[CERT-daily] Tageszusammenfassung - Donnerstag 17-04-2014

Thu Apr 17 18:09:38 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 16-04-2014 18:00 − Donnerstag 17-04-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Robert Waldner


*** Entwickler-Modus gefährdet Blackberries ***
---------------------------------------------
Bei aktiviertem Entwickler-Modus können Angreifer über das WLAN oder die USB-Verbindung Schadcode mit vollen Root-Rechten ausführen. Wird der Modus wieder abgeschaltet, ist das Gerät immer noch bis zum nächsten Neustart angreifbar.
---------------------------------------------
http://www.heise.de/security/meldung/Entwickler-Modus-gefaehrdet-Blackberries-2171891.html


*** Heartbleed: BSI sieht keinen Grund für Entwarnung ***
---------------------------------------------
Das Bundesamt für Sicherheit in der Informationstechnik sieht beim "Heartbleed Bug" weiteren Handlungsbedarf. Kleinere Websites sind nach wie vor verwundbar, auch nehmen Angreifer jetzt andere Dienste ins Visier.
---------------------------------------------
http://www.heise.de/security/meldung/Heartbleed-BSI-sieht-keinen-Grund-fuer-Entwarnung-2171922.html


*** Bugtraq: [SECURITY] [DSA 2907-1] Announcement of long term support for Debian oldstable ***
---------------------------------------------
http://www.securityfocus.com/archive/1/531856


*** mAdserve id SQL injection ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/92545


*** SA-CONTRIB-2014-041 - Block Search - SQL Injection ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-041
Project: Block Search (third-party module)
Version: 6.x
Date: 2014-April-16
Security risk: Highly critical
Exploitable from: Remote
Vulnerability: SQL Injection
Description: Block Search module provides an alternative way of managing blocks.The module doesnt properly use Drupals database API resulting in user-provided strings being passed directly to the database allowing SQL Injection.This vulnerability is mitigated by the fact that an attacker must either use a
---------------------------------------------
https://drupal.org/node/2242463


*** SA-CORE-2014-002 - Drupal core - Information Disclosure ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CORE-2014-002
Project: Drupal core
Version: 6.x, 7.x
Date: 2014-April-16
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Information Disclosure
Description: Drupals form API has built-in support for temporary storage of form state, for example user input. This is often used on multi-step forms, and is required on Ajax-enabled forms in order to allow the Ajax calls to access and update interim user input on the server.When pages are cached for anonymous
---------------------------------------------
https://drupal.org/SA-CORE-2014-002


*** Heartbleed CRL Activity Spike Found, (Wed, Apr 16th) ***
---------------------------------------------
It looks like, as I had suspected, the CRL activity numbers we have been seeing did not reflect the real volume caused by the OpenSSL Heartbleed bug. This evening I noticed a massive spike in the amount of revocations being reported by this CRL: http://crl.globalsign.com/gs/gsorganizationvalg2.crl The spike is so large that we initially thought it was a mistake, but we have since confirmed that its real! Were talking about over 50,000 unique recovations from a single CRL:  This is by an order
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17977&rss


*** Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too ***
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/cz_Y-Ayd5tw/


*** OpenSSL-Bug Heartbleed: Die meisten Router sind laut Herstellerangaben nicht verwundbar ***
---------------------------------------------
Die meisten Router-Hersteller geben an, ältere OpenSSL-Versionen zu nutzen. Etliche liefern aber keine Belege dafür, dass ihre Geräte nicht verwundbar sind. Sicherheitsbewusste Nutzer müssen also die Ärmel hochkrempeln und die Geräte selbst testen.
---------------------------------------------
http://www.heise.de/security/meldung/OpenSSL-Bug-Heartbleed-Die-meisten-Router-sind-laut-Herstellerangaben-nicht-verwundbar-2171813.html


*** SAP Router Password Timing Attack ***
---------------------------------------------
Topic: SAP Router Password Timing Attack Risk: High Text:Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. *Advisory Inf...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014040118


*** Whats worse than Heartbleed? Bugs in Heartbleed detection scripts. ***
---------------------------------------------
As of the writing of this blog post, Nessus, Metasploit, Nmap, and others have released methods for detecting whether your systems are affected. The problem is, most of them have bugs themselves which lead to false negatives results, that is, a result which says a system is not vulnerable when in reality it is. With many people likely running detection scripts or other scans against hosts to check if they need to be patched, it is important that these bugs be addressed before too many people
---------------------------------------------
http://www.hut3.net/blog/cns---networks-security/2014/04/14/bugs-in-heartbleed-detection-scripts-


*** Definitionsupdate für Microsoft-Virenscanner bremst Windows XP aus ***
---------------------------------------------
http://derstandard.at/1397520906230


*** Zugriff auf SMS-Nachrichten und Tor-Traffic dank Heartbleed ***
---------------------------------------------
Hackern ist es gelungen, die von SMS-Gateways verschickten Nachrichten auszulesen - Tokens zur Zwei-Faktor-Authentisierung inklusive. Und auch Tor-Exitnodes geben beliebige Speicherinhalte preis.
---------------------------------------------
http://www.heise.de/security/meldung/Zugriff-auf-SMS-Nachrichten-und-Tor-Traffic-dank-Heartbleed-2172655.html


*** Bleichenbacher-Angriff: TLS-Probleme in Java ***
---------------------------------------------
In der TLS-Bibliothek von Java wurde ein Problem gefunden, welches unter Umständen das Entschlüsseln von Verbindungen erlaubt. Es handelt sich dabei um die Wiederbelebung eines Angriffs, der bereits seit 1998 bekannt ist. (Java, Technologie)
---------------------------------------------
http://www.golem.de/news/bleichenbacher-angriff-tls-probleme-in-java-1404-105948-rss.html