Tageszusammenfassung - 27.05.2020

End-of-Day report

Timeframe: Dienstag 26-05-2020 18:00 - Mittwoch 27-05-2020 18:00 Handler: Thomas Pribitzer Co-Handler: Stephan Richter Co-Handler: Robert Waldner

News

Netgear-Router: Update-Prozess unsicher, Hersteller schweigt

Der Firmware-Updater einiger Netgear-Router wie dem Nighthawk R7000 ist offenbar unsicher. Dies hat das IoT-Lab der University of Applied Sciences Upper Austria (FH Oberösterreich) herausgefunden. Ob und wie der Hersteller auf das Problem reagiert ist indes völlig unklar - der Hersteller hüllt sich seit Wochen in Schweigen.

https://heise.de/-4766025

Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015)

Windows 7 and Server 2008 R2 users without Extended Security Updates have just received a micropatch for CVE-2020-1015, a memory corruption vulnerability in User-Mode Power Service that could allow a local attacker to execute arbitrary code as Local System.This vulnerability was patched by Microsoft with April 2020 Updates, but Windows 7 and Server 2008 R2 users without Extended Security Updates remained vulnerable.

https://blog.0patch.com/2020/05/micropatch-available-for-user-mode.html

Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt!

Der Weg über angebliche Speditionen ist eine beliebte Betrugsmasche beim Privatverkauf. Vor allem teure Waren, die auf Kleinanzeigenportale inseriert werden, locken BetrügerInnen an. Die vermeintlichen KäuferInnen erklären, dass sie im Ausland sind und daher der Kauf über eine Spedition abgewickelt werden soll. Hier gilt es vorsichtig zu sein, denn die Opfer werden aufgefordert das Geld für die Spedition zu überweisen. Das Unternehmen existiert jedoch gar

https://www.watchlist-internet.at/news/vorsicht-bei-privatverkauf-betrug-mit-speditionen-boomt/

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

Eighteen of the 26 bugs impact Linux. Eleven have been patched already.

https://www.zdnet.com/article/new-fuzzing-tool-finds-26-usb-bugs-in-linux-windows-macos-and-freebsd/

Vulnerabilities

Security updates for Wednesday

Security updates have been issued by Debian (drupal7 and unbound), Fedora (libEMF and transmission), Mageia (dojo, log4net, nginx, nodejs-set-value, sleuthkit, and transmission), Red Hat (rh-maven35-jackson-databind), SUSE (dpdk and mariadb-connector-c), and Ubuntu (thunderbird).

https://lwn.net/Articles/821530/

BOSCH-SA-363824-BT

Multiple Vulnerabilities in Bosch Recording Station (BRS)

https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-sa-363824-bt_cve-2017-0144_cve-2019-0708_cve-2020-6774_security_advisory_brs.pdf

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-02-smartphone-en

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

http://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200527-05-smartphone-en

Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-cross-site-scripting-cve-2020-4358/

Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-cryptographic-algorithm-cve-2020-4350/

Security Bulletin: User Credentials submitted using GET method

https://www.ibm.com/blogs/psirt/security-bulletin-user-credentials-submitted-using-get-method/

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tieringcve-2020-7238-2/

Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4349/

Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-weak-crypto-algorithm-cve-2020-4379/

Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444)

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-netty-affect-ibm-spectrum-scale-transparent-cloud-tiering-cve-2019-20445-cve-2019-20444/

Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357)

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-spectrum-scale-gui-is-affected-by-verbose-error-message-cve-2020-4357/

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 - January 2020

https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-virtualization-engine-ts7700-january-2020/

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-netty-affects-ibm-spectrum-scale-transparent-cloud-tieringcve-2020-7238/

Tageszusammenfassung - 27.05.2020

End-of-Day report

News

Netgear-Router: Update-Prozess unsicher, Hersteller schweigt

Micropatch Available for User-Mode Power Service Memory Corruption (CVE-2020-1015)

Vorsicht bei Privatverkauf: Betrug mit Speditionen boomt!

New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

Vulnerabilities

Security updates for Wednesday

BOSCH-SA-363824-BT

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

Security Advisory - Privilege Escalation Vulnerability in Some Huawei Products

Security Advisory - Denial of Service Vulnerability in Some Huawei Products

Security Advisory - Kr00k Vulnerability in Broadcom Wi-Fi chips

Security Advisory - Stack Buffer Overflow Vulnerability in Several Products

Security Advisory - Information Disclosure Vulnerability in Several Smartphones

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

Security Advisory - Improper Authorization Vulnerability in Several Smartphones

Security Advisory - Improper Authentication Vulnerability in Several Smartphones

Security Bulletin: IBM Spectrum Scale GUI is affected by cross-site scripting (CVE-2020-4358)

Security Bulletin: IBM Spectrum Scale GUI is affected by weak cryptographic algorithm (CVE-2020-4350)

Security Bulletin: User Credentials submitted using GET method

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)

Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349)

Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4379)

Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444)

Security Bulletin: IBM Spectrum Scale GUI is affected by verbose error message (CVE-2020-4357)

Security Bulletin: Vulnerability in IBM Java SDK affects IBM Virtualization Engine TS7700 - January 2020

Security Bulletin: A vulnerability in netty affects IBM Spectrum Scale Transparent Cloud Tiering(CVE-2020-7238)