[CERT-daily] Tageszusammenfassung - Mittwoch 27-08-2014

Wed Aug 27 18:06:38 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 26-08-2014 18:00 − Mittwoch 27-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Not all Java from java.com is legitimate ***
---------------------------------------------
Isn't it ironic getting a Java exploit via java.com, the primary source for one of the most common used browser plugins? Current malvertising campaigns are able to do this. This blog post details a relatively new trend: real-time advertisement bidding platforms being infiltrated by cyber criminals spreading malware.
---------------------------------------------
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/


*** Multiple Cross-Site Scripting Vulnerabilities in Transport Gateway for Smart Call Home ***
---------------------------------------------
A vulnerability in the web framework of Cisco Transport Gateway for Smart Call Home (TG-SCH) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3344


*** Netflix Open Source Security Tools Solve Range of Challenges ***
---------------------------------------------
Netflix engineers released two new application security tools to open source this week, a continuing effort from the streaming services company.
---------------------------------------------
http://threatpost.com/netflix-open-source-security-tools-solve-range-of-challenges/107931


*** ZDI-14-296: Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-296/


*** VMware Support Tool temporary files denial of service ***
---------------------------------------------
VMware Support Tool is vulnerable to a denial of service, caused by a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system and cause a denial of service.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95493


*** VMware Support Tool /tmp directory information disclosure ***
---------------------------------------------
VMware Support Tool could allow a local attacker to obtain sensitive information, caused by insecure permissions being set for the /tmp directory. An attacker could exploit this vulnerability to obtain sensitive information.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95494


*** Vulnerability in Citrix CloudPlatform Virtual Router could result in unauthorised access to network resources ***
---------------------------------------------
A vulnerability has been identified in the virtual router component of Citrix CloudPlatform, formerly known as Citrix CloudStack, that could allow ..
---------------------------------------------
http://support.citrix.com/article/CTX140989


*** Citrix CloudPlatform Virtual Router Firewall Bug Lets Remote Users Access Network Resources ***
---------------------------------------------
A vulnerability was reported in Citrix CloudPlatform Virtual Router. A remote user can bypass access controls to access network resources.
---------------------------------------------
http://www.securitytracker.com/id/1030762


*** Google says - patch your Chrome ***
---------------------------------------------
64-bit browser loads cat vids FIFTEEN PERCENT faster! Google has dropped 50 patches for its flagship Chrome browser plugging holes and handed $30,000 to a lone bug hunter who reported a dangerous sandbox-busting attack.
---------------------------------------------
www.theregister.co.uk/2014/08/27/goog_says_patch_your_chrome/


*** PCI Council wants YOU to give it things to DO ***
---------------------------------------------
How about enforcing PCI DSS? Crusaders at the Payment Card Industry Security Standards Council have called for submissions into projects for 2015.
---------------------------------------------
www.theregister.co.uk/2014/08/27/pci_council_wants_you_to_give_it_things_to_do/


*** RSA Identity Management and Governance Authentication Flaw Lets Remote Users Bypass Authentication to Gain Access to the Target System ***
---------------------------------------------
A vulnerability was reported in RSA Identity Management and Governance. A remote user can bypass authentication to gain access to the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030759


*** Sicherheitsupdate für Synology-Netzwerkspeicher ***
---------------------------------------------
Auch ein NAS ist meist ein Linux-Server, der gehegt und gepflegt werden muss - insbesondere dann, wenn es über das Internet erreichbar ist. Synology hat deshalb unter anderem OpenSSL auf den aktuellen Stand gebracht und damit diverse Lücken geschlossen.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsupdate-fuer-Synology-Netzwerkspeicher-2302988.html


*** VB2014 preview: Methods of malware persistence on Mac OS X ***
---------------------------------------------
Patrick Wardle shows that OS X users really have something to worry about.In the weeks running up to VB2014 (the 24th Virus Bulletin International Conference), we will look at some of the research that will be presented at the event. Today, ..
---------------------------------------------
http://www.virusbtn.com/blog/2014/08_27.xml


*** IBM: Heartbleed Attacks Thousands of Servers Daily ***
---------------------------------------------
The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.
---------------------------------------------
http://threatpost.com/ibm-heartbleed-attacks-thousands-of-servers-daily/107936


*** ZDI-14-297: Juniper Network and Security Manager XDB Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper Network and Security Manager. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-297/