[CERT-daily] Tageszusammenfassung - Montag 29-07-2013

Mon Jul 29 18:04:21 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 26-07-2013 18:00 − Montag 29-07-2013 18:00
Handler:     Matthias Fraidl
Co-Handler:  Otmar Lendl

*** ISC BIND RDATA Processing Bug Lets Remote Users Deny Service ***
---------------------------------------------
ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
---------------------------------------------
http://www.securitytracker.com/id/1028838


*** Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070206


*** Informatiker-Team darf Startcodes für Luxusautos nicht offenlegen ***
---------------------------------------------
Flavio Garcia von der Universität Birmingham hat ein Sicherheitssystem ausgetrickst, das bei Fahrzeugen der Luxusklasse zum Einsatz kommt. Die geplante Veröffentlichung auf dem Washingtoner Usenix-Symposium wurde ihm jedoch gerichtlich verboten.
---------------------------------------------
http://www.heise.de/security/meldung/Informatiker-Team-darf-Startcodes-fuer-Luxusautos-nicht-offenlegen-1925018.html


*** ASUS RT-AC66U Remote Root Shell Exploit - acsd param command ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070209


*** Defending Against Web Server Denial of Service Attacks ***
---------------------------------------------
Earlier this weekend, one of readers reported in an odd attack toward an Apache web server that he supports. The server was getting pounded with port 80 requests like the excerpt below. This attack had been ramping up since the 21st of July, but the "owners" of the server only detected problems with website accessibility today. They contacted the server support staff who attempted to block the attack by scripting a search for the particular user agent string and then dropping the IP
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16240&rss


*** Windows: Dynamische Zertifikat-Updates gefährden SSL-Verschlüsselung ***
---------------------------------------------
Windows lädt Stammzertifikate zum Prüfen von Verschlüsselungszertifikaten ohne Anwender-Interaktion aus dem Internet nach. Das weckt Zweifel an der Verlässlichkeit der Verschlüsselung von Windows.
---------------------------------------------
http://www.heise.de/security/meldung/Windows-Dynamische-Zertifikat-Updates-gefaehrden-SSL-Verschluesselung-1925115.html


*** [shellcode] - Windows RT ARM Bind Shell (Port 4444) ***
---------------------------------------------
Windows RT ARM Bind Shell (Port 4444)
---------------------------------------------
http://www.exploit-db.com/exploits/27180


*** Dovecot / Exim Exploit Detects, (Mon, Jul 29th) ***
---------------------------------------------
Sometimes it doesnt take an IDS to detect an attack, but just reading your e-mail will do. Our read Timo sent along these two e-mails he received, showing exploitation of a recent Dovecot/Exim configuration flaw 
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16243&rss


*** OpenOffice DOC Memory Corruption ***
---------------------------------------------
The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070213


*** Header Spoofing Hides Malware Communication ***
---------------------------------------------
Spoofing whether in the form of DNS, legitimate email notification, IP, address bar is a common part of Web threats. We've seen its several incarnations in the past, but we recently found a technique known as header spoofing, which puts a different spin on evading detection. 
---------------------------------------------
http://blog.trendmicro.com/trendlabs-security-intelligence/header-spoofing-hides-malware-communication/


*** TRENDnet TEW-812DRU CSRF Command Injection > Shell Exploit ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013070216


*** Vuln: HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability ***
---------------------------------------------
HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability
---------------------------------------------
http://www.securityfocus.com/bid/61446


*** Verschlüsselung: GnuPG bremst neuen Seitenkanalangriff ***
---------------------------------------------
Australische Forscher haben aufgezeigt, wie man prinzipiell von einer Virtuellen Maschine aus die Schlüssel einer anderen auf demselben PC ausspionieren kann. Ein GnuPG-Update erschwert das jetzt zumindest.
---------------------------------------------
http://www.heise.de/security/meldung/Verschluesselung-GnuPG-bremst-neuen-Seitenkanalangriff-1925397.html


*** PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities ***
---------------------------------------------
PineApp Mail-SeCure Series Multiple Arbitrary Commands Injection Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/54342


*** Symantec slams Web Gateway back door on would-be corporate spies ***
---------------------------------------------
Critical remote code execution vuln fixed - only five months later Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems.
---------------------------------------------
http://www.theregister.co.uk/2013/07/29/symantec_web_gateway_vulns_fixed/


*** Hintergrund: Raubzug in Browser-Passwort-Safes ***
---------------------------------------------
Ohne spezielles Passwort sind die im Passwort-Safe eines Browser gespeicherten Passwörter leichte Beute -- wenn man weiß wie.
---------------------------------------------
http://www.heise.de/security/artikel/Raubzug-in-Browser-Passwort-Safes-1918384.html


*** Tampering with a car's brakes and speed by hacking its computers: A new how-to ***
---------------------------------------------
The "Internet of automobiles" may hold promise, but it comes with risks, too.
---------------------------------------------
http://arstechnica.com/security/2013/07/disabling-a-cars-brakes-and-speed-by-hacking-its-computers-a-new-how-to/


*** Analysis: Spam in June 2013 ***
---------------------------------------------
Contrary to our forecasts the number of phishing attacks on social networking sites fell in June. However these sites remain the most attractive target for phishers.
---------------------------------------------
http://www.securelist.com/en/analysis/204792296/Spam_in_June_2013


*** Kaspersky: Angriffe auf Gamer nehmen zu ***
---------------------------------------------
Die Zahl der Angriffe auf Online-Gamer steigt laut Kaspersky auch in diesem Jahr. Besonders mit gut gemachten Phishing-Mails werden Spieler um ihre Kontodaten betrogen. Geklaute virtuelle Gegenstände zu verticken, bringt zusätzlich Geld.
---------------------------------------------
http://www.heise.de/security/meldung/Kaspersky-Angriffe-auf-Gamer-nehmen-zu-1925643.html