[CERT-daily] Tageszusammenfassung - Freitag 12-09-2014

Fri Sep 12 18:05:51 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 11-09-2014 18:00 − Freitag 12-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Hacker publishes tech support phone scammer slammer ***
---------------------------------------------
Security pro Matthew Weeks has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, theres a problem with your computer" tech support scammers. Weeks day job is director at Root9b, but hes taken time to detail a zero-day flaw in Ammyy Admin he hopes will be used to fight back against tech support scammers.
---------------------------------------------
http://www.theregister.co.uk/2014/09/12/phone_scammer_slammer/


*** Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability ***
---------------------------------------------
A vulnerability in the GNU C library of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, local attacker to input crafted data to cause a heap-based buffer overflow.
The vulnerability is due to incorrect sanitization of data. An attacker could exploit this vulnerability by setting an environment variable to a malicious value.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119


*** Schneider Electric VAMPSET Buffer Overflow ***
---------------------------------------------
This advisory provides mitigation details for a buffer overflow vulnerability in Schneider Electric's VAMPSET software product.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-254-01


*** Ecava Integraxor SCADA Server Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for vulnerabilities in the Ecava Integraxor SCADA Server.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-224-01


*** Linux Kernel logi_dj_recv_destroy_djhid_device buffer overflow ***
---------------------------------------------
Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the logi_dj_recv_destroy_djhid_device function. By sending an overly long string, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95928


*** DNS cache poisoning used to steal emails ***
---------------------------------------------
Does this happen in practice? CERT/CC researchers Jonathan Spring and Leigh Metcalf have evidence to suggest that it does. Using passive DNS data, they found a number of incorrect responses for A records belonging to mail servers of the big three webmail providers (Gmail, Yahoo! and Hotmail). Even though an increasing number of emails are sent over encrypted connections (using STARTTLS), there isnt really a way for the receiving mail server to enforce this, as HSTS does for secure HTTP
---------------------------------------------
https://www.virusbtn.com/blog/2014/09_12.xml?rss


*** Multiple security bulletins for IBM products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_samba_vulnerability_issue_on_ibm_storwize_v7000_unified_cve_2014_3493?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_samba_vulnerability_issue_on_ibm_sonas_cve_2014_3493?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_current_release_of_ibm_sdk_for_node_js?lang=en_us