[CERT-daily] Tageszusammenfassung - Dienstag 30-09-2014

Daily end-of-shift report team at cert.at
Tue Sep 30 18:07:10 CEST 2014 

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 29-09-2014 18:00 − Dienstag 30-09-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter




*** JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell Command Injection Vulnerability in Bash ***
---------------------------------------------
Last Updated: 	29 Sep 2014
---------------------------------------------
http://kb.juniper.net/index?page=content&id=JSA10648




*** We Take Your Privacy and Security. Seriously. ***
---------------------------------------------
"Please note that [COMPANY NAME] takes the security of your personal data very seriously." If youve been on the Internet for any length of time, chances are very good that youve received at least one breach notification email or letter that includes some version of this obligatory line. But as far as lines go, this one is about as convincing as the classic break-up line, "Its not you, its me."
---------------------------------------------
http://krebsonsecurity.com/2014/09/we-take-your-privacy-and-security-seriously/




*** Splunk response to "shellshock" vulnerabilities ***
---------------------------------------------
Description Splunk response to "shellshock" vulnerabilities: Splunk Enterprise response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Enterprise response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Cloud response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk MINT response to Bash "shellshock" parsing attack (CVE-2014-6271, CVE-2014-7169) Splunk Storm response...
---------------------------------------------
http://www.splunk.com/view/SP-CAAANJN




*** WPScan Vulnerability Database a New WordPress Security Resource ***
---------------------------------------------
Researcher Ryan Dewhurst released the WPScan Vulnerability Database, a database housing security vulnerabilities in WordPress core code, plug-ins and themes. Its available for pen-testers, WordPress administrators and developers.
---------------------------------------------
http://threatpost.com/wpscan-vulnerability-database-a-new-wordpress-security-resource/108607




*** Cisco WebEx Meetings Server Arbitrary Download Vulnerability ***
---------------------------------------------
CVE-2014-3395
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3395




*** MMD-0027-2014 - Linux ELF bash 0day (shellshock): The fun has only just begun... ***
---------------------------------------------
Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in the wild. The rough disassembly analysis and summary I wrote and posted in Virus Total & Kernel Mode here --> [-1-] [-2-] credit) (the credit is all for her for links to find this malware, for the swift sensoring & alert, and thanks for...
---------------------------------------------
http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-just.html




*** gnome-shell printscreen key security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/96713




*** Apple schließt Shellshock-Lücken in OS X - teilweise ***
---------------------------------------------
Update für die Unix-Shell Bash veröffentlicht - Scheint aber nur die ersten zwei aufgetauchten Lücken zu bereinigen
---------------------------------------------
http://derstandard.at/2000006210412




*** remote syslog PRI vulnerability ***
---------------------------------------------
Sysklogd is mildly affected. Having a quick look at the current git master branch, the wrong action may be applied to messages with invalid facility. ... Rsyslogd experiences the same problem as sysklogd. However, more severe effects can occur, BUT NOT WITH THE DEFAULT CONFIGURATION. The most likely and thus important attack is a remote DoS. Some of the additional tables are writable and can cause considerable misadressing. ...
---------------------------------------------
http://www.rsyslog.com/security-advisories/




*** [20140904] - Core - Denial of Service ***
---------------------------------------------
Project: Joomla! SubProject: CMS Severity: Low Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Exploit type: Denial of Service Reported Date: 2014-September-24 Fixed Date: 2014-September-30 CVE Number: CVE-2014-7229  Description Inadequate checking allowed the potential for a denial of service attack. Affected Installs Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Solution Upgrade to version 2.5.26, 3.2.6, or...
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/MWxjsJYnk9U/596-20140904-core-denial-of-service.html




*** [20140903] - Core - Remote File Inclusion ***
---------------------------------------------
Project: Joomla! SubProject: CMS Severity: Moderate Versions: 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Exploit type: Remote File Inclusion Reported Date: 2014-September-24 Fixed Date: 2014-September-30 CVE Number: CVE-2014-7228  Description Inadequate checking allowed the potential for remote files to be executed. Affected Installs Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4 Solution Upgrade to version 2.5.26,...
---------------------------------------------
http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/NTyZcpJMN00/595-20140903-core-remote-file-inclusion.html




