[CERT-daily] Tageszusammenfassung - Dienstag 6-12-2016

Tue Dec 6 18:05:31 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 05-12-2016 18:00 − Dienstag 06-12-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Dirty Cow Vulnerability Patched in Android Security Bulletin ***
---------------------------------------------
Todays Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google.
---------------------------------------------
http://threatpost.com/dirty-cow-vulnerability-patched-in-android-security-bulletin/122266/


*** BlackBerry powered by Android Security Bulletin - December 2016 ***
---------------------------------------------
http://support.blackberry.com/kb/articleDetail?articleNumber=000038813


*** Arista CloudVision Portal bug revealed, plus evidence its been used ***
---------------------------------------------
You know the drill: face-palm, download, patch, grumble about state of security, relax Arista customers: if youre running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/arista_cloud_portal_bug/


*** Printer security is so bad HP Inc will sell you services to fix it ***
---------------------------------------------
Finally, FINALLY, someone is turning off Telnet and FTP Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/printer_security_sucks_so_bad_hp_has_opened_a_pain_outsourcing_unit/


*** GNU Netcat 0.7.1 Out-Of-Bounds Write ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016120029


*** In the three years since IETF said pervasive monitoring is an attack, whats changed? ***
---------------------------------------------
IETF Security director Stephen Farrell offers a report card on evolving defences
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/ietf_report_card/


*** [2016-12-06] Backdoor vulnerability in Sony IPELA ENGINE IP Cameras ***
---------------------------------------------
Sony IPELA Engine IP Cameras contain multiple backdoors. Those backdoor accounts allow an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or spy on people.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt


*** DailyMotion anscheinend gehackt: 87,6 Millionen Nutzer betroffen ***
---------------------------------------------
Unbekannte Hacker sollen in das Server-System die Videoportals eingestiegen sein und neben E-Mail-Adressen auch geschützte Passwörter kopiert haben.
---------------------------------------------
https://heise.de/-3559563


*** Vuln: Joomla! Core CVE-2016-9836 Arbitrary File Upload Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94663


*** International Phone Fraud Tactics ***
---------------------------------------------
This article outlines two different types of international phone fraud.
---------------------------------------------
https://www.schneier.com/blog/archives/2016/12/international_p.html


*** Aufgepasst: Neuer Verschlüsselungstrojaner Goldeneye verbreitet sich rasant ***
---------------------------------------------
Ein bisher unbekannter Verschlüsselungstrojaner tarnt sich als Bewerbungs-E-Mail und versucht, Systeme in ganz Deutschland zu verschlüsseln. Momentan wird er von vielen Virenscannern noch nicht erkannt.
---------------------------------------------
https://heise.de/-3561396


*** Roundcube 1.2.2: Command Execution via Email ***
---------------------------------------------
In this post, we show how a malicious user can execute arbitrary commands on the underlying operating system remotely, simply by writing an email in Roundcube 1.2.2 (>= 1.0). This vulnerability is highly critical because all default installations are affected. We urge all administrators to update the Roundcube installation to the latest version 1.2.3 as soon as possible.
---------------------------------------------
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/


*** Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow ***
---------------------------------------------
hen qemu is used as a device model within Xen, io requests are generated by the hypervisor and read by qemu from a shared ring. The entries in this ring use a common structure, including a 64-bit address field, for various accesses, including ioport addresses. Xen will write only 16-bit address ioport accesses. However, depending on the Xen and qemu version, the ring may be writeable by the guest. If so, the guest can generate out-of-range ioport accesses, resulting in wild pointer accesses
---------------------------------------------
https://lists.xen.org/archives/html/xen-announce/2016-12/msg00001.html


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager. ***
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099503
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Open Source Linux Kernel Vulnerabilities (CVE-2016-5195) ***
http://www.ibm.com/support/docview.wss?uid=swg21994535
---------------------------------------------
*** IBM Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993006
---------------------------------------------
*** IBM Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to various CVEs. ***
http://www.ibm.com/support/docview.wss?uid=swg21994719
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994401
---------------------------------------------
*** IBM Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388) ***
http://www.ibm.com/support/docview.wss?uid=swg21994725
---------------------------------------------
*** IBM Security Bulletin: Open Source Apache Xerces-C XML parser vulnerabilities affect IBM Integration Bus and WebSphere Message Broker (CVE-2016-4463, CVE-2016-0729) ***
http://www.ibm.com/support/docview.wss?uid=swg21985691
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991065
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics Tools ***
http://www-01.ibm.com/support/docview.wss?uid=swg21994484
---------------------------------------------