Security Flaws & Fixes - W/E - 01/11/19
"Smart" LED Light Bulbs Leak Sensitive Data, Allow for Password Brute-Forcing (12/26/2018)
Researchers at Symantec have detected security issues in a remote-controlled, full-color LED light bulb that can be bought online, is easy to use and integrate with popular voice-activated smart assistants, and is a low-priced brand. In order to set up and use the light bulb to its full extent, the user has to install a smartphone app and create a free account. The light bulb will then be added to the local Wi-Fi network and can be controlled remotely through the Internet. While analyzing the network traffic, Symantec's team noticed that the smartphone application was mostly using plain HTTP requests to interact with the backend in the cloud and some of the unencrypted requests contained private information. Thus, anyone with access to the network could potentially sniff this traffic and brute-force the password hash. In addition, the application does not provide an option to change the password; once the user has chosen one, it is fixed. Equipped with this data, an attacker could log into the account and take over all of the user's light bulbs.
Researchers at Symantec have detected security issues in a remote-controlled, full-color LED light bulb that can be bought online, is easy to use and integrate with popular voice-activated smart assistants, and is a low-priced brand. In order to set up and use the light bulb to its full extent, the user has to install a smartphone app and create a free account. The light bulb will then be added to the local Wi-Fi network and can be controlled remotely through the Internet. While analyzing the network traffic, Symantec's team noticed that the smartphone application was mostly using plain HTTP requests to interact with the backend in the cloud and some of the unencrypted requests contained private information. Thus, anyone with access to the network could potentially sniff this traffic and brute-force the password hash. In addition, the application does not provide an option to change the password; once the user has chosen one, it is fixed. Equipped with this data, an attacker could log into the account and take over all of the user's light bulbs.
Acrobat and Reader Receive Adobe Security Updates (01/02/2019)
Adobe released updates for Acrobat and Reader for Windows and MacOS due to critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe released updates for Acrobat and Reader for Windows and MacOS due to critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe Pushes Out Updates for Flash Player, Other Products (01/08/2019)
Adobe has plugged an information disclosure hole in Digital Editions and a session token exposure bug in Connect. The vendor also released updates for Flash Player.
Adobe has plugged an information disclosure hole in Digital Editions and a session token exposure bug in Connect. The vendor also released updates for Flash Player.
Advisory Posted for Yokogawa Vnet/IP Open Communication Driver (01/03/2019)
The Vnet/IP Open Communication Driver from Yokogawa is vulnerable to a resource management error, which could lead to a denial-of-service condition. The vendor recommends users of affected devices and versions update to the latest available release. The ICS-CERT has provided more information in its own advisory.
The Vnet/IP Open Communication Driver from Yokogawa is vulnerable to a resource management error, which could lead to a denial-of-service condition. The vendor recommends users of affected devices and versions update to the latest available release. The ICS-CERT has provided more information in its own advisory.
Authentication Bypass Issue Affects Hetronic Nova-M (01/03/2019)
An ICS-CERT advisory details an authentication bypass that was found in Hetronic's Nova-M transmitters and receivers. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. Hetronic recommends that all Nova-M users update their radio transmitters to firmware version r161. Different firmware versions are available for the affected receivers.
An ICS-CERT advisory details an authentication bypass that was found in Hetronic's Nova-M transmitters and receivers. Successful exploitation of this vulnerability could allow unauthorized users to view commands, replay commands, control the device, or stop the device from running. Hetronic recommends that all Nova-M users update their radio transmitters to firmware version r161. Different firmware versions are available for the affected receivers.
CDC Continues Efforts to Improve Security to Its Systems, Information (12/26/2018)
Although the Centers for Disease Control (CDC) implemented technical controls and an information security program that were intended to safeguard the confidentiality, integrity, and availability of its systems and data, some issues remain and increased risks are possible. The Government Accountability Office (GAO) has periodically reviewed the CDC's efforts and a December report discusses the extent to which CDC has taken corrective actions. The GAO said that the CDC has implemented 102 of its prior 195 security recommendations and that the agency expects to implement more before September 2019.
Although the Centers for Disease Control (CDC) implemented technical controls and an information security program that were intended to safeguard the confidentiality, integrity, and availability of its systems and data, some issues remain and increased risks are possible. The Government Accountability Office (GAO) has periodically reviewed the CDC's efforts and a December report discusses the extent to which CDC has taken corrective actions. The GAO said that the CDC has implemented 102 of its prior 195 security recommendations and that the agency expects to implement more before September 2019.
