[CERT-daily] Tageszusammenfassung - Freitag 21-09-2012

Daily end-of-shift report team at cert.at
Fri Sep 21 18:09:02 CEST 2012


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 20-09-2012 18:00 − Freitag 21-09-2012 18:00
Handler:     Stephan Richter




*** Vuln: WebKit Multiple Unspecified Memory Corruption Vulnerabilities ***
---------------------------------------------
WebKit Multiple Unspecified Memory Corruption Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55534




*** BitTorrent Users DDoS Websites Without Knowing ***
---------------------------------------------
"Millions of BitTorrent users are unknowingly DDoSing websites because publishers of popular torrents mistakenly add website URLs as trackers. The DDoSes drag websites down and their operators have very few options to mitigate these attacks. But, thanks to a new BitTorrent protocol enhancement this is about to change...."
---------------------------------------------
http://torrentfreak.com/bittorrent-users-ddos-websites-without-knowing-120919/




*** Critical flaw exposes Oracle database passwords ***
---------------------------------------------
Vuln leaves barn door open to brute-force attacks A security researcher says some versions of the Oracle database contain a vulnerability so serious that anyone with access to the server over a network can crack database passwords using a basic brute-force attack, given nothing more than the name of the database and a valid username.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2012/09/21/oracle_11g_db_password_flaw/




*** Vuln: Condor Multiple Security Bypass Vulnerabilities ***
---------------------------------------------
Condor Multiple Security Bypass Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55632




*** Vuln: Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities ***
---------------------------------------------
Red Hat Enterprise MRG Grid Multiple Remote Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55618




*** Will You Be More Secure if You Abandon Internet Explorer? ***
---------------------------------------------
"The German government is urging people to abandon Internet Explorer to avoid zero-day attacks currently circulating in the wild. Microsoft is scrambling to develop a patch to address the problem. The dirty secret, though, is the attack relies on Java being present, so Java--not Internet Explorer--is the Achilles heel of this equation...."
---------------------------------------------
http://www.cio.com/article/716711/Will_You_Be_More_Secure_if_You_Abandon_Internet_Explorer_?source=CIONLE_nlt_infosec_2012-09-21


More information about the Daily mailing list