[CERT-daily] Tageszusammenfassung - Donnerstag 17-12-2015

Thu Dec 17 18:29:34 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-12-2015 18:00 − Donnerstag 17-12-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Press Backspace 28 times to own unlucky Grub-by Linux boxes ***
---------------------------------------------
Integer underflow fault means you can get into rescue mode and rummage around A pair of researchers from the University of Valencias Cybersecurity research group have found that if you press backspace 28 times, its possible to bypass authentication during boot-up on some Linux machines.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/17/press_backspace_28_times_to_own_any_grubby_linux_box/


*** Checklist - How to Secure Your WordPress Website ***
---------------------------------------------
We know that you care about what you build and protecting it is incredibly important. Hacks happen, and it's your job to reduce their likelihood to the lowest probability possible. We built this checklist of best practices to help you harden your website and protect you and your users from hacks.
---------------------------------------------
https://www.wordfence.com/learn/checklist-how-to-secure-your-wordpress-website/


*** Privileged Access Workstations ***
---------------------------------------------
Privileged Access Workstations (PAWs) provide a dedicated operating system for sensitive tasks that is protected from Internet attacks and threat vectors. Separating these sensitive tasks and accounts from the daily use workstations and devices provides very strong protection from phishing attacks, application and OS vulnerabilities, various impersonation attacks, and credential theft attacks such as keystroke logging, Pass-the-Hash, and Pass-The-Ticket.
---------------------------------------------
https://technet.microsoft.com/en-US/library/mt634654.aspx


*** F-Secure: Sandboxed Execution Environment ***
---------------------------------------------
Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments. The Sandboxes, provided via libvirt, are customizable allowing high degree of flexibility. Different type of Hypervisors (Qemu, VirtualBox, LXC) can be employed to run the Test Environments. Plugins can be added to a Test Environment which provides an Event mechanism synchronisation for their interaction. Users can enable and configure the plugins through a JSON configuration file.
---------------------------------------------
https://github.com/F-Secure/see


*** How do you know if your smartphone has been compromised? ***
---------------------------------------------
Signs that may indicate a mobile infection: Has your phone been compromised? #1: You notice the system or apps behaving strangely #2: Your call or message history includes some unknown entries ...
---------------------------------------------
http://www.welivesecurity.com/2015/12/16/know-smartphone-compromised/


*** XSS, SQLi bugs found in several Network Management Systems ***
---------------------------------------------
Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploit...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/hQ6oQHF5luA/secworld.php


*** POS Malware Families: An insight into the Behavior of POS Malware ***
---------------------------------------------
In a previous blog, we discussed why Point of Sale (POS) devices remain such an attractive target and described some different attack methods. As you can see from the infographic below, retail and POS have been (pardon the pun) "Targets" on an ongoing basis for the past few years, and the trend doesn't appear to be reversing, even with technologies such as EMV and P2PE. In this blog, we describe some of the different families of POS malware. POS Malware Common Features...
---------------------------------------------
https://feeds.feedblitz.com/~/128665939/0/alienvault-blogs~POS-Malware-Families-An-insight-into-the-Behavior-of-POS-Malware


*** Xen Security Advisories ***
---------------------------------------------
XSA-155 - paravirtualized drivers incautious about shared memory contents 
http://xenbits.xen.org/xsa/advisory-155.html 
---------------------------------------------
XSA-157 - Linux pciback missing sanity checks leading to crash 
http://xenbits.xen.org/xsa/advisory-157.html 
---------------------------------------------
XSA-164 - qemu-dm buffer overrun in MSI-X handling 
http://xenbits.xen.org/xsa/advisory-164.html 
---------------------------------------------
XSA-165 - information leak in legacy x86 FPU/XMM initialization 
http://xenbits.xen.org/xsa/advisory-165.html 
---------------------------------------------
XSA-166 - ioreq handling possibly susceptible to multiple read issue
http://xenbits.xen.org/xsa/advisory-166.html
---------------------------------------------


*** DFN-CERT-2015-1948: Samba: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1948/


*** Cisco FireSIGHT Management Center SSL HTTP Attack Detection Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-fsm


*** Security Advisory: BIND vulnerability CVE-2015-8000 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/34/sol34250741.html?ref=rss


*** Multiple SQL Injection Vulnerabilities in Citrix Command Center Web User Interface Java Servlets ***
---------------------------------------------
A number of SQL Injection vulnerabilities have been identified in the Administration Web UI servlets used by Citrix Command Center. These vulnerabilities, if exploited, could allow an authenticated user to insert malicious SQL queries into the application, potentially causing the alteration or deletion of system data.
---------------------------------------------
http://support.citrix.com/article/CTX203787


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM API Management (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21965259
---------------------------------------------
*** IBM Security Bulletin: Fix available for Information Disclosure Vulnerability in IBM WebSphere Portal (CVE-2015-7447) ***
http://www.ibm.com/support/docview.wss?uid=swg21973152
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons affects IBM Content Manager Services for Lotus Quickr (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21973096
---------------------------------------------
*** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by privilege escalation vulnerability (CVE-2015-7429) ***
http://www.ibm.com/support/docview.wss?uid=swg21973087
---------------------------------------------
*** IBM Security Bulletin: Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Tivoli Storage FlashCopy Manager for VMware affected by unauthorized access vulnerability (CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21973086
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM) - IBM Java SDK updates October 2015 ***
http://www.ibm.com/support/docview.wss?uid=swg21973355
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947) ***
http://www.ibm.com/support/docview.wss?uid=swg21972470
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Content Collector for SAP Applications (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21973147
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Cinder information disclosure vulneraility (CVE-2015-1851) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1020980
---------------------------------------------
*** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 that allows users to truncate any table even though the owner of the table has not granted any privilege to any user/role/group (CVE-2015-5020) ***
http://www.ibm.com/support/docview.wss?uid=swg21967923
---------------------------------------------
*** IBM Security Bulletin: Infosphere BigInsights is affected by a vulnerability in DB2 (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21970400
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Commons affects OpenPages GRC Platform with Application Server (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972345
---------------------------------------------
*** IBM Security Bulletin: IBM Curam Social Program Management is Vulnerable to Reflected Cross-Site Scripting (CVE-2015-7402) ***
http://www.ibm.com/support/docview.wss?uid=swg21970661
---------------------------------------------


*** ZDI-15-641: Foxit Reader Forms Out-Of-Bounds Read Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/LfsseiLCccs/


*** ZDI-15-643: Foxit Reader Will Print Action Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/28dKwkM6_5M/


*** ZDI-15-642: Foxit Reader Will Save Document Action Use-After-Free Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uY-c98zZjQI/


*** ZDI-15-644: Foxit Reader FlateDecode Heap Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/s3waojIPu0E/