[CERT-daily] Tageszusammenfassung - Donnerstag 23-10-2014
Daily end-of-shift report
team at cert.at
Thu Oct 23 18:17:26 CEST 2014
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 22-10-2014 18:00 − Donnerstag 23-10-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** New CVE-2014-4114 Attacks Seen One Week After Fix ***
---------------------------------------------
Despite the availability of fixes related to the Sandworm vulnerability (CVE-2014-4114), we are still seeing new attacks related to this flaw. These attacks contain a new routine that could prevent detection. A New Evasion Technique In our analysis of the vulnerability, we noted this detail:...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/BYhEqtnNGxs/
*** NIST to hypervisor admins: secure your systems ***
---------------------------------------------
Hypervisor security draft open for comment US standards body the National Institute of Standards and Technology (NIST) has laid out the basics of hypervisor security in a draft publication released for comment on 20 October.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/10/23/nist_to_hypervisor_admins_secure_your_systems/
*** Kommentar zur UEFI-Lücke: Sie lernen es einfach nicht ***
---------------------------------------------
Sicherheitsexperten haben eine kritische Lücke entdeckt, die in vielen UEFI-Firmware-Versionen klafft - vor fast einem Jahr. Doch viele PC- und Mainboard-Hersteller wissen bisher nichts davon. Das ist untragbar.
---------------------------------------------
http://www.heise.de/newsticker/meldung/Kommentar-zur-UEFI-Luecke-Sie-lernen-es-einfach-nicht-2430455.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
*** Linux Container Security ***
---------------------------------------------
First, read these slides. Done? Good.Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment[1].Does this mean containers provide reduced security?
---------------------------------------------
http://mjg59.dreamwidth.org/33170.html
*** Xen says its security policies might be buggier than its software ***
---------------------------------------------
Users didnt know if they were allowed to patch bug behind world cloud reboot The Xen project has asked for help to ensure future bugs arent as disruptive as the XSA-108 flaw that saw major cloud operators reboot an awful lot of servers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/10/23/xen_says_its_security_policies_have_more_holes_than_its_software/
*** A look at a phishing website ***
---------------------------------------------
Yesterday we came across a phishing website under .ch where we were able to download the phishing kit. A phishing kit is an archive file which contains all the relevant files for hosting a phishing website. In this case, the...
---------------------------------------------
http://securityblog.switch.ch/2014/10/23/a-look-at-a-phishing-website/
*** Cisco Patches Three-Year-Old Telnet Remote Code Execution Bug in Security Appliances ***
---------------------------------------------
There is a severe remote code execution vulnerability in a number of Cisco's security appliances, a bug that was first disclosed nearly three years ago. The vulnerability is in Telnet and there has been a Metasploit module available to exploit it for years. The FreeBSD Project first disclosed the vulnerability in telnet in December 2011...
---------------------------------------------
http://threatpost.com/cisco-patches-three-year-old-telnet-remote-code-execution-bug-in-security-appliances/108980
*** Sicherheit: Apple verbietet SSLv3 für Push-Server ***
---------------------------------------------
Entwickler, die den Apple-Push-Notification-Dienst nutzen, dürfen ab Ende des Monats nur noch TLS einsetzen. Grund ist die problematische "Poodle"-Lücke.
---------------------------------------------
http://www.heise.de/security/meldung/Sicherheit-Apple-verbietet-SSLv3-fuer-Push-Server-2430940.html
*** APPLE-SA-2014-10-22-1 QuickTime 7.7.6 ***
---------------------------------------------
https://support.apple.com/kb/HT6493
*** VMSA-2014-0011 ***
---------------------------------------------
VMware vSphere Data Protection product update addresses a critical information disclosure vulnerability.
