[CERT-daily] Tageszusammenfassung - Mittwoch 10-12-2014

Wed Dec 10 18:11:10 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 09-12-2014 18:00 − Mittwoch 10-12-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Adobe Security Bulletins Posted ***
---------------------------------------------
http://blogs.adobe.com/psirt/?p=1149


*** VMSA-2014-0013 ***
---------------------------------------------
VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability. VMware vCloud Automation Center has a remote privilege escalation vulnerability. This issue may allow an authenticated vCAC user to obtain administrative access to vCenter Server. 
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0013.html


*** MS14-DEC - Microsoft Security Bulletin Summary for December 2014 - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-DEC


*** Multiple vulnerabilities in SAP SQL Anywhere ***
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-415/
http://www.zerodayinitiative.com/advisories/ZDI-14-414/
http://www.zerodayinitiative.com/advisories/ZDI-14-413/
http://www.zerodayinitiative.com/advisories/ZDI-14-412/


*** ZDI-14-411: Lexmark MarkVision Enterprise ReportDownloadServlet Information Disclosure Vulnerability ***
---------------------------------------------
The specific flaw exists within the ReportDownloadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to read files under the context of SYSTEM.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-411/


*** ZDI-14-410: Lexmark MarkVision Enterprise GfdFileUploadServlet Remote Code Execution Vulnerability ***
---------------------------------------------
The specific flaw exists within the GfdFileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. An attacker can leverage this vulnerability to write files under the context of SYSTEM and achieve remote code execution.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-14-410/


*** X Multiple Memory Corruption Flaws Let Remote Users Deny Service and Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031326


*** Yokogawa FAST/TOOLS XML External Entity ***
---------------------------------------------
This advisory provides mitigation details for an XML external entity processing vulnerability in the Yokogawa FAST/TOOLS application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-01


*** Trihedral VTScada Integer Overflow Vulnerability ***
---------------------------------------------
This advisory provides mitigation details for an integer overflow vulnerability in Trihedral Engineering Ltd's VTScada application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-343-02


*** .Bank hires Symantec to check credentials ***
---------------------------------------------
Soon you might be able to trust that financial email The launch of new .bank domain names is one step closer with the announcement that Symantec has been chosen to act as the credentials verifier for the top-level domain ..
---------------------------------------------
http://www.theregister.co.uk/2014/12/10/bank_hires_symantec_to_check_credentials/


*** Nach Hack: Sony-Sicherheitszertifikat zur Malware-Tarnung genutzt ***
---------------------------------------------
Es ist wohl der verheerendste Angriff auf die IT-Sicherheit eines Unternehmens, den es je gegeben hat. Seit Tagen tauchen immer neue interne Informationen aus dem Netzwerk von Sony Pictures auf. Neben bislang ..
---------------------------------------------
http://derstandard.at/2000009194439


*** Cloud Atlas: RedOctober APT is back in style ***
---------------------------------------------
Two years ago, we published our research into RedOctober, a complex cyber-espionage operation targeting diplomatic embassies worldwide. We named it RedOctober because we started this investigation in October 2012, an unusually hot month.
---------------------------------------------
http://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/


*** DFN-CERT-2014-1622: Red Hat Package Manager (RPM): Zwei Schwachstellen ermöglichen die Ausführung beliebiger Befehle ***
---------------------------------------------
Zwei Schwachstellen im Red Hat Package Manager (RPM) ermöglichen einem entfernten, nicht authentisierten Angreifer die Ausführung beliebiger Befehle während der Paketinstallation und damit die Übernahme des Systems. Die Schwachstelle ..
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2014-1622/


*** F5 BIG-IP SSLv3 Decoding Function Lets Remote Users Decrypt TLS Traffic ***
---------------------------------------------
A vulnerability was reported in F5 BIG-IP. A remote user can decrypt TLS sessions in certain cases. The system may accept incorrect TLS padding when terminating TLSv1 CBC connections. A remote user can with the ability to conduct a man-in-the-middle attack can force a client to use a vulnerable SSLv3 decoding function with TLS and then conduct a BEAST-style of attack to decrypt portions of the session.
---------------------------------------------
http://www.securitytracker.com/id/1031338


*** Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS ***
---------------------------------------------
An attacker could forge a request, which modifies anchor only links on the homepage of a TYPO3 installation in a way that they point to arbitrary domains, if the ..
---------------------------------------------
http://www.typo3.org/news/article/link-spoofing-and-cache-poisoning-vulnerabilities-in-typo3-cms/


*** Störungen bei 1&1-Webhosting wegen DDos-Attacke ***
---------------------------------------------
Weil das DNS-System von 1&1 angegriffen wird, sind sowohl Webhosting als auch Mail von 1&1 zeitweise nicht über Domains erreichbar.
---------------------------------------------
http://www.heise.de/security/meldung/Stoerungen-bei-1-1-Webhosting-wegen-DDos-Attacke-2486039.html


*** Sony Pictures wurde vor Angriff auf IT-Infrastruktur angeblich erpresst ***
---------------------------------------------
Die Umstände des Hacker-Angriffs auf Sony Pictures werden immer verwirrender. Eine Geldforderung legt einen kriminellen Hintergrund nahe. Zugleich fordern die Hacker aber angeblich auch, die Nordkorea-Komödie "The Interview" zu stoppen.
---------------------------------------------
http://www.heise.de/security/meldung/Sony-Pictures-wurde-vor-Angriff-auf-IT-Infrastruktur-angeblich-erpresst-2486043.html


*** X.ORG: Wieder Jahrzente alte Lücken im X-Server ***
---------------------------------------------
Der X-Server ist von 13 Sicherheitslücken betroffen, die sich auf verschiedene Implementierungen auswirken können. Die älteste reicht fast 30 Jahre in die erste Version von X11 zurück. Andeutungen auf die Fehler gab es bereits auf dem 30C3 vor einem Jahr. 
---------------------------------------------
http://www.golem.de/news/x-org-wieder-jahrzente-alte-luecken-im-x-server-1412-111077.html