25 September, Kaspersky Lab unveiled decryptors for both the Yatron and FortuneCrypt crypto-ransomware families.
https://www.tripwire.com/state-of-security/security-data-protection/free-decryptors-released-for-two-ransomware-families/
Vulnerabilities
Apple Releases Security Updates
Original release date: September 25, 2019Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit one of these vulnerabilities to obtain access to sensitive information.
https://www.us-cert.gov/ncas/current-activity/2019/09/25/apple-releases-security-updates
Cisco Adaptive Security Appliance Web Services Denial of Service Vulnerability
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd
VMSA-2019-0015
VMware Cloud Foundation and VMware Harbor Container Registry for PCF address remote escalation of privilege vulnerability (CVE-2019-16097)
https://www.vmware.com/security/advisories/VMSA-2019-0015.html
Security updates for Wednesday
Security updates have been issued by Debian (kernel, libgcrypt20, and spip), Fedora (compat-openssl10, expat, ghostscript, ibus, java-1.8.0-openjdk-aarch32, and SDL2_image), openSUSE (bird, chromium, kernel, libreoffice, links, and varnish), Oracle (httpd:2.4 and qemu-kvm), Red Hat (kernel), Scientific Linux (qemu-kvm), SUSE (djvulibre, dovecot22, ghostscript, kernel, libxml2, and python-Twisted), and Ubuntu (file-roller and libreoffice).
https://lwn.net/Articles/800553/
[20190901] - Core - XSS in logo parameter of default templates
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/PO-TPPu7rQ0/791-20190901-core-xss-in-logo-parameter-of-default-templates.html
SBA-ADV-20190911-01: Easy FancyBox Wordpress Plugin Stored Cross-site Scripting (XSS)
https://github.com/sbaresearch/advisories/commit/9000d9bfd120a1b8f5f1643e5fce6a3fcda05353
Security Advisory - Two Integer overflow Vulnerabilities in Some Huawei Smart Phones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-01-smartphone-en
Security Advisory - Out-of-bounds Read Vulnerability in Gauss100 OLTP Database of Some Huawei Products
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-01-database-en
Security Advisory - Improper Validation Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-03-smartphone-en
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-02-smartphone-en
Security Advisory - Insufficient Verification Vulnerability in Several Smartphones
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190925-01-codeexecution-en
IBM Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java- Technology Edition affect IBM Operational Decision Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-sdk-java-technology-edition-affect-ibm-operational-decision-manager-7/
IBM Security Bulletin: Linux Kernel as used in IBM QRadar Network Packet Capture is vulnerable to denial of service (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-linux-kernel-as-used-in-ibm-qradar-network-packet-capture-is-vulnerable-to-denial-of-service-cve-2019-11477-cve-2019-11478-cve-2019-11479/
IBM Security Bulletin: IBM MQ and IBM MQ Appliance command server is vulnerable to a denial of service attack caused by specially crafted PCF messages (CVE-2019-4378)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-mq-and-ibm-mq-appliance-command-server-is-vulnerable-to-a-denial-of-service-attack-caused-by-specially-crafted-pcf-messages-cve-2019-4378/
IBM Security Bulletin: Java Vulnerability Affects IBM Sterling Connect:Direct Browser User Interface (CVE-2019-10241, CVE-2019-10246 & CVE-2019-10247)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-java-vulnerability-affects-ibm-sterling-connectdirect-browser-user-interface-cve-2019-10241-cve-2019-10246-cve-2019-10247/
IBM Security Bulletin: Clickjacking vulnerability in WebSphere Application Server Liberty Admin Center in IBM Cloud (CVE-2019-4285)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-clickjacking-vulnerability-in-websphere-application-server-liberty-admin-center-in-ibm-cloud-cve-2019-4285/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (CVE-2019-4262)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-server-side-request-forgery-cve-2019-4262/
IBM Security Bulletin:IBM Security Identity Adapters has released a fix in response to the OpenSSL vulnerabilities
https://www.ibm.com/blogs/psirt/ibm-security-bulletinibm-security-identity-adapters-has-released-a-fix-in-response-to-the-openssl-vulnerabilities/
BIG-IQ services for stats vulnerability CVE-2019-6652
https://support.f5.com/csp/article/K23101430
BIG-IP APM Edge Client logging vulnerability CVE-2019-6656
https://support.f5.com/csp/article/K23876153
BIG-IP Analytics vulnerability CVE-2019-6655
https://support.f5.com/csp/article/K31152411
Martian address filtering vulnerability CVE-2019-6654
https://support.f5.com/csp/article/K45644893
BIG-IQ vulnerability CVE-2019-6653
https://support.f5.com/csp/article/K71712132
REST Framework vulnerability CVE-2019-6651
https://support.f5.com/csp/article/K89509323