End-of-Day report
Timeframe: Montag 29-07-2019 18:00 - Dienstag 30-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
E-Bikes nicht bei limebikes.de bestellen
Haben Sie vor, sich ein E-Bike zu kaufen? Dann sollten Sie es keinesfalls bei limebikes.de bestellen. Die ansprechende Website und die unschlagbaren Preise sind Fake, es handelt sich um einen betrügerischen Shop. Ihr Bike wird trotz Bezahlung nie geliefert!
https://www.watchlist-internet.at/news/e-bikes-nicht-bei-limebikesde-bestellen/
Vulnerabilities
PowerDNS Security Advisory 2019-06: Denial of service via crafted zone records
Updated packages (that only contain a Postgres schema change) will be released later. Just upgrading at that time will not fix the vulnerability - applying the schema change is mandatory.
https://mailman.powerdns.com/pipermail/pdns-announce/2019-July/001123.html
OpenSSL Security Advisory: Windows builds with insecure path defaults (CVE-2019-1552)
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. ... However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of C:/usr/local, which may be world writable, which enables untrusted users to modify OpenSSLs default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. Severity: Low
https://www.openssl.org/news/secadv/20190730.txt
Google Project Zero: Sechs interaktionslose iMessage-Lücken, eine ohne Patch
Das Sicherheitsprojekt der Suchmaschine hat ein halbes Dutzend Fehler im Apple-Betriebssystem iOS offengelegt, davon diverse kritische.
https://heise.de/-4483807
Security updates for Tuesday
Security updates have been issued by Fedora (cutter-re and radare2), Oracle (389-ds-base, httpd, kernel, libssh2, and qemu-kvm), Red Hat (389-ds-base, chromium-browser, curl, docker, httpd, keepalived, kernel, kernel-alt, kernel-rt, libssh2, perl, podman, procps-ng, qemu-kvm, qemu-kvm-ma, ruby, samba, and vim), Scientific Linux (389-ds-base, curl, libssh2, and qemu-kvm), SUSE (bzip2 and openexr), and Ubuntu (python-urllib3 and tmpreaper).
https://lwn.net/Articles/794920/
2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on High Voltage Products
http://search.abb.com/library/Download.aspx?DocumentID=2GHV057194&LanguageCode=en&DocumentPartId=&Action=Launch
2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Power Grids - Grid Automation products
https://new.abb.com/news/detail/28733/cyber-security-notification
2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on ABB Robot Controller Software
https://search.abb.com/library/Download.aspx?DocumentID=SI20192&LanguageCode=en&DocumentPartId=&Action=Launch
2019-07-30: Cyber Security Notification - WindRiver VxWorks IPNet Vulnerabilities, impact on AC 800PEC
http://search.abb.com/library/Download.aspx?DocumentID=9AKK107492A6671&LanguageCode=en&DocumentPartId=&Action=Launch
Security Advisory - Three Vulnerabilities in Huawei PCManager Product
http://www.huawei.com/en/psirt/security-advisories/2019/huawei-sa-20190710-01-pcmanager-en
IBM Security Bulletin: IBM StoredIQ is affected by a missing function level access control vulnerability (CVE-2019-4163)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affected-by-a-missing-function-level-access-control-vulnerability-cve-2019-4163/
IBM Security Bulletin: IBM StoredIQ is affected by a denial of service attack vulnerability (CVE-2019-4165)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-storediq-is-affected-by-a-denial-of-service-attack-vulnerability-cve-2019-4165/
IBM Security Bulletin: External Service invocation in IBM Business Space affects IBM Business Monitor (CVE-2018-1885)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-external-service-invocation-in-ibm-business-space-affects-ibm-business-monitor-cve-2018-1885/