Cisco Advisories Discuss Product Vulnerabilities (01/10/2019)
Multiple vulnerabilities in Cisco products have resulted in the vendor issuing more than 20 advisories. Among the most critical issues is a memory corruption denial-of-service condition in the vendor's Email Security Appliance.
Multiple vulnerabilities in Cisco products have resulted in the vendor issuing more than 20 advisories. Among the most critical issues is a memory corruption denial-of-service condition in the vendor's Email Security Appliance.
Critical Vulnerabilities Fixed in Microsoft Windows, Server (01/08/2019)
The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Windows Kernel Transaction Manager is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Microsoft has posted security updates. Also, Windows DNS servers are vulnerable to heap overflow attacks, enabling unauthenticated attackers to send malicious requests to affected servers. Updates are available from Microsoft.
The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Windows Kernel Transaction Manager is vulnerable to a race condition because it fails to properly handle objects in memory, which can result in local privilege escalation. Microsoft has posted security updates. Also, Windows DNS servers are vulnerable to heap overflow attacks, enabling unauthenticated attackers to send malicious requests to affected servers. Updates are available from Microsoft.
Google Secures Android with January Bulletin of Fixes (01/09/2019)
The Android operating system has received updates to resolve more than 20 vulnerabilities in Google's January release of security fixes. The most critical patch in the 2019-01-01security patch level is for a System remote code execution vulnerability. Regarding the 2019-01-05 security patch level, a critical vulnerability was alleviated in the Qualcomm closed-source component.
The Android operating system has received updates to resolve more than 20 vulnerabilities in Google's January release of security fixes. The most critical patch in the 2019-01-01security patch level is for a System remote code execution vulnerability. Regarding the 2019-01-05 security patch level, a critical vulnerability was alleviated in the Qualcomm closed-source component.
Guardzilla Home Surveillance System Lets Anyone View Footage (12/28/2018)
The Guardzilla Internet of Things-enabled home video surveillance system contains a shared Amazon Simple Storage Service credential used for storing saved video data. Because of this design, all users of the Guardzilla All-In-One Video Security System can access each other's saved home video, Rapid7 stated in an advisory. This hard-coded credential flaw was disclosed to Guardzilla but after 60 days and no notification of a fix, Rapid7 went public with details. Researchers at 0DayAllDayfound the vulnerability and released their own advisory.
The Guardzilla Internet of Things-enabled home video surveillance system contains a shared Amazon Simple Storage Service credential used for storing saved video data. Because of this design, all users of the Guardzilla All-In-One Video Security System can access each other's saved home video, Rapid7 stated in an advisory. This hard-coded credential flaw was disclosed to Guardzilla but after 60 days and no notification of a fix, Rapid7 went public with details. Researchers at 0DayAllDayfound the vulnerability and released their own advisory.
Horner Automation's Cscape Affected by Improper Input Validation Vulnerability (12/26/2018)
An ICS-CERT advisory presents information regarding an improper input validation bug in Horner Automation's Cscape Control System Application programming software. The operation of any OCS device programmed with an affected version of Cscape is not compromised. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.80 SP4).
An ICS-CERT advisory presents information regarding an improper input validation bug in Horner Automation's Cscape Control System Application programming software. The operation of any OCS device programmed with an affected version of Cscape is not compromised. Horner Automation recommends affected users update to the latest version of Cscape (Version 9.80 SP4).
Intel Boots Privilege Escalation Bug in PROSet/Wireless Wi-Fi Software (01/09/2019)
Intel released updates due to an escalation of privilege in its PROSet/Wireless Wi-Fi Software. The fixed version is 20.90.0.7.
Intel released updates due to an escalation of privilege in its PROSet/Wireless Wi-Fi Software. The fixed version is 20.90.0.7.
Intel Discloses Security Vulnerability (01/03/2019)
Intel has disclosed a security vulnerability that could allow an unauthorized party to "improperly gather sensitive data from many types of computing devices." These software analysis methods provide access from "many types of computing devices with different vendors' processors and operating systems."
Intel has disclosed a security vulnerability that could allow an unauthorized party to "improperly gather sensitive data from many types of computing devices." These software analysis methods provide access from "many types of computing devices with different vendors' processors and operating systems."
Juniper Networks Releases Multiple Advisories and Updates (01/10/2019)
Juniper Networks posted 19 bulletins to address security issues across its product lines. Users of Juniper products should read the advisories and apply any updates that have been issued.
Juniper Networks posted 19 bulletins to address security issues across its product lines. Users of Juniper products should read the advisories and apply any updates that have been issued.
