[CERT-daily] Tageszusammenfassung - Freitag 26-09-2014

Fri Sep 26 18:07:16 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 25-09-2014 18:00 − Freitag 26-09-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Patching Bash Vulnerability a Challenge for ICS, SCADA ***
---------------------------------------------
Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.
---------------------------------------------
http://threatpost.com/patching-bash-vulnerability-a-challenge-for-ics-scada/108575


*** Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware ***
---------------------------------------------
Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out; it was reportedly being exploited in the wild already. This vulnerability can allow execution of arbitrary code thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-OM1T28JyB8/


*** Linux ELF bash 0day: The fun has only just begun... ***
---------------------------------------------
Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in the wild. The assembly analysis and summary I wrote and posted in here --> [-1-] [-2-] The fun has only just begun...Yes. Today I was informed there is another payload distributed, thanks to my good friend, Father Robin Jackson (credit): Which...
---------------------------------------------
http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-just.html


*** Bad boy builds beastly Bash bug botnet - boxen battered ***
---------------------------------------------
DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/09/26/bad_guy_builds_beastly_bash_botnet/


*** Vulnerabilities in LibVNCServer ***
---------------------------------------------
---------------------------------------------
LibVNCServer CVE-2014-6054 Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/70094
---------------------------------------------
libVNCserver CVE-2014-6051 Integer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/70093
---------------------------------------------
LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/70092
---------------------------------------------
LibVNCServer CVE-2014-6052 Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/70091


*** JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell command injection vulnerability in Bash (CVE-2014-6271, CVE-2014-7169) ***
---------------------------------------------
Products vulnerable to remote exploitation risks:
    Junos Space is vulnerable in all versions.
    JSA Series (STRM) devices are vulnerable in all versions.
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10648&actp=RSS


*** GNU Bash Environmental Variable Command Injection Vulnerability ***
---------------------------------------------
cisco-sa-20140926-bash
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash


*** DSA-3035 bash ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3035


*** TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin) ***
---------------------------------------------
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-011/


*** Bugtraq: [SECURITY] [DSA 3036-1] mediawiki security update ***
---------------------------------------------
[SECURITY] [DSA 3036-1] mediawiki security update
---------------------------------------------
http://www.securityfocus.com/archive/1/533552