Tageszusammenfassung - 13.11.2020

End-of-Day report

Timeframe: Donnerstag 12-11-2020 18:00 - Freitag 13-11-2020 18:00 Handler: Dimitri Robl Co-Handler: Stephan Richter

News

Ubuntu Linux schließt Lücken: Im Handumdrehen zum Systemverwalter

Ein Sicherheitsforscher stolperte über eine Lücken-Kombo, mit der einfache Nutzer einen Account mit Sudo-Rechten anlegen konnten. Ubuntu hat diese nun gefixt.

https://heise.de/-4960051

Unbreak My Heart: What I Learned About Building Better Medical Devices While Troubleshooting My Pacemaker

This blog outlines the story of Veronica Schmitts journey to fixing her ICD/Pacemaker using Medical Device Forensics.

https://www.sans.org/blog/unbreak-my-heart-what-i-learned-about-building-better-medical-devices-while-troubleshooting-my-pacemaker

A new skimmer uses WebSockets and a fake credit card form to steal sensitive data

A new skimmer attack was discovered this week, targeting various online e-commerce sites built with different frameworks. As of the writing of this blog post, the attack is still active and exfiltrating data.

https://blogs.akamai.com/2020/11/a-new-skimmer-uses-websockets-and-a-fake-credit-card-form-to-steal-sensitive-data.html

DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels

SAD DNS is a revival of the classic DNS cache poisoning attack (which no longer works since 2008) leveraging novel network side channels that exist in all modern operating systems, including Linux, Windows, macOS, and FreeBSD. This represents an important milestone -- the first weaponizable network side channel attack that has serious security impacts. The attack allows an off-path attacker to inject a malicious DNS record into a DNS cache (e.g., in BIND, Unbound, dnsmasq).

https://www.saddns.net/

Surviving college distance learning during the pandemic: a cybersecurity guide

Students in higher education are exposed to online risks more than ever. Keep yourself secure while distance learning from home with this practical guide.

https://blog.malwarebytes.com/how-tos-2/2020/11/surviving-college-distance-learning-during-the-pandemic-a-cybersecurity-guide/

Vulnerabilities

Schneider Electric sichert diverse ICS-Komponenten gegen Schwachstellen ab

Für Hard- und Software zur Konfiguration und Verwaltung industrieller Steuerungssysteme von Schneider Electric sind wichtige Sicherheitsupdates verfügbar.

https://heise.de/-4959299

ICS Advisory (ICSA-20-317-01) Mitsubishi Electric MELSEC iQ-R Series

A denial-of-service vulnerability due to uncontrolled resource consumption exists in MELSEC iQ-R series CPU modules. This vulnerability does not affect products when the "To Use or Not to Use Web Server" parameter of CPU modules is set to "Not Use." The default setting is "Not Use."

https://us-cert.cisa.gov/ics/advisories/icsa-20-317-01

PostgreSQL 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24 Released!

The PostgreSQL Global Development Group has released an update to all supported versions of our database system, including 13.1, 12.5, 11.10, 10.15, 9.6.20, and 9.5.24. This release closes three security vulnerabilities and fixes over 65 bugs reported over the last three months. Due to the nature of CVE-2020-25695, we advise you to update as soon as possible. Additionally, this is the second-to-last release of PostgreSQL 9.5. If you are running PostgreSQL 9.5 in a production environment, we [...]

https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/

Security updates for Friday

Security updates have been issued by Debian (libproxy, pacemaker, and thunderbird), Fedora (nss), openSUSE (kernel), Oracle (curl, librepo, qt and qt5-qtbase, and tomcat), Red Hat (firefox), SUSE (firefox, java-1_7_0-openjdk, and openldap2), and Ubuntu (apport, libmaxminddb, openjdk-8, openjdk-lts, and slirp).

https://lwn.net/Articles/837105/

Citrix Hypervisor Security Update

A security issue has been identified in Citrix Hypervisor that may allow privileged code running in a guest VM to infer details of some computations occurring in other VMs on the host. This may, for example, be used to infer a secret encryption key used [...]

