[CERT-daily] Tageszusammenfassung - Donnerstag 18-06-2015

Daily end-of-shift report team at cert.at
Thu Jun 18 18:27:43 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 17-06-2015 18:00 − Donnerstag 18-06-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** OS X and iOS Unauthorized Cross Application Resource Access (XARA), (Thu, Jun 18th) ***
---------------------------------------------
The last couple of days, a paper with details about XARA vulnerabilities in OS X and iOS is getting a lot of attention [1]. If you havent seen the term XARA before, then this is probably because cross-application-resource-access was normal in the past. Different applications has access to each others data as long as the same user ran them. But more recently, operating systems like OS X and iOS made attempts to sandbox applications and isolate applications from each other even if the same user...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19815&rss




*** Apple OS X and iOS in the vulnerability spotlight - meet "CORED," also known as "XARA" ***
---------------------------------------------
The security issue of the week has arrived in iOS and OS X, and its attracted a funky name already. The researchers called it XARA, but others had different ideas, and dubbed it "CORED." As in "Apple CORED."
---------------------------------------------
http://feedproxy.google.com/~r/nakedsecurity/~3/Q4IwUfvQIVM/




*** IT-Sicherheitskonferenz FIRST: Ohne Vertrauen geht nichts, aber das Vertrauen geht ***
---------------------------------------------
Die FIRST-Konferenz in Berlin beschäftigte sich damit, wie die Sicherheit von Computernetzen verbessert werden kann. Am Ende stand die Erkenntnis, dass die Arbeit komplizierter wird, weil Staaten zunehmend in IT-Sicherheit eingreifen.
---------------------------------------------
http://heise.de/-2716841




*** Caching Out: The Value of Shimcache for Investigators ***
---------------------------------------------
During a recent investigation, we found references to timestamps associated with probable malicious files that preceded the earliest known date of compromise. These Application Compatibility Cache (“Shimcache”) timestamps were the only evidence linked to this timeframe.
---------------------------------------------
https://www.fireeye.com/blog/threat-research/2015/06/caching_out_the_val.html




*** Uncovering Tor users: where anonymity ends in the Darknet ***
---------------------------------------------
Intelligence services have not disclosed any technical details of how they detained cybercriminals who created Tor sites to distribute illegal goods; in particular, they are not giving any clues how they identify cybercriminals who act anonymously. This may mean that the implementation of the Tor Darknet contains some vulnerabilities and/or configuration defects that make it possible to unmask any Tor user. In this research, we will present practical examples to demonstrate how Tor users may...
---------------------------------------------
http://securelist.com/analysis/publications/70673/uncovering-tor-users-where-anonymity-ends-in-the-darknet/




*** Drupal-Lücken erlauben das Kapern von Admin-Konten ***
---------------------------------------------
In Drupal 6 und 7 klaffen vier Sicherheitslücken. Die schwerwiegendste erlaubt es Angreifer, Admin-Konten des CMS über OpenID zu kapern. Updates, welche die Lücken schließen, stehen zum Download bereit.
---------------------------------------------
http://heise.de/-2715975




*** Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2015-002 ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CORE-2015-002Project: Drupal core Version: 6.x, 7.xDate: 2015-June-17Security risk: 15/25 ( Critical) AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Access bypass, Information Disclosure, Open Redirect, Multiple vulnerabilitiesDescriptionImpersonation (OpenID module - Drupal 6 and 7 - Critical)A vulnerability was found in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their
---------------------------------------------
https://www.drupal.org/SA-CORE-2015-002




*** Security Advisories for Drupal Third-Party Modules ***
---------------------------------------------
https://www.drupal.org/security/contrib




*** Bugtraq: [security bulletin] HPSBGN03350 rev.1 - HP SiteScope Using RC4, Remote Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535785




*** Bugtraq: [security bulletin] HPSBGN03338 rev.1 - HP Service Manager running RC4, Remote Disclosure of Information ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535786




*** Cisco IOS XR IPv6 Packet Processing Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39383




*** Cisco IOS XR SSH Disconnect Error Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39402




*** Symantec Endpoint Protection Manager and Client Issues ***
---------------------------------------------
 Revisions None Severity CVSS2Base ScoreImpactExploitabilityCVSS2 VectorSEPM Auth User Blind SQLi in PHP prepared state...
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2015&suid=20150617_00




*** [R2] PHP < 5.4.41 Vulnerabilities Affect Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2015-06




*** Rack denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/103917




*** SQL Injection in EXT:sb_akronymmanager ***
---------------------------------------------
It has been discovered that the extension "Akronymmanager" (sb_akronymmanager) is susceptible to SQL Injection
---------------------------------------------
http://www.typo3.org/news/article/sql-injection-in-extsb-akronymmanager/




*** pure-ftpd 1.0.39 remote denial of service in glob_() ***
---------------------------------------------
Topic: pure-ftpd 1.0.39 remote denial of service in glob_() Risk: Medium Text:Version 1.0.40 of pure-FTPd fixes a potential denial of service issue. From the NEWS file: - The process handling a user...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015060101


More information about the Daily mailing list