[CERT-daily] Tageszusammenfassung - Montag 15-09-2014

Mon Sep 15 18:11:02 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 12-09-2014 18:00 − Montag 15-09-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Squid Off-by-One in snmpHandleUdp() Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can send a specially crafted UDP SNMP packet to trigger an off-by-one memory error in snmpHandleUdp() and potentially execute arbitrary code on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030838


*** Rooted SSH/SFTP Daemon Default Login Credentials ***
---------------------------------------------
The software comes pre-configured with a default login of User: root Password: abc123. This weak password
would easily be guessed leading to root compromise of the android system.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014090066


*** WordPress Photo Album Plus 5.4.4 Cross Site Scripting ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014090061


*** Malware 'Eskimo' hat es auf Steam-Konten abgesehen ***
---------------------------------------------
Die Schadsoftware wird hauptsächlich im Twitch-Chat verbreitet - Guthaben sowie Items werden nach Hack übertragen
---------------------------------------------
http://derstandard.at/2000005543386


*** IRC: Chatnetzwerk Freenode gehackt ***
---------------------------------------------
Die Betreiber des IRC-Netzwerks Freenode haben eine Kompromittierung ihrer Server festgestellt. Alle Nutzer sollten vorsorglich ihr Passwort ändern.
---------------------------------------------
http://www.golem.de/news/irc-chatnetzwerk-freenode-wurde-gehackt-1409-109231.html


*** Multiple vulnerabilities in IBM products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_pureapplication_system_modsecurity_chunked_header_security_bypass?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_apache_commons_fileupload_and_tomcat_vulnerability_in_workplace_xt?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_metrics_manager_is_affected_by_the_following_ibm_java_runtime_vulnerabilities_cve_2014_0878_cve_2014_0460?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_infosphere_streams_is_affected_by_a_vulnerability_in_the_ibm_reg_sdk_java_trade_technology_edition_cve_2014_4244?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_metrics_manager_is_affected_by_the_following_tomcat_vulnerabilities_cve_2014_0075_cve_2014_0096_cve_2014_0099_cve_2014_0119?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_found_in_ibm_sterling_secure_proxy_cve_2014_0878_cve_2014_0107_cve_2014_0453_cve_2014_4263_cve_2014_4244?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_found_in_ibm_sterling_external_authentication_server_cve_2014_0878_cve_2014_0107_cve_2014_0453_cve_2014_4263_cve_2014_4244?lang=en_us


*** Trustwave.com: 2014 Business Password Analysis ***
---------------------------------------------
We set out to determine how easily we could crack a sample of 626,718 hashed passwords we collected during thousands of network penetration tests performed in 2013 and some performed in 2014. ... We recovered more than half of the passwords within just the first ..
---------------------------------------------
https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/


*** Moodle Bugs Let Remote Users Obtain Potentially Sensitive Information and Bypass Security Controls ***
---------------------------------------------
Moodle Bugs Let Remote Users Obtain Potentially Sensitive Information and Bypass Security Controls
---------------------------------------------
http://www.securitytracker.com/id/1030839


*** Hacking Canon Pixma Printers - Doomed Encryption ***
---------------------------------------------
This blog post is another in the series demonstrating current insecurities in devices categorised as the 'Internet of Things'. This instalment will reveal how the firmware on Canon Pixma printers (used in the home and by SMEs) can be modified from the Internet to run custom code. ... For demonstration purposes I decided to get Doom running on the printer (Doom as in the classic 90s computer game).
---------------------------------------------
http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/


*** Bugtraq: Open-Xchange Security Advisory 2014-09-15 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533443


*** [Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered ***
---------------------------------------------
Our web honeypots picked up some interesting attack traffic. The initial web application attack vector (PHP-CGI vulnerability) is not new, the malware payload is. We wanted to get this information out to the community quickly due to the following combined threat elements -  Active exploit attempts to upload/install the malware The overall low detection rates among AV vendors The malware is actively being sold in underground ..
---------------------------------------------
http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html