https://support.citrix.com/article/CTX285937

Citrix SDWAN Center Security Update

Multiple vulnerabilities have been discovered in Citrix SD-WAN Center that, if exploited, could allow an unauthenticated attacker with network access to SD-WAN Center to perform arbitrary code execution as root.

https://support.citrix.com/article/CTX285061

Security Bulletin: App Connect Enterprise Certified Container Designer instances may be vulnerable to CVE-2020-7760

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-enterprise-certified-container-designer-instances-may-be-vulnerable-to-cve-2020-7760/

Security Bulletin: Novalink is impacted by Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)

https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-by-vulnerability-in-hibernate-validator-affects-websphere-application-server-liberty-cve-2020-10693/

Security Bulletin: Novalink is impacted running oauth-2.0 or openidConnectServer-1.0 server features vulnerability in WebSphere Application Server Liberty (CVE-2020-4590)

https://www.ibm.com/blogs/psirt/security-bulletin-novalink-is-impacted-running-oauth-2-0-or-openidconnectserver-1-0-server-features-vulnerability-in-websphere-application-server-liberty-cve-2020-4590/

Security Bulletin: Vulnerability in icu CVE-2020-10531.

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-icu-cve-2020-10531/

Security Bulletin: Vulnerability in Open Source Python affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-8492)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-open-source-python-affect-ibm-tivoli-application-dependency-discovery-manager-cve-2020-8492/

Security Bulletin: Vulnerabilities in IBM Java SDK affecting IBM Application Discovery and Delivery Intelligence V5.1.0.7 and V5.1.0.8

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-ibm-java-sdk-affecting-ibm-application-discovery-and-delivery-intelligence-v5-1-0-7-and-v5-1-0-8/

Security Bulletin: Vulnerabilities in Tivoli Netcool/OMNIbus

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-tivoli-netcool-omnibus/

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssl-affects-ibm-integrated-analytics-system-2/

Security Bulletin: Samba for IBM i is affected by CVE-2020-14323 and CVE-2020-14318

https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-affected-by-cve-2020-14323-and-cve-2020-14318-2/

Security Bulletin: Vulnerabilities in Node.js affect IBM Spectrum Control (CVE-2020-8201, CVE-2020-8252)

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-node-js-affect-ibm-spectrum-control-cve-2020-8201-cve-2020-8252/

Security Bulletin: CVE-2020-4482 ADD SNAPSHOT STATUS REST CALL DOESN'T CHECK THE USER ROLE

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-4482-add-snapshot-status-rest-call-doesnt-check-the-user-role/

Security Bulletin: Apache Struts (Publicly disclosed vulnerability) affects Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

https://www.ibm.com/blogs/psirt/security-bulletin-apache-struts-publicly-disclosed-vulnerability-affects-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-col-4/

Security Bulletin: CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory.

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2018-10886-ant-before-version-1-9-12-unzip-and-untar-targets-allows-the-extraction-of-files-outside-the-target-directory/

Security Bulletin: IBM Security Directory Suite is affected by a security vulnerability (CVE-2018-4441)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-directory-suite-is-affected-by-a-security-vulnerability-cve-2018-4441/

Security Bulletin: IBM Security Guardium Insights is affected by IBM SDK, Java Technology Edition Quarterly CPU - Apr 2020 vulnerabilities

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-insights-is-affected-by-ibm-sdk-java-technology-edition-quarterly-cpu-apr-2020-vulnerabilities-2/

Security Bulletin:Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956)

https://www.ibm.com/blogs/psirt/security-bulletinsecurity-bulletin-ibm-content-navigator-is-affected-by-a-vulnerability-in-apache-httpclient-cve-2020-13956/

Security Bulletin: A vulnerability in Ruby on Rails affects IBM License Metric Tool v9 (CVE-2019-16779).

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ruby-on-rails-affects-ibm-license-metric-tool-v9-cve-2019-16779/