[CERT-daily] Tageszusammenfassung - Donnerstag 23-04-2015

Thu Apr 23 18:14:56 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 22-04-2015 18:00 − Donnerstag 23-04-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a

*** Deep dive into QUANTUM INSERT ***
---------------------------------------------
Summary and recommendations QUANTUMINSERT (QI) is actually a relatively old technique. In order to exploit it, you will need a monitoring capabilities to leak information of observed TCP sessions and a host that can send spoofed packets. Your spoofed packet also needs to arrive faster than the original packet to be able to be successful. Any...
---------------------------------------------
http://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/

*** Sicherheitsfirma warnt vor iOS-Killer-Funktion ***
---------------------------------------------
Ein bösartiger Hotspot könnte iOS-Geräte in einen endlosen Reboot-Cycle schicken, warnt eine Sicherheitsfirma. Ursache ist anscheinend ein Fehler in Apples Verschlüsselungsimplementierung.
---------------------------------------------
http://heise.de/-2617385

*** New Threat Report ***
---------------------------------------------
Our latest comprehensive threat report, based on our analysis of H2 2014 data, is now available.
---------------------------------------------
https://www.f-secure.com/weblog/archives/00002805.html

*** Mobile Threats Incident Handling: Updated ENISA material ***
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/mobile-threats-incident-handling-updated-enisa-material

*** Schadcode durch WLAN-Pakete ***
---------------------------------------------
Durch eine Lücke in dem Standard-Tool wpa_supplicant können Angreifer anfällige Systeme über WLAN kompromittieren. Es kommt unter anderem bei Android und Linux zum Einsatz. Abhilfe schafft ein Patch, eine abgesicherte Version soll folgen.
---------------------------------------------
http://heise.de/-2618115

*** wpa_supplicant P2P SSID processing vulnerability ***
---------------------------------------------
A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames). SSID field has valid length range of 0-32 octets. However, it is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets. wpa_supplicant was not sufficiently verifying the payload length on one of the code paths using the SSID received from
---------------------------------------------
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt

*** SSA-237894 (Last Update 2015-04-23): Vulnerability in SIMATIC PCS 7 ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-237894.pdf

*** PowerDNS decompression bug can cause crashes ***
---------------------------------------------
Topic: PowerDNS decompression bug can cause crashes Risk: Medium Text:Hi everybody, Please be aware of PowerDNS Security Advisory 2015-01 (http://doc.powerdns.com/md/security/powerdns-advisory-...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040155

*** Security patch 02 for ZEN 11 Appliance - Freak - See TID 7016312 ***
---------------------------------------------
Abstract: Patch for CVE-2015-0204 (FREAK) - OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability for ZCM ApplianceDocument ID: 5207650Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:ZCM_11_Security_Patch_2.zip (12.65 MB)Products:ZENworks Configuration Management 11ZENworks Configuration Management 11.1ZENworks Configuration Management 11 SP3ZENworks Configuration Management 11.2ZENworks Configuration Management 11.2.1ZENworks Configuration Management
---------------------------------------------
https://download.novell.com/Download?buildid=Ddi7yDlFrqA~

*** ZDI-15-149: Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to disclose Session IDs of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ly4m30xpA5I/

*** ZDI-15-148: Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/04USkHANe4s/

*** ZDI-15-147: Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/vaCwk090UHI/

*** ZDI-15-153: Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sPdD0Sy4sxQ/

*** ZDI-15-152: Novell Zenworks com.novell.zenworks.inventory.rtr.actionclasses.wcreports Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/GTCY2AUbObw/

*** ZDI-15-151: Novell Zenworks Rtrlet doPost Directory Traversal Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. By default, authentication is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Wi0h3ROfwWc/

*** ZDI-15-150: Novell Zenworks FileViewer Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/-6nZPEvRTF0/

*** Security Advisory: Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369 ***
---------------------------------------------
(SOL16478)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/400/sol16478.html?ref=rss

*** Security Advisory: Rsync vulnerability CVE-2007-6199 ***
---------------------------------------------
(SOL15549)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15549.html?ref=rss

*** Security Advisory: Linux kernel vulnerability CVE-2009-4537 ***
---------------------------------------------
(SOL16479)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/400/sol16479.html?ref=rss

*** DSA-3232 curl - security update ***
---------------------------------------------
Several vulnerabilities were discovered in cURL, an URL transfer library:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3232

*** iPassword Manager 2.6 Script Insertion ***
---------------------------------------------
Topic: iPassword Manager 2.6 Script Insertion Risk: Low Text:Document Title: iPassword Manager v2.6 iOS - Persistent Vulnerabilities References (Source): == http://www...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040147

*** Docker Privilege Escalation ***
---------------------------------------------
Topic: Docker Privilege Escalation Risk: Medium Text:TLDR; Don’t use the ‘docker’ group Docker, if you aren’t already familiar with it, is a lightweight runtime and pack...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015040151

*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005132

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affecting Sametime Unified Telephony (OpenSSL: CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8725, CVE-2015-0204, CVE-2015-0205) ***
http://www.ibm.com/support/docview.wss?uid=swg21882876

*** IBM Security Bulletin: RPM vulnerability issue on IBM SONAS (CVE-2013-6435) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005166

*** IBM Security Bulletin: RPM vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-6435) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005160

*** IBM Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Storwize V7000 Unified (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005147

*** IBM Security Bulletin: Open Source GNU glibc vulnerabilities on IBM Storwize V7000 Unified (CVE-2014-7817, CVE-2014-9087) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005075

*** IBM Security Bulletin: Open Source GNU glibc vulnerabilities on IBM SONAS (CVE-2014-7817, CVE-2014-9087) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005152

*** IBM Security Bulletin: NSS vulnerability issue on IBM Storwize V7000 Unified (CVE-2014-3566) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005148

*** IBM Security Bulletin: Vulnerability in NSS affects SAN Volume Controller and Storwize Family (CVE-2014-3566) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005209

*** IBM Security Bulletin: Security Bulletin: IBM i is affected by several OpenSSL vulnerabilities. ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020693

*** IBM Security Bulletin: Vulnerabilities in OpenSSL including ClientHello DoS affect IBM Sterling B2B Integrator (CVE-2015-0209, CVE-2015-0287, CVE-2015-0292, and others) ***
http://www.ibm.com/support/docview.wss?uid=swg21883249

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affects Rational Software Architect for Websphere Software ***
http://www.ibm.com/support/docview.wss?uid=swg21882955

*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Mobile (CVE-2015-0138) ***
http://www.ibm.com/support/docview.wss?uid=swg21701358

*** IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web (CVE-2015-0138) ***
http://www.ibm.com/support/docview.wss?uid=swg21701548

*** IBM Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-0240) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005125

*** IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2015-0240) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005157

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21883226

*** IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-2808) ***
http://www.ibm.com/support/docview.wss?uid=swg21701114