[CERT-daily] Tageszusammenfassung - Mittwoch 24-09-2014

Wed Sep 24 18:09:51 CEST 2014

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-09-2014 18:00 − Mittwoch 24-09-2014 18:00
Handler:     Stephan Richter
Co-Handler:  n/a


*** MS14-055 - Important: Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service (2990928) - Version: 3.0 ***
---------------------------------------------
Revisions:
V1.0 (September 9, 2014): Bulletin published.
V2.0 (September 15, 2014): Bulletin revised to remove Download Center links for Microsoft security update 2982385 for Microsoft Lync Server 2010. See the Update FAQ for details.
V3.0 (September 23, 2014): Bulletin rereleased to announce the reoffering of the 2982385 security update file (server.msp) for Microsoft Lync Server 2010. See the Update FAQ for details.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS14-055


*** Website Malware - Curious .htaccess Conditional Redirect Case ***
---------------------------------------------
I really enjoy when I see a different kind of conditional redirect, check this one out: The special thing about this one is the usage of a not so common .htaccess feature in malware: variables. In the first part it set the conditions for user-agents, nothing new, but the afterward rules are interesting: RewriteRule .*Read More
---------------------------------------------
http://blog.sucuri.net/2014/09/website-malware-curious-htaccess-conditional-redirect-case.html


*** Apt: Buffer Overflow in Debians Paketmanagement ***
---------------------------------------------
Im von Debian und Ubuntu verwendeten Paketmanagement Apt wurde ein sicherheitskritischer Fehler entdeckt. Es ist bereits das zweite Mal in kurzer Zeit dass Apt Sicherheitsprobleme hat.
---------------------------------------------
http://www.golem.de/news/apt-buffer-overflow-in-debians-paketmanagement-1409-109407-rss.html


*** Microsoft Starts Online Services Bug Bounty ***
---------------------------------------------
Microsoft today launched the Microsoft Online Services Bug Bounty Program which will pay out a minimum of $500 for vulnerabilities found in its cloud services such as Office 365.
---------------------------------------------
http://threatpost.com/microsoft-starts-online-services-bug-bounty/108486


*** jQuery.com Compromise: The Dangers of Third Party Hosted Content, (Tue, Sep 23rd) ***
---------------------------------------------
jQuery is a popular Javascript framework, used by many websites (including isc.sans.edu) . jQuery provides many features, like easy access to webservices as well as advanced user interface features. When using jQuery, sites have the option to download and host the complete code, or let jQuery.com and its CDN (Content Delivery Network) host the code. There are two advantages in allowing jQuery.com to host the code:  Performance: Code is typically delivered faster, and a user may already have the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18699&rss


*** Auch Mozilla verabschiedet sich langsam von SHA-1 ***
---------------------------------------------
Die Entwickler der freien Web-Browsers Firefox wollen den angreifbaren Hash-Algorithmus in Zukunft nicht mehr für verschlüsselte Verbindungen akzeptieren. Server-Betreibern bleibt jedoch noch Zeit für die Umstellung.
---------------------------------------------
http://www.heise.de/security/meldung/Auch-Mozilla-verabschiedet-sich-langsam-von-SHA-1-2402036.html


*** Remote exploit vulnerability in bash CVE-2014-6271 ***
---------------------------------------------
A remotely exploitable vulnerability has been discovered in bash on Linux and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. If you have have Microsoft Services for UNIX you will need to patch ASAP.  Bash supports exporting she variables as well as shell functions to other bash instances. This is accomplished through the process environment to a child process.   From Debian:Current bash versions use an
---------------------------------------------
http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html#tk.rss_applicationsecurity


*** Bugtraq: CVE-2014-6603 suricata 2.0.3 Out-of-bounds access in SSH parser ***
---------------------------------------------
http://www.securityfocus.com/archive/1/533515


*** Huawei Security Advisory - CSRF Vulnerabilities in Multiple Products ***
---------------------------------------------
Cross-site request forgery (CSRF) vulnerabilities are discovered in multiple products, including FusionManager (Vulnerability ID: HWPSIRT-2014-0408) and USG firewall series (Vulnerability ID: HWPSIRT-2014-0406).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372186.htm


*** Huawei Security Advisory - Information Leakage Vulnerability via MPLS Ping in VRP Platform ***
---------------------------------------------
Information leakage vulnerability exists in several devices using VRP platform, because the MPLS LSP Ping service is bound to unnecessary interfaces, which can cause the leak of IP addresses of devices (Vulnerability ID: HWPSIRT-2014-0418).
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372145.htm


*** Security Advisory - Hikashop Extension for Joomla! ***
---------------------------------------------
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on the vulnerable website[s]. What are the risks? ThisRead More
---------------------------------------------
http://blog.sucuri.net/2014/09/security-advisory-hikashop-extension-for-joomla.html