[CERT-daily] Tageszusammenfassung - Freitag 7-09-2012

Mon Sep 17 15:22:29 CEST 2012

=======================
= End-of-Shift report =
=======================
Timeframe:   Donnerstag 06-09-2012 18:00 - Freitag 07-09-2012 18:00
Handler:     Stephan Richter
Co-Handler:  Otmar Lendl


*** Microsoft Security Bulletin Advance Notification for September 2012 ***
---------------------------------------------
"This is an advance notification of security bulletins that Microsoft is
intending to release on September 11, 2012. This bulletin advance
notification will be replaced with the September bulletin summary on
September 11, 2012. For more information about the bulletin advance
notification service, see Microsoft Security Bulletin Advance Notification...."
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms12-sep


*** Bugtraq: [security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business
Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request
Forgery (CSRF), and Web Session Hijacking ***
---------------------------------------------
[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability
Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),
and Web Session Hijacking
---------------------------------------------
http://www.securityfocus.com/archive/1/524119


*** Flash-Lücke im Internet Explorer 10 ***
---------------------------------------------
Die mit Windows 8 ausgelieferte Flash-Version ist von einer
Sicherheitslücke betroffen, die in Verbindung mit dem Internet Explorer 10
auftritt. Der entsprechende Patch von Adobe kann nicht auf den neuen
Internet Explorer angewandt werden.
---------------------------------------------
http://futurezone.at/produkte/11190-flash-luecke-im-internet-explorer-10.php?rss=fuzo


*** ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow ***
---------------------------------------------
Topic: ActiveFax (ActFax) 4.3 Client Importer Buffer Overflow Risk: High
Text:## # This file is part of the Metasploit Framework and may be subject
to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uDV-PB41E8E/WLB-2012090068


*** N24 Dokumentation ***
---------------------------------------------
Wenn das Web zur Waffe wird

Mit der Weiterentwicklung der Technik von Computern und des Internets
werden auch immer neue Angriffsmöglichkeiten für virtuelle Kriminelle
geschaffen. Die Zeiten, in denen Computerviren lediglich Spam
verursachten, sind vorbei. Die Doku zeigt, welch folgenschwere Schäden
durch Cyber-Attacken in der modernen Welt verursacht werden können:
---------------------------------------------
http://www.n24.de/mediathek/cyber-war-wenn-das-web-zur-waffe-wird_1552737.html


*** Vuln: Webmin Multiple Input Validation Vulnerabilities ***
---------------------------------------------
Webmin Multiple Input Validation Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55446


*** SSL BEASTie boys develop follow-up CRIME web attack ***
---------------------------------------------
Ill Communication The security researchers who developed the infamous BEAST
attack that broke SSL/TLS encryption are cooking up a new assault on the
same crucial protocols.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/07/https_sesh_hijack_attack/


*** [remote] - SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow ***
---------------------------------------------
SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow
---------------------------------------------
http://www.exploit-db.com/exploits/21034


*** US-CERT Alert TA12-251A - Microsoft Update For Minimum Certificate Key
Length ***
---------------------------------------------
FOR IMMEDIATE PUBLIC RELEASE

National Cyber Awareness System

US-CERT Alert TA12-251A
Microsoft Update For Minimum Certificate Key Length

Original release date: September 07, 2012
---------------------------------------------
http://www.us-cert.gov/cas/techalerts/TA12-251A.html