Tageszusammenfassung - 19.11.2020

End-of-Day report

Timeframe: Mittwoch 18-11-2020 18:00 - Donnerstag 19-11-2020 18:00 Handler: Stephan Richter Co-Handler: n/a

News

Android chat app with 100 million installs exposes private messages

GO SMS Pro, an Android instant messaging application with over 100 million installs, is publicly exposing private multimedia files shared between its users.

https://www.bleepingcomputer.com/news/security/android-chat-app-with-100-million-installs-exposes-private-messages/

CodeQL: Github findet Sicherheitslücke in Corona-Warn-App-Server

Das Sicherheitsteam von Github hat eine Remote Code Execution im Server-Code der Corona-Warn-App gefunden

https://www.golem.de/news/codeql-github-findet-sicherheitsluecke-in-corona-warn-app-server-2011-152244-rss.html

Egregor-Ransomware bombardiert Nutzer mit gedruckten Lösegeldforderungen

Die Cyberkriminellen wenden die Taktik erstmals bei einem Angriff auf einen chilenischen Handelskonzern an. Sie begnügen sich nicht nur mit Office-Druckern und geben ihre Lösegeldforderung sogar auf Quittungsdruckern aus. Unklar ist, wie die Hacker dabei vorgehen.

https://www.zdnet.de/88389908/egregor-ransomware-bombardiert-nutzer-mit-gedruckten-loesegeldforderungen/

Vulnerabilities

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting [...]

https://www.drupal.org/sa-core-2020-012

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider - Critical - Access bypass - SA-CONTRIB-2020-038

https://www.drupal.org/sa-contrib-2020-038

Ink Filepicker - Critical - Unsupported - SA-CONTRIB-2020-037

https://www.drupal.org/sa-contrib-2020-037

Media: oEmbed - Critical - Remote Code Execution - SA-CONTRIB-2020-036

https://www.drupal.org/sa-contrib-2020-036

Examples for Developers - Critical - Remote Code Execution - SA-CONTRIB-2020-035

https://www.drupal.org/sa-contrib-2020-035

VMware SD-WAN Orchestrator updates address multiple security vulnerabilities

Multiple vulnerabilities in SD-WAN Orchestrator were privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products. VMware-hosted SD-WAN Orchestrators have been patched for these issues.

https://www.vmware.com/security/advisories/VMSA-2020-0025.html

Security updates for Thursday

Security updates have been issued by Arch Linux (chromium and firefox), CentOS (bind, curl, fence-agents, kernel, librepo, libvirt, microcode_ctl, python, python3, qt and qt5-qtbase, resource-agents, and tomcat), Debian (drupal7, firefox-esr, jupyter-notebook, packer, python3.5, and rclone), Fedora (firefox), Mageia (firefox, nss), openSUSE (gdm, kernel-firmware, and moinmoin-wiki), Oracle (net-snmp), SUSE (libzypp, zypper), and Ubuntu (c-ares).

https://lwn.net/Articles/837767/

ICS Advisory (ICSA-20-324-03) Real Time Automation EtherNet/IP

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

https://us-cert.cisa.gov/ics/advisories/icsa-20-324-03

Security Advisory - Improper Buffer Operation Restrictions Vulnerability on Huawei Smartphone

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-01-smartphone-en

Security Advisory - Command Injection Vulnerability in Huawei FusionCompute Product

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20201118-01-fusioncompute-en

Security Bulletin: TLS Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) vulnerability in IBM Cloud Pak for Data Streams

https://www.ibm.com/blogs/psirt/security-bulletin-tls-protocol-dhe_export-ciphers-downgrade-mitm-logjam-vulnerability-in-ibm-cloud-pak-for-data-streams/

Security Bulletin: The web server or application server are configured in an insecure way in IBM Cloud Pak for Data Streams

https://www.ibm.com/blogs/psirt/security-bulletin-the-web-server-or-application-server-are-configured-in-an-insecure-way-in-ibm-cloud-pak-for-data-streams/

Security Bulletin: CVE-2020-14782 may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2020-14782-may-affect-ibm-sdk-java-technology-edition/

Security Bulletin: App Connect for Manufacturing 2.0 is affected by vulnerabilities of ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.6 (CVE-2019-17359)

https://www.ibm.com/blogs/psirt/security-bulletin-app-connect-for-manufacturing-2-0-is-affected-by-vulnerabilities-of-asn-1-parser-in-bouncy-castle-crypto-aka-bc-java-1-6-cve-2019-17359/

Security Bulletin: IBM® Db2® is vulnerable to a buffer overflow (CVE-2020-4701)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-is-vulnerable-to-a-buffer-overflow-cve-2020-4701/

Security Bulletin: Security vulnerability affects the Report Builder that is shipped with Jazz Reporting Service (CVE-2020-4718)

https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerability-affects-the-report-builder-that-is-shipped-with-jazz-reporting-service-cve-2020-4718/

Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams

https://www.ibm.com/blogs/psirt/security-bulletin-lucky-13-attack-vulnerability-in-ibm-cloud-pak-for-data-streams/

Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java- Technology Edition

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-ibm-sdk-java-technology-edition-4/

Security Bulletin: Vulnerability in OpenSSH affects IBM Integrated Analytics System

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-openssh-affects-ibm-integrated-analytics-system-3/

Security Bulletin: CVE-2019-17638 jetty double-release of a byte buffer

https://www.ibm.com/blogs/psirt/security-bulletin-cve-2019-17638-jetty-double-release-of-a-byte-buffer/