[CERT-daily] Tageszusammenfassung - Dienstag 1-03-2016

Tue Mar 1 18:52:43 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 29-02-2016 18:00 − Dienstag 01-03-2016 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Bleichenbacher-Angriff: Drown entschlüsselt mit uraltem SSL-Protokoll ***
---------------------------------------------
Kein moderner Browser unterstützt das alte SSL-Protokoll Version 2. Trotzdem kann es zum Sicherheitsrisiko werden, solange Server es aus Kompatibilitätsgründen unterstützen. Es muss nicht einmal derselbe Server sein.
---------------------------------------------
http://www.golem.de/news/bleichenbacher-angriff-drown-entschluesselt-mit-uraltem-ssl-protokoll-1603-119457-rss.html


*** The Definitive Guide on Win32 to NT Path Conversion ***
---------------------------------------------
Posted by James Forshaw, path'ological reverse engineer. How the Win32 APIs process file paths on Windows NT is a tale filled with backwards compatibility hacks, weird behaviour, and beauty. Incorrect handling of Win32 paths can lead to security vulnerabilities. This blog post is to try and give a definitive* guide on the different types of paths supported by the OS. I'm going to try and avoid discussion of quirks in the underlying filesystem implementations (such as NTFS...
---------------------------------------------
http://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html


*** De-obfuscating malicious Vbscripts ***
---------------------------------------------
With the returned popularity of visual basic as a first attack vector in mind, we took a look at de-obfuscating a few recent vbs files starting with a very easy one and progressing to a lot more complex script.Categories:  Malware AnalysisTags: bankerclickerde-obfuscatedecryptdroppermalwareobfuscationPieter Arntztrojanvbsvbscriptworm(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2016/02/de-obfuscating-malicious-vbscripts/


*** Look Into Locky ***
---------------------------------------------
Some sources say that Locky is the latest ransomware created and released in the wild by Dridex gang. Our studies indicate that it is well prepared, which means that the threat actor/s behind it has invested for it.Categories:  Malware AnalysisTags: Lockyransomware(Read more...)
---------------------------------------------
https://blog.malwarebytes.org/intelligence/2016/03/look-into-locky/


*** OpenSSL Security Advisories ***
---------------------------------------------
CVE-2016-0800 (OpenSSL advisory) [High severity] 
CVE-2016-0705 (OpenSSL advisory) [Low severity] 
CVE-2016-0798 (OpenSSL advisory) [Low severity] 
CVE-2016-0797 (OpenSSL advisory) [Low severity] 
CVE-2016-0799 (OpenSSL advisory) [Low severity] 
CVE-2016-0702 (OpenSSL advisory) [Low severity] 
CVE-2016-0703 (OpenSSL advisory) [High severity] 
CVE-2016-0704 (OpenSSL advisory) [Moderate severity]
---------------------------------------------
https://openssl.org/news/vulnerabilities.html


*** VU#938151: Forwarding Loop Attacks in Content Delivery Networks may result in denial of service ***
---------------------------------------------
Vulnerability Note VU#938151 Forwarding Loop Attacks in Content Delivery Networks may result in denial of service Original Release date: 29 Feb 2016 | Last revised: 29 Feb 2016   Overview Content Delivery Networks (CDNs) may in some scenarios be manipulated into a forwarding loop, which consumes server resources and causes a denial of service (DoS) on the network.  Description CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion)Content Delivery Networks (CDNs) are used to improve...
---------------------------------------------
http://www.kb.cert.org/vuls/id/938151


*** F5 Security Advisory: Multiple NTP vulnerabilities CVE-2015-8139 and CVE-2015-8140 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/00/sol00329831.html?ref=rss


*** Bugtraq: [security bulletin] HPSBUX03552 SSRT102983 rev.1 - HP-UX BIND running Named, Remote Denial of Service (DoS) ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537659


*** DFN-CERT-2016-0355: phpMyAdmin: Mehrere Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0355/


*** Bugtraq: [SYSS-2016-009] Sophos UTM 525 Web Application Firewall - Cross-Site Scripting in ***
---------------------------------------------
http://www.securityfocus.com/archive/1/537662


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in the GSKit component of Tivoli Network Manager IP Edition (CVE-2016-0201) ***
http://www.ibm.com/support/docview.wss?uid=swg21974785
---------------------------------------------
*** IBM Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool ***
http://www.ibm.com/support/docview.wss?uid=swg21976103
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Web (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977374
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM Security Access Manager for Mobile (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977372
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Tivoli Access Manager for e-business and IBM Security Access Manager for Web 7.0 software (CVE-2016-0603) ***
http://www.ibm.com/support/docview.wss?uid=swg21978024
---------------------------------------------
*** IBM Security Bulletin: Cross-Site scripting vulnerability in IBM Business Process Manager document list control (CVE-2016-0227) ***
http://www.ibm.com/support/docview.wss?uid=swg21978058
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM OS Images for Red Hat Linux Systems, AIX, and Windows. (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977880
---------------------------------------------
*** IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977647
---------------------------------------------
*** IBM Security Bulletin:A vulnerability in IBM Java SDK affects IBM Workload Deployer. (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977646
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SmartCloud Entry (CVE-2016-0475 CVE-2016-0448 CVE-2015-7575 CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023408
---------------------------------------------
*** Security Bulletin: Vulnerability in IBM Java SDK affects IBM System Networking Switch Center (CVE-2015-7575) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099203
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21978026
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Mobile ***
http://www.ibm.com/support/docview.wss?uid=swg21976765
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business ***
http://www.ibm.com/support/docview.wss?uid=swg21976678
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects Rational Software Architect, Software Architect for WebSphere Software & Rational Software Architect RealTime ***
http://www.ibm.com/support/docview.wss?uid=swg21976894
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Tivoli System Automation Application Manager (CVE-2015-5254) ***
http://www.ibm.com/support/docview.wss?uid=swg21977546
---------------------------------------------