Tuesday, March 19, 2019

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe Digital Editions (APSB19-16) and Adobe Photoshop CC (APSB19-15). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Security Updates Available for ColdFusion (APSB19-14)

Adobe has published a Security Bulletin (APSB19-14) regarding the availability of hotfixes for ColdFusion versions 2018, 2016 and 11. These hotfixes resolve a Critical file upload restriction bypass (CVE-2019-7816) that could result in arbitrary code execution in the context of the running ColdFusion service.  Adobe recommends customers apply the...

Security updates available for Adobe Acrobat and Reader (APSB19-13)

Adobe has published a security bulletin for Adobe Acrobat and Reader (APSB19-13). These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive information disclosure in the context of the current user,...

Android

Apple

Apple macOS 10.13.5 Local Privilege Escalation

Apple macOS version 10.13.5 local privilege escalation exploit.

Apple Security Advisory 2019-2-07-1

Apple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption vulnerabilities.

Apple Security Advisory 2019-2-07-3

Apple Security Advisory 2019-2-07-3 - Shortcuts 2.1.3 for iOS is now available and addresses information disclosure and sandbox escape vulnerabilities.

Apple Security Advisory 2019-2-07-1

Apple Security Advisory 2019-2-07-1 - iOS 12.1.4 is now available and addresses memory corruption and logic issues.

AWS

Container Security Issue (CVE-2019-5736)

February 11, 2019 7:00 AM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is required to address this issue. Amazon Linux An updated version...

Kubernetes Security Issues (CVE-2018-18264 and kubectl proxy)

January 4, 2019 9:00 AM PST AWS is aware of the two recent security issues disclosed within Kubernetes regarding the Kubernetes API server ("kubectl proxy"), and the Kubernetes Dashboard (CVE-2018-18264). Amazon Elastic Container Service for Kubernetes (EKS) is not affected by the "kubectl proxy" issue, and no customer action...

Kubernetes Security Issue (CVE-2018-1002105)

2018/12/04 1:00 PM PST AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after 2:00 PM PST on December 4, 2018 will be launched...

CERT

VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans,an overflow condition can be triggered,overwriting certain block pool data structures. Because many devices conduct automatic background network...

VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscription,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscription feature will attempt to negotiate with the arbitrary web server using NTLM...

VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow

CWE-122:Heap-based Buffer Overflow - CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that"an attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account."This remote code execution vulnerability exists in Windows DNS servers when they fail...

Cisco

Container Privilege Escalation Vulnerability Affecting Cisco Products: February 2019

A vulnerability in the Open Container Initiative runc CLI tool used by multiple products could allow an unauthenticated, remote attacker to escalate privileges on a targeted system. The vulnerability exists because the affected software improperly handles file descriptors related to /proc/self/exe. An attacker could exploit the vulnerability either by persuading...

Cisco NX-OS Software Unauthorized Filesystem Access Vulnerability

A vulnerability in the filesystem permissions of Cisco NX-OS Software could allow an authenticated, local attacker to gain read and write access to a critical configuration file. The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device. An attacker could exploit this vulnerability by...

Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability

A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by...

Citrix

Citrix Application Delivery Management (ADM) Agent Security Update

CTX247738 NewApplicable Products :  Citrix Application Delivery ManagementA vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be used for

Citrix XenServer Multiple Security Updates

CTX246572 NewApplicable Products :  XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.5, XenServer 7.6A number of security vulnerabilities have been identified in Citrix XenServer that, depending on configuration, may allow a malicious user of a PV guest VM to crash or compromise the host.These vulnerabilities affect...

TLS Padding Oracle Vulnerability in Citrix Application Delivery Controller (ADC) and NetScaler Gateway

CTX240139 NewApplicable Products :  NetScaler 10.5, NetScaler 11.0, NetScaler 11.1, NetScaler 12.0, NetScaler 12.1, NetScaler Gateway 10.5, NetScaler Gateway 11.0, NetScaler Gateway 11.1, NetScaler Gateway 12.0A vulnerability has been identified in the Citrix Application Delivery Controller (ADC) formally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that could allow an attacker to exploit the appliance...

Drupal

Drupal core – Highly critical – Remote Code Execution – SA-CORE-2019-003

Project: Drupal coreDate: 2019-February-20Security risk: Highly critical 20∕25 AC:None/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Remote Code ExecutionCVE IDs: CVE-2019-6340Description: Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8...

Drupal core – Critical – Third Party Libraries – SA-CORE-2019-001

Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:User/CI:All/II:All/E:Proof/TD:UncommonVulnerability: Third Party Libraries Description: Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.Solution: If you are using Drupal 8.6.x, upgrade to Drupal 8.6.6. If you are using Drupal 8.5.x or earlier, upgrade...

Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2019-002

Project: Drupal coreDate: 2019-January-16Security risk: Critical 16∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:AllVulnerability: Arbitrary PHP code executionDescription: A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code (core, contrib, and custom) may be performing file operations on insufficiently validated user input, thereby being exposed to this...

F5 Networks

OpenSSL vulnerability CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 Security Advisory Security Advisory Description If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_ ...

PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641

PHP vulnerabilities CVE-2019-9638, CVE-2019-9639, CVE-2019-9640, and CVE-2019-9641 Security Advisory Security Advisory Description CVE-2019-9638 An issue was discovered in the EXIF component in ...

BIND vulnerability CVE-2018-5745

BIND vulnerability CVE-2018-5745 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a ...

BIG-IP ARM BGP vulnerability CVE-2018-17539

BIG-IP ARM BGP vulnerability CVE-2018-17539 Security Advisory Security Advisory Description The BGP daemon (bgpd) in all IP Infusion ZebOS versions to 7.10.6 and all OcNOS versions to 1.3.3.145 ...

Have I Been Pwned?

ixigo – 17,204,697 breached accounts

In January 2019, the travel and hotel booking site ixigo suffered a data breach. The data appeared for sale on a dark web marketplace the following month and included over 17M unique email addresses alongside names, genders, phone numbers, connections to Facebook profiles and passwords stored as MD5 hashes....

Houzz – 48,881,308 breached accounts

In mid-2018, the housing design website Houzz suffered a data breach. The company learned of the incident later that year then disclosed it to impacted members in February 2019. Almost 49 million unique email addresses were in the breach alongside names, IP addresses, geographic locations and either salted hashes...

Verifications.io – 763,117,241 breached accounts

In February 2019, the email address validation service verifications.io suffered a data breach. The breach was due to the data being stored in a MongoDB instance left publicly facing without a password and resulted in 763 million unique email addresses being exposed. Many records within the data also included...

ICS-CERT

AVEVA InduSoft Web Studio and InTouch Edge HMI

This advisory includes mitigations for an uncontrolled search path element vulnerability in AVEVA's InduSoft Web Studio and InTouch Edge human machine interface software.

Columbia Weather Systems MicroServer

This advisory includes mitigations for cross-site scripting, path traversal, improper authentication, improper input validation, and code injection vulnerabilities in Columbia Weather Systems MicroServer weather monitoring system.

LCDS – Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files

This advisory includes mitigations for an out-of-bounds write vulnerability in LCDS's LAquis SCADA industrial automation software.

LCDS LAquis SCADA ELS Files

This advisory includes mitigations for an out-of-bounds write vulnerability in LCDS's LAquis SCADA industrial automation software.

Juniper Networks

Magento

Microsoft

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec!

The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a Product Security Operations Forum at LocoMocoSec on...

Call for Papers | Microsoft BlueHat Shanghai 2019

The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented security...

Practical advice for earning higher Microsoft bounty awards

This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core pieces of advice. First, focus...

Oracle

Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication...

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Symantec

SYMSA1475-Norton Password Manager Address Spoof

Symantec has released an update to address an issue that was discovered in the Norton Password Manager product.

SYMSA1469-OpenSSH Vulnerabilities Jan-Aug 2018

Symantec Network Protection products using affected versions of OpenSSH are susceptible to several vulnerabilities.  A remote attacker, with access to the management interface, can obtain usernames for valid SSH users and cause denial of service through application crashes.

SYMSA1467-Linux Kernel Aug 2017 – Sep 2018 Vulnerabilities

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can obtain unauthorized read/write access to local files, cause denial of service, and possible execute arbitrary code.

Tenable

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.

[R1] Nessus 7.1.4 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. One third-party component (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of...

US-CERT

Mozilla Releases Security Updates for Firefox

Original release date: March 19, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories...

Microsoft Ending Support for Windows 7

Original release date: March 19, 2019All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:•         Technical support for any issues•         Software updates•        ...

Now Available: Recording of Chinese Malicious Cyber Activity Briefing

Original release date: March 19, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).   CISA encourages MSPs and their customers to...

VMware

VMware and Pwn2Own Vancouver 2019

We wanted to post a quick acknowledgement that VMware will have representatives in attendance at Pwn2Own Vancouver 2019 to review any vulnerabilities that may be demonstrated during the security contest. Stay tuned for further updates. As always please sign up for our VMware Security Advisories here for new and updated information. The post VMware and Pwn2Own Vancouver 2019 appeared first on VMware Security & Compliance Blog.

New VMware Security Advisories VMSA-2019-0002 & VMSA-2019-0003

VMware has released the following new security advisories: VMSA-2019-0002 – VMware Workstation update addresses elevation of privilege issues. This documents important severity elevation of privilege issues. Issue (a) (CVE-2019-5511). Workstation does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege. Issue (b) (CVE-2019-5512). COM classes are not handled appropriately. Successful...

WordPress

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in...

WordPress 5.0.1 Security Release

WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which...