[CERT-daily] Tageszusammenfassung - Montag 17-11-2014

Daily end-of-shift report team at cert.at
Mon Nov 17 18:16:33 CET 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 14-11-2014 18:00 − Montag 17-11-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Microsoft Updates MS14-066, (Sun, Nov 16th) ***
---------------------------------------------
Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers added with the update [1]. It appears that clients who may not support these ciphers may fail to connect at all. The quick fix is to remove the ciphers by editing the respective registry entry (see the KB article link below for more details). One user reported to us performance issues when connecting from MSFT Access to SQL Server, which are related to these ciphers. Sadly, MS14-066hasnt been
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18957&rss




*** EVERYTHING needs crypto says Internet Architecture Board ***
---------------------------------------------
Calls for all new protocols to protect privacy, all the time, everywhere The Internet Architecture Board (IAB) has called for encryption to become the norm for all internet traffic.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/16/net_gurus_face_off_against_spooks_encrypt_everything/




*** "Maskierte Apps": Apple veröffentlicht Sicherheitsrichtlinien für App-Installation ***
---------------------------------------------
Mit Enterprise-Zertifikaten signierte Apps lassen sich am App Store vorbei auf iOS-Geräten installieren. Angreifer können das nutzen, um Apps durch manipulierte Versionen zu ersetzen. Mit Tipps will Apple Nutzer für Malware sensibilisieren.
---------------------------------------------
http://www.heise.de/security/meldung/Maskierte-Apps-Apple-veroeffentlicht-Sicherheitsrichtlinien-fuer-App-Installation-2457628.html




*** 91. Treffen der IETF: Das Kapern von BGP-Routen verhindern ***
---------------------------------------------
Immer wieder wird Internet-Verkehr unbemerkt über seltsame Wege zum eigentlichen Ziel umgeleitet. Ob es sich um Abhör-Aktionen handelt oder nur um Pannen, ist oft unklar. Nun könnten Netzbetreiber ein Mittel dagegen in die Hand bekommen.
---------------------------------------------
http://www.heise.de/newsticker/meldung/91-Treffen-der-IETF-Das-Kapern-von-BGP-Routen-verhindern-2455564.html/from/rss09?wt_mc=rss.ho.beitrag.rdf




*** Attack reveals 81 percent of Tor users but admins call for calm ***
---------------------------------------------
Cisco Netflow a handy tool for cheapskate attackers The Tor project has urged calm after new research found 81 percent of users could be identified using Ciscos NetFlow tool.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/




*** WinShock PoC clocked: But DONT PANIC... Its no Heartbleed ***
---------------------------------------------
SChannel exploit opens an easily closed door Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/ms_schannel_crypto_poc/




*** Jetzt patchen: Details zur SChannel-Lücke in Windows im Umlauf ***
---------------------------------------------
Administratoren sollten Patches für die kritische Sicherheitslücke in Windows, die Microsoft letzte Woche geschlossen hat, umgehend einspielen. Ansonsten riskieren sie, dass Angreifer über das Netz Schadcode einschleusen.
---------------------------------------------
http://www.heise.de/security/meldung/Jetzt-patchen-Details-zur-SChannel-Luecke-in-Windows-im-Umlauf-2458701.html




*** Book review: Bulletproof SSL and TLS ***
---------------------------------------------
Must-read for anyone working with one of the Internets most important protocols.I was reading Ivan Ristićs book Bulletproof SSL and TLS when rumours started to appear about an attack against SSL 3.0, which would soon become commonly known as the POODLE attack. Thanks to the book, I was quickly able to read up on the differences between SSL 3.0 and its successor, TLS 1.0, which wasnt vulnerable to the attack. Elsewhere in the book, a few pages are dedicated to protocol downgrade attacks,...
---------------------------------------------
http://www.virusbtn.com/blog/2014/11_17.xml?rss




*** Holy cow! Fasthosts outage blamed on DDoS hack attack AND Windows 2003 vuln ***
---------------------------------------------
Monday, bloody Monday Fasthosts five-hour collapse today has been blamed on a Distributed Denial of Service attack and a security flaw spotted on its Windows 2003 shared web server kit.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/11/17/fasthosts_outage_blamed_on_ddos_hack_attack_and_windows_2003_vuln/