*** IBM Sterling Connect:Direct for UNIX is affected by multiple OpenSSL vulnerabilities(CVE-2014-3508, CVE-2014-3511) ***
---------------------------------------------
Security vulnerabilities have been discovered in OpenSSL that were reported on 6 August 2014 by the OpenSSL Project.  CVE(s): CVE-2014-3508 and CVE-2014-3511  Affected product(s) and affected version(s):   IBM Sterling Connect:Direct for UNIX 4.0.00 - All versions prior to 4.0.00 Fix 131 IBM Sterling Connect:Direct for UNIX 4.1.0 - All versions prior to 4.1.0.4 iFix 33    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_sterling_connect_direct_for_unix_is_affected_by_multiple_openssl_vulnerabilities_cve_2014_3508_cve_2014_3511?lang=en_us




*** IBM Security Bulletin: Open Redirection in IBM Tivoli Federated Identity Manager (CVE-2014-3097) ***
---------------------------------------------
In certain cases, IBM Tivoli Federated Identity Manager does not handle end user provided data before using that data to construct an HTTP redirect request.  CVE(s): CVE-2014-3097  Affected product(s) and affected version(s):   IBM Tivoli Federated Identity Manager 6.2.0, 6.2.1, 6.2.2    Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg21684852 X-Force Database:...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_open_redirection_in_ibm_tivoli_federated_identity_manager_cve_2014_3097?lang=en_us




*** IBM Security Bulletin: Vulnerabilities in Bash affect IBM InfoSphere Guardium Database Activity Monitoring (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) ***
---------------------------------------------
Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by IBM InfoSphere Guardium Database Activity Monitoring.  CVE(s): CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277 and CVE-2014-6278  Affected product(s) and affected version(s):...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerabilities_in_bash_affect_ibm_infosphere_guardium_database_activity_monitoring_cve_2014_6271_cve_2014_7169_cve_2014_7186_cve_2014_7187_cve_2014_6277_cve_2014_6278?lang=e




*** IBM Security Bulletin: Shell command injection and cross-site scripting vulnerabilities in Access Manager for Mobile and Access Manager for Web (CVE-2014-4823, CVE-2014-6079) ***
---------------------------------------------
IBM Security Access Manager for Mobile and IBM Security Access Manager for Web could be affected by a command injection vulnerability and allow a cross site scripting attack.  CVE(s): CVE-2014-4823 and CVE-2014-6079  Affected product(s) and affected version(s):   IBM Security Access Manager for Mobile 8. - Firmware versions 8.0.0.0, 8.0.0.1, 8.0.0.3, and 8.0.0.4. IBM Security Access Manager for Web 7.0 and 8.0 - Firmware versions 7.0, 7.0.0.1, 7.0.0.2, 7.0.0.3, 7.0.0.4, 7.0.0.5, 7.0.0.6,...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_shell_command_injection_and_cross_site_scripting_vulnerabilities_in_access_manager_for_mobile_and_access_manager_for_web_cve_2014_4823_cve_2014_6079?lang=en_us




*** IBM Security Bulletin: Denial of Service when using e-community single sign on in IBM Security Access Manager for Web (CVE-2014-4809) ***
---------------------------------------------
When using e-community single sign on (ECSSO), the WebSEAL component of IBM Security Access Manager for Web could become unresponsive under certain circumstances, possibly resulting in denial of service.  CVE(s): CVE-2014-4809  Affected product(s) and affected version(s):   IBM Security Access Manager for Web version 7.0 appliance: All firmware versions. IBM Security Access Manager for Web version 8.0: Firmware versions 8.0.0.2, 8.0.0.3, and 8.0.0.4    Refer to the following reference URLs for...
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_denial_of_service_when_using_e_community_single_sign_on_in_ibm_security_access_manager_for_web_cve_2014_4809?lang=en_us




*** Abgeschlossen: Wartungsarbeiten Dienstag 30. September 2014 ***
---------------------------------------------
Update: Die Wartungsarbeiten wurden gegen 10h abgeschlossen; insgesamt kam es zu Ausfallszeiten von etwa 15 Minuten.
---------------------------------------------
http://www.cert.at/services/blog/20140929105226-1254.html

More information about the Daily mailing list