Tuesday, March 19, 2019
CERT

VU#730261: Marvell Avastar wireless SoCs have multiple vulnerabilities

A presentation at the ZeroNights 2018 conference describes multiple security issues with Marvell Avastar SoCs(models 88W8787,88W8797,88W8801,and 88W8897). The presentation provides some detail about a block pool memory overflow. During Wi-Fi network scans,an overflow condition can be triggered,overwriting certain block...
CERT

VU#465632: Microsoft Exchange 2013 and newer are vulnerable to NTLM relay attacks

Microsoft Exchange supports a API called Exchange Web Services(EWS). One of the EWS API functions is called PushSubscription,which can be used to cause the Exchange server to connect to an arbitrary website. Connections made using the PushSubscription feature will...
CERT

VU#531281: Microsoft Windows DNS servers are vulnerable to heap overflow

CWE-122:Heap-based Buffer Overflow - CVE-2018-8626 Microsoft Windows Domain Name System(DNS)servers are vulnerable to heap overflow attacks. Microsoft acknowledges that"an attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Local System Account."This remote code...
CERT

VU#289907: Microsoft Windows Kernel Transaction Manager (KTM) is vulnerable to a race condition

CWE-362:Concurrent Execution using Shared Resource with Improper Synchronization('Race Condition')- CVE-2018-8611 According to Microsoft,the Windows kernel fails"to properly handle objects in memory". A successful attacker could run arbitrary code in kernel mode,and then"install programs; view,change,or delete data; or create new...
CERT

VU#228297: Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to generate a script to advertise a product to Windows,which handles shortcut and registry information associated with an installed application. The MsiAdvertiseProduct contains a race condition while performing checks,which...
CERT

VU#741315: A Dokan file driver contains a stack-based buffer overflow

CWE-121:Stack-based Buffer Overflow - CVE-2018-5410 Dokan,versions between 1.0.0.5000 and 1.2.0.1000,are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the...
CERT

VU#573168: Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

Microsoft Internet Explorer contains a scripting engine,which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine...
CERT

VU#756913: Pixars Tractor contains a stored cross-site scripting vulnerability

CWE-79:Improper Neutralization of Input During Web Page Generation - CVE-2018-5411 Pixar's Tractor software,versions 2.2 and earlier,contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information...
CERT

VU#395981: Self-Encrypting Drives Have Multiple Vulnerabilities

CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by...
CERT

VU#339704: Cisco ASA and FTD SIP Inspection denial-of-service vulnerability

Cisco Adaptive Security Appliance(ASA)software and Cisco Firepower Threat Defense(FTD)software fails to properly parse SIP traffic,which can allow an attacker to trigger high CPU usage,resulting in a denial-of-service condition on affected devices. This vulnerability is exposed if SIP Inspection is...
CERT

VU#317277: Texas Instruments Microcontrollers CC2640 and CC2650 are vulnerable to heap overflow

CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-16986 Both Texas Instruments microcontrollers CC2640 and CC2650 BLE-Stacks contain a memory corruption vulnerability resulting from the mishandling of BLE advertising packets. The function llGetAdvChanPDU that is...
CERT

VU#581311: TP-Link EAP Controller lacks RMI authentication and is vulnerable to deserialization attacks

CWE-306:Missing Authentication for Critical Function - CVE-2018-5393 EAP Controller for Linux utilizes a Java remote method invocation(RMI)service for remote control. The RMI interface does not require any authentication before use. Remote attackers can implement deserialization attacks through the RMI...
CERT

VU#598349: Automatic DNS registration and proxy autodiscovery allow spoofing of network services

The Web Proxy Automatic Discovery(WPAD)protocol is used to automatically provide proxy configuration information to devices on a network. Clients issue a special DHCP request to obtain the information for the proxy configuration,but will fall back on a DNS request...
CERT

VU#176301: Auto-Maskin DCU 210E RP 210E and Marine Pro Observer App

CWE 798:୕se of Hard-Coded Credentials - CVE–2018-5399 The DCU 210E firmware contains an undocumented Dropbear SSH server with a hardcoded username and password. The password is easily susceptible to cracking. CWE-346:୏rigin Validation Error - CVE–2018-5400 The Auto-Maskin products utilize...
CERT

VU#906424: Microsoft Windows task scheduler contains a local privilege escalation vulnerability in the ALPC interface

The Microsoft Windows task scheduler SchRpcSetSecurity API contains a vulnerability in the handling of ALPC,which can allow an authenticated user to overwrite the contents of a file that should be protected by filesystem ACLs. This can be leveraged to...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.