[CERT-daily] Tageszusammenfassung - Donnerstag 7-02-2013

Thu Feb 7 18:08:00 CET 2013

=======================
= End-of-Shift report =
=======================
Timeframe:   Mittwoch 06-02-2013 18:00 − Donnerstag 07-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner

*** Bugtraq: Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability ***
---------------------------------------------
Cisco Security Advisory: Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/525591


*** WordPress CommentLuv 2.92.3 Cross Site Scripting ***
---------------------------------------------
Topic: WordPress CommentLuv 2.92.3 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23138 Product: CommentLuv WordPress plugin Vendor: Andy Bailey Vulnerable Version(s): 2.92.3 and probably pr...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/hGxikOAUsIU/WLB-2013020040


*** WordPress Wysija Newsletters 2.2 SQL Injection ***
---------------------------------------------
Topic: WordPress Wysija Newsletters 2.2 SQL Injection Risk: Medium Text:Advisory ID: HTB23140 Product: Wysija Newsletters WordPress plugin Vendor: Wysija Vulnerable Version(s): 2.2 and probably pr...
---------------------------------------------
http://feedproxy.google.com/~r/securityalert_database/~3/XJ6UhJjgxu4/WLB-2013020039


*** [webapps] - Netgear DGN1000B - Multiple Vulnerabilities ***
---------------------------------------------
Netgear DGN1000B - Multiple Vulnerabilities
---------------------------------------------
http://www.exploit-db.com/exploits/24464


*** [dos] - Cool PDF Reader 3.0.2.256 Buffer Overflow ***
---------------------------------------------
Cool PDF Reader 3.0.2.256 Buffer Overflow
---------------------------------------------
http://www.exploit-db.com/exploits/24463


*** Vuln: Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness ***
---------------------------------------------
Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness
---------------------------------------------
http://www.securityfocus.com/bid/57790


*** Intel Network Card (82574L) Packet of Death, (Wed, Feb 6th) ***
---------------------------------------------
An interesting blog post by Kristian Kielhofer describes how a specific SPI packet can kill an Intel Gigabit ethernet card [1]. If a card is exposed to this traffic, the system has to be physically power cycled. A reboot will not recover the system.  The network card crashed whenever the value 0x32 or 0x33 was found at offset 0x47f. Kristian first noticed this happening for specific SIP packets, but in the end, it turned out that any packet with 0x32 at 0x47f caused the crash. Intel traced the
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15109&rss


*** Microsoft, Symantec Hijack 'Bamital' Botnet ***
---------------------------------------------
Microsoft and Symantec said Wednesday that have teamed up to seize control over the "Bamital" botnet, a multi-million dollar crime machine that used malicious software to hijack search results. The two companies are now using that control to alert hundreds of thousands of users whose PCs remain infected with the malware.Related Posts:Microsoft Issues Fix for Zero-Day IE FlawAdobe, Microsoft Ship Critical Security UpdatesPolish Takedown Targets 'Virut' BotnetMicrosoft
---------------------------------------------
http://feedproxy.google.com/~r/KrebsOnSecurity/~3/ZnTidLd2mjU/