[CERT-daily] Tageszusammenfassung - Donnerstag 26-09-2013

Daily end-of-shift report team at cert.at
Thu Sep 26 18:11:06 CEST 2013


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 25-09-2013 18:00 − Donnerstag 26-09-2013 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** [papers] - Linux Classic Return-to-libc & Return-to-libc Chaining Tutorial ***
---------------------------------------------
I decided to get a bit more into Linux exploitation, so I thought it would be nice if I document this as a good friend once said “ you think you understand something until you try to teach it“.
---------------------------------------------
http://www.exploit-db.com/download_pdf/28553




*** [papers] - Understanding C Integer Boundaries (Overflows & Underflow) ***
---------------------------------------------
This is my first try at writing papers. This paper is my understanding of the subject. I understand it might not be complete I am open for suggestions and modifications. I hope as this project helps others as it helped me.
---------------------------------------------
http://www.exploit-db.com/download_pdf/28550




*** Blue Coat ProxySG / Security Gateway OS (SGOS) Two Denial of Service Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in Blue Coat ProxySG and Blue Coat Security Gateway OS (SGOS), which can be exploited by malicious people to cause a DoS (Denial of Service).
---------------------------------------------
https://secunia.com/advisories/54999




*** Research shows IT blocking applications based on popularity not risk ***
---------------------------------------------
Tactic leads to less popular, but still risky cloud-based apps freely accessing networks
---------------------------------------------
http://www.csoonline.com/article/740363/research-shows-it-blocking-applications-based-on-popularity-not-risk?source=rss_application_security




*** Popular iOS e-mail app acquired by Dropbox has serious bug, researcher warns (Updated) ***
---------------------------------------------
Code-execution vulnerability could open users to a series of serious attacks.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/hFtmTj9wjFg/story01.htm




*** Security Issue in Ruby on Rails Could Expose Cookies ***
---------------------------------------------
Versions 2.0 to 4.0 of the popular open source web framework Ruby on Rails are vulnerable to a web security issue involving cookies that could make it much easier for someone to login to an app as another user.
---------------------------------------------
http://threatpost.com/security-issue-in-ruby-on-rails-could-expose-cookies/102413




*** Analysis: The Icefog APT: Frequently Asked Questions ***
---------------------------------------------
Here are answers to the most frequently asked questions related to Icefog, an APT operation targeting entities in Japan and South Korea.
---------------------------------------------
http://www.securelist.com/en/analysis/204792307/The_Icefog_APT_Frequently_Asked_Questions




*** Cisco IOS Multiple Flaws Let Remote Users Deny Service ***
---------------------------------------------
Multiple vulnerabilities were reported in Cisco IOS. A remote user can cause denial of service conditions.
---------------------------------------------
http://www.securitytracker.com/id/1029087




*** Security Bulletin: Tivoli Endpoint Manager Security Compliance Analytics (SCA) is affected by multiple Java vulnerabilities ***
---------------------------------------------
Security Compliance Analytics version 1.3 and prior affected by multiple Java vulnerabilities  CVE(s):    
CVE-2013-2463  
CVE-2013-2465  
CVE-2013-2471     
Affected product(s) and affected version(s):  Tivoli Endpoint Manager SCA 1.3 and earlier. 
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tivoli_endpoint_manager_security_compliance_analytics_sca_is_affected_by_multiple_java_vulnerabilities?lang=en_us




*** Java Security Vulnerabilitys addressed in IBM Tivoli Netcool OMNIbus ***
---------------------------------------------
Multiple vulnerabilities related to the Java JRE shipped by Tivoli Netcool/OMNIbus have been resolved.  CVE(s): CVE-2012-0502, CVE-2012-0503, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2012-0498, CVE-2012-0499, CVE-2012-0501, CVE-2012-0505, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-1541, CVE-2012-1543, CVE-2012-3213, CVE-2012-4301, CVE-2012-4305, CVE-2013-0351, CVE-2013-0409,
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/java_security_vulnerabilitys_addressed_in_ibm_tivoli_netcool_omnibus?lang=en_us




*** Security Bulletin: GSKit Security Vulnerabilities addressed in IBM Tivoli Netcool OMNIbus ***
---------------------------------------------
Several vulnerabilities related to the GSKit libraries used by Tivoli Netcool/OMNIbus have been resolved.    CVE(s): CVE-2012-2190,  CVE-2012-2191,  CVE-2012-2333,  CVE-2012-2203,  CVE-2012-2131,  CVE-2012-2110,  CVE-2012-0884,  CVE-2012-0050,  CVE-2011-4108,  CVE-2011-4576,  CVE-2011-4577,  CVE-2011-4619,  CVE-2011-3210,  CVE-2011-0014,  CVE-2010-3864,  CVE-2013-0169,  CVE-2013-0166, and CVE-2012-2686  Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 7.2.1 Tivoli
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_gskit_security_vulnerabilities_addressed_in_ibm_tivoli_netcool_omnibus?lang=en_us




*** Blue Coat ProxySG HTTP Request Processing Memory Leak Lets Remote Users Deny Service ***
---------------------------------------------
A vulnerability was reported in Blue Coat ProxySG. A remote user can cause denial of service conditions.
A remote server can return specially crafted data to trigger a memory leak and cause the target device to drop or bypass traffic. HTML with a large number of recursively embedded HREF tags can trigger this flaw.
---------------------------------------------
http://www.securitytracker.com/id/1029088




