[CERT-daily] Tageszusammenfassung - Dienstag 21-05-2013

Tue May 21 18:11:12 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 17-05-2013 18:00 − Dienstag 21-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** Suchmaschine für Internet Census 2012 ***
---------------------------------------------
Die gewaltigen Datenmengen, die bei einem Portscan des gesamten Internets aufgelaufen sind, kann man jetzt auch komfortabel online durchsuchen.
---------------------------------------------
http://www.heise.de/security/meldung/Suchmaschine-fuer-Internet-Census-2012-1865623.html


*** SSL: Another reason not to ignore IPv6, (Fri, May 17th) ***
---------------------------------------------
Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the "quick fix", as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4.   The most obvious issue here is logging, in that the application only "sees" the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses.  But there is another issue: SSL
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15833&rss


*** CKEditor comment or content post cross-site scripting ***
---------------------------------------------
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the comment or content post field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site,...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84356


*** Vuln: WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability ***
---------------------------------------------
The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. 
---------------------------------------------
http://www.securityfocus.com/bid/59932


*** Hitachi JP1/Automatic Operation unspecified cross-site scripting ***
---------------------------------------------
Hitachi JP1/Automatic Operation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/84365


*** Remote Code Injection Vulnerabilities Discovered in iOS Apps ***
---------------------------------------------
Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store.
---------------------------------------------
http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-ios-apps/


*** Security Update: URL Manipulation Vulnerability in IBM WebSphere Portal versions ***
---------------------------------------------
URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below).  CVE(s): CVE-2012-2181 and CVE-2012-4834  Affected product(s): IBM WebSphere Portal Affected version(s): 7.0.0.x and 8.0  Refer to the following reference URLs for remediation and additional...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_update_url_manipulation_vulnerability_in_ibm_websphere_portal_versions?lang=en_us


*** IBM WebSphere DataPower Appliance echo web service cross-site scripting ***
---------------------------------------------
IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/82221


*** Mitsubishi MX Component V3 ActiveX Vulnerability ***
---------------------------------------------
This advisory recommends upgrading to MX Component 4.03 that is not affected by this vulnerability.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-140-01


*** Moodle Multiple Vulns ***
---------------------------------------------
Topic: Moodle Multiple Vulns Risk: Medium Text:The following security notifications are now public. Thanks to OSS members for their cooperation. =...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013050156


*** [remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection ***
---------------------------------------------
Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload.
---------------------------------------------
http://www.exploit-db.com/exploits/25608


*** Safeguarding ISPs from DDoS Attacks ***
---------------------------------------------
A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents, ENISAs Thomas Haeberlen says.
---------------------------------------------
http://www.databreachtoday.asia/safeguarding-isps-from-ddos-attacks-a-5773


*** National Cyber Security Strategies in the World ***
---------------------------------------------
A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues. ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world.
---------------------------------------------
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world


*** Dovecot IMAP "APPEND" Parameters Processing Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within IMAP functionality when processing the "APPEND" parameters and can be exploited to cause a hang.
---------------------------------------------
https://secunia.com/advisories/53492


*** IBM Maximo Asset Management Products Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53451


*** SAProuter NI Route Message Handling Vulnerability ***
---------------------------------------------
ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to potentially compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/53436


*** Bugtraq: Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt) ***
---------------------------------------------
We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".
---------------------------------------------
http://www.securityfocus.com/archive/1/526646


*** Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2013-0169) ***
---------------------------------------------
Download an update to the TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL.  CVEID:  CVE-2013-0169   Affected product(s) and affected version(s): All TS3310 tape libraries with firmware versions lower than 636G   Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004345 X-Force
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_ts3310_tape_library_update_for_security_vulnerabilities_in_openssl_cve_2013_0169?lang=en_us