[CERT-daily] Tageszusammenfassung - Montag 23-02-2015

Mon Feb 23 18:12:16 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 20-02-2015 18:00 − Montag 23-02-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Wichtige Sicherheitsupdates für PHP ***
---------------------------------------------
Neue PHP-Versionen schließen unter anderem eine kritische Sicherheitslücke, zu der bereits ein Exploit kursiert. Admins sollten daher keine Zeit verlieren.
---------------------------------------------
http://heise.de/-2557586


*** Data Traffic & Network Security ***
---------------------------------------------
Introduction Last year - dubbed "the Year of the Hack" - saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment. And after Target in 2013, another retailer, Home Depot, suffered a data breach with more than 56 million credit cards stolen. The consequences of these incidents can be...
---------------------------------------------
http://resources.infosecinstitute.com/data-traffic-network-security/


*** Flaw makes Cisco routing hardware vulnerable to DoS attacks ***
---------------------------------------------
A serious vulnerability affecting the software of some of Ciscos routing hardware systems for telecommunications and Internet service providers could be exploited to mount DoS attacks, the company ha...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17990


*** Samba vulnerability (CVE-2015-0240) ***
---------------------------------------------
CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authenticated is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.
---------------------------------------------
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/


*** Superfish not the only app using Komodias SSL-busting code ***
---------------------------------------------
As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about the "vulnerability" that...
---------------------------------------------
http://www.net-security.org/secworld.php?id=17991


*** Privdog: Comodo-Adware hebelt HTTPS-Sicherheit aus ***
---------------------------------------------
Die Adware Privdog hebelt ähnlich wie Superfish den Schutz von HTTPS komplett aus. Pikant daran: Privdog wurde von Comodo verbreitet, einer der größten Zertifizierungsstellen für TLS-Zertifikate.
---------------------------------------------
http://www.golem.de/news/privdog-comodo-adware-hebelt-https-sicherheit-aus-1502-112534-rss.html


*** FireEye shares details on Masque Attack II affecting iOS devices ***
---------------------------------------------
Masque Attack II entails bypassing an iOS prompt for trust and app URL scheme hijacking, FireEye said.
---------------------------------------------
http://www.scmagazine.com/fireeye-shares-details-on-masque-attack-ii-affecting-ios-devices/article/399314/


*** Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability ***
---------------------------------------------
CVE-2015-0631
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0631


*** Cisco AsyncOS Software HTTP Redirect Vulnerability ***
---------------------------------------------
CVE-2015-0624
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624


*** IBM Security Bulletins ***
---------------------------------------------
Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184
http://www.ibm.com/support/docview.wss?uid=swg21695878

Vulnerability in SSLv3 affects Tivoli Storage Manager for Virtual Environments 7.1 and FlashCopy Manager for VMware 4.1 (CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=swg21690828

OpenSSL vulnerabilities announced August 6th 2014 affect Juniper EX Series Network Switches sold by IBM for use in IBM Products (9 CVEs)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097073

Vulnerabilities in OpenSSL. Juniper EX Series Network Switches sold by IBM for use in IBM Products. (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097126
---------------------------------------------


*** Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for two vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-050-01


*** Vibe 3.4 - Hot Patch 1 ***
---------------------------------------------
Abstract: This patch addresses the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability and also provides a number of general bug fixes for Novell Vibe 3.4.Document ID: 5198730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:NV-Vibe60DayEval-001.xml (719 bytes)NV-Vibe10Usr-001.xml (730 bytes)novell-vibe-3.4.0-windows.zip (185.69 MB)readme-Vibe-3.4-HP1.txt (4.13 kB)novell-vibe-3.4.0-linux.tar (187.8 MB)Products:Vibe 3.4Superceded Patches: None
---------------------------------------------
https://download.novell.com/Download?buildid=EaNhJs2Offs~


*** Bugtraq: iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\... ***
---------------------------------------------
http://www.securityfocus.com/archive/1/534728


*** MyBB 1.8.3 Multiple stored XSS-vulnerabilities ***
---------------------------------------------
Topic: MyBB 1.8.3 Multiple stored XSS-vulnerabilities Risk: Low Text: The researchers adamziaja, Devilshakerz, DingjieYang and me found multiple stored XSS-vulnerabilities in the administrative ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015020109


*** DSA-3169 eglibc - security update ***
---------------------------------------------
Several vulnerabilities have been fixed in eglibc, Debians version ofthe GNU C library:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3169


*** DSA-3164 typo3-src - security update ***
---------------------------------------------
Pierrick Caillon discovered that the authentication could be bypassed inthe Typo 3 content management system. Please refer to the upstreamadvisory for additional information:
---------------------------------------------
https://www.debian.org/security/2015/dsa-3164


*** Security Advisory: Elasticsearch vulnerability CVE-2015-1427 ***
---------------------------------------------
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigned CVE-2015-1427 for this. Fixed versions: Versions 1.3.8 and 1.4.3 disable sandboxing for Groovy by default. As a consequence, dynamic script execution is disabled for Groovy. CVSS: Overall CVSS score: 5.8
---------------------------------------------
http://securityvulns.com/docs31742.html


*** HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04554677