[CERT-daily] Tageszusammenfassung - Mittwoch 18-06-2014

Wed Jun 18 18:05:03 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 17-06-2014 18:00 − Mittwoch 18-06-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Evernote forum breached, profile information compromised ***
---------------------------------------------
The official discussion forum of Evernote has been hacked, leaving users profile information accessible to attackers.
---------------------------------------------
http://www.scmagazine.com/evernote-forum-breached-profile-information-compromised/article/356190/


*** Xen Lets Local Guests Obtain Hypervisor Heap Memory Contents ***
---------------------------------------------
A vulnerability was reported in Xen. A local user can obtain potentially sensitive information from other domains.
The system does not properly control access to memory pages during memory cleanup for dying guest systems. A local user on a guest system can access information from guest or hypervisor memory, potentially including guest CPU register state and hypercall arguments.
---------------------------------------------
http://www.securitytracker.com/id/1030442


*** HP Software Executive Scorecard, Remote Execution of Code, Directory Traversal ***
---------------------------------------------
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Executive Scorecard. The vulnerability could be exploited remotely to allow remote code execution and directory traversal.
References:
CVE-2014-2609 (ZDI-CAN-2116, SSRT101436)
CVE-2014-2610 (ZDI-CAN-2117, SSRT101435) CVE-2014-2611 (ZDI-CAN-2120, SSRT101431)
---------------------------------------------
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04341295-1&ac.admitted=1403085008881.876444892.492883150


*** OpenStack Neutron L3-agent Remote Denial of Service Vulnerability ***
---------------------------------------------
OpenStack Neutron is prone to a remote denial-of-service vulnerability. An attacker can leverage this issue to cause a denial-of-service condition; denying service to legitimate users. The following versions are vulnerable: Versions Neutron 2013.2.3 and prior. Versions Neutron 2014.1 and prior.
---------------------------------------------
http://www.securityfocus.com/bid/68064/discuss


*** Microsoft bessert absturzgefährdeten Virenschutz nach ***
---------------------------------------------
Mit einem Update außer der Patchday-Reihe beseitigt Microsoft einen Fehler in der Malware Protection Engine durch den Schädlinge den Virenschutz lahmlegen konnten.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Microsoft-bessert-absturzgefaehrdeten-Virenschutz-nach-2232449.html/from/rss09?wt_mc=rss.ho.beitrag.rdf


*** VU#774788: Belkin N150 path traversal vulnerability ***
---------------------------------------------
Belkin N150 wireless router firmware versions 1.00.07 and earlier contain a path traversal vulnerability through the built-in web interface. The webproc cgi module accepts a getpage parameter which takes an unrestricted file path as input. The web server runs with root privileges by default, allowing a malicious attacker to read any file on the system.
---------------------------------------------
http://www.kb.cert.org/vuls/id/774788


*** [remote] - Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerability ***
---------------------------------------------
Summary: Rayman Legends is a 2013 platform game developed by Ubisoft Montpellier and published by Ubisoft.
...
Desc: The vulnerability is caused due to a memset() boundary error in the processing of incoming data thru raw socket connections on TCP port 1001, which can be exploited to cause a stack based buffer overflow by sending a long string of bytes on the second connection. Successful exploitation could allow execution of arbitrary code on the affected node.
---------------------------------------------
http://www.exploit-db.com/exploits/33804


*** Forensik-Tool soll iCloud-Backups ohne Passwort herunterladen können ***
---------------------------------------------
Elcomsoft hat angekündigt, dass sein "Phone Password Breaker" Authentifizierungstokens von Rechnern auslesen kann, mit denen sich Ermittler dann Zugang zu iCloud-Daten eines Verdächtigen verschaffen können. Dessen Passwort sei nicht mehr nötig.
---------------------------------------------
http://www.heise.de/security/meldung/Forensik-Tool-soll-iCloud-Backups-ohne-Passwort-herunterladen-koennen-2233983.html


*** When Vulnerabilities are Exploited: the Timing of First Known Exploits for Remote Code Execution Vulnerabilities ***
---------------------------------------------
One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen? Trustworthy Computing's Security Science team published new data that helps put the timing of exploitation into perspective, in the recently released Microsoft Security Intelligence Report volume 16.
---------------------------------------------
http://blogs.technet.com/b/security/archive/2014/06/17/when-vulnerabilities-are-exploited-the-timing-of-first-known-exploits-for-remote-code-execution-vulnerabilities.aspx