[CERT-daily] Tageszusammenfassung - Dienstag 16-07-2013

Daily end-of-shift report team at cert.at
Tue Jul 16 18:05:30 CEST 2013 

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 15-07-2013 18:00 − Dienstag 16-07-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Bugtraq: Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities ***
---------------------------------------------
Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/527304




*** Bugtraq: Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities ***
---------------------------------------------
Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
---------------------------------------------
http://www.securityfocus.com/archive/1/527305




*** Bugtraq: FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability ***
---------------------------------------------
FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
---------------------------------------------
http://www.securityfocus.com/archive/1/527302




*** Cisco Secure Access Control System Multiple Vulnerabilities ***
---------------------------------------------
Cisco Secure Access Control System Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54200




*** Schutz vor Ausnutzung der MasterKey-Lücke in Android ***
---------------------------------------------
Zwei weitere Tools sollen Android-Nutzer vor Apps schützen, welche die kürzlich bekannt gewordenen Schwachstellen in der Signaturprüfung ausnutzen. Eines der beiden rüstet den Google-Patch nach, auf den man sonst lange warten muss.
---------------------------------------------
http://www.heise.de/security/meldung/Schutz-vor-Ausnutzung-der-MasterKey-Luecke-in-Android-1918428.html




*** Open-source tool to ease security researchers quest for secrecy ***
---------------------------------------------
To be presented and released at Black Hat, CrowdStrikes Tortilla delivers to researchers much-needed anonymity on Windows machines...
---------------------------------------------
http://www.csoonline.com/article/736428/open-source-tool-to-ease-security-researchers-quest-for-secrecy?source=rss_application_security




*** HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure ***
---------------------------------------------
A potential security vulnerability has been identified with HP ProCurve Switches. The vulnerability could be remotely exploited resulting in unauthorized information disclosure.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03819065




*** sol14468: Client-side component flaw - CVE-2013-0150 ***
---------------------------------------------
A flaw in a BIG-IP APM or FirePass client-side F5-signed component may allow a third party to install files on the client machine.
---------------------------------------------
http://support.f5.com/kb/en-us/solutions/public/14000/400/sol14468.html




*** Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability ***
---------------------------------------------
Cisco Identity Services Engine Search Form Cross-Site Scripting Vulnerability
---------------------------------------------
https://secunia.com/advisories/53965




*** Multiple Vulnerabilities in ePO 4.6.6 and earlier ***
---------------------------------------------
The NATO Information Assurance Technical Centre conducted a series of penetration tests on ePolicy Orchestrator (ePO) 4.6.6 and reported several vulnerabilities to McAfee...
---------------------------------------------
https://kc.mcafee.com/corporate/index?page=content&id=KB78824




*** Datenleck im Browser-Plug-in des Windows Media Player ***
---------------------------------------------
Datenschnüffler können das Plug-in nutzen, um im Namens des Opfers auf beliebige Webseiten zuzugreifen. Ein Angreifer könnte über eine speziell präparierte Webseite etwa fremde Mail-Accounts durchstöbern und sogar in das lokale Netz des Opfers vordringen.
---------------------------------------------
http://www.heise.de/security/meldung/Datenleck-im-Browser-Plug-in-des-Windows-Media-Player-1918691.html




*** Moodle Multiple Vulnerabilities ***
---------------------------------------------
Moodle Multiple Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54130




*** Signed Mac Malware Using Right-to-Left Override Trick ***
---------------------------------------------
Right-to-left override (RLO) is a special character used in bi-directional text encoding system to mark the start of text that are to be displayed from right to left. It is commonly used by Windows malware such as Bredolab and the high-profile Mahdi trojan from last year to hide the real extension of executable files. Check out this Krebs on Security post for more details on the trick.
---------------------------------------------
http://www.f-secure.com/weblog/archives/00002576.html

More information about the Daily mailing list