[CERT-daily] Tageszusammenfassung - Dienstag 22-04-2014

Tue Apr 22 21:04:00 CEST 2014

=======================
=  Heartbleed Report  =
=        a.k.a        =
= End-of-Shift report =
=======================

Timeframe:   Freitag 18-04-2014 18:00 − Dienstag 22-04-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Amplification, reflection DDoS attacks increase 35 percent in Q1 2014 ***
---------------------------------------------
The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/GljZsrx9WMs/


*** Das Router-Desaster: Fritzbox-Update gerät ins Stocken ***
---------------------------------------------
Aktuelle Scan-Ergebnisse belegen, dass die Verbreitung des kritischen Sicherheits-Updates kaum voranschreitet. In vielen Fällen werden verwundbare Fritzboxen sogar noch mit aktivem Fernzugriff betrieben - eine gefährliche Mischung.
---------------------------------------------
http://www.heise.de/security/meldung/Das-Router-Desaster-Fritzbox-Update-geraet-ins-Stocken-2173043.html


*** Home entertainment implementations are pretty appaling ***
---------------------------------------------
I picked up a Panasonic BDT-230 a couple of months ago. Then I discovered that even though it appeared fairly straightforward to make it DVD region free (I have a large pile of PAL region 2 DVDs), the US models refuse to play back PAL content. We live in an era of software-defined functionality. While Panasonic could have designed a separate hardware SKU with a hard block on PAL output, that would seem like unnecessary expense. So, playing with the firmware seemed like a reasonable...
---------------------------------------------
http://mjg59.dreamwidth.org/31178.html


*** OpenSSL Rampage, (Mon, Apr 21st) ***
---------------------------------------------
OpenSSL, in spite of its name, isnt really a part of the OpenBSD project. But as one of the more positive results of the recent Heartbleed fiasco, the OpenBSD developers, who are known for their focus on readable and secure code, have now started a full-scale review and cleanup of the OpenSSL codebase. If you are interested in writing secure code in C (not necessarily a contradiction in terms), I recommend you take a look at http://opensslrampage.org/archive/2014/4, where the OpenBSD-OpenSSL...
---------------------------------------------
http://isc.sans.edu/diary.html?storyid=17997&rss


*** Mysterious iOS malware campaign has Chinese origins ***
---------------------------------------------
The threat, dubbed "Unflod Baby Panda," was discovered by Reddit users and analyzed by researchers at the German-based security firm, SektionEins.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/_EB9Qixb5Vk/


*** Easter egg: DSL router patch merely hides backdoor instead of closing it ***
---------------------------------------------
Researcher finds secret "knock" opens admin for some Linksys, Netgear routers.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/MBqOOgJa9Ng/


*** Feedly fixes Android JavaScript code injection flaw, deems it "harmless" ***
---------------------------------------------
A researcher wrote about a bug in the Android app for news aggregator Feedly that could enable JavaScript code injection, but even though it was fixed, the company did not really consider it a vulnerability.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/lZyhHF8qR8o/


*** Report: Google looks to integrate PGP with Gmail ***
---------------------------------------------
Pretty Good Privacy, or PGP, is an encryption method that was created in the early 90s.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/pxVEyRndi7A/


*** Weekly Metasploit Update: Heartbleed and Firefox Passwords ***
---------------------------------------------
https://community.rapid7.com/community/metasploit/blog/2014/04/17/weekly-metasploit-update


*** Critical update makes P2P Zeus trojan even tougher to remove ***
---------------------------------------------
An update to the P2P Zeus banking trojan results in the installation of a rootkit driver that makes deleting the malware even tougher.
---------------------------------------------
http://feedproxy.google.com/~r/SCMagazineHome/~3/EIQ5YrV1__8/


*** Sicherheitslücke beim Netzwerkmonitor Nagios ***
---------------------------------------------
Der "Nagios Remote Plugin Executor" führt unter Umständen eingeschleuste Befehle aus. Diese Umstände deuten allerdings schon auf eine generell unsichere Konfiguration hin.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheitsluecke-beim-Netzwerkmonitor-Nagios-2174201.html


*** Ein Viertel der Internetnutzer wechselt nie die Passwörter ***
---------------------------------------------
Trotz Heartbleed wechselt weiterhin rund ein Viertel aller deutschen Internetnutzer nie ihr Passwort. Ein Drittel der Befragten verwendet ein Passwort auf mehreren Plattformen.
---------------------------------------------
http://futurezone.at/digital-life/ein-viertel-der-internetnutzer-wechselt-nie-die-passwoerter/61.910.512


