[CERT-daily] Tageszusammenfassung - Freitag 18-07-2014

Daily end-of-shift report team at cert.at
Fri Jul 18 18:06:54 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 17-07-2014 18:00 − Freitag 18-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** SQL Injection Vulnerability - vBulletin 5.x ***
---------------------------------------------
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member list page. Every vBulletin user needs to upgrade to the latest version asap. vBulletin is a very popular forum sofware used on more than ..
---------------------------------------------
http://blog.sucuri.net/2014/07/sql-injection-on-vbulletin-5-x.html




*** Siemens OpenSSL Vulnerabilities ***
---------------------------------------------
Siemens has identified four vulnerabilities in its OpenSSL cryptographic software library affecting several Siemens industrial products. Updates are available for APE 2.0.2 and WinCC OA (PVSS). The ROX 1, ROX 2, S7-1500, and CP1543-1 products do not have a patch at this time; however, Siemens has made mitigation recommendations. Siemens is continuing to work on patching these vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-03




*** Cogent DataHub Code Injection Vulnerability ***
---------------------------------------------
NCCIC/ICS-CERT has become aware of a code injection vulnerability affecting the Cogent DataHub application produced by Cogent Real-Time Systems, Inc. (hereafter referred to as Cogent). Security researcher John Leitch reported this vulnerability to the Zero Day Initiative (ZDI), who then reported it directly to Cogent. Successful exploitation of this vulnerability could allow remote execution of arbitrary code.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-01




*** Advantech WebAccess Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT received a report from the Zero Day Initiative (ZDI) concerning vulnerabilities affecting the Advantech WebAccess application. These vulnerabilities were reported to ZDI by security researchers Dave Weinstein, Tom Gallagher, John Leitch, and others. Advantech has produced an updated software version that mitigates these vulnerabilities.
---------------------------------------------
http://ics-cert.us-cert.gov//advisories/ICSA-14-198-02




*** Mitigating UAF Exploits with Delay Free for Internet Explorer ***
---------------------------------------------
After introducing the 'isolated heap' in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call 'delay free.' This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits ..
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/mitigating-uaf-exploits-with-delay-free-for-internet-explorer/




*** DSA-2979 fail2ban ***
---------------------------------------------
Two vulnerabilities were discovered in Fail2ban, a solution to ban hosts that cause multiple authentication errors. When using Fail2ban to monitor Postfix or Cyrus IMAP logs, improper input validation in log parsing could enable a remote attacker to trigger an IP ban on arbitrary addresses, resulting in denial of service.
---------------------------------------------
http://www.debian.org/security/2014/dsa-2979




*** Bugtraq: Microsoft MSN HBE - Blind SQL Injection Vulnerability ***
---------------------------------------------
A boolean-based blind SQL Injection web vulnerability has been detected in the official MSN (habitos.be.msn.com) web application Service. The vulnerability allows remote attackers to inject own sql commands to compromise the affected ..
---------------------------------------------
http://www.securityfocus.com/archive/1/532830




*** Critroni Crypto Ransomware Seen Using Tor for Command and Control ***
---------------------------------------------
There's a new kid on the crypto ransomware block, known as Critroni, that's been sold in underground forums for the last month or so and is now being dropped by the Angler exploit kit. The ransomware includes a number of unusual features and researchers say ..
---------------------------------------------
http://threatpost.com/critroni-crypto-ransomware-seen-using-tor-for-command-and-control/107306




*** LibreSSL: Linuxer und OpenBSDler raufen sich zusammen ***
---------------------------------------------
Anhand der Probleme bei der Portierung von LibreSSL auf andere Plattformen wie Linux kann man erkennen, wie aus OpenSSL so ein Security-Alptraum werden konnte. Und der ist noch längst nicht vorbei.
---------------------------------------------
http://www.heise.de/security/meldung/LibreSSL-Linuxer-und-OpenBSDler-raufen-sich-zusammen-2262843.html






More information about the Daily mailing list