Security Flaws & Fixes - W/E - 9/6/19
Apple Releases New Product Versions (08/27/2019)
Apple has released multiple advisories to address vulnerabilities within its product lines. Among the products updated are tvOS, macOS Mojave, iOS, and watchOS.
Apple has released multiple advisories to address vulnerabilities within its product lines. Among the products updated are tvOS, macOS Mojave, iOS, and watchOS.
Bluetooth BR/EDR Supported Devices Vulnerable to Key Negotiation Attacks (08/31/2019)
The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to as the Key Negotiation of Bluetooth (KNOB) attack, which is when a third party forces two or more victims to agree on an encryption key with as little as one byte of entropy. The US-CERT posted an advisory with a list of potentially affected vendors.
The encryption key length negotiation process in Bluetooth BR/EDR Core v5.1 and earlier is vulnerable to packet injection by an unauthenticated, adjacent attacker that could result in information disclosure and/or escalation of privileges. This can be achieved using an attack referred to as the Key Negotiation of Bluetooth (KNOB) attack, which is when a third party forces two or more victims to agree on an encryption key with as little as one byte of entropy. The US-CERT posted an advisory with a list of potentially affected vendors.
Cardiology Devices Affected by Incorrect Default Permissions (08/31/2019)
Change Healthcare Cardiology, Horizon Cardiology, and McKesson Cardiology are impacted by a flaw that could allow a locally authenticated user to insert specially crafted files that could result in arbitrary code execution. Further details are available from an ICS-CERT advisory.
Change Healthcare Cardiology, Horizon Cardiology, and McKesson Cardiology are impacted by a flaw that could allow a locally authenticated user to insert specially crafted files that could result in arbitrary code execution. Further details are available from an ICS-CERT advisory.
Check Point Endpoint Security Update Eliminates DLL Bug (08/28/2019)
Check Point Software's Endpoint Security products are vulnerable to privilege escalation and other conditions due to a DLL hijacking bug. To alleviate this vulnerability, the vendor posted an advisory and recommended updating to version E81.30,
Check Point Software's Endpoint Security products are vulnerable to privilege escalation and other conditions due to a DLL hijacking bug. To alleviate this vulnerability, the vendor posted an advisory and recommended updating to version E81.30,
Chrome Update Bashes Security Bug (08/27/2019)
Google Chrome has received a security update to alleviate a use-after-free blink vulnerability.
Google Chrome has received a security update to alleviate a use-after-free blink vulnerability.
Delta Controls Advises on Bug Detected in enteliBUS Controllers (08/27/2019)
Delta Controls' enteliBUS Controllers is vulnerable to a potential buffer overflow that could allow an attacker on the same network to gain complete control of the device's operating system and allow remote code execution. Users are instructed to upgrade from enteliBUS 3.40 firmware to Version 3.40 R6 build 612850. Delta Controls also states it is important buildings are updated to the 3.40 R6 release to mitigate risk. The ICS-CERT has posted an advisory with further information.
Delta Controls' enteliBUS Controllers is vulnerable to a potential buffer overflow that could allow an attacker on the same network to gain complete control of the device's operating system and allow remote code execution. Users are instructed to upgrade from enteliBUS 3.40 firmware to Version 3.40 R6 build 612850. Delta Controls also states it is important buildings are updated to the 3.40 R6 release to mitigate risk. The ICS-CERT has posted an advisory with further information.
Firefox 69 Deflects Tracking Cookies, Cryptominers from Third-Party Sites (09/04/2019)
Mozilla released Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. In Firefox 69, a feature known as Enterprise Tracking Protection is turned on by default to block third-party tracking cookies and cryptocurrency miners. Mozilla's Marissa Wood said in a blog post, "Enhanced Tracking Protection works behind-the-scenes to keep a company from forming a profile of you based on their tracking of your browsing behavior across Web sites - often without your knowledge or consent. Those profiles and the information they contain may then be sold and used for purposes you never knew or intended."
Mozilla released Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9. In Firefox 69, a feature known as Enterprise Tracking Protection is turned on by default to block third-party tracking cookies and cryptocurrency miners. Mozilla's Marissa Wood said in a blog post, "Enhanced Tracking Protection works behind-the-scenes to keep a company from forming a profile of you based on their tracking of your browsing behavior across Web sites - often without your knowledge or consent. Those profiles and the information they contain may then be sold and used for purposes you never knew or intended."
Google Alleviates 50 Bugs with September's Batch of Security Fixes (09/04/2019)
About 50 vulnerabilities have been mitigated in Google's September release of fixes for the Android operating system. Among the fixes is a patch for a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. A second critical bug in Media framework has also been remedied.
About 50 vulnerabilities have been mitigated in Google's September release of fixes for the Android operating system. Among the fixes is a patch for a critical security vulnerability in the Media framework component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. A second critical bug in Media framework has also been remedied.
Image Exposure Possible in Philips HDI 4000 Ultrasound (08/31/2019)
A flaw in Philips' HDI 4000 Ultrasound Systems could lead to exposure of ultrasound images (breaches of confidentiality) and compromised image integrity. The vulnerability does not affect patient safety or systems operations. All versions running on old, unsupported operating systems such as Windows 2000 are affected. The ICS-CERT issued an advisory to provide additional details.
A flaw in Philips' HDI 4000 Ultrasound Systems could lead to exposure of ultrasound images (breaches of confidentiality) and compromised image integrity. The vulnerability does not affect patient safety or systems operations. All versions running on old, unsupported operating systems such as Windows 2000 are affected. The ICS-CERT issued an advisory to provide additional details.
