[CERT-daily] Tageszusammenfassung - Freitag 24-05-2013

Fri May 24 18:09:52 CEST 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified in HP-UX
Directory Server. The vulnerability could be exploited remotely
resulting in information disclosure.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083


*** Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability ***
---------------------------------------------
Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=26613


*** X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries ***
---------------------------------------------
Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues.
---------------------------------------------
http://www.x.org/wiki/Development/Security/Advisory-2013-05-23


*** Cisco WebEx for iOS Certificate Verification Security Issue ***
---------------------------------------------
Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks.
---------------------------------------------
https://secunia.com/advisories/51412


*** New Rmnet malware disables anti-virus programs ***
---------------------------------------------
May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that...
---------------------------------------------
http://news.drweb.com/show/?i=3551&lng=en&c=9


*** Google erneuert SSL-Zertifikate ***
---------------------------------------------
Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden.
---------------------------------------------
http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-1869150.html


*** Malware dont need Coffee ***
---------------------------------------------
On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode.
---------------------------------------------
http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-locker.html


*** 0-Days in Novell Client für Windows ***
---------------------------------------------
Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen.
---------------------------------------------
http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1869196.html


*** Vuln: MediaWiki Arbitrary File Upload Vulnerability ***
---------------------------------------------
MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed. 
---------------------------------------------
http://www.securityfocus.com/bid/60077