Wednesday, June 19, 2019

Adobe

Security Bulletins Posted

Adobe has published security bulletins for Adobe ColdFusion (APSB19-27), Adobe Flash Player (APSB19-30) and Adobe Campaign (APSB19-28). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Security Bulletins Posted

Adobe has published security bulletins for Adobe Acrobat and Reader (APSB19-18), Adobe Flash Player (APSB19-26) and Adobe Media Encoder (APSB19-29). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin. This posting is provided “AS IS” with no warranties and confers no rights.

Upcoming Security Updates for Adobe Acrobat and Reader (APSB19-18)

A prenotification security advisory (APSB19-18) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for Tuesday, May 14, 2019. We will continue to provide updates on the upcoming release via the Security Bulletins and Advisories page as well as the Adobe PSIRT Blog. This posting is provided “AS IS”...

Android

Apple

Apple Security Advisory 2019-5-30-1

Apple Security Advisory 2019-5-30-1 - AirPort Base Station Firmware Update 7.9.1 is now available and addresses denial of service and null pointer vulnerabilities.

Apple Security Advisory 2019-5-28-1

Apple Security Advisory 2019-5-28-1 - iTunes for Windows 12.9.5 is now available and addresses code execution vulnerabilities.

Apple Security Advisory 2019-5-28-2

Apple Security Advisory 2019-5-28-2 - iCloud for Windows 7.12 is now available and addresses code execution vulnerabilities.

Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

AWS

Linux Kernel TCP SACK Denial of Service Issues

June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three recently-disclosed issues which affect the TCP processing subsystem of the Linux kernel. Specifically, a malicious TCP client or server can transmit a specially crafted series of packets that may cause the Linux kernel of any...

Intel Quarterly Security Release (QSR) 2019.1

May 14, 2019 10:00 AM PDT CVE Identifiers: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Xen Security Advisories: XSA-297 Intel has published a security advisory (INTEL-SA-00233) regarding new information disclosure methods "Microarchitectural Data Sampling" (MDS) related to their processors. In parallel, the Xen security team have released Xen Security Advisory 297. AWS has...

Kubernetes Security Issues (CVE-2019-1002101 and CVE-2019-9946)

March 28, 2019 10:00AM PDT AWS is aware of two recently disclosed security issues in Kubernetes (CVE-2019-1002101 and CVE-2019-9946). With the exception of the AWS services listed below, no customer action is required to address these issues. Amazon Elastic Container Service for Kubernetes (EKS) Amazon EKS's managed Kubernetes control...

CERT

VU#576688: Microsoft windows RDP Network Level Authenticaion can bypass the Windows lock screen

Microsoft Windows Remote Desktop supports a feature called Network Level Authentication(NLA),which moves the authentication aspect of a remote session from the RDP layer to the network-layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol. In Windows a session can...

VU#877837: Multiple vulnerabilities in Quest (Dell) Kace K1000 Appliance

CVE-2018-5404:The Dell Kace K1000 Appliance allows an authenticated,remote attacker with least privileges('User Console Only' role)to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. (CWE-89) CVE-2018-5405:The Dell Kace K1000 Appliance allows an authenticated least privileged user with‘User Console Only’rights...

VU#119704: Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation vulnerability

Task Scheduler is a set of Microsoft Windows components that allows for the execution of scheduled tasks. The front-end components of Task Scheduler,such as schtasks.exe,are interfaces that allow for users to view,create,and modify scheduled tasks. The back-end part of Task Scheduler is a Windows service that runs with SYSTEM...

Cisco

Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit...

Cisco Identity Services Engine Privileged Account Sensitive Information Disclosure Vulnerability

A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain confidential information for privileged accounts. The vulnerability is due to the improper handling of confidential information. An attacker could exploit this vulnerability by logging into the web interface on a...