Multiple Android Phones Susceptible to SMS Phishing Attacks (09/04/2019)
Check Point Software researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG, and Sony. In these attacks, a remote agent can trick users into accepting new phone settings that can do various things, including route all their Internet traffic through a proxy controlled by the attacker. This attack vector relies on over-the-air (OTA) provisioning, which is normally used by cellular network operators to deploy network-specific settings to a new phone joining their network. However, the issue enables anyone to send OTA provisioning messages. Check Point warned the affected vendors about this issue in March. Samsung and LG already patched the bug and Huawei is working on a fix. Sony refused to acknowledge the vulnerability, stating that their devices follow the Open Mobile Alliance Client Provisioning specification, which Check Point has deemed to have limited authentication methods.
Check Point Software researchers have identified a susceptibility to advanced phishing attacks in certain modern Android-based phones, including models by Samsung, Huawei, LG, and Sony. In these attacks, a remote agent can trick users into accepting new phone settings that can do various things, including route all their Internet traffic through a proxy controlled by the attacker. This attack vector relies on over-the-air (OTA) provisioning, which is normally used by cellular network operators to deploy network-specific settings to a new phone joining their network. However, the issue enables anyone to send OTA provisioning messages. Check Point warned the affected vendors about this issue in March. Samsung and LG already patched the bug and Huawei is working on a fix. Sony refused to acknowledge the vulnerability, stating that their devices follow the Open Mobile Alliance Client Provisioning specification, which Check Point has deemed to have limited authentication methods.
Multiple Bugs Leave Supermicro BMCs Exposed to Attackers (09/03/2019)
The security team at Eclypsium uncovered vulnerabilities in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to connect to a server and virtually mount any USB device of choosing to the server, remotely over any network including the Internet. At least 47,000 systems have their BMCs exposed to the Internet, the researchers found. The vulnerabilities have been dubbed "USBAnywhere." Supermicro worked with Eclypsium and has developed fixes for USBAnywhere as detailed in a vendor advisory.
The security team at Eclypsium uncovered vulnerabilities in the baseboard management controllers (BMCs) of Supermicro servers, which can allow an attacker to connect to a server and virtually mount any USB device of choosing to the server, remotely over any network including the Internet. At least 47,000 systems have their BMCs exposed to the Internet, the researchers found. The vulnerabilities have been dubbed "USBAnywhere." Supermicro worked with Eclypsium and has developed fixes for USBAnywhere as detailed in a vendor advisory.
Multiple Cisco Advisories, Updates Released (08/31/2019)
Cisco released multiple advisories to address vulnerabilities across its product lines. Among the most critical issues is a vulnerability in Integrated Management Controller Supervisor, UCS Director, and UCS Director Express for Big Data which could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials.
Cisco released multiple advisories to address vulnerabilities across its product lines. Among the most critical issues is a vulnerability in Integrated Management Controller Supervisor, UCS Director, and UCS Director Express for Big Data which could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials.
Samba Releases Security Updates (09/04/2019)
Samba recommends that those using versions from 4.9.0 and up need to update to mitigate security issues. On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file. Users are instructed to read the advisory for further details.
Samba recommends that those using versions from 4.9.0 and up need to update to mitigate security issues. On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file. Users are instructed to read the advisory for further details.
Updates Alleviates Flaws in EZAutomation EZ PLC Editor, EZ Touch Editor (09/03/2019)
EZAutomation's EZ PLC Editor has a vulnerability that could allow an attacker to execute code under the privileges of the application. It is recommended that users update to version 1.9.0 or later. An advisory has been posted by the ICS-CERT. A second advisory details a stack-based overflow issue in EZAutomation's EZ Touch Editor.
EZAutomation's EZ PLC Editor has a vulnerability that could allow an attacker to execute code under the privileges of the application. It is recommended that users update to version 1.9.0 or later. An advisory has been posted by the ICS-CERT. A second advisory details a stack-based overflow issue in EZAutomation's EZ Touch Editor.
Vulnerabilities in Jenkins Plugins Leave Credentials Exposed (08/31/2019)
Trend Micro reported that some Jenkins plugins store unencrypted plain text credentials. As of August 30, the vulnerabilities in the Port Allocator, TestLink, and Caliper CI plugins have not been fixed and the current version of the eggPlant plugin has been deemed deprecated and is not safe to use. Jenkins is an open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. Its plugins allow developers to further the use of core features.
Trend Micro reported that some Jenkins plugins store unencrypted plain text credentials. As of August 30, the vulnerabilities in the Port Allocator, TestLink, and Caliper CI plugins have not been fixed and the current version of the eggPlant plugin has been deemed deprecated and is not safe to use. Jenkins is an open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. Its plugins allow developers to further the use of core features.
Weaknesses in Implementations Can Render HTTP/2 Susceptible to Attacks (08/27/2019)
A US-CERT advisory has been posted to warn that multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. These attacks can consume excessive system resources, potentially enough that a single end-system could cause issues on multiple servers that may lead to distributed DoS attacks. There are at least eight weaknesses that can render HTTP/2 insecure and it is imperative that users install the latest updates on HTTP/2 implementations. A matrix of affected products and vulnerabilities is provided within the advisory.
A US-CERT advisory has been posted to warn that multiple HTTP/2 implementations are vulnerable to a variety of denial-of-service (DoS) attacks. These attacks can consume excessive system resources, potentially enough that a single end-system could cause issues on multiple servers that may lead to distributed DoS attacks. There are at least eight weaknesses that can render HTTP/2 insecure and it is imperative that users install the latest updates on HTTP/2 implementations. A matrix of affected products and vulnerabilities is provided within the advisory.