[CERT-daily] Tageszusammenfassung - Mittwoch 6-11-2013

Wed Nov 6 18:40:32 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 05-11-2013 18:00 − Mittwoch 06-11-2013 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Attacks on New Microsoft Zero Day Using Multi-Stage Malware ***
---------------------------------------------
Attackers exploiting the Microsoft Windows and Office zero day revealed yesterday are using an exploit that includes a malicious RAR file as well as a fake Office document as the lure, and are installing a wide variety of malicious components on newly infected systems. The attacks seen thus far are mainly centered in Pakistan. The...
---------------------------------------------
http://threatpost.com/attacks-on-new-microsoft-zero-day-using-multi-stage-malware/102833


*** Malicious PDF Analysis Evasion Techniques ***
---------------------------------------------
In many exploit kits, malicious PDF files are some of the most common threats used to try to infect users with various malicious files. Naturally, security vendors invest in efforts to detect these files properly - and their creators invest in efforts to evade those vendors. Using feedback provided by the Smart Protection Network, we...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/XOJob_q_Zag/


*** Asus fixt schwerwiegende Sicherheitslücke in WebStorage ***
---------------------------------------------
Die Client-Software WebStorage gehört zu einer Reihe von Apps, die Asus auf seinen Android-Geräten ab Werk installiert. heise netze hatte bei Routine-Kontrollen einen Implementierungsfehler aufgedeckt.
---------------------------------------------
http://www.heise.de/security/meldung/Asus-fixt-schwerwiegende-Sicherheitsluecke-in-WebStorage-2040583.html


*** Google Bots Doing SQL Injection Attacks ***
---------------------------------------------
One of the things we have to be very sensitive about when writing rules for our CloudProxy Website Firewall is to never block any major search engine bot (ie., Google, Bing, Yahoo, etc..). To date, we've been pretty good about this, but every now and then you come across unique scenarios like the one in this post, that make you scratch your head and think, what if a legitimate search engine bot was being used to attack the site? Should we still allow the attack to go through?
---------------------------------------------
http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html


*** Security Bulletin: IBM Sterling Certificate Wizard Shared Memory Permission Vulnerability (CVE-2013-1500) ***
---------------------------------------------
The IBM Sterling Certificate Wizard is susceptible to a shared memory permission vulnerability.   CVE(s):  CVE-2013-1500  Affected product(s) and affected version(s): IBM Sterling Certificate Wizard: 1.3, 1.4
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sterling_certificate_wizard_shared_memory_permission_vulnerability_cve_2013_1500?lang=en_us


*** Security Bulletin: Potential security vulnerability exist in the IBM Java SDKs TLS implementation that is shipped with Tivoli Netcool/OMNIbus Web GUI (CVE-2012-5081) ***
---------------------------------------------
The JDKs TLS implementation does not strictly check the TLS vector length as set out in the latest RFC 5246.   CVE(s):  CVE-2012-5081  Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus Web GUI: 7.3.0, 7.3.1, 7.4.0
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerability_exist_in_the_ibm_java_sdk_s_tls_implementation_that_is_shipped_with_tivoli_netcool_omnibus_web_gui_cve_2012_5081?lang=en_us


*** Security Bulletin: IBM Sterling Connect:Enterprise Secure Client Shared Memory Permission Vulnerability (CVE-2013-1500) ***
---------------------------------------------
The IBM Sterling Connect:Enterprise Secure Client is susceptible to a shared memory permission vulnerability.   CVE(s):  CVE-2013-1500  Affected product(s) and affected version(s): IBM Sterling Secure Client: 1.3, 1.4
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_sterling_connect_enterprise_secure_client_shared_memory_permission_vulnerability_cve_2013_1500?lang=en_us


*** Vivotek IP Cameras RTSP Authentication Bypass ***
---------------------------------------------
Topic: Vivotek IP Cameras RTSP Authentication Bypass Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com Vivotek IP Cameras RTSP Authentication Bypass 1. *A...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013110038


*** Bugtraq: Open-Xchange Security Advisory 2013-11-06 ***
---------------------------------------------
http://www.securityfocus.com/archive/1/529635


*** Kerberos Multi-realm KDC NULL Pointer Dereference Denial of Service Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55588


*** Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-sip


*** Cisco WAAS Mobile Remote Code Execution Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-waasm


*** Cisco TelePresence VX Clinical Assistant Administrative Password Reset Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131106-tvxca


*** Tweetbot for Mac / for iOS Cross-Site Request Forgery Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/55462


*** Arbor Peakflow X Security Bypass and Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55536