Offline Cryptographic Attacks Targeting the Wi-Fi Protected Access 2 Protocol

On August 4, 2018, Jens Steube from the Hashcat project published an article introducing a new method to obtain cryptographic information from wireless traffic that can then be used by an attacker to attempt the offline recovery of the preshared key (PSK) used to secure a Wi-Fi network. Both the...

Citrix

Improper Access Control Vulnerability in AppDNA

CTX253828 NewApplicable Products :  Citrix Virtual Apps and DesktopsA vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution.This vulnerability has been assigned the followi

Citrix Hypervisor Security Update

CTX251995 NewApplicable Products :  Citrix Hypervisor 8.0, XenServer 7.0, XenServer 7.1 LTSR Cumulative Update 2, XenServer 7.6A number of security issues have been identified in certain CPU hardware that may allow unprivileged code running on a CPU core to infer the value of memory data belonging to other processes, virtual machines or the...

Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows

CTX251986 NewApplicable Products :  Citrix Workspace App, Receiver for WindowsA vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution

Drupal

Drupal core – Moderately critical – Third-party libraries – SA-CORE-2019-007

Project: Drupal coreDate: 2019-May-08Security risk: Moderately critical 14∕25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Third-party librariesDescription: This security release fixes third-party dependencies included in or required by Drupal core. As described in TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor: In order to intercept file invocations like file_exists or stat on compromised Phar archives the base name has to be...

Drupal core – Moderately critical – Cross Site Scripting – SA-CORE-2019-006

Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 10∕25 AC:Complex/A:Admin/CI:Some/II:Some/E:Theoretical/TD:UncommonVulnerability: Cross Site ScriptingDescription: The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized...

Drupal core – Moderately critical – Multiple Vulnerabilities – SA-CORE-2019-005

Project: Drupal coreDate: 2019-April-17Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Multiple Vulnerabilities Description: This security release fixes third-party dependencies included in or required by Drupal core. Validation messages were not escaped when using the form theme of the PHP templating engine which, when validation messages may contain user input, could result in an XSS....

F5 Networks

Intel CSME and SPS vulnerability CVE-2019-0093

Intel CSME and SPS vulnerability CVE-2019-0093 Security Advisory Security Advisory Description Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8 ...

Intel Server Platform Services vulnerability CVE-2019-0089

Intel Server Platform Services vulnerability CVE-2019-0089 Security Advisory Security Advisory Description Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS ...

Excess resource consumption due to low MSS values vulnerability CVE-2019-11479

Excess resource consumption due to low MSS values vulnerability CVE-2019-11479 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or ...

Linux SACK Slowness vulnerability CVE-2019-11478

Linux SACK Slowness vulnerability CVE-2019-11478 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it ...

Have I Been Pwned?

D3Scene – 568,827 breached accounts

In January 2016, the gaming website D3Scene, suffered a data breach. The compromised vBulletin forum exposed 569k million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Emuparadise – 1,131,229 breached accounts

In April 2018, the self-proclaimed "biggest retro gaming website on earth", Emupardise suffered a date breach. The compromised vBulletin forum exposed 1.1 million email addresses, IP address, usernames and passwords stored as salted MD5 hashes. The data was provided to HIBP by dehashed.com.

Ordine Avvocati di Roma – 41,960 breached accounts

In May 2019, the Lawyers Order of Rome suffered a data breach by a group claiming to be Anonymous Italy. Data on tens of thousands of Roman lawyers was taken from the breached system and redistributed online. The data included contact information, email addresses and email messages themselves encompassing...

ICS-CERT

BD Alaris Gateway Workstation

This medical advisory includes mitigations for improper access control and unrestricted upload of file with dangerous type vulnerabilities reported in BD’s Alaris Gateway Workstation.

Johnson Controls exacqVision Enterprise System Manager

This advisory includes mitigations for an improper authorization vulnerability reported in Johnson Controls' exacqVision Enterprise System Manager.

WAGO Industrial Managed Switches 852-303, 852-1305, and 852-1505

This advisory includes mitigations for use of hard-coded credentials, and using components with known vulnerabilities, and use of hard-coded cryptographic key vulnerabilities reported in WAGO's Industrial Managed Switches.

