[CERT-daily] Tageszusammenfassung - Donnerstag 3-12-2015
Daily end-of-shift report
team at cert.at
Thu Dec 3 22:45:03 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Mittwoch 02-12-2015 18:00 − Donnerstag 03-12-2015 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
*** Botconf 2015 Wrap-Up Day #1 ***
---------------------------------------------
[The post Botconf 2015 Wrap-Up Day #1 has been first published on /dev/random]Here we go for a new edition of the Botconf edition. Already the third one. This conference is moving every year across France and, after Nantes and Nancy, the organizers chose Paris and more precisely the Google France venue!
---------------------------------------------
https://blog.rootshell.be/2015/12/02/botconf-2015-wrap-up-day-1/
*** ElasticZombie Botnet - Exploiting Elasticsearch Vulnerabilities ***
---------------------------------------------
With the rise of inexpensive Virtual Servers and popular services that install insecurely by default, coupled with some juicy vulnerabilities (read: RCE - Remote Code Execution), like CVE-2015-5377 and CVE-2015-1427, this year will be an interesting one for Elasticsearch.
---------------------------------------------
https://www.alienvault.com/open-threat-exchange/blog/elasticzombie-botnet-exploiting-elasticsearch-vulnerabilities
*** Industrial control system gateway fix opens Heartbleed, Shellshock ***
---------------------------------------------
Metasploit module released to make 0day pwnage easy Rapid 7 security man Todd Beardsley says new firmware released to patch hardcoded SSH keys in Advantech EKI industrial control system gateways contains known brutal flaws including Shellshock, Heartbleed, and buffer overflows.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/12/03/industrial_control_system_gateway_fix_opens_heartbleed_shellshock/
*** DSA-3411 cups-filters - security update ***
---------------------------------------------
Michal Kowalczyk discovered that missing input sanitising in thefoomatic-rip print filter might result in the execution of arbitrarycommands.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3411
*** DFN-CERT-2015-1857/">Red Hat JBoss Enterprise Application Platform: Zwei Schwachstellen ermöglichen u.a. das Ausführen beliebigen Programmcodes ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1857/
*** 3G/4G cellural USB modems are full of critical security flaws, many 0-days ***
---------------------------------------------
An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them.
---------------------------------------------
http://www.net-security.org/secworld.php?id=19182
*** Kaspersky Security Bulletin 2015. Top security stories ***
---------------------------------------------
The end of the year is traditionally a time for reflection - for taking stock of our lives before considering what lies ahead. We'd like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015.
---------------------------------------------
http://securelist.com/analysis/kaspersky-security-bulletin/72886/kaspersky-security-bulletin-2015-top-security-stories/
*** A Case Study of Information Stealers: Part I ***
---------------------------------------------
Introduction: A stealer is a type of malware that looks for passwords stored on the machine and sends them remotely (e.g. mail, HTTP) to an attacker. Most stealers use a web interface to facilitate browsing the data, especially if the targeted number of victims is important.
---------------------------------------------
http://resources.infosecinstitute.com/a-case-study-of-information-stealers-part-i/
*** Report: Scripting languages most vulnerable, mobile apps need better crypto ***
---------------------------------------------
According to an analysis of over 200,000 applications, PHP is the programming language with the most vulnerabilities, mobile apps suffer from cryptography problems, and developers are more likely to fix errors found with static instead of dynamic analysis.
---------------------------------------------
http://www.cio.com/article/3011668/encryption/report-scripting-languages-most-vulnerable-mobile-apps-need-better-crypto.html#tk.rss_security
*** Botnetzbetreiber nutzen Dropbox als toten Briefkasten ***
---------------------------------------------
Die Malware Lowball soll Dropbox-Accounts missbrauchen, um infizierte Rechner in einem Botnetz anzusteuern. So wollen Online-Kriminelle Ermittlern die Spurensuche erschweren.
---------------------------------------------
http://heise.de/-3030993
*** Worldwide Cryptographic Products Survey: Edits and Additions Wanted ***
---------------------------------------------
Back in September, I announced my intention to survey the world market of cryptographic products. The goal is to compile a list of both free and commercial encryption products that can be used to protect arbitrary data and messages.
