[CERT-daily] Tageszusammenfassung - Donnerstag 22-11-2012

Daily end-of-shift report team at cert.at
Thu Nov 22 18:02:02 CET 2012


=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 21-11-2012 18:00 − Donnerstag 22-11-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Researcher Claims To Have Chrome Zero-Day, Google Says "Prove It" ***
---------------------------------------------
chicksdaddy writes "Googles been known to pay $60,000 for information on remotely exploitable vulnerabilities in its Chrome web browser. So, when a researcher says that he has one, but isnt interested in selling it, eyebrows get raised. And thats just whats happening this week, with Google saying it will wait and see what Georgian researcher Ucha Gobejishvili has up his sleeve in a presentation on Saturday at the Malcon conference in New Delhi. Gobejishvili has claimed that he will
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/Rd8KcBlxVgQ/story01.htm




*** Vuln: NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability ***
---------------------------------------------
NetIQ Privileged User Manager ldapagnt_eval() Remote Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/56539




*** Bug-Jäger entdeckt SCADA-Lücken – und verkauft sie ***
---------------------------------------------
Der Schwachstellen-Händler ReVuln rührt weiter die Werbetrommeln und hat ein Video veröffentlicht, das Sicherheitslücken in weit verbreiteten SCADA-Industriesteueranlagen zeigen soll. Insgesamt will das Unternehmen neun Zero-Day-Lücken in SCADA-Produkten von Eaton, General Electric, Kaskad, Rockwell Automation, Schneider Electric und Siemens gefunden haben. Welche Produkte im einzelnen lückenhaft sind, gab ReVuln jedoch nicht an.
---------------------------------------------
http://www.heise.de/security/meldung/Bug-Jaeger-entdeckt-SCADA-Luecken-und-verkauft-sie-1754804.html/from/atom10




*** lighttpd 1.4.31 DOS POC ***
---------------------------------------------
Topic: lighttpd 1.4.31 DOS POC Risk: High Text:#!/bin/bash # simple lighttpd 1.4.31 DOS POC # CVE-2012-5533 # http://www.lighttpd.net/2012/11/21/1-4-32/ # http://download...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/oPnZGgMtSWc/WLB-2012110161






More information about the Daily mailing list