*** Comedy spam blunder raises a smile to start the week ***
---------------------------------------------
We all get lots of spam. Enough, even with junk folders and spam filters, to be more than merely annoying. So heres a spamming mistake to make you smile...
---------------------------------------------
https://nakedsecurity.sophos.com/2014/11/17/comedy-spam-blunder-raises-a-smile-to-start-the-week/




*** Cisco Aironet DHCP Denial of Service Vulnerabilty ***
---------------------------------------------
CVE-2014-7997
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7997




*** Cisco Aironet EAP Debugging Denial of Service Vulnerability ***
---------------------------------------------
CVE-2014-7998
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7998




*** SSA-860967 (Last Update 2014-11-14): GNU Bash Vulnerabilities in Siemens Industrial Products ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-860967.pdf




*** Hot fix to address POODLE SSLv3 vunerability on Designer 4.0.2 AU5 SVN HTTPS access ***
---------------------------------------------
Abstract: Designer 4.0.2 uses SSLv3 to access SVN repositories over HTTPS, making it vulnerable to the poodle weakness in the SSL protocol (CVE-2014-3566). This hot fix addresses the issue by disabling SSLv3 and allowing usage of TLSv1 instead.Document ID: 5195492Security Alert: YesDistribution Type: Field Test FileEntitlement Required: NoFiles:Designer402AU5HF1.zip (2.09 MB)Products:Identity Manager 4.0.2Identity Manager Roles Based Provisioning Module 4.0.2Designer for Identity...
---------------------------------------------
https://download.novell.com/Download?buildid=NjOScYlrw_E~




*** Hot Patch 2 for Novell Messenger 2.2 (security fixes to Messengers server and client components) ***
---------------------------------------------
https://download.novell.com/Download?buildid=I2DgXp6pwVY~
https://download.novell.com/Download?buildid=sJ4Wcd1G7Bo~
https://download.novell.com/Download?buildid=66t5njTLVmk~




*** DSA-3073 libgcrypt11 ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3073




*** Vuln: GnuTLS CVE-2014-8564 Multiple Heap Corruption Denial of Service Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/71003




*** HPSBGN03192 rev.1 - HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL, Remote Disclosure of Information ***
---------------------------------------------
A potential security vulnerability has been identified with HP Remote Device Access: Instant Customer Access Server (iCAS) running OpenSSL. This is the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely to allow disclosure of information. SSLv3 is enabled by default in the current HP iCAS client software.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04501908




*** Security Bulletin: IBM Systems Director (ISD) is affected by vulnerability in the Console Login Window (CVE-2013-5423) ***
---------------------------------------------
IBM Systems Director is affected by a vulnerability in the Console Login Window (CVE-2013-5423).  CVE(s): CVE-2013-5423  Affected product(s) and affected version(s):  Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096563 X-Force Database: http://xforce.iss.net/xforce/xfdb/87485
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_systems_director_isd_is_affected_by_vulnerability_in_the_console_login_window_cve_2013_5423?lang=en_us




*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect GPFS V3.5 for Windows (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) ***
---------------------------------------------
OpenSSL vulnerabilities along with SSL 3 Fallback protection (TLS_FALLBACK_SCSV) were disclosed on October 15, 2014 by the OpenSSL Project. OpenSSL is used by GPFS V3.5 for Windows. GPFS V3.5 for Windows has addressed the applicable CVEs and included the SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) provided by OpenSSL.  CVE(s): CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568  Affected product(s) and affected version(s):   OpenSSH for GPFS V3.5 for Windows    Refer to the following reference
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_openssl_affect_gpfs_v3_5_for_windows_cve_2014_3513_cve_2014_3567_cve_2014_3568?lang=en_us




*** IBM Security Bulletins: Vulnerability in SSLv3 affects multiple products ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_websphere_process_server_websphere_business_compass_and_websphere_business_modeler_publishing_server_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_rational_tau_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_cloud_manager_with_openstack_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_websphere_lombardi_edition_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sterling_connect_direct_for_openvms_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sterling_connect_direct_for_hp_nonstop_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_vulnerabilities_in_sslv3_and_openssl_affects_virtual_server_protection_for_vmware_cve_2014_3566_cve_2014_3567_cve_2014_3568?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_api_management_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_sterling_control_center_cve_2014_3566?lang=en_us




*** [webapps] - MyBB Forums 1.8.2 - Stored XSS Vulnerability ***
---------------------------------------------
http://www.exploit-db.com/exploits/35266


More information about the Daily mailing list