[CERT-daily] Tageszusammenfassung - Freitag 10-10-2014

Fri Oct 10 18:19:14 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 09-10-2014 18:00 − Freitag 10-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Cisco addresses numerous vulnerabilities in ASA software ***
---------------------------------------------
Many of the vulnerabilities can lead to a denial-of-service condition, but others could result in a full compromise of the affected system.
---------------------------------------------
http://www.scmagazine.com/vulnerabilities-in-cisco-asa-software/article/376394/


*** CSAM: My servers started speaking IRC, and that is when I started to listen!, (Thu, Oct 9th) ***
---------------------------------------------
Hassan submitted this story:  While reviewing our IDS logs, we noticed an alert for IRC botnet traffic coming from multiple servers in a specific VLAN.  Ouch! One thing I keep saying in our IDS Class: If your servers all for sudden start joining IRC channels, then they are either very bored, or very compromised. But lets see how it went for Hassan. Hassan had what every analyst wants: pcaps! So he looked at the full packet capture of the traffic:  The traffic wasnt 100% IRC. But it looked...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18799&rss


*** Critical Patch Update - October 2014 Pre-Release Announcement ***
---------------------------------------------
Critical Patch Update - October 2014 Pre-Release Announcement
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html


*** MS14-OCT - Microsoft Security Bulletin Advance Notification for October 2014 - Version: 1.0 ***
---------------------------------------------
This is an advance notification of security bulletins that Microsoft is intending to release on October 14, 2014. This bulletin advance notification will be replaced with the October bulletin summary on October 14, 2014. 
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-OCT


*** Signed Malware = Expensive "Oops" for HP ***
---------------------------------------------
Computer and software industry maker HP is in the process of notifying customers about a seemingly harmless security incident in 2010 that nevertheless could prove expensive for the company to fix and present unique support problems for users of its older products.
---------------------------------------------
http://krebsonsecurity.com/2014/10/signed-malware-is-expensive-oops-for-hp/


*** Malware analysts tell crooks to shape up and write decent code ***
---------------------------------------------
Who writes their own crypto these days? Seriously! Blackhats beware: reverse engineers are laughing at your buggy advanced persistent threat (APT) malware.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/10/10/writing_better_malware_with_fireeye/


*** Zwei-Faktor-Authentifizierung: Apple erhöht die Sicherheit für iCloud ***
---------------------------------------------
Apple weitet die Zwei-Faktor-Authentifizierung aus. Ab sofort sind anwendungsspezifische Passwörter für den Zugriff auf iCloud-Daten Pflicht.
---------------------------------------------
http://www.golem.de/news/zwei-faktor-authentifizierung-apple-erhoeht-die-sicherheit-fuer-icloud-1410-109750-rss.html


*** Crims zapped mobes, slabs we collared for evidence, wail cops ***
---------------------------------------------
Dont worry, sarge, we got all the ... oh, WTF! You know that nifty remote wipe function that takes all the photos off your phone when it gets lost? Turns out criminals know about it too, and theyre using it to wipe phones taken by police as evidence.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/10/10/police_say_criminals_remotely_wiping_seized_mobes/


*** WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability ***
---------------------------------------------
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we areRead More
---------------------------------------------
http://blog.sucuri.net/2014/10/wordpress-websites-continue-to-get-hacked-via-mailpoet-plugin-vulnerability.html


*** May-August 2014 ***
---------------------------------------------
The NCCIC/ICS-CERT Monitor for May-August 2014 is a summary of ICS-CERT activities for that period of time.
---------------------------------------------
https://ics-cert.us-cert.gov//monitors/ICS-MM201408


*** TWiki Sandbox.pm File Validation Flaw Lets Remote Authenticated Users Upload Arbitrary Windows Apache Configuration Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030982


*** TWiki debugenableplugins Parameter Lets Remote Users View and Modify Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030981


*** VMSA-2014-0006.11 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0006.html


*** PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability ***
---------------------------------------------
The Vulnerability Laboratory Research Team discovered a security auth protection mechanism bypass vulnerability in the PayPal Inc iOS Mobile Application.
---------------------------------------------
http://www.vulnerability-lab.com/get_content.php?id=895


*** Cisco Security Notices for Autonomic Networking Infrastructure ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3403
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3404
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3405


*** HPSBHF03136 rev.1 - HP TippingPoint NGFW running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP TippingPoint NGFW running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04475466


