[CERT-daily] Tageszusammenfassung - Mittwoch 11-09-2013

Wed Sep 11 18:06:50 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 10-09-2013 18:00 − Mittwoch 11-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Juniper Junos J-Web Arbitrary Command Execution Vulnerability ***
---------------------------------------------
Sense of Security has reported a vulnerability in Juniper Junos, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to /jsdm/ajax/port.php and can be exploited to execute arbitrary OS commands with root privileges.
---------------------------------------------
https://secunia.com/advisories/54731


*** Android Mobile: Following In the Windows Footsteps ***
---------------------------------------------
FireEye discovered an email spam campaign, currently ongoing, which is dropping the well-known Android malware Android FakeDefender. Looking through our DTI platform, we believe that this campaign started on the 6th of September. Vector of Propagation FireEye Labs has identified … Continue reading →
---------------------------------------------
http://www.fireeye.com/blog/technical/2013/09/android-malware.html


*** BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devices ***
---------------------------------------------
BlackBerry issued four security advisories, patching vulnerabilities in the Z10 and Q10 smartphones and the PlayBook tablet.
---------------------------------------------
http://threatpost.com/blackberry-patches-flash-webkit-and-libexif-flaws-on-mobile-devices/102249


*** Macs need to patch too!, (Tue, Sep 10th) ***
---------------------------------------------
Our regular readers know this, but on Patch Tuesday aka Black Tuesday we get a bit wider audience and hence its worth repeating it even more:  Do not forget to also patch your Macs!  E.g. a Trojan was recently discoverd that targets Macs with unpatched java flaws. See the Intego writeup. Not only that. Microsoft Office, Adobe Flash, shockwave, reader or acrobat all need to get update too.  -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16544&rss


*** Investigating the Security of the Firefox OS ***
---------------------------------------------
Firefox OS is Mozilla’s foray into the mobile operating system field and promises a more adaptive mobile OS. But as mobile threats, in particular in the Android platform, has gained momentum, the question in everyone’s mind is – how safe is it? About a month ago, Telefonica announced that it had launched the Firefox OS […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroInvestigating the Security of the Firefox OS
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/b6Lw53NWiz4/


*** FreeBSD Network ioctl(2) Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in the FreeBSD Kernel. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1029014


*** Managed Malicious Java Applets Hosting Service Spotted in the Wild ***
---------------------------------------------
In a series of blog posts, we’ve been profiling the tactics and DIY tools of novice cybercriminals, whose malicious campaigns tend to largely rely on social engineering techniques, on their way to trick users into thinking that they’ve been exposed to a legitimate Java applet window. These very same malicious Java applets, continue representing a popular infection vector among novice cybercriminals, who remain the primary customers of the DIY tools/attack platforms that we’ve
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/3tgS8jmgHQQ/


*** Summary for September 2013 - Version: 1.0 ***
---------------------------------------------
Unter anderem:
- Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution
- Vulnerability in Microsoft Outlook Could Allow Remote Code Execution
- Vulnerability in OLE Could Allow Remote Code Execution
- Vulnerability in Windows Theme File Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
- Vulnerabilities in Microsoft Access Could Allow Remote Code Execution
---------------------------------------------
http://technet.microsoft.com/en-gb/security/bulletin/ms13-sep


*** Bugtraq: Synology DSM multiple vulnerabilities ***
---------------------------------------------
Synology DiskStation Manager (DSM) it's a Linux based operating system, used for the DiskStation and RackStation products.
---------------------------------------------
http://www.securityfocus.com/archive/1/528543


*** Java 7u40 ist da – diesmal kein Critical Patch Update ***
---------------------------------------------
Das als Funktions-Update angedachte neue Java-Release bringt etliche Sicherheits-Features und ein an die frührere JRockit Mission Control Suite erinnerndes Werkzeug zur Überwachung und zum Profiling der JVM.
---------------------------------------------
http://www.heise.de/security/meldung/Java-7u40-ist-da-diesmal-kein-Critical-Patch-Update-1954140.html


*** Xen - libxl partially sets up HVM passthrough even with disabled iommu ***
---------------------------------------------
Impact: A HVM domain, given access to a device which bus mastering capable in the absence of a functioning IOMMU, can mount a privilege escalation or denial of service attack affecting the whole system.
---------------------------------------------
http://seclists.org/oss-sec/2013/q3/578


*** Adobe Security Bulletins Posted ***
---------------------------------------------
Today, we released the following Security Bulletins: APSB13-21 – Security updates available for Adobe Flash Player APSB13-22 – Security updates available for Adobe Acrobat and Reader APSB13-23 – Security updates available for Shockwave Player Customers of the affected products should … Continue reading →
---------------------------------------------
http://blogs.adobe.com/psirt/2013/09/adobe-security-bulletins-posted-9.html


*** RouterOS sshd Denial of Service Vulnerability ***
---------------------------------------------
Kingcope has reported a vulnerability in RouterOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within sshd when processing requests and can be exploited to corrupt memory and subsequently cause a crash of the daemon.
---------------------------------------------
https://secunia.com/advisories/54633