[CERT-daily] Tageszusammenfassung - Freitag 8-02-2013

Fri Feb 8 18:17:06 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 07-02-2013 18:00 − Freitag 08-02-2013 18:00
Handler:     Stephan Richter
Co-Handler:  L. Aaron Kaplan


*** Viele Router-Lücken, wenig Patches ***
---------------------------------------------
Michael Messner hat nachgelegt: In seinem Blog veröffentlichte er weitere Schwachstellen in Routern von Linksys, Netgear und erneut D-Link. Die Hersteller sind seit Monaten informiert, trotzdem sind die meisten Lücken noch sperrangelweit offen.
---------------------------------------------
http://rss.feedsportal.com/c/32407/f/463925/s/2856de6a/l/0L0Sheise0Bde0Cmeldung0CViele0ERouter0ELuecken0Ewenig0EPatches0E17999540Bhtml0Cfrom0Crss0A9/story01.htm


*** Advance Notification Service for the February 2013 Security Bulletin Release ***
---------------------------------------------
We're kicking off the February 2013 Security Bulletin Release with Advance Notification of 12 bulletins for release Tuesday, February 12. This release brings five Critical and seven Important-class bulletins, which address 57 unique vulnerabilities. The Critical-rated bulletins address issues in Microsoft Windows, Internet Explorer and Exchange Software. The Important-rated bulletins address issues in Microsoft Windows, Office, .NET Framework, and Microsoft Server Software. Per our...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/02/07/advance-notification-service-for-the-february-2013-security-bulletin-release.aspx


*** Vuln: PostgreSQL enum_recv() Function Denial of Service Vulnerability ***
---------------------------------------------
PostgreSQL enum_recv() Function Denial of Service Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57844


*** Vuln: Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0633 Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57788


*** Vuln: Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability ***
---------------------------------------------
Adobe Flash Player CVE-2013-0634 Remote Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57787


*** Vuln: cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability ***
---------------------------------------------
cURL/libcURL Curl_sasl_create_digest_md5_message() Stack Buffer Overflow Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57842


*** Is it Spam or Is it Malware?, (Fri, Feb 8th) ***
---------------------------------------------
Does anyone have a friend that regularly still sends you crap via email that usually includes a link or some pics. We are all IT security professionals here and know the preachers drill on this topic. Really, we do not like wasting our time on the junk that is sent to us. Delete, Delete, Delete.  BUT, we are also human. We are the weakest link! So, today that one friend sends something over to us. This friend has a great knack for sending water cooler stuff that can warrant a look
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15121&rss


*** Vuln: Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability ***
---------------------------------------------
Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/57778


*** VMWare Advisories (ESX, Workstation, Fusion...) http://www.vmware.com/security/advisories/VMSA-2013-0002.html, (Fri, Feb 8th) ***
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=15124&rss