*** HPSBMU02895 SSRT101253 rev.4 - HP Data Protector, Remote Increase of Privilege, Denial of Service (DoS), Execution of Arbitrary Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Data Protector. These vulnerabilities could be remotely exploited to allow an increase of privilege, create a Denial of Service (DoS), or execute arbitrary code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03822422


*** HPSBNS03130 rev.1 - HP NonStop Development Environment for Eclipse (NSDEE) running Bash Shell, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified with HP NonStop Development Environment for Eclipse (NSDEE) running Bash Shell . This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04474252


*** HPSBST03122 rev.1 - HP StoreAll Operating System Software running Bash Shell, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified with HP StoreAll Operating System Software running Bash Shell. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04471532


*** IBM Security Bulletin: Seven (7) Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and V840 (CVEs) ***
---------------------------------------------
OpenSSL vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code on the system, to obtain sensitive information, or cause of denial of service.  CVE(s): CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510 and CVE-2014-3508  Affected product(s) and affected version(s):   IBM FlashSystem 840: Machine Type 9840, model -AE1 (all supported releases before 1.1.2.7) Machine Type...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_seven_7_vulnerabilities_in_openssl_affect_ibm_flashsystem_840_and_v840_cves?lang=en_us


*** IBM Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545) ***
---------------------------------------------
NSS & NSPR vulnerabilities affect the IBM FlashSystem 840 and V840 products. These vulnerabilities could allow a remote attacker to execute arbitrary code, on the system, to obtain sensitive information, or cause Denial of Service.  CVE(s): CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544 and CVE-2014-1545  Affected product(s) and affected version(s):   IBM FlashSystem 840: Machine Type 9840, model -AE1 (all supported releases before 1.1.2.7) Machine Type 9843,...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_six_6_vulnerabilities_in_network_security_services_nss_amp_netscape_portable_runtime_nspr_affect_ibm_flashsystem_840_and_v840_cve_2013_1740_cve_2014_1490_cve_2014_1491_cve_20


*** IBM Security Bulletin: IBM WebSphere MQ Telemetry Component - Potential authentication bypass vulnerability when using the JAASConfig property (CVE-2014-6116) ***
---------------------------------------------
IBM WebSphere MQ contains a vulnerability in which authentication is bypassed by MQTT clients with the "JAASConfig" configuration property set.  CVE(s): CVE-2014-6116  Affected product(s) and affected version(s):   IBM WebSphere MQ Telemetry Component   WebSphere MQ 8.0.0.1 downloaded prior to 24th September 2014 (Level: p000-001-L140910). To check your fix pack level, issue the command dspmqver and check the output of the Level option.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_websphere_mq_telemetry_component_potential_authentication_bypass_vulnerability_when_using_the_jaasconfig_property_cve_2014_6116?lang=en_us


*** IBM Security Bulletin: Proventia Network Security Controller is affected by multiple OpenSSL vulnerabilities ***
---------------------------------------------
Security vulnerabilities have been discovered in OpenSSL that were reported by the OpenSSL Project (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0160, CVE-2014-0076, CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512)  CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0160, CVE-2014-0076, CVE-2014-3508,...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_proventia_network_security_controller_is_affected_by_multiple_openssl_vulnerabilities?lang=en_us


*** IBM Security Bulletin: Remote Code Execution Vulnerability Security Bulletin: TRIRIGA Application Platform (CVE-2014-4840) ***
---------------------------------------------
IBM TRIRIGA Application Platform could allow an attacker to execute code on the vulnerable server. An attacker could send a specially crafted URL to the server that would execute commands as the privileges of the unprivileged user running the server.  CVE(s): CVE-2014-4840  Affected product(s) and affected version(s):   The following Application Platform versions are affected. IBM TRIRIGA Application Platform 3.4.0 IBM TRIRIGA Application Platform 3.3.2 and 3.3.2.1 fix pack...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_remote_code_execution_vulnerability_security_bulletin_tririga_application_platform_cve_2014_4840?lang=en_us


*** IBM Security Bulletins for Products affected by Vulnerabilities in Bash ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_the_ibm_hyper_scale_manager_component_of_the_xiv_management_tools_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_201
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_netezza_host_management_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_virtual_server_protection_for_vmware_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_pureapplication_system_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_protectier_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_flashsystem_840_and_v840_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=en_us