*** Heartbleed und das Sperrproblem von SSL ***
---------------------------------------------
Nach dem Beseitigen des Heartbleed-Problems sperrten viele Admins vorsorglich ihre SSL-Zertifikate und besorgten sich neue. Trotzdem bedeuten geklaute Server-Schlüssel auch weiterhin ein Problem - denn das Sperren funktioniert eigentlich nicht.
---------------------------------------------
http://www.heise.de/security/meldung/Heartbleed-und-das-Sperrproblem-von-SSL-2174254.html


*** OpenSSL ssl3_read_bytes denial of service ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/92632


*** Alert for CVE-2014-0160 ***
---------------------------------------------
This Security Alert addresses CVE-2014-0160 ('Heartbleed'), a publicly disclosed vulnerability which affects multiple OpenSSL versions implemented by various vendors in their products. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality of systems that are running affected versions of OpenSSL. According to http://heartbleed.com, the compromised data may contain passwords, private keys, and other sensitive information. In some instances, this information could be used by a malicious attacker to log into systems using a stolen identity or decrypt private information that was sent months or years ago.
---------------------------------------------
http://www.oracle.com/technetwork/topics/security/alert-cve-2014-0160-2190703.html


*** Winamp Buffer Overflow and Pointer Dereference Bugs Let Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1030107


*** VMSA-2014-0004.6 ***
---------------------------------------------
VMware product updates address OpenSSL security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0004.html


*** F5 - Various Vulnerabilities in Multiple Products ***
---------------------------------------------
https://secunia.com/advisories/58157
https://secunia.com/advisories/58159
https://secunia.com/advisories/58154
https://secunia.com/advisories/58160


*** Check Point Mobile VPN for iOS and for Android OpenSSL Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/57947


*** VU#622950: Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed ***
---------------------------------------------
Vulnerability Note VU#622950 Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed Original Release date: 21 Apr 2014 | Last revised: 21 Apr 2014   Overview Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that can be reversed. (CWE-328)  Description Toshiba Global Commerce Solutions 4690 Point of Sale operating system contains a password hashing algorithm that
---------------------------------------------
http://www.kb.cert.org/vuls/id/622950


*** Bugzilla Input Validation Flaw Permits Cross-Site Request Forgery Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030128


*** SonicWALL Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58146


*** CA Multiple Products OpenSSL TLS/DTLS Heartbeat Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58019


*** Tenable SecurityCenter OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58182


*** IBM OS/400 Weakness and Multiple Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/57826


*** ADTRAN Multiple Products OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58172


*** Vulnerabilities in multiple HP Products ***
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04201408
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04220407
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04219959
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03969437
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04250814
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04248997
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04255796
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236062
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239372
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260456
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260505
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04260353


*** BlackBerry Enterprise Service OpenSSL TLS/DTLS Heartbeat Two Information Disclosure Vulnerabilities ***
---------------------------------------------
https://secunia.com/advisories/58244


*** IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ds8870_release_7_2_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_9_1_1065_openssl_vulnerability_update_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_openssl_heartbleed_vulnerability_and_impact_to_algo_and_openpages_products?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_license_metric_tool_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/title_ibm_endpoint_manager_software_use_analysis_only_some_versions_are_affected_by_the_openssl_heartbleed_vulnerability_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_provisioning_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_team_concert_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sterling_connect_express_for_unix_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_00761?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_and_openssl_heart_bleed_vulnerability?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_build_forge_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_smartcloud_orchestrator_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entryhttps://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_integrated_management_module_2_imm2_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_flex_system_chassis_management_module_cmm_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_tivoli_storage_productivity_center_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_worklight_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_sdn_for_virtual_environments_is_affected_by_a_vulnerabilityin_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_power_hardware_management_console_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_i_affected_by_openssl_vulnerability_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ts3000_tssc_is_affected_by_a_vulnerability_in_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_power_systems_firmware_is_affected_by_vulnerability_in_openssl_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_smart_analytics_system_5600_v3_is_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_endpoint_manager_for_remote_control_is_affected_by_vulnerabilities_in_openssl_cve_2014_0076_cve_2014_0160?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_san_volume_controller_and_storwize_family_systems_are_affected_by_vulnerabilities_in_openssl_cve_2014_0160_and_cve_2014_0076?lang=en_us