[CERT-daily] Tageszusammenfassung - Donnerstag 9-10-2014

Thu Oct 9 18:12:30 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 08-10-2014 18:00 − Donnerstag 09-10-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** Pricing Policies in the Cyber Criminal Underground ***
---------------------------------------------
Underground markets are places on the Internet where criminal gangs offer a wide range of illegal products and services. Black markets are crowded places where single individuals or criminal organizations could acquire or rent products and services at very competitive prices. Like any other market, in black markets the relationship between supply and demand determines the price of the products. A growing number of highly specialized sellers are offering their wares, and the huge offer is...
---------------------------------------------
http://resources.infosecinstitute.com/pricing-policies-cyber-criminal-underground/


*** Working Paper: Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005-2014 ***
---------------------------------------------
Some 229 data breach incidents involved the personal records of people in Europe. Globally, all these incidents resulted in the loss of some 645 million records, though not all of these breaches exclusively involved people in Europe. Within Europe, we confirmed 200 cases involving people in Europe, and 227 million records lost in Europe...
---------------------------------------------
http://www.databreaches.net/working-paper-data-breaches-in-europe-reported-breaches-of-compromised-personal-records-in-europe-2005%E2%80%902014/


*** Bash Bug Saga Continues: Shellshock Exploit Via DHCP ***
---------------------------------------------
The Bash vulnerability known as Shellshock can be exploited via several attack surfaces including web applications, DHCP, SIP, and SMTP. With multiple proofs of concept (including Metasploit code) available in the public domain, this vulnerability is being heavily exploited. Most discussion of Shellshock attacks have focused on attacks on web apps. There has been relatively...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/1tDC5sTfbUQ/


*** Android: Rund die Hälfte aller Geräte von Sicherheitslücke betroffen ***
---------------------------------------------
45 Prozent aller Android-Smartphones sind noch immer von einer vor wenigen Wochen entdeckten Sicherheitslücke im Smartphone-Browser betroffen. In Deutschland liegt die Zahl sogar deutlich höher.
---------------------------------------------
http://www.golem.de/news/android-rund-die-haelfte-aller-geraete-von-sicherheitsluecke-betroffen-1410-109719-rss.html


*** Flying Blind ***
---------------------------------------------
With all the news about data breaches lately, it's not particularly surprising to wake up to headlines describing yet another one. What is perhaps a bit surprising, however, is the common theme that seems to exist in many of the...
---------------------------------------------
http://www.fireeye.com/blog/corporate/2014/10/flying-blind.html


*** Multiple Vulnerabilities in Cisco ASA Software ***
---------------------------------------------
cisco-sa-20141008-asa
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa


*** Juniper Junos Security Bulletins ***
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10655&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10654&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10653&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10652&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10651&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10650&actp=RSS
http://kb.juniper.net/index?page=content&id=JSA10649&actp=RSS


*** Schneider Electric SCADA Expert ClearSCADA Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-259-01 Schneider Electric SCADA Expert ClearSCADA Vulnerabilities that was published September 16, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in Schneider Electric's StruxureWare SCADA Expert ClearSCADA.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-259-01A


*** Siemens SIMATIC WinCC Vulnerabilities (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-14-205-02 Siemens SIMATIC WinCC Vulnerabilities that was published July 24, 2014, on the NCCIC/ICS-CERT web site. This updated advisory provides mitigation details for vulnerabilities in the Siemens SIMATIC WinCC application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-14-205-02A


*** Security_Advisory-9 OpenSSL Vulnerabilities on Huawei products ***
---------------------------------------------
Oct 08, 2014 20:28
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm


*** VMSA-2014-0010.10 ***
---------------------------------------------
VMware product updates address critical Bash security vulnerabilities
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0010.html


*** SA-CONTRIB-2014-097 - nodeaccess - Access Bypass ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-097Project: Nodeaccess (third-party module)Version: 6.x, 7.xDate: 2014-October-08Security risk: 13/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:UncommonVulnerability: Access bypassDescriptionNodeaccess is a Drupal access control module which provides view, edit and delete access to nodes.This module enables you to inadvertently allow an author of a node view/edit/delete the node in question (who may not have access). The module
---------------------------------------------
https://www.drupal.org/node/2352757


*** SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS) ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-096Project: OAuth2 Client (third-party module)Version: 7.xDate: 2014-October-08Security risk: 10/25 ( Moderately Critical) AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionOAuth2 Client is an API support module, enabling other modules to connect to services using OAuth2 authentication.Within its API code the Client class exposes variables in an error message, which originate from a third party source without
---------------------------------------------
https://www.drupal.org/node/2352747


*** DSA-3048 apt ***
---------------------------------------------
security update
---------------------------------------------
http://www.debian.org/security/2014/dsa-3048


*** OpenSSH <=6.6 SFTP misconfiguration exploit for 64bit Linux ***
---------------------------------------------
OpenSSH lets you grant SFTP access to users without allowing full command execution using "ForceCommand internal-sftp". However, if you misconfigure the server and dont use ChrootDirectory, the user will be able to access all parts of the filesystem that he has access to - including procfs. On modern Linux kernels (>=2.6.39, I think), /proc/self/maps reveals the memory layout and /proc/self/mem lets you write to arbitrary memory positions. Combine those and you get easy RCE.
---------------------------------------------
http://seclists.org/fulldisclosure/2014/Oct/35


*** Onapsis Security Advisories for SAP Products ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014100052
http://cxsecurity.com/issue/WLB-2014100051
http://cxsecurity.com/issue/WLB-2014100050
http://cxsecurity.com/issue/WLB-2014100049
http://cxsecurity.com/issue/WLB-2014100048
http://cxsecurity.com/issue/WLB-2014100047
http://cxsecurity.com/issue/WLB-2014100046


*** Security Advisory-Memory Overflow Vulnerabilities on Huawei E5332 Webserver ***
---------------------------------------------
Oct 09, 2014 11:51
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-373056.htm


*** HPSBMU03127 rev.1 - HP Operations Manager for UNIX, Remote Code Execution ***
---------------------------------------------
A potential security vulnerability has been identified with HP Operations Manager for UNIX. The vulnerability can be exploited remotely to execute arbitrary code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04472866


*** HPSBMU03110 rev.1 - HP Sprinter, Remote Execution of Code ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Sprinter. The vulnerabilities could be exploited remotely to allow execution of code.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04454636


*** Spider Facebook 1.0.8 - SQL Injection ***
---------------------------------------------
2014-10-08T19:00:47
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7639


*** Contact Form DB 2.8.13 - 2 x Cross-Site Scripting (XSS) ***
---------------------------------------------
2014-10-09T11:38:57
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7641


*** EWWW Image Optimizer 2.0.1 Cross-Site Scripting (XSS) ***
---------------------------------------------
2014-10-09T11:35:36
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7640