[CERT-daily] Tageszusammenfassung - Freitag 8-11-2013

Fri Nov 8 18:07:57 CET 2013

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 07-11-2013 18:00 − Freitag 08-11-2013 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** Advance Notification for November 2013 - Version: 1.0 ***
---------------------------------------------
This is an advance notification of security bulletins that Microsoft is intending to release on November 12, 2013.
---------------------------------------------
http://technet.microsoft.com/en-us/security/bulletin/ms13-nov


*** Clarification on Security Advisory 2896666 and the ANS for the November 2013 Security Bulletin Release ***
---------------------------------------------
Today, we're providing advance notification for the release of eight bulletins, three Critical and five Important, for November 2013. The Critical updates address vulnerabilities in Internet Explorer and Microsoft Windows, and the Important updates address issues in Windows and Office. While this release won't include an update for the issue first described in Security Advisory 2896666, we'd like to tell you a bit more about it. We're working to develop a security update...
---------------------------------------------
http://blogs.technet.com/b/msrc/archive/2013/11/07/clarification-on-security-advisory-2896666-and-the-ans-for-the-november-2013-security-bulletin-release.aspx


*** Exploits of critical Microsoft zero day more widespread than thought ***
---------------------------------------------
At least two hacker gangs exploit TIFF vulnerability to hijack users computers.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/6hCE3JS8yQI/story01.htm


*** Despite patches, Supermicros IPMI firmware is far from secure, researchers say ***
---------------------------------------------
The IPMI in Supermicro motherboards has vulnerabilities that can give attackers unuathorized access to servers, Rapid7 researchers said
---------------------------------------------
http://www.csoonline.com/article/742836/despite-patches-supermicro-39-s-ipmi-firmware-is-far-from-secure-researchers-say?source=rss_application_security


*** PCI council publishes updated payment security standards ***
---------------------------------------------
Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/Ktdq0wWA1L8/


*** VU#274923: Dual_EC_DRBG output using untrusted curve constants may be predictable ***
---------------------------------------------
Vulnerability Note VU#274923 Dual_EC_DRBG output using untrusted curve constants may be predictable Original Release date: 07 Nov 2013 | Last revised: 07 Nov 2013   Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator (DUAL_EC_DRBG) algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance.  Description NIST SP 800-90A defines three elliptic curves for use in Dual_EC_DBRG but does not describe the provenance of the parameters used
---------------------------------------------
http://www.kb.cert.org/vuls/id/274923


*** Source code for proprietary spam bot offered for sale, acts as force multiplier for cybercrime-friendly activity ***
---------------------------------------------
In a professional cybercrime ecosystem, largely resembling that of a legitimate economy, market participants constantly strive to optimize their campaigns, achieve stolen assets liquidity, and most importantly, aim to reach a degree of efficiency that would help them gain market share. Thus, help them secure multiple revenue streams. Despite the increased transparency on the Russian/Easter European underground market - largely thanks to improved social networking courtesy of the...
---------------------------------------------
http://www.webroot.com/blog/2013/11/07/source-code-proprietary-spam-bot-offered-sale-acts-force-multiplier-cybercrime-friendly-activity/


*** Security Bulletin: Vulnerabilities in Sametime Enterprise Meeting Server (CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985) ***
---------------------------------------------
The security bulletin addresses various vulnerabilities found in the Sametime Enterprise Meeting Server regarding spoofing and domain cookies.  CVE(s): and CVE-2013-3044, CVE-2013-3045, CVE-2013-0537, CVE-2013-3985  Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1   Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654355 X-Force
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vulnerabilities_in_sametime_enterprise_meeting_server_cve_2013_3044_cve_2013_3045_cve_2013_0537_cve_2013_3985?lang=en_us


*** Security Bulletin: IBM Lotus Sametime WebPlayer Denial-of-Service (CVE-2013-3986) ***
---------------------------------------------
An attacker participating in a Sametime Audio Visual (AV) session may be able to crash the IBM Sametime WebPlayer extension (Firefox extension) session of other users.  CVE(s): and CVE-2013-3986   Affected product(s) and affected version(s): IBM Lotus Sametime WebPlayer versions 8.5.2 and 8.5.2.1   Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21654041 X-Force Database:
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_lotus_sametime_webplayer_denial_of_service_cve_2013_3986?lang=en_us


*** Security Bulletin: For safer administration of IBM Domino server, use Domino Administrator client instead of Domino Web Administrator ***
---------------------------------------------
IBM Domino Web Administrator (webadmin.nsf) has two cross-site scripting vulnerabilities and one cross-site request forgery of low CVSS score. These vulnerabilities do not exist in the Domino Administrator client. To prevent the potential for these attacks, use the Domino Administrator client or mitigations listed below. Domino Web Administrator is deprecated.   CVE(s):  CVE-2013-4051, CVE-2013-4055, CVE-2013-4050..
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_for_safer_administration_of_ibm_domino_server_use_domino_administrator_client_instead_of_domino_web_administrator?lang=en_us


*** IBM WebSphere Real Time Java Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/55618


*** CTF365: A New Capture The Flag Platform for Ongoing Competitions ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2013/11/08/ctf365--information-security-through-gamification--learning-training-improving


*** OpenSSH Security Advisory: gcmrekey.adv ***
---------------------------------------------
A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm at openssh.com or aes256-gcm at openssh.com) is selected during kex exchange.
---------------------------------------------
http://www.openssh.org/txt/gcmrekey.adv