[CERT-daily] Tageszusammenfassung - Donnerstag 21-03-2013

Thu Mar 21 18:02:42 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 20-03-2013 18:00 − Donnerstag 21-03-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Christian Wojner

*** AMD Catalyst Control Center Update Spoofing Vulnerability ***
---------------------------------------------
AMD Catalyst Control Center Update Spoofing Vulnerability
---------------------------------------------
https://secunia.com/advisories/52696


*** tokend (Apple, Gemalto) privacy leak & arbitrary file creation ***
---------------------------------------------
Topic: tokend (Apple, Gemalto) privacy leak & arbitrary file creation Risk: High Text:Tokend is a module for OS X CDSA/Keychain subsystem for accessing smart cards. It acts as a bridge between the apple KeyChain ...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/EQ1oxqfYnQA/WLB-2013030173


*** OpenSC.tokend privacy leak & arbitrary file creation ***
---------------------------------------------
Topic: OpenSC.tokend privacy leak & arbitrary file creation Risk: High Text:OpenSC.tokend (1,2) is a Tokend module for OS X CDSA/Keychain subsystem for accessing smart cards. As is common in such bridge...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/QSRbtZTKohQ/WLB-2013030172


*** Linux Kernel kvm Multiple Vulns ***
---------------------------------------------
Topic: Linux Kernel kvm Multiple Vulns Risk: High Text:* CVE-2013-1796 Description of the problem: If the guest sets the GPA of the time_page so that the request to update the tim...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ajIh5W6bo-g/WLB-2013030175


*** Resilient Cyber Systems Symposium (Resilience Week 2013) ***
---------------------------------------------
"Announcement and call for papers for the 1st International Symposium on Resilient Cyber Systems, which will be held as part of the Resilience Week in San Francisco, in August 2013. Topics of Interest include:- Resilient Cyber Frameworks and Architectures: multi-agent systems for monitoring and control, supervisory control and data acquisition, distributed sense making and coordination- Moving Target Defense: Moving target defense technologies, evaluation metrics, visualization and command
---------------------------------------------
http://cybersystems2013.inl.gov/


*** Another iPhone passcode bypass spell revealed ***
---------------------------------------------
Turn off Siri, remove SIM, add unicorn blood, phone and contacts are yours Apples recent release of iOS 6.1.3, complete with fix for the weird keypress sequence that allowed access to and export of iPhone address books, seems to have been just a little bit futile after a new bug with the same effects emerged.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/03/21/another_magic_iphone_unlock_spell/


*** libvirt Group Privileges Error Lets Local Users Modify Certain Files on the Target System ***
---------------------------------------------
A vulnerability was reported in libvirt. A local user can modify certain files on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1028323


*** Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow ***
---------------------------------------------
Topic: Linux Kernel i915 driver in the Direct Rendering Manager Integer Overflow Risk: Medium Text:It is possible to wrap the counter used to allocate the buffer for relocation copies. This could lead to heap writing overflow...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/uuWQ-E59VLw/WLB-2013030180


*** Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities ***
---------------------------------------------
Drupal Views Module View Configuration Fields Script Insertion Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/51540


*** IBM Rational ClearQuest reflected cross-site scripting ***
---------------------------------------------
IBM Rational ClearQuest reflected cross-site scripting
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/80061