[CERT-daily] Tageszusammenfassung - Dienstag 1-04-2014

Tue Apr 1 18:06:03 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 31-03-2014 18:00 − Dienstag 01-04-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** Report: RSA endowed crypto product with second NSA-influenced code ***
---------------------------------------------
Extended Random like "dousing yourself with gasoline," professor warns.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/TbwAXYKTq34/


*** Old School Code Injection in an ATM .dll ***
---------------------------------------------
During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account. As a proof of concept, I decided to inject some code into one of them to take full control of the system. This post is about the technique I used to inject the code into a .dll used by one of the Windows Services. I’m sure there are many
---------------------------------------------
http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/CRAp6jZhvVE/injecting-code-into-a-dll.html


*** A Look at the GnuTLS X.509 Verification Code Flaw ***
---------------------------------------------
... it was found that the GnuTLS X.509 certificate verification code fails to properly handle certain error conditions that may occur during the certificate verification process. While verifying the certificate, GnuTLS would report it as successful verification of the certificate, even though verification should have resulted in a failure. This means that invalid certificates may be accepted as valid,
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/iSFhF7R9kFI/


*** Creating an intelligent “sandbox” for coordinated malware eradication ***
---------------------------------------------
Hello from China where I am presenting on coordinated malware eradication at the 2014 PC Security Labs Information Security Conference. Coordinated malware eradication was also the topic of my last blog. I said the antimalware ecosystem must begin to work with new types of partners if we are going to move from the current state of uncoordinated malware disruption, to a state of coordinated malware eradication. 
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/03/31/creating-an-intelligent-sandbox-for-coordinated-malware-eradication.aspx


*** Its not the breach that kills you, its the cover-up ***
---------------------------------------------
Its how you handle yourself during and after a breach that will determine just how detrimental the breach actually is for your organization.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/Mi55LWhfA9c/


*** Managing Windows XP’s Risks in a Post-Support World ***
---------------------------------------------
There are now less than two weeks left until Microsoft terminates support for the incredibly long-lived Windows XP. Rarely has a tech product lasted as long as XP has – from XP’s launch on October 25, 2001 to its last Patch Tuesday on April 8, 2014 a total of 12 years, 5 months, and two […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroManaging Windows XP’s Risks in a Post-Support World
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/fSwrdK2qOeg/


*** EMC Cloud Tiering Appliance Request Validation Flaw Lets Remote Users View Files ***
---------------------------------------------
A vulnerability was reported in EMC Cloud Tiering Appliance. A remote user can view files on the target system.
The '/api/login' script does not properly validate user-supplied input. A remote user can supply a specially crafted XML External Entity (XXE) link to view files on target system with root privileges.
---------------------------------------------
http://www.securitytracker.com/id/1029979


*** Grazer Linuxtage 2014: "Sicherheit im Netz" mit freier Software ***
---------------------------------------------
Alternative Software-Szene lädt an der FH-Joanneum zu Workshops und Vorträgen
---------------------------------------------
http://derstandard.at/1395363812795


*** Horde webmail - Open Redirect Vulnerability ***
---------------------------------------------
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation.
This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it.
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040004


*** ModSecurity HTTP Requests Chunked Encoding Security Bypass Vulnerability ***
---------------------------------------------
Martin Holst Swende has reported a vulnerability in ModSecurity, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error in the "modsecurity_tx_init()" function (apache2/modsecurity.c), which can be exploited to bypass the HTTP request body processing via a specially crafted request using chunked encoding.
---------------------------------------------
https://secunia.com/advisories/57444


*** ct-Special "Umstieg auf Linux" am Kiosk erhältlich ***
---------------------------------------------
Umsteigen auf Linux – warum nicht? Linux bietet eine Menge Vorteile – nicht nur für XP-Anwender, die demnächst keine Sicherheits-Fixes von Microsoft mehr erhalten. Das neue Sonderheft der ct-Redaktion hilft beim sanften Umstieg von Windows auf Linux.
---------------------------------------------
http://www.heise.de/newsticker/meldung/c-t-Special-Umstieg-auf-Linux-am-Kiosk-erhaeltlich-2157549.html?wt_mc=rss.ho.beitrag.rdf


*** IBM WebSphere Portal Two Cross-Site Scripting Vulnerabilities ***
---------------------------------------------
Two vulnerabilities have been reported in IBM WebSphere Portal, which can be exploited by malicious people to conduct cross-site scripting attacks.
---------------------------------------------
https://secunia.com/advisories/57592


*** cPanel Multiple Vulnerabilities ***
---------------------------------------------
Two weaknesses, a security issue, and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information and manipulate certain data, by malicious users to disclose potentially sensitive information, conduct script insertion attacks, manipulate certain data, and compromise a vulnerable system and by malicious people to conduct spoofing and cross-site scripting attacks and bypass certain security restrictions.
---------------------------------------------
https://secunia.com/advisories/57576


*** VU#893726: Zyxel P660 series modem/router denial of service vulnerability ***
---------------------------------------------
Zyxel P660 series modem/router contains a denial of service vulnerability when parsing a high volume of SYN packets on the web management interface.
---------------------------------------------
http://www.kb.cert.org/vuls/id/893726


*** Cisco Security Manager HTTP Header Redirection Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to inject a crafted HTTP header which will cause a web page redirection to a possible malicious website.
The vulnerability is due to insufficient validation user input of user input before using it as an HTTP header value. An attacker could exploit this vulnerability by convincing a user to access a crafted URL.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2138


*** Cisco WSA HTTP Header Injection Vulnerability ***
---------------------------------------------
A vulnerability in the web framework of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page redirection to a possible malicious website.
The vulnerability is due to insufficient validation of user input before using it as an HTTP header value. An attacker could exploit this vulnerability by persuading a user to access a crafted URL.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2137