[CERT-daily] Tageszusammenfassung - Freitag 19-07-2013

Fri Jul 19 18:09:08 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 18-07-2013 18:00 − Freitag 19-07-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** NanoSSH Denial Of Service ***
---------------------------------------------
Topic: NanoSSH Denial Of Service Risk: Medium Text:Hi, Various openssh 6.2p1 users including our administrators stumbled over this nice bug in the "nanossh server" during pre...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070142


*** Drupal MRBS 6.x / 7.x CSRF / SQL Injection ***
---------------------------------------------
Topic: Drupal MRBS 6.x / 7.x CSRF / SQL Injection Risk: Medium Text:View online: https://drupal.org/node/2044173 * Advisory ID: DRUPAL-SA-CONTRIB-2013-058 * Project: MRBS [1] (third-party...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070143


*** Nginx 1.3.9 / 1.4.0 Buffer Overflow ***
---------------------------------------------
Topic: Nginx 1.3.9 / 1.4.0 Buffer Overflow Risk: High Text:# encoding: ASCII abort("#{$0} host port") if ARGV.length < 2 require ronin $count = 0 # rop address taken from nginx...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070151


*** Erpressung: GVU-Trojaner sperrt wieder Windows-Rechner ***
---------------------------------------------
Neue Varianten des Trojaners im Umlauf - Will Betroffene zur Überweisung von 100 Euro bringen
---------------------------------------------
http://derstandard.at/1373513113284


*** IBM WebSphere Real Time Java Multiple Vulnerabilities ***
---------------------------------------------
IBM has acknowledged multiple vulnerabilities in IBM WebSphere Real Time, which can be exploited by malicious, local users to disclose certain sensitive information and manipulate certain data and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.
---------------------------------------------
https://secunia.com/advisories/54257


*** JBoss RichFaces Resource Deserialisation Security Bypass Vulnerability ***
---------------------------------------------
A vulnerability has been reported in JBoss RichFaces, which can be exploited by malicious people to bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/54162


*** [2013-07-19] Multiple vulnerabilities in Sybase EAServer ***
---------------------------------------------
Sybase EAServer is vulnerable to Path Traversal and XML External Entity Injection attacks. By exploiting these vulnerabilities an unauthenticated attacker can retrieve administrative credentials from configuration files and run arbitrary OS commands using the WSH service.
---------------------------------------------
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130719-0_Sybase_Application_Server_Multiple_Vulnerabilities_v10.txt


*** HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862


*** Cisco IOS GET VPN Encryption Policy Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS could allow traffic to bypass the configured encryption policy.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3436


*** More Details on EXPIRO File Infectors ***
---------------------------------------------
We recently reported on an unusual attack involving exploit kits and file infectors. What makes the attack even more notable is that the file infectors used also have information theft routines, a behavior uncommon among file infectors. These file infectors are part of the PE_EXPIRO family, which was first spotted in 2010. It’s possible that [...]Post from: Trendlabs Security Intelligence Blog - by Trend MicroMore Details on EXPIRO File Infectors
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/_wieFR4INGs/


*** [SE-2012-01] New Reflection API affected by a known 10+ years old attack ***
---------------------------------------------
A new vulnerability (Issue 69) that was submitted to Oracle today makes it possible to implement a very classic attack against Java VM. Whats in particular interesting is that the attack itself has been in the public knowledge for at least 10+ years...
---------------------------------------------
http://seclists.org/fulldisclosure/2013/Jul/172


*** Tiki Wiki CMS/Groupware Multiple Vulnerabilities ***
---------------------------------------------
A weakness and two vulnerabilities have been discovered in Tiki Wiki CMS/Groupware, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54149


*** Bugtraq: Western Digital My Net N600, N750, N900 and N900C - Plain text disclosure of administrative credentials ***
---------------------------------------------
Due to a unspecified bug in the WD My Net N600, N750, N900 and N900C
routers, administrative credentials are stored in plain text and are
easily accessible from a remote location on the WAN side of the
router.
---------------------------------------------
http://www.securityfocus.com/archive/1/527370


*** DDoS attacks are getting bigger, stronger and longer ***
---------------------------------------------
Prolexic Technologies announced that the average packet-per-second (pps) rate reached 47.4 Mpps and the average bandwidth reached 49.24 Gbps based on data collected in Q2 2013 from DDoS attacks launched against its global client base. These metrics, representing increases of 1,655 percent and 925 percent respectively compared to Q2 2012.
---------------------------------------------
https://www.net-security.org/secworld.php?id=15243