[CERT-daily] Tageszusammenfassung - Freitag 31-01-2014

Fri Jan 31 18:14:30 CET 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 30-01-2014 18:00 − Freitag 31-01-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Researcher Warns of Critical Flaws in Oracle Servers ***
---------------------------------------------
There are two vulnerabilities in some of Oracle's older database packages that allow an attacker to access a remote server without a password and even view the server's filesystem and dump arbitrary files. Oracle has not released a patch for one of the flaws, even though it was reported by a researcher more than two...
---------------------------------------------
http://threatpost.com/researcher-warns-of-critical-flaws-in-oracle-servers/103961


*** Linux: Sicherheitslücke in x32-Code ***
---------------------------------------------
Eine Sicherheitslücke im Linux-Kernel ermöglicht Nutzern das Schreiben in beliebige Speicherbereiche. Betroffen sind nur Kernel mit Unterstützung für x32-Code, in Ubuntu ist dies standardmäßig aktiviert.
---------------------------------------------
http://www.golem.de/news/linux-sicherheitsluecke-in-x32-code-1401-104300-rss.html


*** Yahoo! Mail! users! change! your! passwords! NOW! ***
---------------------------------------------
Web giant blames third-party database compromise Yahoo! is urging users of its Mail service to change their passwords to something secure and unique to the web giant - after a security breach exposed account login details to theft.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/01/31/yahoo_mail_users_change_your_password_now/


*** Akamai Releases Third Quarter, 2013 State of the Internet Report ***
---------------------------------------------
Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released its Third Quarter, 2013 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platform, the report provides insight into key global statistics such as network connectivity and connection speeds, attack traffic, and broadband adoption and availability, among many others.
---------------------------------------------
http://www.akamai.com/html/about/press/releases/2014/press_012814.html


*** Chewbacca Point-of-Sale Malware Campaign Found in 10 Countries ***
---------------------------------------------
A criminal campaign using the Tor-based Chewbacca Trojan, which includes memory-scraping malware and a keylogger, is responsible for the theft of more than 49,000 credit card numbers in 10 countries.
---------------------------------------------
http://threatpost.com/chewbacca-point-of-sale-malware-campaign-found-in-10-countries/103985


*** 3S CoDeSys Runtime Toolkit NULL Pointer Dereference ***
---------------------------------------------
Independent researcher Nicholas Miles has identified a NULL pointer dereference vulnerability in Smart Software Solutions (3S) CoDeSys Runtime Toolkit application. 3S has produced an update that mitigates this vulnerability. Nicholas Miles has tested the update to validate that it resolves the vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-030-01


*** Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability ***
---------------------------------------------
This advisory was originally posted to the US-CERT secure portal library on January 06, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researchers Chris Sistrunk and Adam Todorski have identified an improper input validation in the Schneider Electric Telvent SAGE 3030 remote terminal unit (RTU). Schneider Electric has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely.
---------------------------------------------
http://ics-cert.us-cert.gov/advisories/ICSA-14-006-01


*** Moodle - MSA-14-0002: Group constraints lacking in "login as" ***
---------------------------------------------
Users were able to log in as a user who in a is not in the same group without the permission to see all groups.
---------------------------------------------
https://moodle.org/mod/forum/discuss.php?d=252415


*** TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2 ***
---------------------------------------------
In TYPO3 CMS, protection against CSRF has been implemented for many important actions (like creating, editing or deleting records) but is still missing in other places (like Extension Manager, file upload, configuration module). The upcoming 6.2 LTS version will finally close this gap and will protect editors or administrators from these kind of attacks.
---------------------------------------------
https://typo3.org/teams/security/security-bulletins/psa/typo3-psa-2014-001/


*** Puppet - CVE-2013-6450 - Potential denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. ***
---------------------------------------------
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related...
---------------------------------------------
http://puppetlabs.com/security/cve/cve-2013-6450


*** VU#108062: Lexmark laser printers contain multiple vulnerabilities ***
---------------------------------------------
Certain Lexmark devices are vulnerable to unverified password changes and stored cross-site scripting attacks.
---------------------------------------------
http://www.kb.cert.org/vuls/id/108062


*** A10 Networks Loadbalancer GET directory traversal ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/90814


*** Check Point Endpoint Security MI Server Certificate Validation Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1029704


*** Bugtraq: [SECURITY] [DSA 2849-1] curl security update ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530910


*** Bugtraq: Joomla! JomSocial component < 3.1.0.1 - Remote code execution ***
---------------------------------------------
http://www.securityfocus.com/archive/1/530909


*** Joomla! JV Comment Component "id" SQL Injection Vulnerability ***
---------------------------------------------
https://secunia.com/advisories/56588


*** Vuln: OpenStack Compute (Nova) Compressed qcow2 Disk Images Denial of Service Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/63467