[CERT-daily] Tageszusammenfassung - Dienstag 7-10-2014

Daily end-of-shift report team at cert.at
Tue Oct 7 18:09:30 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 06-10-2014 18:00 − Dienstag 07-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Confusion over SSL and 1024 bit keys, (Tue, Oct 7th) ***
---------------------------------------------
Yesterday and today, a post on reddit.org caused quite a bit of uncertainty about the security of 1024 bit RSA keys if used with OpenSSL. The past referred to a presentation given at a cryptography conference, stating that 1024 Bit SSL keys can be factored with moderate resources ("20 minutes on a Laptop"). It was suggested that this is at least in part due to a bug in OpenSSL, which according to the post doesnt pick the random keys from the entire space available. It looks more and...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18775&rss




*** Yahoo says attackers looking for Shellshock found a different bug ***
---------------------------------------------
Yahoo said Monday it has fixed a bug that was mistaken for the Shellshock flaw, but no user data was affected.Three of the companys servers with APIs (application programming interfaces) that provide live streaming for its Sports service "had malicious code executed on them this weekend by attackers looking for vulnerable Shellshock servers," wrote Alex Stamos, Yahoos chief information security officer.Stamos wrote on the Hacker News website that the servers had been patched after the...
---------------------------------------------
http://www.csoonline.com/article/2692375/security/yahoo-says-attackers-looking-for-shellshock-found-a-different-bug.html#tk.rss_applicationsecurity




*** Tyupkin Malware Infects ATMs Worldwide ***
---------------------------------------------
The Tyupkin malware, spotted on ATMs in Eastern Europe, allows criminals to make withdrawals of 40 banknotes at a time, researchers at Kaspersky Lab said.
---------------------------------------------
http://threatpost.com/tyupkin-malware-infects-atms-in-eastern-europe/108734




*** Phishing with help from Compromised WordPress Sites ***
---------------------------------------------
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the...
---------------------------------------------
http://blog.sucuri.net/2014/10/phishing-with-help-from-compromised-wordpress-sites.html




*** Huge Security Hole in ZPanel 10.1 ***
---------------------------------------------
When it comes to managing a VPS, many of our customers would prefer to install some kind of control panel rather than do it all themselves from the command line. ZPanel is perhaps the most popular choice for this. We even offered ZPanel 10.1 as a pre-made image -- it was a very recent version (10.1.1 is the most recent at the time of writing), and there are no published security announcements relating to it. We thought it was safe.
---------------------------------------------
https://chunkhost.com/blog/16/huge_security_hole_in_zpanel_10_1




*** MMD-0029-2015 - Warning of Mayhem shellshock attack ***
---------------------------------------------
We afraid this wave will come during the "shellshock", and it did. The attack wave of "ELF .so malware library", and installer of a known botnet called as "Mayhem" just hit all of us. The attack came from various IP, their botnets into many NIX services, utilizing the shellshock web vulnerability scan method to download the remote installer written in Perl (replacing the previous PHP base infection). It obviously a different vector for Mayhem infection, we start
---------------------------------------------
http://blog.malwaremustdie.org/2014/10/mmd-0029-2015-warning-of-mayhem.html




*** Vulnerabilities in WordPress Themes an Plugins ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7632
https://wpvulndb.com/vulnerabilities/7633
https://wpvulndb.com/vulnerabilities/7635
https://wpvulndb.com/vulnerabilities/7634




*** Distance Vector Multicast Routing Protocol Misuse ***
---------------------------------------------
cisco-sr-20141006-dvmrp
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20141006-dvmrp




*** CA Technologies GNU Bash Shellshock ***
---------------------------------------------
Topic: CA Technologies GNU Bash Shellshock Risk: Low Text:CA20141001-01: Security Notice for Bash Shellshock Vulnerability Issued: October 01, 2014 Updated: October 03, 2014 ...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100036




*** SSA-214365 (Last Update 2014-10-07): Vulnerabilities in SIMATIC WinCC ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-214365.pdf




*** Bugzilla 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory ***
---------------------------------------------
The following security issues have been discovered in Bugzilla: * The realname parameter is not correctly filtered on user account creation, which could lead to user data override. * Several places were found in the Bugzilla code where cross-site scripting attacks could be used to access sensitive information. * Private comments can be shown to flagmail recipients who arent in the insider group * Specially formatted values in a CSV search results export could be used in spreadsheet software...
---------------------------------------------
http://www.bugzilla.org/security/4.0.14/




*** Bugtraq: OWTF 1.0 "Lionheart" released! ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533629




*** IBM Security Bulletin: Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) ***
---------------------------------------------
Vulnerabilities in Bash affect SmartCloud Provisioning for IBM Provided Software Virtual Appliance (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187). Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities.  IBM recommends that you review your entire environment to identify...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_smartcloud_provisioning_for_ibm_provided_software_virtual_appliance_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187?lang=en_us




*** IBM Security Bulletin: Multiple vulnerabilities had been identified in Oracle Database related to the RDBMS Core component. (CVE-2014-4236 and CVE-2014-4245) ***
---------------------------------------------
Multiple vulnerabilities had been identified in Oracle Database that is consumed by Tivoli Netcool Perfomance Manager for Wireless. (CVE-2014-4236 and CVE-2014-4245 )  CVE(s): CVE-2014-4236 and CVE-2014-4245  Affected product(s) and affected version(s):   Tivoli Netcool Performance Manager (TNPM) for Wireless version 1.4 and 1.3.2    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_had_been_identified_in_oracle_database_related_to_the_rdbms_core_component_cve_2014_4236_and_cve_2014_4245?lang=en_us




*** Vuln: phpMyAdmin CVE-2014-7217 Multiple Cross Site Scripting Vulnerabilities ***
---------------------------------------------
http://www.securityfocus.com/bid/70252




*** VU#280844: Cryoserver Security Appliance vulnerable to privilege escalation ***
---------------------------------------------
Vulnerability Note VU#280844 Cryoserver Security Appliance vulnerable to privilege escalation Original Release date: 07 Oct 2014 | Last revised: 07 Oct 2014   Overview Cryoserver Security Appliance 7.3.x vulnerable to privilege escalation  Description CWE-264: Permissions, Privileges, and Access Controls Cryoserver Security Appliance 7.3.x does not properly assign permission to the /etc/init.d/cryoserver shell script and allows the default support account to modify it using the /bin/cryo-mgmt
---------------------------------------------
http://www.kb.cert.org/vuls/id/280844




*** VU#121036: BMC Track-It! contains multiple vulnerabilities ***
---------------------------------------------
Vulnerability Note VU#121036 BMC Track-It! contains multiple vulnerabilities Original Release date: 07 Oct 2014 | Last revised: 07 Oct 2014   Overview BMC Track-It! version 11.3.0.355 contains multiple vulnerabilities  Description CWE-306: Missing Authentication for Critical Function - CVE-2014-4872BMC Track-It! exposes several dangerous remote .NET services on port 9010 without authentication. .NET remoting allows a user to invoke methods remotely and retrieve their result. The exposed service
---------------------------------------------
http://www.kb.cert.org/vuls/id/121036


More information about the Daily mailing list