Mac Cleanup Utility Found Riddled with Vulnerabilities (01/03/2019)
Several vulnerabilities in MacPaw's CleanMyMac X software have been disclosed by the Cisco Talos team. Among the vulnerabilities are privilege escalation and denial-of-service bugs, but all issues have been resolved in version 4.2.0. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them.
Several vulnerabilities in MacPaw's CleanMyMac X software have been disclosed by the Cisco Talos team. Among the vulnerabilities are privilege escalation and denial-of-service bugs, but all issues have been resolved in version 4.2.0. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them.
Microsoft Patches Skype Bug that Exposed Pics, Other User Info (01/08/2019)
A bug in Skype for Android could have enabled an unauthenticated individual to review photos and contacts and open links in a browser, security researcher Florian Kunushevci warned. The bug, which was reported to Microsoft in October, has since been fixed.
A bug in Skype for Android could have enabled an unauthenticated individual to review photos and contacts and open links in a browser, security researcher Florian Kunushevci warned. The bug, which was reported to Microsoft in October, has since been fixed.
Microsoft Releases First Monthly Security Batch of Fixes for 2019 (01/09/2019)
Microsoft released security fixes for its products, issuing patches for the Windows operating system and related software. The updates in this January batch include fixes for Internet Explorer, Edge, Office, SharePoint, .NET Framework, and Exchange. There are 49 updates in Microsoft's batch and the vendor has rated seven of those fixes to be critical.
Microsoft released security fixes for its products, issuing patches for the Windows operating system and related software. The updates in this January batch include fixes for Internet Explorer, Edge, Office, SharePoint, .NET Framework, and Exchange. There are 49 updates in Microsoft's batch and the vendor has rated seven of those fixes to be critical.
Orange Livebox ADSL Modems Found Exposing Credentials (12/26/2018)
Security firm Bad Packets spotted an issue with Orange Livebox ADSL modems in which they enabled remote unauthenticated users to obtain the device's SSID and Wi-Fi password. Scans from Shodan determined that 19,490 devices were leaking their Wi-Fi credentials (SSID/password) in plaintext. Many of the devices found to be leaking their Wi-Fi password use the same password to administer the device (password reuse) or have not configured any custom password.
Security firm Bad Packets spotted an issue with Orange Livebox ADSL modems in which they enabled remote unauthenticated users to obtain the device's SSID and Wi-Fi password. Scans from Shodan determined that 19,490 devices were leaking their Wi-Fi credentials (SSID/password) in plaintext. Many of the devices found to be leaking their Wi-Fi password use the same password to administer the device (password reuse) or have not configured any custom password.
Rockwell Automation FactoryTalk Services Platform Has Critical Vulnerability (12/26/2018)
The FactoryTalk Services Platform from Rockwell Automation requires an update to avoid a heap-based buffer overflow condition, an ICS-CERT advisory states. Successful exploitation of this vulnerability could allow a remote attacker to diminish communications or cause a complete denial-of-service to the device.
The FactoryTalk Services Platform from Rockwell Automation requires an update to avoid a heap-based buffer overflow condition, an ICS-CERT advisory states. Successful exploitation of this vulnerability could allow a remote attacker to diminish communications or cause a complete denial-of-service to the device.
SAP Releases 11 Updates on Security Patch Day (01/09/2019)
SAP's Security Patch Day consists of 11 security advisories, including two that are rated as "Hot News" or the most critical. These notifications address multiple vulnerabilities in Cloud Connector and an information disclosure in Landscape Management.
SAP's Security Patch Day consists of 11 security advisories, including two that are rated as "Hot News" or the most critical. These notifications address multiple vulnerabilities in Cloud Connector and an information disclosure in Landscape Management.
Scapy Tool Can Be Exploited to Cause DoS Condition (01/09/2019)
Two Imperva researchers discovered that Scapy, a packet manipulation tool written in Python and used by cybersecurity researchers and network engineers, is susceptible to a denial-of-service vulnerability. Scapy uses a heuristic algorithm to determine the type of network packet it is inspecting and because the algorithm relies on port numbers, the packet type can be spoofed. The vulnerability occurs when Scapy is tricked into thinking a network packet is a RADIUS packet. Although this bug was reported and patched, the current Scapy version (2.4.0) available from the Python pip repositories is susceptible to this attack.
Two Imperva researchers discovered that Scapy, a packet manipulation tool written in Python and used by cybersecurity researchers and network engineers, is susceptible to a denial-of-service vulnerability. Scapy uses a heuristic algorithm to determine the type of network packet it is inspecting and because the algorithm relies on port numbers, the packet type can be spoofed. The vulnerability occurs when Scapy is tricked into thinking a network packet is a RADIUS packet. Although this bug was reported and patched, the current Scapy version (2.4.0) available from the Python pip repositories is susceptible to this attack.
