End-of-Day report
Timeframe: Dienstag 09-11-2021 18:00 - Mittwoch 10-11-2021 18:00
Handler: Stephan Richter
Co-Handler: Wolfgang Menezes
News
Researcher Details Vulnerabilities Found in AWS API Gateway
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
https://www.darkreading.com/vulnerabilities-threats/researcher-details-vulnerabilities-found-in-aws-api-gateway
Unboxing BusyBox - 14 new vulnerabilities uncovered by Claroty and JFrog
Using static and dynamic techniques, Claroty-s Team82 and JFrog discovered 14 vulnerabilities affecting the latest version of BusyBox. All vulnerabilities were privately disclosed and fixed by BusyBox in version 1.34.0.
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
Patchday: Microsoft warnt vor Attacken auf Excel und Exchange
Abermals haben es Angreifer Exchange Server abgesehen. Außerdem gibt es wichtige Sicherheitsupdates für Azure, Office, Windows & Co.
https://heise.de/-6263036
Patchday: SAP schließt kritische Sicherheitslücke
Am Patch-Tuesday hat auch SAP Aktualisierungen für seine Produkte veröffentlicht. Ein Fix behandelt eine kritische Lücke im ABAP Platform Kernel.
https://heise.de/-6263099
Cisco Talos finds 10 vulnerabilities in Azure Sphere-s Linux kernel, Security Monitor and Pluton
Today, we-re disclosing another 10 vulnerabilities in Azure Sphere - two of which are on the Linux side, seven that exist in Security Monitor and one in the Pluton security subsystem.
https://blog.talosintelligence.com/2021/11/cisco-talos-finds-10-vulnerabilities-in.html
Achtung: Momentan kursieren zahlreiche E-Mails mit Schadsoftware
Kriminelle versenden momentan gefälschte E-Mails im Namen von Electrolux, Weitzer Parkett Vertriebs GmbH und der TU Wien. Wer ein komisches E-Mail mit der Aufforderung einen Anhang zu öffnen erhält, sollte besonders vorsichtig sein. Im Anhang befindet sich Schadsoftware!
https://www.watchlist-internet.at/news/achtung-momentan-kursieren-zahlreiche-e-mails-mit-schadsoftware/
Vulnerabilities
AMD Server Vulnerabilities - November 2021
During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC- AGESA- PI packages.
https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021
IBM Security Bulletins
Cloud Pak for Multicloud Management Infrastructure Management, Cloud Pak for Multicloud Management Managed Services, Rational Business Developer, InfoSphere Information Server
https://www.ibm.com/blogs/psirt/
Open Design Alliance (ODA) Security Advisories
ODA PRC SDK, Drawings SDK, ODA Viewer
https://www.opendesign.com/security-advisories
Security updates for Wednesday
Security updates have been issued by Debian (openjdk-8 and samba), Fedora (community-mysql, firefox, and vim), openSUSE (binutils, kernel, and tinyxml), Red Hat (annobin, autotrace, babel, bind, binutils, bluez, compat-exiv2-026, container-tools:2.0, container-tools:3.0, container-tools:rhel8, cups, curl, dnf, dnsmasq, edk2, exiv2, file, file-roller, firefox, gcc, gcc-toolset-10-annobin, gcc-toolset-10-binutils, gcc-toolset-10-gcc, gcc-toolset-11-annobin, gcc-toolset-11-binutils,[...]
https://lwn.net/Articles/875708/
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
https://us-cert.cisa.gov/ncas/current-activity/2021/11/09/adobe-releases-security-updates-multiple-products
BSRT-2021-003 Vulnerabilities Impact BlackBerry Protect for Windows
https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000088685
ZDI-21-1302: Ivanti Avalanche EnterpriseServer Service SQL Injection Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1302/
ZDI-21-1301: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1301/
ZDI-21-1300: Ivanti Avalanche User Management Improper Authentication Privilege Escalation Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1300/
ZDI-21-1299: Ivanti Avalanche Filestore Management Arbitrary File Upload Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1299/
ZDI-21-1298: Ivanti Avalanche JNLP File Improper Access Control Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-21-1298/
Technical Advisory - Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/
INTEL-SA-00481
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00481.html
INTEL-SA-00560
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00560.html
INTEL-SA-00568
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00568.html
INTEL-SA-00569
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html
INTEL-SA-00567
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00567.html
VMSA-2021-0025
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Samba 4.15.2, 4.14.10, 4.13.14 security releases available
https://lwn.net/Articles/875565/
Philips MRI 1.5T and 3T
https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01
OSIsoft PI Vision
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-05
OSIsoft PI Web API
https://us-cert.cisa.gov/ics/advisories/icsa-21-313-06
NVIDIA GPU Display Driver Advisory - October 2021
http://support.lenovo.com/product_security/PS500449-NVIDIA-GPU-DISPLAY-DRIVER-ADVISORY-OCTOBER-2021
NetApp Clustered Data ONTAP Vulnerabilities
http://support.lenovo.com/product_security/PS500448-NETAPP-CLUSTERED-DATA-ONTAP-VULNERABILITIES
Realtek Driver Privilege Escalation Vulnerability
http://support.lenovo.com/product_security/PS500447-REALTEK-DRIVER-PRIVILEGE-ESCALATION-VULNERABILITY
Multi-vendor BIOS Security Vulnerabilities (November 2021)
http://support.lenovo.com/product_security/PS500446-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2021