[CERT-daily] Tageszusammenfassung - Freitag 1-07-2016

Fri Jul 1 18:11:33 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 30-06-2016 18:00 − Freitag 01-07-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** F5: Security Advisory: GraphicsMagick vulnerability CVE-2016-5118 ***
---------------------------------------------
The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. (CVE-2016-5118)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/82/sol82747025.html?ref=rss


*** The Types of Penetration Testing ***
---------------------------------------------
Black Box/White Box/Gray Box Testing
Red/Blue/Purple Teams
---------------------------------------------
http://resources.infosecinstitute.com/the-types-of-penetration-testing/


*** Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash ***
---------------------------------------------
Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
---------------------------------------------
http://www.securitytracker.com/id/1036211


*** Eaton ELCSoft Programming Software Memory Vulnerabilities ***
---------------------------------------------
This advisory contains mitigation details for a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton's ELCSoft programming software.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-01


*** Sofortmaßnahmen für Unternehmen bei Cyberangriffen ***
---------------------------------------------
Die ersten 72 Stunden nach einem Cyber-Angriff können für die Rechtsverfolgung entscheidend sein, erklärten Wolf Theiss-Rechtsexperten vor Journalisten.
---------------------------------------------
http://futurezone.at/b2b/sofortmassnahmen-fuer-unternehmen-bei-cyberangriffen/207.251.648


*** SSA-444217 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SICAM PAS ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf


*** SSA-547990 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf


*** Security Advisory 2016-01: Security Update for OTRS FAQ package ***
---------------------------------------------
An attacker could access and manipulate the database with an HTTP request.
---------------------------------------------
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/


*** Cracking Androids full-disk encryption is easy on millions of phones - with a little patience ***
---------------------------------------------
Just need a couple of common bugs, some GPUs and time Androids full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected - and theres working code to prove it.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/turns_out_breaking_android_fulldisk_encryption_is_easy_with_the_right_code/


*** Joomla com_smartformer 2.4.1 Shell Upload ***
---------------------------------------------
* @package SmartFormer
* @version 2.4.1 (J1.5 security fix)
poc:
1 - choose a site and open it
2 - Upload shell.php
3 - Go to :/components/com_smartformer/files/shell.php
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016070002


*** Process Hallowing ***
---------------------------------------------
In this article, we will learn what process hallowing is, how is it done, and how we can detect it while performing memory analysis.
---------------------------------------------
http://resources.infosecinstitute.com/process-hallowing/


*** Exploiting Format Strings (Part 1) ***
---------------------------------------------
Overview : In this article, we will learn what Format String Vulnerabilities is, how we exploit it to read specific values from the stack, further we will also have a look at how we can use different format specifiers to write arbitrary values to the stack.
---------------------------------------------
http://resources.infosecinstitute.com/exploiting-format-strings-part-1/


*** UEFAs Euro 2016 app is airing football fans' privates in public ***
---------------------------------------------
Offside! Lack of encryption bares usernames, passwords and more The official UEFA Euro 2016 app is leaking football fans' personal data, security researchers warn.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/euro_2016_app_privacy_flap/


*** Cracking Locky's New Anti-Sandbox Technique ***
---------------------------------------------
This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following considerations: New Locky binaries will not execute properly without the correct parameter. JavaScript downloaders may fail to download if the download locations are already down.
---------------------------------------------
https://blog.fortinet.com/2016/06/30/cracking-locky-s-new-anti-sandbox-technique


*** Magento Re-Installation & Account Hijacking Vulnerabilities ***
---------------------------------------------
Before discovering my latest Magento RCE, I've found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I'm presenting both of them in this single blog post for your convenience. Vulnerable Versions: Magento EE & CE 2.x.x before 2.0.6.
---------------------------------------------
http://netanelrub.in/2016/07/01/magento-re-installation-account-hijacking-vulnerabilities/


*** F5: Security Advisory: Cross Site Scripting (XSS) vulnerability in F5 WebSafe Dashboard CVE-2016-5235 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48572812.html?ref=rss


*** A year of Windows kernel font fuzzing #2: the techniques ***
---------------------------------------------
Posted by Mateusz Jurczyk of Google Project ZeroIn part #1 of the series (see here), we discussed the motivation and outcomes of our year long fuzzing effort against the Windows kernel font engine, followed by an analysis of two bug collisions with Keen Team and Hacking Team that ensued as a result of this work. While the bugs themselves are surely amusing, what we find even more interesting are the techniques and decisions we made to make the project as effective as it turned out to be.
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html


*** Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160630-cca


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source PHP Vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985802
---------------------------------------------
*** IBM Security Bulletin: Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce (CVE-2016-2863) ***
http://www.ibm.com/support/docview.wss?uid=swg21983626
---------------------------------------------
*** IBM Security Bulletin: HTTP response splitting attack in FastBack for Workstations Central Administration Console (CVE-2016-0359) ***
http://www.ibm.com/support/docview.wss?uid=swg21986310
---------------------------------------------
*** IBM Security Bulletin: InstallAnywhere Vulnerability affects Daeja ViewONE Professional, Standard & Virtual (CVE-2016-4560) ***
http://www.ibm.com/support/docview.wss?uid=swg21984799
---------------------------------------------
*** IBM Security Bulletin: OpenSource Apache Taglibs Vulnerability in FastBack for Workstations Central Administration Console (CVE-2015-0254) ***
http://www.ibm.com/support/docview.wss?uid=swg21986309
---------------------------------------------
*** IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities. ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984323
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2015-5277) ***
http://www.ibm.com/support/docview.wss?uid=swg21986400
---------------------------------------------