[CERT-daily] Tageszusammenfassung - Dienstag 6-08-2013

Tue Aug 6 18:08:54 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c ***
---------------------------------------------
OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower.    CVE(s):    CVE-2013-0169  CVE-2013-0166  CVE-2012-2686     Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.)   Refer to the following reference URLs for...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tivoli_management_framework_affected_by_vulnerabilities_in_openssl_1_0_1c?lang=en_us


*** MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY ***
---------------------------------------------
OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01


*** Samba smbd CPU Processing Loop Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in Samba. A remote user can cause denial of service conditions.
---------------------------------------------
http://www.securitytracker.com/id/1028882


*** IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks.
---------------------------------------------
http://www.securitytracker.com/id/1028884


*** Achtung: Anzeigen-Server OpenX enthält eine Hintertür ***
---------------------------------------------
In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird.
---------------------------------------------
http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt-eine-Hintertuer-1929769.html


*** Huawei B153 3G/UMTS Router WPS Weakness ***
---------------------------------------------
Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013080046


*** How to Check if Your Website is Part of the StealRat Botnet ***
---------------------------------------------
For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...]
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/


*** Java-Forum.org: Datenbank-Dump aufgetaucht ***
---------------------------------------------
Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern.
---------------------------------------------
http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetaucht-1930233.html


*** Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54416


*** WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.
---------------------------------------------
https://secunia.com/advisories/53133


*** ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54357


*** 2Q Security Roundup: Mobile Flaws Form Lasting Security Problems ***
---------------------------------------------
Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/


*** Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability ***
---------------------------------------------
OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous...
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02