[CERT-daily] Tageszusammenfassung - Montag 6-05-2013

Mon May 6 19:05:17 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 03-05-2013 18:00 − Montag 06-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  Robert Waldner


*** What’s a known source of malware doing in an iOS app? Ars investigates ***
---------------------------------------------
Trojans, false positives, and the case of accidental cross contamination.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/suyRCkbyIFE/


*** gpsd AIS driver packet parser denial of service ***
---------------------------------------------
gpsd AIS driver packet parser denial of service
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/83982


*** EMC Avamar Client Certificate Validation Flaw Lets Remote Users Spoof the System ***
---------------------------------------------
http://www.securitytracker.com/id/1028511


*** EMC Avamar Authorization Flaw Lets Remote Authenticated Users Access Files ***
---------------------------------------------
http://www.securitytracker.com/id/1028510


*** Microsoft Releases Security Advisory 2847140 ***
---------------------------------------------
Today, we released Security Advisory 2847140 regarding an issue that impacts Internet Explorer 8. Internet Explorer 6, 7, 9 and 10 are not affected by the vulnerability. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message. Internet Explorer 9 and 10 are not affected by this issue, so upgrading to these versions will help protect you...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx


*** Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit


*** New version of DIY Google Dorks based mass website hacking tool spotted in the wild ***
---------------------------------------------
By Dancho Danchev Need a compelling reason to perform search engine reconnaissance on your website, for the purpose of securing it against eventual compromise? We’re about to give you a good one. A new version of a well known mass website hacking tool has been recently released, empowering virtually anyone who buys it with the capability to [...]
---------------------------------------------
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/8hoG6XIwk8s/


*** Vuln: WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/59618


*** Cisco WebEx Cache Directory Read Vulnerability ***
---------------------------------------------
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read files from the cache directory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1231


*** Cisco WebEx Uninitialized Memory Read Vulnerability ***
---------------------------------------------
A vulnerability in HTTP processing in multiple Cisco WebEx products could allow an unauthenticated, remote attacker to read uninitialized memory.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1232


*** Bugtraq: VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/526541


*** Bugtraq: [SE-2012-01] New security vulnerabilities and broken fixes in IBM Java ***
---------------------------------------------
http://www.securityfocus.com/archive/1/526540