[CERT-daily] Tageszusammenfassung - Freitag 26-08-2016

Fri Aug 26 18:08:15 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 25-08-2016 18:00 − Freitag 26-08-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** OpenSSL schützt vor Sweet32-Attacke und tanzt ChaCha20 ***
---------------------------------------------
Version 1.1.0 mistet alte, unsichere Krypto-Verfahren aus und unterstützt dafür modernere wie ChaCha20. Das Update stoppt zudem die Sweet32-Attacke auf SSL/TLS und OpenVPN.
---------------------------------------------
http://heise.de/-3305647


*** Hintergrund: Die iOS-Spyware Pegasus - eine Bestandsaufnahme ***
---------------------------------------------
Die Spionage-Software Pegasus erschüttert die iPhone-Welt. Wie kann ich mich schützen? Liegt das iOS-Sicherheitskonzept in Schutt und Asche? Ist das das Ende? Eine Analyse der bekannten Fakten schafft Klarheit.
---------------------------------------------
http://heise.de/-3305780


*** What's The Deal With Machine Learning? ***
---------------------------------------------
We've recently received quite a few questions regarding the use of machine learning techniques in cyber security. I figured it was time for a blog post. Interestingly, while I was writing this post, we got asked even more questions, so the timing couldn't be better. It seems that there are quite a few companies out...
---------------------------------------------
https://labsblog.f-secure.com/2016/08/26/whats-the-deal-with-machine-learning/


*** Floating Domains - Taking Over 20K DigitalOcean Domains via a Lax Domain Import System ***
---------------------------------------------
DigitalOcean is a cloud service provider similar to Amazon Web Services or Google Cloud. They offer cloud DNS hosting as one of their product lines - a nice guide on how to set up your domain to use their DNS can be found here. Take a moment to read it over and see if you can spot any potential issues with their domain name set up process.
---------------------------------------------
https://thehackerblog.com/floating-domains-taking-over-20k-digitalocean-domains-via-a-lax-domain-import-system/index.html


*** 5 security practices hackers say make their lives harder ***
---------------------------------------------
Whether they identify as white hats, black hats or something in-between, a majority of hackers agree that no password is safe from them - or the government for that matter. Regardless of where they sit with respect to the law, hackers mostly agree that five key security measures can make it a lot harder to penetrate enterprise networks.At the Black Hat USA 2016 conference in Las Vegas earlier this month, Thycotic, a specialist in privileged account management (PAM) solutions, surveyed...
---------------------------------------------
http://www.cio.com/article/3112740/security/5-security-practices-hackers-say-make-their-lives-harder.html#tk.rss_security


*** iOS 9.3.5 ***
---------------------------------------------
This document describes the security content of iOS 9.3.5.
---------------------------------------------
https://support.apple.com/en-us/HT207107


*** F-Secure Policy Manager 12.00.67239 - Remote code execution by authenticated user ***
---------------------------------------------
The F-Secure Policy Manager client relies on Spring remoting to communicate with the server. Spring remoting uses Java serialization as transfer protocol. Spring internal mechanisms first deserialize before validating the deserialization class is authorized. That behavior leads to remote command execution if we are able to send objects present in the classpath that execute code when they are deserialized.
---------------------------------------------
https://remoteawesomethoughts.blogspot.com/2016/08/f-secure-policy-manager-120067239.html


*** PowerDNS Recursor 4.0.2 - Released August 26th 2016 ***
---------------------------------------------
This release fixes a regression in 4.x where CNAME records for DNSSEC signed domains were not sorted before the final answers, leading to some clients (notably some versions of Chrome) not being able to extract the required answer from the packet. [...] Further fixes and changes can be found below:...
---------------------------------------------
https://doc.powerdns.com/md/changelog/


*** VU#305607: Accellion Kiteworks contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#305607 Accellion Kiteworks contains multiple vulnerabilities Original Release date: 26 Aug 2016 | Last revised: 26 Aug 2016   Overview The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities.  Description CWE-276: Incorrect Default Permissions - CVE-2016-5662 The `/opt/bin/cli` script has setuid permissions by default, allowing an authenticated KiteWorks users to escalate privileges of commands to root. In practice, the user would...
---------------------------------------------
http://www.kb.cert.org/vuls/id/305607


*** AlienVault USM/OSSIM 5.2 conf/reload.php DOM-based XSS ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080229


*** FreePBX 13.0.35 Remote command execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080231


*** Apple libc incomplete fix of Security Update for OS X El Capitan 10.11.2 ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016080232


*** OpenBSD SMTP Processing Bug in rfc2822_parser_init() May Let Remote Users Bypass Security Restrictions on the Target System ***
---------------------------------------------
http://www.securitytracker.com/id/1036691


*** DFN-CERT-2016-1391: OpenSSL: Eine Schwachstelle ermöglicht das Umgehen von Sicherheitsvorkehrungen und Ausspähen von Informationen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1391/


*** OpenVPN Blowfish Cipher Block Collision Weakness Lets Remote Users Decrypt Data in Certain Cases ***
---------------------------------------------
http://www.securitytracker.com/id/1036695


*** DSA-3651 rails - security update ***
---------------------------------------------
Andrew Carpenter of Critical Juncture discovered a cross-site scriptingvulnerability affecting Action View in rails, a web applicationframework written in Ruby. Text declared as HTML safe will not havequotes escaped when used as attribute values in tag helpers.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3651


*** DSA-3654 quagga - security update ***
---------------------------------------------
Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routingdaemon.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3654


*** DSA-3653 flex - security update ***
---------------------------------------------
Alexander Sulfrian discovered a buffer overflow in theyy_get_next_buffer() function generated by Flex, which may result indenial of service and potentially the execution of code if operating ondata from untrusted sources.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3653


*** DSA-3652 imagemagick - security update ***
---------------------------------------------
This updates fixes many vulnerabilities in imagemagick: Various memoryhandling problems and cases of missing or incomplete input sanitisingmay result in denial of service or the execution of arbitrary code ifmalformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum,PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3652