Schneider Electric Updates Zelio Soft, Advises on IIoT Monitor (01/08/2019)
Schneider Electric posted a notification regarding a use-after-free vulnerability in Zelio Soft 2 v5.1 and prior versions. This issue can cause a remote code execution, but v5.2 provides a fix. A second advisory offers information regarding multiple vulnerabilities in the IIoT Monitor.
Schneider Electric posted a notification regarding a use-after-free vulnerability in Zelio Soft 2 v5.1 and prior versions. This issue can cause a remote code execution, but v5.2 provides a fix. A second advisory offers information regarding multiple vulnerabilities in the IIoT Monitor.
Security Bug Detected in Schneider Electric Pro-face GP-Pro EX (01/03/2019)
Schneider Electric's Pro-face GP-Pro EX contains an improper input validation bug, which could enable an attacker to modify code to launch an arbitrary executable upon launch of the program. Further information is available from an advisoryposted by the vendor and a separate advisory from the ICS-CERT.
Schneider Electric's Pro-face GP-Pro EX contains an improper input validation bug, which could enable an attacker to modify code to launch an arbitrary executable upon launch of the program. Further information is available from an advisoryposted by the vendor and a separate advisory from the ICS-CERT.
Siemens Addresses Vulnerabilities Across Product Lines (01/08/2019)
Siemens has released more than 10 advisories to address security issues and flaws within its product lines. Among these issues are denial-of-service bugs in the vendor's S7-1500 CPU and SIMATIC S7-300 CPU, a heap overflow vulnerability across multiple product families, and multiple flaws in its industrial products.
Siemens has released more than 10 advisories to address security issues and flaws within its product lines. Among these issues are denial-of-service bugs in the vendor's S7-1500 CPU and SIMATIC S7-300 CPU, a heap overflow vulnerability across multiple product families, and multiple flaws in its industrial products.
Stack-Based Overflow Issue Found in Dokan File Driver (12/26/2018)
A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine. Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable. Further details are posted in an advisory from the CERT Coordination Center.
A system driver in the Dokan Open Source File System contains a stack-based buffer overflow, which could allow an attacker to gain elevated privileges on the host machine. Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable. Further details are posted in an advisory from the CERT Coordination Center.
Unpatched Kernel Buffer Overflow Bug Detected in IBM Trusteer Rapport for MacOS (12/26/2018)
Trustwave reported a kernel based vulnerability in a driver bundled along with IBM Trusteer Rapport for MacOS. The vulnerability is a signedness bug leading to a kernel stack memory corruption issue in a call to memcpy. While Trustwave worked closely with IBM throughout the disclosure process, after 120 days a patch still was not made available. However, the bug can only be exploited locally. Those affected should verify that only authorized users can log in to those systems.
Trustwave reported a kernel based vulnerability in a driver bundled along with IBM Trusteer Rapport for MacOS. The vulnerability is a signedness bug leading to a kernel stack memory corruption issue in a call to memcpy. While Trustwave worked closely with IBM throughout the disclosure process, after 120 days a patch still was not made available. However, the bug can only be exploited locally. Those affected should verify that only authorized users can log in to those systems.
Upgrade Resolves Open Redirect in Schneider Electric's EcoStruxure (12/26/2018)
Schneider Electric's EcoStruxure, an Internet of Things-enabled architecture and platform, contains an open redirect vulnerability. Users are instructed to upgrade to a fixed version. Further information is available from an advisory posted by the ICS-CERT.
Schneider Electric's EcoStruxure, an Internet of Things-enabled architecture and platform, contains an open redirect vulnerability. Users are instructed to upgrade to a fixed version. Further information is available from an advisory posted by the ICS-CERT.
Windows MsiAdvertiseProduct Function Has Privilege Escalation Bug (12/26/2018)
An advisory warns that Microsoft Windows MsiAdvertiseProduct function contains a race-condition vulnerability, which can allow an authentication attacker to elevate privileges to read protected files. Exploit code for this vulnerability is publicly available. A fix or patch is not currently available, according to the Software Engineering Institute at Carnegie Mellon University.
An advisory warns that Microsoft Windows MsiAdvertiseProduct function contains a race-condition vulnerability, which can allow an authentication attacker to elevate privileges to read protected files. Exploit code for this vulnerability is publicly available. A fix or patch is not currently available, according to the Software Engineering Institute at Carnegie Mellon University.