[CERT-daily] Tageszusammenfassung - Mittwoch 5-06-2013

Wed Jun 5 18:09:49 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Get Set Null Java Security ***
---------------------------------------------
Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors...
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.html


*** Schneider Electric Quantum Ethernet Module Hard-Coded Credentials ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A


*** Schneider Electric PLCs Multiple Vulnerabilities ***
---------------------------------------------
This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B


*** Windows Sysinternals Updated http://technet.microsoft.com/en-us/sysinternals/default.aspx, (Wed, Jun 5th) ***
---------------------------------------------
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15932&rss


*** IBM AIX inet IPv6 Bug Lets Remote Users Deny Service ***
---------------------------------------------
On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang.
---------------------------------------------
http://www.securitytracker.com/id/1028626


*** Mac OSX Server DirectoryService Buffer Overflow ***
---------------------------------------------
Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1....
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013060040


*** NetGear DGN1000 and NetGear DGN2200 security bypass ***
---------------------------------------------
NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84662


*** [2013-06-05] Critical vulnerabilities in CTERA portal ***
---------------------------------------------
CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130605-0_CTERA_PORTAL_Multiple_Vulnerabilities_v10.txt


*** Apple Mac OS X Multiple Vulnerabilities ***
---------------------------------------------
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
---------------------------------------------
https://secunia.com/advisories/53684


*** PRTG Network Monitor login.htm cross-site scripting ***
---------------------------------------------
PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84686


*** Apache Struts OGNL Expression Injection Vulnerabilities ***
---------------------------------------------
Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/53693


*** Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability ***
---------------------------------------------
A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53697


*** CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone ***
---------------------------------------------
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
---------------------------------------------
https://kb.isc.org/article/AA-00967