[CERT-daily] Tageszusammenfassung - Dienstag 9-04-2013

Daily end-of-shift report team at cert.at
Tue Apr 9 18:09:55 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 08-04-2013 18:00 − Dienstag 09-04-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter




*** Google AD Sync Tool Vulnerability (GADS) ***
---------------------------------------------
Topic: Google AD Sync Tool Vulnerability (GADS) Risk: High Text:Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all store...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/knSZ3WmkiLY/WLB-2013040065




*** HP System Management Homepage Local Privilege Escalation ***
---------------------------------------------
Topic: HP System Management Homepage Local Privilege Escalation Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/Peuq5i06_sw/WLB-2013040060




*** Security Bulletin: SONAS Fix Available for SONAS CIFS Attribute Vulnerability (CVE-2013-0454) ***
---------------------------------------------
SONAS includes a version of Samba that is affected by a vulnerability that sets incorrect attributes to a SONAS CIFS export. CVE(s): CVE-2013-0454Affected product(s) & Affected version(s):  Affected releases: SONAS 1.1 through 1.3.2.1-20.  Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004287X-Force Database: http://xforce.iss.net/xforce/xfdb/80970
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_sonas_fix_available_for_sonas_cifs_attribute_vulnerability_cve_2013_04544?lang=en_us




*** Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501) ***
---------------------------------------------
A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.CVE(s): CVE-2013-0501Affected product(s) & Affected version(s):  IBM Cognos Disclosure Management 10.2.0  Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_for_activex_control_packaged_with_ibm_cognos_disclosure_management_client_cve_2013_05018?lang=en_us




*** ICS-CERT has released an Advisory "ICSA-13-098-01 Canary Labs Inc Trend Link Insecure ActiveX Control Method" (PDF) ***
---------------------------------------------
This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software.
---------------------------------------------
http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf




*** TinyWebGallery image.php path disclosure ***
---------------------------------------------
TinyWebGallery image.php path disclosure
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83286




*** International cyber exercise confirms the importance of international collaboration ***
---------------------------------------------
On 20 and 21 March, the National Cyber Security Centre (NCSC) participated in an international cyber exercise by the International Watch and Warning Network (IWWN) entitled Cyberstorm IV. Cyberstorm IV is the last in a series of cyber exercises during which malware is investigated for 36 consecutive hours. Together with its partners at IWWN, the Department of Homeland Security (of the United States) has organized the international ingredient of Cyberstorm IV.
---------------------------------------------
http://www.ncsc.nl/english/current-topics/news/international-cyber-exercise-confirms-the-importance-of-international-collaboration.html


More information about the Daily mailing list