[CERT-daily] Tageszusammenfassung - Mittwoch 26-09-2012
Daily end-of-shift report
team at cert.at
Wed Sep 26 18:05:39 CEST 2012
=======================
= End-of-Shift report =
=======================
Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities ***
---------------------------------------------
HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/bid/55272
*** Espionage Hackers Target Watering Hole Sites ***
---------------------------------------------
"Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities
---------------------------------------------
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-sites/
*** QNX QCONN Remote Command Execution Vurnerability ***
---------------------------------------------
Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-2012090228
*** Samba 3.6.3 remote root exploit ***
---------------------------------------------
Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-2012090227
(Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus)
*** phpMyAdmin mit Backdoor ***
---------------------------------------------
Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält.
---------------------------------------------
http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/from/atom10
*** Schutz vor Fernlöschung von Samsung-Smartphones ***
---------------------------------------------
Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-Smartphones-1717765.html/from/atom10
*** More Java Woes, (Wed, Sep 26th) ***
---------------------------------------------
A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=14179&rss
*** Malicious PhpMyAdmin Served From SourceForge Mirror ***
---------------------------------------------
An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmyadmin-served-from-sourceforge-mirror
*** Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability ***
---------------------------------------------
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/51084
More information about the Daily
mailing list