Security Flaws & Fixes - W/E - 11/22/19
Additional Vulnerable D-Link Routers Won't Receive Security Updates (11/20/2019)
D-Link updated an advisory to warn that additional routers may be vulnerable to critical remote code execution bugs. However, these devices will not receive patches as they have reached end-of-life/end-of-service, according to the vendor. DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L, and DIR-862 are all included within this advisory as being impacted.
D-Link updated an advisory to warn that additional routers may be vulnerable to critical remote code execution bugs. However, these devices will not receive patches as they have reached end-of-life/end-of-service, according to the vendor. DIR-866, DIR-655, DHP-1565, DIR-652, DAP-1533, DGL-5500, DIR-130, DIR-330, DIR-615, DIR-825, DIR-835, DIR-855L, and DIR-862 are all included within this advisory as being impacted.
Android Camera Bugs Enable Attackers to Stealthily Spy on Victims (11/19/2019)
Scientists at Checkmarx have observed likely abuse scenarios in Android cameras. The team uncovered multiple permission bypass bugs in the Google Pixel 2 XL and Pixel 3 and the same vulnerabilities were also detected in Samsung smartphones. The team stated, "After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung's Camera app."
Scientists at Checkmarx have observed likely abuse scenarios in Android cameras. The team uncovered multiple permission bypass bugs in the Google Pixel 2 XL and Pixel 3 and the same vulnerabilities were also detected in Samsung smartphones. The team stated, "After a detailed analysis of the Google Camera app, our team found that by manipulating specific actions and intents, an attacker can control the app to take photos and/or record videos through a rogue application that has no permissions to do so. Additionally, we found that certain attack scenarios enable malicious actors to circumvent various storage permission policies, giving them access to stored videos and photos, as well as GPS metadata embedded in photos, to locate the user by taking a photo or video and parsing the proper EXIF data. This same technique also applied to Samsung's Camera app."
Four Bugs in Flexera FlexNet Publisher Fixed Via Updates (11/20/2019)
The ICS-CERT posted an advisory in regards to four vulnerabilities affecting Flexera's FlexNet Publisher, a software license manager. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Users have been instructed to update to Version 2018 R4 or newer as soon as possible.
The ICS-CERT posted an advisory in regards to four vulnerabilities affecting Flexera's FlexNet Publisher, a software license manager. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Users have been instructed to update to Version 2018 R4 or newer as soon as possible.
Google Fixes Two Bluetooth Bugs with Chrome Update (11/20/2019)
Google rolled out version 78.0.3904.108 of Chrome for Windows, Mac, and Linux. The update includes five security fixes, including patches for a use-after free issue in Bluetooth and an out-of-bounds bug also in Bluetooth.
Google rolled out version 78.0.3904.108 of Chrome for Windows, Mac, and Linux. The update includes five security fixes, including patches for a use-after free issue in Bluetooth and an out-of-bounds bug also in Bluetooth.
ISC's BIND Receives Security Update (11/21/2019)
The Internet Systems Consortium (ISC) posted an advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). According to the advisory, a client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache.
The Internet Systems Consortium (ISC) posted an advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). According to the advisory, a client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache.
Long-Fixed Bugs Found Negatively Impacting Android Apps (11/21/2019)
Check Point Software's research shows that even fixed vulnerabilities can have a negative impact on newly created apps, as outdated code is reused. When an app is developed, it can use dozens of reusable components, or native libraries, which are often derived from open-source projects, or incorporate fragments of code. When a bug is found and fixed in an open-source project, its maintainers typically have no control over the native libraries which may be affected by the vulnerability, nor the apps using the native libraries. An app may continue to use the outdated code version. Check Point conducted a scan of apps on Google Play to assess vulnerable libraries and chose three specific bugs to review. Of those three, hundreds of popular apps were impacted, along with the millions of people who have downloaded them.
