[CERT-daily] Tageszusammenfassung - Freitag 20-06-2014

Fri Jun 20 18:04:18 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 18-06-2014 18:00 − Freitag 20-06-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a

*** SA-CONTRIB-2014-062 -Passsword Policy - Multiple vulnerabilities ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-062
Project: Password policy (third-party module)
Version: 6.x, 7.x
Date: 2014-June-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities
Description: The Password Policy module enables you to define and enforce password policies with various constraints on allowable user passwords.Access bypass and information disclosure (7.x only)
---------------------------------------------
https://drupal.org/node/2288341


*** KDE: Fehler in Kmail ermöglicht Man-in-the-Middle-Angriffe ***
---------------------------------------------
Im Code des POP3-Kioslaves in KDEs E-Mail-Anwendung Kmail beziehungsweise in Kdelibs ist ein Fehler, durch den ungültige Zertifikate ohne Abfrage akzeptiert werden. Angreifer könnten sich so in den verschlüsselten E-Mail-Verkehr einklinken.
---------------------------------------------
http://www.golem.de/news/kde-fehler-in-kmail-erlaubt-man-in-the-middle-angriffe-1406-107303-rss.html


*** Cisco WebEx Meeting Server Sensitive Information Disclosure Vulnerability ***
---------------------------------------------
A vulnerability in the XML programmatic interface (XML PI) of Cisco WebEx Meeting Server could allow an authenticated, remote attacker to access sensitive information.
The vulnerability is due to disclosure of the meeting information. An attacker could exploit this vulnerability by sending a crafted URL request to a vulnerable device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3296


*** Tausende Android-Apps geben geheime Schlüssel preis ***
---------------------------------------------
Viele Android-Programme betten geheime Zugangsschlüssel direkt in ihren Quellcode ein. Ein Angreifer kann diese nutzen, um private Daten der App-Nutzer zu erbeuten und im schlimmsten Fall die Server-Infrastruktur der Entwickler übernehmen.
---------------------------------------------
http://www.heise.de/security/meldung/Tausende-Android-Apps-geben-geheime-Schluessel-preis-2235259.html


*** Android 4.4.4 is rolling out to devices; contains OpenSSL fix ***
---------------------------------------------
Official change log lists "security fixes;" Googler says it is OpenSSL related.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/rMSXTBPBcjU/


*** 'Your fault - core dumped' - Diving into the BSOD caused by Rovnix ***
---------------------------------------------
Recently we have noticed some Win32/Rovnix samples (detected as TrojanDropper:Win32/Rovnix.K) causing the BSOD on Windows 7 machines. We spent some time investigating this situation and discovered an interesting story behind the BSOD. Analyzing the crash dump We first saw TrojanDropper:Win32/Rovnix.K in October 2013. During a normal Windows Boot the malware will cause the BSOD.
---------------------------------------------
http://blogs.technet.com/b/mmpc/archive/2014/06/18/your-fault-core-dumped-diving-into-the-bsod-caused-by-rovnix.aspx


*** Linux Kernel PI Futex Requeuing Bug Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
A vulnerability was reported in the Linux Kernel. A local user can obtain elevated privileges on the target system.
A local user can can exploit a flaw in the requeuing of Priority Inheritance (PI) to PI futexes to gain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1030451


*** Yet Another BMC Vulnerability (And some added extras) ***
---------------------------------------------
After considering the matter for the past 6 months while continuing to work with Supermicro on the issues, I have decided to release the following to everyone. On 11/7/2013, after reading a couple articles on the problems in IPMI by Rapid7's HD Moore (linked at the end), I discovered that Supermicro had created the password file PSBlock in plain text and left it open to the world on port 49152.
---------------------------------------------
http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/


*** Simplocker ransomware: New variants spread by Android downloader apps ***
---------------------------------------------
Since our initial discovery of Android/Simplocker we have observed several different variants. The differences between them are mostly in: Tor usage - some use a Tor .onion domain, whereas others use a more conventional C&C domain. Different ways of receiving the 'decrypt' command, indicating that the ransom has been paid. ...
---------------------------------------------
http://www.welivesecurity.com/2014/06/19/simplocker-new-variants/


*** Pen Testing Payment Terminals - A Step by Step How-to Guide ***
---------------------------------------------
There is plentitude of payment terminals out there and the design principles vary quite a bit. The ones I have run into in Finland appear to be tightly secured with no attack surface. At first glance, that is. These generally open only outbound connections and use SSL encryption to protect the traffic. Here, I explain why testing a simple, tightly secured payment terminal is not as simple as one might think.
---------------------------------------------
http://pen-testing.sans.org/blog/pen-testing/2014/06/12/pen-testing-payment-terminals-a-step-by-step-how-to-guide