End-of-Day report
Timeframe: Donnerstag 26-03-2020 18:00 - Freitag 27-03-2020 18:00
Handler: Thomas Pribitzer
Co-Handler: Stephan Richter
News
Bug: Kein durchgängiges VPN unter iOS
Alte Verbindungen werden unter iOS derzeit am VPN vorbeigeleitet.
https://www.golem.de/news/bug-kein-durchgaengiges-vpn-unter-ios-2003-147552-rss.html
Corona-Malware-Kampagne im Namen der WHO über manipulierte Routereinstellungen
Manipulierte DNS-Settings von D-Link- und Linksys-Routern leiten auf angebliche Warnhinweise der World Health Organization, hinter denen sich Malware verbirgt.
https://heise.de/-4692092
Micropatching Unknown 0days in Windows Type 1 Font Parsing
Three days ago, Microsoft published a security advisory alerting about two vulnerabilities in Windows font parsing, which were noticed as being exploited in "limited targeted Windows 7 based attacks." These vulnerabilities currently dont have an official vendor fix. As weve done before in a similar situation, we decided to provide our users with a micropatch to protect [...]
https://blog.0patch.com/2020/03/micropatching-unknown-0days-in-windows.html
Unseriöser Online-Shop: silahmall.com
Antiquitäten, Kleidung, Schmuck und Uhren, Möbel oder Computer-Zubehör. Der Online-Shop silahmall.com bietet eine breite Produktpalette an und verspricht hochwertige Qualität. Die Seite verlockt zum Einkaufen. Doch seien Sie vorsichtig! Wir raten von einer Bestellung ab, da es kein Impressum auf der Seite gibt und die einzige angegebene Kontaktmöglichkeit unseriös ist.
https://www.watchlist-internet.at/news/unserioeser-online-shop-silahmallcom/
Vulnerabilities
Advantech WebAccess
This advisory contains mitigations for a stack-based buffer overflow vulnerability in Advantechs WebAccess HMI platform.
https://www.us-cert.gov/ics/advisories/icsa-20-086-01
VISAM Automation Base (VBASE)
This advisory contains mitigations for several vulnerabilities in VISAMs VBASE automation platform.
https://www.us-cert.gov/ics/advisories/icsa-20-084-01
Schneider Electric IGSS SCADA Software
This advisory contains mitigations for path traversal and missing authentication for critical function vulnerabilities in the Schneider Electric ICSS SCADA software.
https://www.us-cert.gov/ics/advisories/icsa-20-084-02
Critical CODESYS Bug Allows Remote Code Execution
CVE-2020-10245, a heap-based buffer overflow that rates 10 out of 10 in severity, exists in the CODESYS web server and takes little skill to exploit.
https://threatpost.com/critical-codesys-bug-remote-code-execution/154213/
[Wikitech-l] MediaWiki Extensions and Skins Security Release Supplement (1.31.7/1.33.3/1.34.1)
With the security/maintenance release of MediaWiki 1.31.7/1.33.3/1.34.1 [0], we would also like to provide this supplementary announcement of MediaWiki extensions and skins with now-public Phabricator tasks, security patches and backports [1]: [...]
https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093245.html
Security updates for Friday
Security updates have been issued by Debian (bluez and php5), Fedora (chromium, kernel, and PyYAML), Gentoo (adobe-flash, libvpx, php, qtcore, and unzip), openSUSE (chromium, kernel, and mcpp), Oracle (ipmitool and libvncserver), Red Hat (ipmitool and rh-postgresql10-postgresql), Slackware (kernel), and SUSE (ldns and tomcat6).
https://lwn.net/Articles/816130/
OTRS: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K20-0268
MediaWiki: Schwachstelle ermöglicht Cross-Site Scripting
http://www.cert-bund.de/advisoryshort/CB-K20-0271
PHOENIX CONTACT Local Privilege Escalation in PC WORX SRT
https://cert.vde.com/de-de/advisories/vde-2020-012
PHOENIX CONTACT Local Privilege Escalation in Portico Remote desktop control software
https://cert.vde.com/de-de/advisories/vde-2020-013
Security Bulletin: WebSphere Liberty susceptible to HTTP2 implementation vulnerabilities
https://www.ibm.com/blogs/psirt/security-bulletin-websphere-liberty-susceptible-to-http2-implementation-vulnerabilities-2/
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct File Agent
https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-sterling-connectdirect-file-agent/
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-2/
BIG-IP TMM Ram Cache vulnerability CVE-2020-5861
https://support.f5.com/csp/article/K22113131
BIG-IP HTTP profile vulnerability CVE-2020-5857
https://support.f5.com/csp/article/K70275209
BIG-IP HTTP/3 QUIC vulnerability CVE-2020-5859
https://support.f5.com/csp/article/K61367237
BIG-IP AWS vulnerability CVE-2020-5862
https://support.f5.com/csp/article/K01054113
BIG-IP tmsh vulnerability CVE-2020-5858
https://support.f5.com/csp/article/K36814487