[CERT-daily] Tageszusammenfassung - Donnerstag 4-04-2013

Thu Apr 4 18:04:22 CEST 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 03-04-2013 18:00 − Donnerstag 04-04-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Vuln: ModSecurity XML External Entity Information Disclosure Vulnerability ***
---------------------------------------------
ModSecurity XML External Entity Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/58810


*** The HTTP "Range" Header, (Wed, Apr 3rd) ***
---------------------------------------------
One of the topics we cover in our Defending Web Applications class is how to secure static files. For example, you are faced with multiple PDFs with confidential information, and you need to integrate authorization to read these PDFs into your web application. The standard solution involves two steps:  - Move the file out of the document root  - create a script that will perform the necessary authorization and then stream the file back to the user  Typically, the process of streaming the file
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15541&rss


*** ICS-CERT has released the Newsletter "ICS-CERT Monitor Jan-Mar 2013" (PDF) ***
---------------------------------------------
The "ICS-CERT Monitor," January-March, 2013 is a summary of ICS-CERT activities for the previous quarter.
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICS-CERT_ Monitor_ Jan-Mar2013.pdf


*** Madi/Mahdi/Flashback OS X connected malware spreading through Skype ***
---------------------------------------------
By Dancho Danchev Over the past few days, we intercepted a malware campaign that spreads through Skype messages, exclusively coming from malware-infected friends or colleagues. Once users click on the shortened link, they’ll be exposed to a simple file download box, with the cybercriminals behind the campaign directly linking to the malicious executable. More details: [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/VHl-1pr7IJ8/


*** HP-UX update for Java ***
---------------------------------------------
HP-UX update for Java
---------------------------------------------
https://secunia.com/advisories/52866


*** HMC OpenSSL Upgrade to Address Cryptographic Vulnerabilities ***
---------------------------------------------
HMC releases prior to V7R7.7.0 use OpenSSL versions that had errors in cryptographic libraries that could allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption).
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=nas12088ececb530423186257b410072035e


*** Cutwail Spam Botnet Targeting Android Users ***
---------------------------------------------
Brett Stone-Gross of Dell SecureWorks has excellent analysis of Android malware being distributed via the Cutwail spam botnet.Heres the conclusion:"The distribution of the Stels trojan through a spam campaign is unusual for Android malware".Thats a bit of an understatement.Stone-Grosss analysis is significant evidence of Android malwares evolution into mass-market crimeware. On 04/04/13 At 01:00 PM
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002537.html


*** Security Bulletin: Multiple vulnerabilities in Product IMS Enterprise Suite SOAP Gateway (CVE-2012-5785, CVE-2013-0483) ***
---------------------------------------------
IMS™ Enterprise Suite SOAP Gateway versions 1.1, 2.1, and 2.2 contain security vulnerabilities related to SSL connections, login processes. 
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_product_ims_enterprise_suite_soap_gateway_cve_2012_5785_cve_2013_0483?lang=en_us


*** Security Advisory- Huawei VSM Default User Groups’ Privilege Escalation ***
---------------------------------------------
VSM (Versatile Security Manager) is a unified security service management system launched by Huawei for carrier and enterprise customers. VSM contains a vulnerability that default user groups’ privilege could be escalated when one user logs in to the system to modify default user groups’ permission configurations.
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258449.htm


*** Kritisches Sicherheitsupdate für PostgreSQL ***
---------------------------------------------
Ein Ende März angekündigtes PostgreSQL-Update ist heute erschienen, die Entwickler des freien DBMS raten dringend zur Installation.
---------------------------------------------
http://www.heise.de/security/meldung/Kritisches-Sicherheitsupdate-fuer-PostgreSQL-1835284.html