[CERT-daily] Tageszusammenfassung - Donnerstag 24-04-2014

Daily end-of-shift report team at cert.at
Thu Apr 24 18:38:09 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 23-04-2014 18:00 − Donnerstag 24-04-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** NetSupport Information Leakage Using Nmap Script ***
---------------------------------------------
NetSupport allows corporations to remotely manage and connect to PCs and servers from a central location for the purposes of desktop support. In my last post I discussed how I wrote a script using the NetSupport scripting language to find versions of NetSupport running on clients with default installations that didnt require authentication to remotely connect to them. Essentially you could use NetSupport to bypassany Domain or local credentials to remotely connect to the PC and...
---------------------------------------------
http://blog.spiderlabs.com/2014/04/netsupport-information-leakage-using-nmap-script.html




*** DHCPv6 and DUID Confusion, (Wed, Apr 23rd) ***
---------------------------------------------
In IPv6, DHCP is taking somewhat a back seat to router advertisements. Many smaller networks are unlikely to use DHCP. However, in particular for Enterprise/larger networks, DHCPv6 still offers a lot of advantages when it comes to managing hosts and accounting for IP addresses in use. One of the big differences when it comes to DHCPv6 is that a host identifies itself with a DUID (DHCP Unique Identifier) which can be different from a MAC address. There are essentially three ways to come up with...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=18015&rss




*** Cisco: Hey, IT depts. Youre all malware hosts ***
---------------------------------------------
Security report also notes skills shortage Everybody - at least every multinational that Cisco checked out for its 2014 Annual Security Report - is hosting malware of some kind, and there arent enough security professionals to go around.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/24/cisco_youre_ialli_malware_hosts/




*** DrDoS attacks to reach 800 Gbps in 2015 ***
---------------------------------------------
While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 Gbps during the next 12 to 18 months.
---------------------------------------------
http://www.net-security.org/secworld.php?id=16733




*** Zero-Day-Lücke in Apache Struts 2 ***
---------------------------------------------
Durch eine kleine Abwandlung einer bereits gepatchten Lücke können Angreifer wieder Code in den Server einschleusen.
---------------------------------------------
http://www.heise.de/security/meldung/Zero-Day-Luecke-in-Apache-Struts-2-2176605.html




*** Situational Awareness Alert for OpenSSL Vulnerability (Update D) ***
---------------------------------------------
This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-009-01C Situational Awareness Alert for OpenSSL Vulnerability that was published April 17, 2014, on the ICS-CERT web site.
---------------------------------------------
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-099-01D




*** Drupal - Vulnerabilities in Third-Party Modules ***
---------------------------------------------
https://drupal.org/node/2248073
https://drupal.org/node/2248077
https://drupal.org/node/2248145
https://drupal.org/node/2248171




*** Attachmate Reflection OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information ***
---------------------------------------------
http://www.securitytracker.com/id/1030144




*** Bugtraq: Weak firmware encryption and predictable WPA key on Sitecom routers ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531920




*** SSA-892012 (Last Update 2014-04-24): Web Vulnerabilities in SIMATIC S7-1200 CPU ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf




*** Vuln: Check_MK Multiple Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/66389
http://www.securityfocus.com/bid/66391
http://www.securityfocus.com/bid/66394
http://www.securityfocus.com/bid/66396




*** Notice: (Revision) CUSTOMER ATTENTION REQUIRED: HP Integrated Lights-Out and Integrated Lights-Out 2 - Scanning First-Generation iLO or iLO 2 Devices for the Heartbleed Vulnerability Results in iLO Lockup Requiring Power to be PHYSICALLY Removed ***
---------------------------------------------
The first-generation iLO and iLO 2 products use the RSA SSL libraries and there is a bug in these libraries that will cause first-generation iLO and iLO 2 devices to enter a live lockup situation when a vulnerability scanner runs to check for the Heartbleed vulnerability. Although the servers operating system will continue to function normally, first-generation iLO and iLO 2 will no longer be responsive over the management network.
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1




*** HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service ***
---------------------------------------------
A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability).
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787




*** HP Security Bulletins for CVE 2014-0160 ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04259321
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102




*** Vuln: EMC Connectrix Manager Converged Network Edition Remote Information Disclosure Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/66308


More information about the Daily mailing list