*** Nodejs js-yaml load() Code Execution ***
---------------------------------------------
Topic: Nodejs js-yaml load() Code Execution 
Risk: High
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090177




*** InstantCMS 1.10.2 Multiple vulnerabilities ***
---------------------------------------------
Topic: InstantCMS 1.10.2 Multiple vulnerabilities Risk: Low Text:Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2013090179




*** Boffins: Internet transit a vulnerability ***
---------------------------------------------
Mirror, mirror on the port, is this something I can rort? If you think of an Internet exchange, you probably think of infrastructure thats well-protected, well-managed, and hard to compromise. The reality, however, might be different. According to research by Stanford Universitys Daniel Kharitonov, working with TraceVectors Oscar Ibatullin, there are enough vulnerabilities in routers and the like that the Internet exchange makes a target thats both attractive and exploitable.…
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2013/09/26/boffins_internet_transit_a_vulnerability/




*** 1. Cybercrime-Konferenz von Europol und Interpol: Die Jagd den Privaten überlassen? ***
---------------------------------------------
Cybercrime-Ermittlungen privaten Firmen zu überlassen, habe einige Vorteile, meinen Firmenvertreter. Strafverfolger wollen aber genau die Kompetenzen der Privatfirmen entwickeln und ihre Aktionspläne ebenso gut ausgebildeten Richtern vorlegen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/1-Cybercrime-Konferenz-von-Europol-und-Interpol-Die-Jagd-den-Privaten-ueberlassen-1966902.html




*** XEN - Information leak on AVX and/or LWP capable CPUs ***
---------------------------------------------
When a guest increases the set of extended state components for a vCPU saved/restored via XSAVE/XRSTOR (to date this can only be the upper halves of YMM registers, or AMDs LWP state) after already having touched other extended registers restored via XRSTOR (e.g. floating point or XMM ones) during its current scheduled CPU quantum, the hypervisor would make those registers accessible without discarding the values an earlier scheduled vCPU may have left in them.
---------------------------------------------
http://lists.xenproject.org/archives/html/xen-announce/2013-09/msg00005.html




*** VLC 2.1 "Rincewind" is a major new version of our popular media player ***
---------------------------------------------
Rincewind fixes around a thousand bugs, in more than 7000 commits from 140 volunteers.
---------------------------------------------
http://www.videolan.org/vlc/releases/2.1.0.html




*** Google Hangouts schickt Nachrichten an falsche Personen ***
---------------------------------------------
Zu ungewollt peinlichen Situationen könnte es derzeit mit Googles Chat-Tool Hangouts kommen.
---------------------------------------------
http://futurezone.at/produkte/google-hangouts-schickt-nachrichten-an-falsche-personen/28.430.509




*** IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities ***
---------------------------------------------
IBM Rational ClearQuest JSON Hijacking and Cross-Site Request Forgery Vulnerabilities
---------------------------------------------
https://secunia.com/advisories/55010




*** Microsoft veröffentlicht Ereignis- und Paketanalysator Message Analyzer ***
---------------------------------------------
Der bislang nur als Beta-Version erhältliche Message Analyzer steht nun Version 1.0 zum Download bereit.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsoft-veroeffentlicht-Ereignis-und-Paketanalysator-Message-Analyzer-1967419.html




*** How do you monitor DNS?, (Thu, Sep 26th) ***
---------------------------------------------
Personally, my "DNS Monitoring System" is a bunch of croned shell scripts and nagios, in desperate need of an overhaul. While working on a nice (maybe soon published) script to do this, I was wondering: What is everybody else using?  The script is supposed to detect DNS outages and unauthorized changes to my domains. Here are some of the parameters I am monitoring now:  - changes to the zones serial number - changes to the NS records (using the TLDs name servers, not mine) - changes
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=16661&rss




*** Blog: Icefog OpenIOC Release ***
---------------------------------------------
OpenIOC rules for the IceFog campaign
---------------------------------------------
http://www.securelist.com/en/blog/208214070/Icefog_OpenIOC_Release




*** Spear Phishing Poses Threat to Industrial Control Systems ***
---------------------------------------------
While the energy industry may fear the appearance of another Stuxnet on the systems they use to keep oil and gas flowing and the electric grid powered, an equally devastating attack could come from a much more mundane source: phishing. Rather than worry about exotic cyber weapons like Stuxnet and its big brother, Flame, companies that have SCADA systems ... should make sure that their anti-phishing programs are in order, say security experts.
---------------------------------------------
http://www.cio.com/article/740402/Spear_Phishing_Poses_Threat_to_Industrial_Control_Systems?taxonomyId=3089




*** Barracuda CudaTel Communication Server Cross-Site Scripting and SQL Injection Vulnerabilities ***
---------------------------------------------
Vulnerability Lab has reported multiple vulnerabilities in Barracuda CudaTel Communication Server, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/54258




*** Emerson ROC800 Multiple Vulnerabilities ***
---------------------------------------------
This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson Process Management’s ROC800 remote terminal units (RTUs) products (ROC800, ROC800L, and DL8000).
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-13-259-01






More information about the Daily mailing list