[CERT-daily] Tageszusammenfassung - Dienstag 16-12-2014

Tue Dec 16 18:18:34 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 15-12-2014 18:00 − Dienstag 16-12-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Is POODLE Back for Another Byte? ***
---------------------------------------------
[...] The problem is a number of other TLS implementations are optimized for performance by verifying only that the first byte of padding matches the number of padding bytes. Such implementations would accept any value for the second and subsequent padding bytes. What's worse is that the adversary doesn't need to artificially downgrade the connection to SSLv3 to exploit this issue, so the barriers to execution are lower.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2014/12/is_poodle_back_fora.html


*** RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise ***
---------------------------------------------
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider...
---------------------------------------------
http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html


*** SoakSoak: Payload Analysis - Evolution of Compromised Sites - IE 11 ***
---------------------------------------------
Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quite a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don't use the RevSlider plugin can...
---------------------------------------------
http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-compromised-sites-ie-11.html


*** Google Blacklists WordPress Sites Peddling SoakSoak Malware ***
---------------------------------------------
Up to 100,000 sites hosted on WordPress may be vulnerable to new campaign thats pushing malware and multiple exploit kits to the browser.
---------------------------------------------
http://threatpost.com/google-blacklists-wordpress-sites-peddling-soaksoak-malware/109884


*** Safari 8.0.2 Still Supporting SSLv3 with Block Ciphers, (Mon, Dec 15th) ***
---------------------------------------------
In October, Apple released Security Update 2014-005, specifically with the intend to address the POODLE issue [1]. The description with the update stated:  There are known attacks on the confidentiality of SSL 3.0 when a cipher suite uses a block cipher in CBC mode. An attacker could force the use of SSL 3.0, even when the server would support a better TLS version, by blocking TLS 1.0 and higher connection attempts. This issue was addressed by disabling CBC cipher suites when TLS connection...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19067&rss


*** ENISA CERT training programme now available online ***
---------------------------------------------
ENISA has launched a new section on its website introducing the ENISA CERT training programme.
In the new section, you can find all the publicly available training resources and the training courses currently provided by ENISA.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/enisa-cert-training-programme-now-available-online


*** SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability ***
---------------------------------------------
CVE-2014-8730
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8730


*** Internet-Sicherheit: Auch Cisco mit Poodle-Problemen ***
---------------------------------------------
Ausgerechnet Firewalls und Load-Balancing-Erweiterungen des Netzwerkgeräte-Herstellers pfuschen bei der Umsetzung von TLS - und werden damit ebenfalls anfällig für Poodle-Angriffe auf die Verschlüsselung.
---------------------------------------------
http://www.heise.de/security/meldung/Internet-Sicherheit-Auch-Cisco-mit-Poodle-Problemen-2497965.html


*** Android Hacking and Security, Part 16: Broken Cryptography ***
---------------------------------------------
Introduction In this article, we will discuss broken cryptography in Android applications. Broken cryptography attacks come into the picture when an app developer wants to take advantage of encryption in his application. This article covers the possible ways where vulnerabilities associated with broken cryptography may be introduced in Android apps. [...]The post Android Hacking and Security, Part 16: Broken Cryptography appeared first on InfoSec Institute.
---------------------------------------------
http://resources.infosecinstitute.com/android-hacking-security-part-16-broken-cryptography/


*** F5 Security Advisory: Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687 ***
---------------------------------------------
(SOL15910) - Remote attackers may be able to cause a denial-of-service (DoS) using malformed or duplicate ASCONF chunk.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/900/sol15910.html


*** Security Advisory 2014-06: Incomplete Access Control ***
---------------------------------------------
An attacker with valid OTRS credentials could access and manipulate ticket data of other users via the GenericInterface, if a ticket webservice is configured and not additionally secured.
---------------------------------------------
https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/


*** Apache Buffer Overflow in mod_proxy_fcgi Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031371


*** SSA-831997 (Last Update 2014-12-15): Denial-of-Service Vulnerability in Ruggedcom ROS-based Devices ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-831997.pdf


*** CA Release Automation Multiple Flaws Permit Cross-Site Scripting, Cross-Site Request Forgery, and SQL Injection Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1031375


*** DokuWiki conf/mime.conf cross-site scripting ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99291


*** Python TLS security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/99294


*** CA LISA Multiple Vulns ***
---------------------------------------------
Topic: CA LISA Multiple Vulns Risk: Medium Text:CA20141215-01: Security Notice for CA LISA Release Automation Issued: December 15, 2014 CA Technologies Support is alerti...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014120097


*** Bugtraq: [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534249


*** Better Search <= 1.3.4 - Reflective XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7725


*** WP Construction Mode <= 1.91 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7724


*** Sliding Social Icons <= 1.61 - CSRF & Stored XSS ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7723


*** Bugtraq: "Ettercap 8.0 - 8.1" multiple vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534248