Check Point Software's research shows that even fixed vulnerabilities can have a negative impact on newly created apps, as outdated code is reused. When an app is developed, it can use dozens of reusable components, or native libraries, which are often derived from open-source projects, or incorporate fragments of code. When a bug is found and fixed in an open-source project, its maintainers typically have no control over the native libraries which may be affected by the vulnerability, nor the apps using the native libraries. An app may continue to use the outdated code version. Check Point conducted a scan of apps on Google Play to assess vulnerable libraries and chose three specific bugs to review. Of those three, hundreds of popular apps were impacted, along with the millions of people who have downloaded them.
NSA Warns of Risks Involved with Transport Layer Security Inspection (11/19/2019)
The National Security Agency (NSA) posted an advisory to discuss and manage risks associated with Transport Layer Security Inspection (TLSI). The advisory defines TLSI, which is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network, along with the risks that are involved in it. Finally, the NSA offers mitigation techniques.
The National Security Agency (NSA) posted an advisory to discuss and manage risks associated with Transport Layer Security Inspection (TLSI). The advisory defines TLSI, which is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the traffic before it enters or leaves the network, along with the risks that are involved in it. Finally, the NSA offers mitigation techniques.
Patch Released for Outlook for Android Spoofing Vulnerability (11/21/2019)
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. Microsoft issued an update to plug this vulnerability.
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. Microsoft issued an update to plug this vulnerability.
Privilege Escalation in UAC Gives Miscreants Keys to Windows Kingdom (11/20/2019)
A bug in the Windows UAC (User Account Control) mechanism could result in the escalation of privileges, researchers at Zero-Day Initiative (ZDI) have warned. Microsoft patched the issue on November 12.
A bug in the Windows UAC (User Account Control) mechanism could result in the escalation of privileges, researchers at Zero-Day Initiative (ZDI) have warned. Microsoft patched the issue on November 12.
RCE Condition Possible Due to Default Config Bug in Apache Solr (11/21/2019)
A configuration flaw in Apache Solr that was originally discovered in July has been upgraded from "low" to "severe" after it was determined that the vulnerability could result in a remote code execution. Tenable reported this change. The flaw is in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions (JMX) monitoring on the RMI_PORT (default 18983) is allowed. Anyone with access to a vulnerable Solr server, and, in turn, JMX, could upload malicious code that could then be executed. Apache has issued an advisory.
A configuration flaw in Apache Solr that was originally discovered in July has been upgraded from "low" to "severe" after it was determined that the vulnerability could result in a remote code execution. Tenable reported this change. The flaw is in the default configuration of the solr.in.sh file in Apache Solr. If this file is used in its default configuration in versions 8.1.1 and 8.2.0, unauthenticated access to the Java Management Extensions (JMX) monitoring on the RMI_PORT (default 18983) is allowed. Anyone with access to a vulnerable Solr server, and, in turn, JMX, could upload malicious code that could then be executed. Apache has issued an advisory.
Vulnerability in Philips IntelliBridge EC40, EC80 Getting Patched Soon (11/19/2019)
Philips has become aware of a potential issue with inadequate encryption strength associated with the IntelliBridge EC40 and EC80 Hub. Successful exploitation of this issue may allow an unauthorized user access to the hub and may allow access to execute software, modify system configuration, or view/update files, including unidentifiable patient data. Philips plans a new release to remediate this issue by the end of Q3 2020.
Philips has become aware of a potential issue with inadequate encryption strength associated with the IntelliBridge EC40 and EC80 Hub. Successful exploitation of this issue may allow an unauthorized user access to the hub and may allow access to execute software, modify system configuration, or view/update files, including unidentifiable patient data. Philips plans a new release to remediate this issue by the end of Q3 2020.
WhatsApp RCE, DoS Bug Gets Patched (11/19/2019)
Facebook booted a stack-based buffer overflow that could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a denial-of-service or remote code execution. This vulnerability affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.
Facebook booted a stack-based buffer overflow that could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a denial-of-service or remote code execution. This vulnerability affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Windows Phone versions before and including 2.18.368, Business for Android versions prior to 2.19.104, and Business for iOS versions prior to 2.19.100.