[CERT-daily] Tageszusammenfassung - Montag 4-07-2016

Mon Jul 4 18:10:59 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 01-07-2016 18:00 − Montag 04-07-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Spotlight: WPBeginner's Approach to WordPress Security ***
---------------------------------------------
WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular. The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance...
---------------------------------------------
https://blog.sucuri.net/2016/07/spotlight-wpbeginner-website-security.html


*** SQLite developers need to push the patch ***
---------------------------------------------
Tempfile permissions a can of worms SQLite has pushed out an update to fix a local tempfile bug, to address concerns that the bug could be exploitable beyond the merely local.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/07/04/sqlite_developers_need_to_push_the_patch/


*** Verschlüsselung: Sicherheitslücke bei Start Encrypt ***
---------------------------------------------
Sicherheitsforscher haben im Client der Lets Encrypt-Alternative Start Encrypt zahlreiche Probleme gefunden, die die Ausstellung gültiger Zertifikate für beliebige URLs ermöglichte. Der Client hatte zudem zahlreiche weitere Probleme, die jetzt behoben sein sollen.
---------------------------------------------
http://www.golem.de/news/verschluesselung-sicherheitsluecke-bei-start-encrypt-1607-121900-rss.html


*** Zero-Day-Sicherheitslücke gefährdet Lenovo-Notebooks ***
---------------------------------------------
Durch eine schwerwiegende Zero-Day-Lücke in der Firmware von Lenovos Thinkpads kann unter Umständen beliebiger Programmcode auf dem System ausgeführt werden.
---------------------------------------------
http://futurezone.at/produkte/zero-day-sicherheitsluecke-gefaehrdet-lenovo-notebooks/207.874.326


*** Gratis-Tools entschlüsseln Erpressungstrojaner ***
---------------------------------------------
Der Sicherheitssoftware-Hersteller AVG stellt kostenlose Werkzeuge zur Verfügung, mit denen man sich gegen diverse Verschlüsselungstrojaner wehren kann.
---------------------------------------------
http://futurezone.at/digital-life/gratis-tools-entschluesseln-erpressungstrojaner/207.881.149


*** Großes Sicherheits-Update für Foxit Reader und Phantom ***
---------------------------------------------
In dem PDF-Anzeigeprogramm Foxit Reader klaffen kritische Sicherheitslöcher, die das Update auf Version 8.0 stopft. Ebenfalls betroffen ist der PDF-Editor Phantom.
---------------------------------------------
http://heise.de/-3253936


*** UPC UBEE EVW3226 WPA2 Password Reverse Engineering ***
---------------------------------------------
TL;DR: We reversed default WPA2 password generation routine for UPC UBEE EVW3226 router. This blog contains firmware analysis, reversing writeup, function statistical analysis and proof-of-concept generator.
---------------------------------------------
https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html


*** Security Alert: Adwind RAT Spotted in Targeted Attacks with Zero AV Detection ***
---------------------------------------------
The malware economy is alive and well! And cyber criminals are making big money by using this business model. The re-emergence of Adwind RAT provides additional proof to support this. This Java-based malware has been spotted over the weekend in several targeted attacks against Danish companies. Given that the malicious email employed to deceive victims...
---------------------------------------------
https://heimdalsecurity.com/blog/security-alert-adwind-rat-targeted-attacks-zero-av-detection/


*** Bugtraq: HTTP session poisoning in EMC Documentum WDK-based applications causes arbitrary code execution and privilege elevation ***
---------------------------------------------
http://www.securityfocus.com/archive/1/538819


*** DSA-3613 libvirt - security update ***
---------------------------------------------
Vivian Zhang and Christoph Anton Mitterer discovered that setting anempty VNC password does not work as documented in Libvirt, avirtualisation abstraction library. When the password on a VNC server isset to the empty string, authentication on the VNC server will bedisabled, allowing any user to connect, despite the documentationdeclaring that setting an empty password for the VNC server prevents allclient connections. With this update the behaviour is enforced bysetting the password expiration
---------------------------------------------
https://www.debian.org/security/2016/dsa-3613


*** DSA-3614 tomcat7 - security update ***
---------------------------------------------
The TERASOLUNA Framework Development Team discovered a denial of servicevulnerability in Apache Commons FileUpload, a package to make iteasy to add robust, high-performance, file upload capability to servletsand web applications. A remote attacker can take advantage of this flawby sending file upload requests that cause the HTTP server using theApache Commons Fileupload library to become unresponsive, preventing theserver from servicing other requests.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3614


*** Sierra Wireless AirLink Raven XE and XT Gateway Vulnerabilities ***
---------------------------------------------
NCCIC/ICS-CERT is aware of a public report of three vulnerabilities affecting the Sierra Wireless AirLink Raven XE and XT gateways. According to this report, the affected products allow unauthenticated access to directories on the system, which may allow remote file upload, download, and system reboot.
---------------------------------------------
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-182-01


*** ZDI-16-405: Trihedral VTScada Path Out-Of-Bounds Indexing Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-405/


*** ZDI-16-404: Trihedral VTScada Filter Bypass Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-404/


*** ZDI-16-403: Trihedral VTScada Directory Traversal Information Disclosure Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trihedral VTScada. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-16-403/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: : Multiple Vulnerabilities in OpenSSL affect IBM Security Guardium ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984609
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Notes Standard Client ***
http://www-01.ibm.com/support/docview.wss?uid=swg21983686
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (CVE-2016-3427 and CVE-2016-3426) ***
http://www.ibm.com/support/docview.wss?uid=swg21986174
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime Version 7 affect IBM Content Collector for SAP Applications (CVE-2016-3426 CVE-2016-0264) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985957
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Security Guardium ***
http://www-01.ibm.com/support/docview.wss?uid=swg21985729
---------------------------------------------
*** IBM Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21982722
---------------------------------------------
*** IBM Security Bulletin: OpenSource Oracle MySQL Vulnerability affects IBM Security Guardium (CVE-2016-2047) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984605
---------------------------------------------
*** IBM Security Bulletin: : Vulnerabilities in OpenSSL affect IBM Security Guardium (CVE-2015-3197) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21984601
---------------------------------------------