---------------------------------------------
http://www.vmware.com/security/advisories/VMSA-2014-0011.html
*** TCP Vulnerabilities in Multiple Non-IOS Cisco Products ***
---------------------------------------------
cisco-sa-20040420-tcp-nonios
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040420-tcp-nonios
*** Wireshark Multiple Dissector Bugs Let Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031111
*** [R2] SSLv3 Protocol Vulnerability Affects Tenable Products (POODLE) ***
---------------------------------------------
October 19, 2014
---------------------------------------------
http://www.tenable.com/security/tns-2014-09
*** SA-CONTRIB-2014-102 - Document - Cross Site Scripting ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-102Project: Document (third-party module)Version: 6.x, 7.xDate: 2014-October-08Security risk: 8/25 ( Less Critical) AC:Basic/A:User/CI:None/II:None/E:Theoretical/TD:AllVulnerability: Cross Site ScriptingDescriptionDocument module is a basic Document Management System for Drupal. Cross Site Scripting (XSS)The module wasnt sanitizing user input sufficiently in a few use cases. This vulnerability is mitigated by the the fact that a user must have permissions to
---------------------------------------------
https://www.drupal.org/node/2361617
*** SA-CONTRIB-2014-101 - Ubercart - Cross Site Request Forgery ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-101Project: Ubercart (third-party module)Version: 6.x, 7.xDate: 2014-October-22Security risk: 13/25 ( Moderately Critical) AC:None/A:Admin/CI:None/II:Some/E:Proof/TD:AllVulnerability: Cross Site Request ForgeryDescriptionThe Ubercart module provides a shopping cart and e-commerce features for Drupal.Cross Site Request Forgery (CSRF)The country administration links are not properly protected. A malicious user could trick a store administrator into enabling or
---------------------------------------------
https://www.drupal.org/node/2361613
*** SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure ***
---------------------------------------------
Advisory ID: DRUPAL-SA-CONTRIB-2014-100Project: Bad Behavior (third-party module)Version: 6.x, 7.xDate: 2014-October-22Security risk: 15/25 ( Critical) AC:Basic/A:Admin/CI:Some/II:All/E:Theoretical/TD:AllVulnerability: Information DisclosureDescriptionThis module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts.Information DisclosureThe module
---------------------------------------------
https://www.drupal.org/node/2361611
*** IBM Security Bulletins for SSLv3 Vulnerability (POODLE) ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_platform_symphony_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_platform_cluster_manager_and_ibm_platform_hpc_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_platform_application_center_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_bulletin_vulnerability_in_sslv3_affects_ibm_intelligent_operations_center_and_related_products_and_integrated_information_core_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_infosphere_warehouse_edition_db2_warehouse_edition_db2_warehouse_intelligent_mining_and_db2_warehouse_tooling_product_line_cve_2014_3566?lang=e
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_security_policy_manager_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_netcool_omnibus_webgui_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_netcool_impact?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_tivoli_business_service_manager_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_ibm_sterling_connect_direct_for_i5_os_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_directory_server_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_lotus_quickr_for_websphere_portal_cve_2014_3566?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_sslv3_affects_multiple_ibm_rational_products_based_on_ibm_jazz_technology_cve_2014_3566?lang=en_us
*** Other IBM Security Bulletins ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_security_appscan_source_opens_a_debug_port_during_installation_cve_2014_4812?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_algo_one_counterparty_credit_risk_is_affected_by_open_source_spring_framework_vulnerabilities_cve_2013_6429_amp_cve_2013_6430?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_algo_one_is_affected_by_multiple_open_source_tomcat_security_vulnerabilities_cve_2013_4444_cve_2013_4286_cve_2014_0033_cve_2013_4322_cve_2013_4590?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_related_to_cross_site_scripting_identified_in_tivoli_integrated_portal_cve_2014_6151_cve_2014_6152?lang=en_us
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_security_vulnerabilities_related_to_cross_site_scripting_identified_in_tivoli_integrated_portal_cve_2014_6151_cve_2014_61521?lang=en_us
More information about the Daily
mailing list