[CERT-daily] Tageszusammenfassung - Montag 15-07-2013

Mon Jul 15 18:05:43 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 12-07-2013 18:00 − Montag 15-07-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Atlassian Confluence 4.3.5 XSS / Clickjacking ***
---------------------------------------------
Topic: Atlassian Confluence 4.3.5 XSS / Clickjacking Risk: Low Text: == BAE Systems Detica Security Advisory: DS-2013-005 == Title: Atlassian Confluence Mu...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070102


*** Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code ***
---------------------------------------------
Juniper JUNOS Bugs Let Remote Users Deny Service, Obtain Information, and Execute Arbitrary Code
---------------------------------------------
http://www.securitytracker.com/id/1028775


*** OSZE-Studie warnt vor Cyberangriffen auf die Energieversorgung ***
---------------------------------------------
Die Staatengemeinschaft hat Empfehlungen zum Schutz der Energieversorgung vor Schadsoftware veröffentlicht.
---------------------------------------------
http://www.heise.de/security/meldung/OSZE-Studie-warnt-vor-Cyberangriffen-auf-die-Energieversorgung-1917043.html


*** Pflege von Webserver Apache 2.0 eingestellt ***
---------------------------------------------
Version 2.0.65 ist die letzte Aktulaisierung des Apache HTTP Server 2.0. Wer ihn noch einsetzt, muss reagieren: Ein Sicherheitsproblem bleibt ungelöst.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Pflege-von-Webserver-Apache-2-0-eingestellt-1917101.html


*** Bugtraq: Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units ***
---------------------------------------------
Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
---------------------------------------------
http://www.securityfocus.com/archive/1/527275


*** Google study finds users ignore Chrome security warnings ***
---------------------------------------------
Research tracks 25m browser warning messages, says Chrome users reckless or clueless Youre surfing the net when Chrome decides not to bring you the web site of your choice, but instead a page warning that the site youd hoped to visit might be bogus or contain malware.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/07/15/google_study_finds_chrome_is_leastsecure_browser/


*** Squid HTTP Header Port Number Handling Denial of Service Vulnerability ***
---------------------------------------------
Squid HTTP Header Port Number Handling Denial of Service Vulnerability
---------------------------------------------
https://secunia.com/advisories/54142


*** Vuln: PHP CVE-2013-4113 Heap Memory Corruption Vulnerability ***
---------------------------------------------
PHP CVE-2013-4113 Heap Memory Corruption Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/61128


*** Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability ***
---------------------------------------------
Cyrus SASL Library "crypt()" NULL Pointer Dereference Vulnerability
---------------------------------------------
https://secunia.com/advisories/54098


*** HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege ***
---------------------------------------------
A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access, modification, and escalation of privilege.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03813919


*** Cisco Unified MeetingPlace Web Conferencing XSS Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against users of the web interface on the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3419


*** Weiterer Fehler in Androids Signaturprüfung ***
---------------------------------------------
Chinesische Blogger wollen eine weitere Schwachstelle gefunden haben, mit der Androids Signaturüberprüfung ausgetrickst werden kann. Zumindest CyanogenMod-Nutzer können schon patchen.
---------------------------------------------
http://www.heise.de/security/meldung/Weiterer-Fehler-in-Androids-Signaturpruefung-1917183.html


*** After PRISM, Europe has to move to its own clouds, says Estonias president ***
---------------------------------------------
Summary: The EU needs to be more self-reliant after the recent revelations about the NSA, according to Toomas Hendrik Ilves - but that shouldnt mean European countries cutting themselves off.
---------------------------------------------
http://www.zdnet.com/after-prism-europe-has-to-move-to-its-own-clouds-says-estonias-president-7000018048/


*** F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability ***
---------------------------------------------
F5 BIG-IP APM / FirePass Client Java Applet "filename" Directory Traversal Vulnerability
---------------------------------------------
https://secunia.com/advisories/53477


*** Targeted Attacks Hit Asian, European Government Agencies ***
---------------------------------------------
Trend Micro researchers have uncovered a targeted attack launched against government agencies in various countries. The email claimed to be from the Chinese Ministry of National Defense, although it appears to have been sent from a Gmail account and did not use a Chinese name. Figure 1. Phishing message The document contains a malicious attachment, [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTargeted Attacks Hit Asian, European Government Agencies
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/u3ICCpFkqt0/