Siemens Siveillance VMS

This advisory includes mitigations for an improper authorization, incorrect user management, and missing authorization vulnerabilities reported in Siemens' Siveillance VMS video management software.

Juniper Networks

Magento

Microsoft

Prevent the impact of a Linux worm by updating Exim (CVE-2019-10149)

This week, MSRC confirmed the presence of an active Linux worm leveraging a critical Remote Code Execution (RCE) vulnerability, CVE-2019-10149, in Linux Exim email servers running Exim version 4.87 to 4.91. Azure customers running VMs with Exim 4.92 are not affected by this vulnerability.  Azure has controls in place to help...

June 2019 security update release

Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.    More information about this month’s security updates can be found on the Security Update Guide.  

BlueHat Shanghai 2019: Amplifying the power of defensive partnerships around the world

Earlier this week BlueHat Shanghai brought together security researchers and hundreds of cybersecurity professionals from China and across Asia to explore the latest topics in cybersecurity research. Including presentations from Qihoo 360, Baidu, Alibaba and the Chinese Academy of Sciences, BlueHat Shanghai highlighted incredibly talented Chinese researchers and focused...

Oracle

Splunk

Splunk Enterprise and Splunk Light address one vulnerability

Description Splunk Enterprise and Splunk Light address one vulnerability Persistent Cross Site Scripting in Splunk Web (SPL-138827, CVE-2019-5727) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication...

Splunk-Python-SDK address one vulnerability

Description Splunk-Python-SDK address one vulnerability Untrusted TLS server certs verification is not present (CVE-2019-5729) At the time of this announcement, Splunk is not aware of any cases where these vulnerabilities have been actively exploited. Previous Product Security Announcements can be found on our Splunk Product Security Portal. Use SPL numbers when referencing issues in communication with Splunk. If there...

Symantec

SYMSA1484-DLP Cross Site Scripting

Symantec has released updates to address an issue that was discovered in the DLP product.

SYMSA1426-SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities (aka Meltdown and Spectre attacks). A remote attacker, with the ability to execute arbitrary code locally on the target, can obtain sensitive information from...

Tenable

[R1] Nessus Agent 7.4.0 Fixes One Third-party Vulnerability

Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a single vulnerability, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library...

[R1] Nessus 8.3.0 Fixes Multiple Third-party Vulnerabilities

Nessus leverages third-party software to help provide underlying functionality. Two separate third-party components (OpenSSL and Moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address...

[R1] Nessus 8.2.2 Fixes One Vulnerability

Nessus versions 8.2.1 and earlier were found to contain a stored XSS vulnerability due to improper validation of user-supplied input. An authenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a user's browser session.

US-CERT

Oracle Releases Security Advisory for WebLogic

Original release date: June 19, 2019Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and...

Samba Releases Security Updates

Original release date: June 19, 2019The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review...

DHS Email Phishing Scam

Original release date: June 18, 2019The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a...

VMware

VMSA-2018-0011 Revisited

Greetings from the VMware Security Response Center! It has come to our attention that a previously resolved vulnerability identified by CVE-2018-6961 which affected VMware SD-WAN Edge (Velocloud) prior to v3.1.2 has been reported to be included as one of multiple injection methods for a newly discovered variant of the Mirai malware. Unit 42 has a good write up on what they have discovered here: https://unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-targets-additional-iot-devices. VMware is actively conducting our own...

New VMware Security Advisory VMSA-2019-0009

Today, VMware has released the following new security advisory: “VMSA-2019-0009 – VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities (CVE-2019-5522, CVE-2019-5525)” This documents the remediation of two important severity issues in VMware Tools and VMware Workstation respectively. Issue (a) CVE-2019-5522 an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. A local attacker with non-administrative access to a Windows...

WordPress

WordPress 5.1.1 Security and Maintenance Release

WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in...