[CERT-daily] Tageszusammenfassung - Dienstag 6-11-2012

Tue Nov 6 18:29:16 CET 2012

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 05-11-2012 18:00 − Dienstag 06-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Vuln: Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3163 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56036


*** Vuln: Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3173 Remote MySQL Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56041


*** Vuln: Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability ***
---------------------------------------------
Oracle MySQL Server CVE-2012-3158 Remote Security Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56017


*** European Smart Grid Cyber and SCADA Security ***
---------------------------------------------
"Event Name : European Smart Grid Cyber and SCADA SecurityEvent Date : March 11-12, 2013Location : London, United KingdomWebsite : www. smi-online. co. uk/2013cybergrids2...."
---------------------------------------------
http://www.ecoseed.org/more/events/15779-european-smart-grid-cyber-and-scada-security


*** [dos] - Adobe Reader 11.0.0 Stack Overflow Crash PoC ***
---------------------------------------------
Adobe Reader 11.0.0 Stack Overflow Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22464


*** Possible Fake-AV Ads from Doubleclick Servers, (Mon, Nov 5th) ***
---------------------------------------------
Reader James ran into a Fake AV ad delivered by Double click. It is not clear if this is the result of a compromise of double click, or a paid ad that slipped through doubleclicks content review process. James started out at a local new paper web site, that like many others features ads served by double click. Luckily, James used a proxy tool (Fiddler) to record the session. Here are some of the excerpts (slightly anonymized and spaces inserted to avoid accidental clicks):  GET [...] 
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14455&rss


*** Vuln: Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability ***
---------------------------------------------
Multiple Symantec Products CAB Files Handling Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56399


*** Apache Tomcat 6.x / 7.x Denial Of Service ***
---------------------------------------------
Topic: Apache Tomcat 6.x / 7.x Denial Of Service Risk: Medium Text:CVE-2012-2733 Apache Tomcat Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affe...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/zhdqQvlbO2c/WLB-2012110029


*** Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses ***
---------------------------------------------
Topic: Apache Tomcat 5.x / 6.x / 7.x DIGEST Authentication Weaknesses Risk: Medium Text:CVE-2012-3439 Apache Tomcat DIGEST authentication weaknesses Severity: Moderate Vendor: The Apache Software Foundation ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Suq__thlFNM/WLB-2012110028


*** Java - Sicherheitsexperte schließt Java-Lücke auf eigene Faust ***
---------------------------------------------
Oracle vertröstet auf Patchday im Februar
---------------------------------------------
http://text.derstandard.at/1350259245198/Sicherheitsexperte-schliesst-Java-Luecke-auf-eigene-Faust


*** Bugtraq: multiple critical vulnerabilities in sophos products ***
---------------------------------------------
multiple critical vulnerabilities in sophos products
---------------------------------------------
http://www.securityfocus.com/archive/1/524641


*** Bugtraq: Wisecracker 1.0 - A high performance distributed cryptanalysis framework ***
---------------------------------------------
Wisecracker 1.0 - A high performance distributed cryptanalysis framework
---------------------------------------------
http://www.securityfocus.com/archive/1/524640


*** [dos] - Internet Explorer 9 Memory Corruption Crash PoC ***
---------------------------------------------
Internet Explorer 9 Memory Corruption Crash PoC
---------------------------------------------
http://www.exploit-db.com/exploits/22401


*** Bugtraq: [security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure ***
---------------------------------------------
[security bulletin] HPSBHF02699 SSRT100592 rev.2 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure...
---------------------------------------------
http://www.securityfocus.com/archive/1/524644