//Week in review - 21 Jun 2019

AusCERT Week in Review for 21st June 2019


This week the Australian government performed an rm -rf to a top government cyber security position and zero days for both Firefox and Oracle Weblogic were dropped.
Here’s a summary (including excerpts) of some of the more interesting stories we’ve seen this week:

Title: Mozilla patches Firefox zero-day abused in the wild
Date Published: 18 June 2019
Author: Catalin Cimpanu
“The Mozilla team has released earlier today version 67.0.3 of the Firefox browser to address a critical vulnerability that is currently being abused in the wild. A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop, Mozilla engineers wrote in a security advisory posted today. ‘This can allow for an exploitable crash,’ they added. ‘We are aware of targeted attacks in the wild abusing this flaw.'”

Title: Oracle patches another actively-exploited WebLogic zero-day
Date Published:  June 19, 2019
Author: Catalin Cimpanu
“Oracle released an out-of-band security update to fix a vulnerability in WebLogic servers that was being actively exploited in the real world to hijack users’ systems. Attacks using this vulnerability were first reported by Chinese security firm Knownsec 404 Team on June 15, last Saturday. The initial report from Knownsec claimed the attacks exploited a brand new WebLogic bug to bypass patches for a previous zero-day tracked as CVE-2019-2725 — which was also exploited in the wild for days in April before Oracle released an emergency security patch for that one as well.”

Title: Home Affairs deletes top govt cyber advisor position
Date Published: 21 June 2019
Author: MSRC Team
“Australia’s top government cyber security policy job has quietly disappeared from the Department of Home Affairs following the shock departure of former cyber tsar Alastair MacGibbon. The department’s most recently issued organisation chart reveals the national cyber security advisor role has been shredded and the wider cyber security policy function absorbed within its policy directorate. Orignally established as the Prime Minister’s special advisor on cyber security, the high profile  public-facing role was established within the PM’s department as part of the heavily publicised May 2016 national cyber security strategy.”

Title: Critical Vulnerabilities Patched in Cisco SD-WAN, DNA Center Products
Date Published: June 20, 2019
Author: Eduard Kovacs
“Cisco on Wednesday released patches for several critical and high-severity vulnerabilities affecting its SD-WAN, DNA Center, TelePresence, StarOS, RV router, Prime Service Catalog, and Meeting Server products. According to Cisco, the Digital Network Architecture (DNA) Center is affected by a critical vulnerability that allows a network attacker to bypass authentication and access critical internal services. The company’s SD-WAN solution, specifically its command-line interface (CLI), is affected by a critical flaw that can be exploited by a local attacker to elevate privileges to root and change the system configuration.”

Title: Samba Vulnerability Can Crash Active Directory Components
Date Published: 20 June 2019
Author: Lonut Llascu
“A couple of bugs in some versions of Samba software can help an attacker crash key processes on the network in charge of providing directory, application, and other services. The two vulnerabilities can be leveraged separately to crash the LDAP (Lightweight Directory Access Protocol) and the RPC (remote procedural call) server processes in Samba Active Directory Domain Controller, supported since version 4.0 of the software.”


Here are this week’s noteworthy security bulletins:
1) [ESB-2019.2230] Apache Tomcat: Denial of service – Remote/unauthenticated 
   Clients are able to cause server-side threads to block, eventually leading to thread exhaustion and a denial of service.

2) [ESB-2019.2225] Bind: Denial of service – Remote/unauthenticated
   Bind could be made to crash if it received specially crafted network traffic.

3) [ESB-2019.2220] libvirt: Multiple vulnerabilities
   Mulitple denial of service and code execution vulnerabilities found in libvirt.
Stay safe, stay patched and have a great weekend,
Rameez Agnew