---------------------------------------------
https://www.schneier.com/blog/archives/2015/12/worldwide_crypt.html
*** Week of Continuous Intrusion Tools - Day 4 - Common Abuse Set, Lateral Movement and Post Exploitation ***
---------------------------------------------
Welcome to Day 4 of Week of Continuous Intrusion tools. We are discussing security of Continuous Integration (CI) tools in this series of blog posts.
---------------------------------------------
http://www.labofapenetrationtester.com/2015/12/week-of-continuous-intrusion-tools-day-4.html
*** Bugtraq: ESA-2015-171 EMC NetWorker Denial-of-service Vulnerability ***
---------------------------------------------
EMC NetWorker contains a resolution for a Denial-of-service vulnerability. The vulnerability when exploited may allow malicious users to disrupt NetWorker services on affected systems.
---------------------------------------------
http://www.securityfocus.com/archive/1/537037
*** OpenSSL Security Advisory [3 Dec 2015] ***
---------------------------------------------
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) Race condition handling PSK identify hint (CVE-2015-3196)
---------------------------------------------
https://openssl.org/news/secadv/20151203.txt
*** Security Advisory: Linux libuser vulnerability CVE-2015-3246 ***
---------------------------------------------
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. (CVE-2015-3246)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/05/sol05770600.html?ref=rss
*** Cisco SIP Phone 3905 Resource Limitation Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-sip
*** Cisco Unity Connection Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the HTTP web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151202-pca
*** Cisco IOS-XE 3S Platforms Series Root Shell License Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the way software packages are loaded in the Cisco IOS-XE Operating System for the Cisco IOS-XE 3S platforms could allow an authenticated, local attacker to gain restricted root shell access.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151130-iosxe3s
*** IBM Security Bulletin ***
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM InfoSphere Discovery (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971529
---------------------------------------------
*** Vulnerabilities in GSKit affect IBM MQ Appliance (CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21971500
---------------------------------------------
*** Vulnerabilities in GSKit 8 affect Tivoli Directory Server and IBM Security Directory Server (CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21972076
---------------------------------------------
*** IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022979
---------------------------------------------
*** IBM Spectrum Scale (GPFS) Hadoop connector is affected by a security vulnerability (CVE-2015-7430) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005461
---------------------------------------------
*** A vulnerability in IBM Java Runtime affects IBM Cognos Metrics Manager (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21971753
---------------------------------------------
*** Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere Appliance Management Center (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21971515
---------------------------------------------
*** Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime, affect IBM Endpoint Manager for Remote Control ***
http://www.ibm.com/support/docview.wss?uid=swg21971798
---------------------------------------------
*** Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (October 2015: CVE-2015-4872, CVE-2015-4911, CVE-2015-5006) ***
http://www.ibm.com/support/docview.wss?uid=swg21972112
---------------------------------------------
*** Multiple vulnerabilities in IBM Java SDK affect Rational Method Composer (CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21971419
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM i (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021018
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Lotus Mashups (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971925
---------------------------------------------
*** Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, ***
http://www.ibm.com/support/docview.wss?uid=swg21969546
---------------------------------------------
*** Vulnerability in Apache Commons affects RIT and RTCP in Rational Test Workbench, RTCP and RIT Agent in Rational Test Virtualization Server, and RIT Agent in Rational Performance Test Server (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971818
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement. (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971731
---------------------------------------------
*** Vulnerability in Apache Commons affects Enterprise Records ***
http://www.ibm.com/support/docview.wss?uid=swg21971268
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Sterling B2B Integrator (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971758
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM InfoSphere Information Server (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971410
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971580
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Algo Credit Administrator (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971240
---------------------------------------------
*** Vulnerability in Apache Commons Collections affects IBM Forms Experience Builder (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971536
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Application Server on Cloud (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972179
---------------------------------------------
*** Multiple vulnerabilities in bundled components affects IBM SPSS Collaboration and Deployment Services (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971599
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM MQ Appliance (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971498
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM WebSphere Appliance Management Center (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971506
---------------------------------------------
*** IBM Vulnerability in Apache Commons affects IBM WebSphere Application Server Community Edition v3.0.0.4 (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972094
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM WebSphere Service Registry and Repository Studio (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971579
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Cognos Metrics Manager (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21971382
---------------------------------------------
*** Vulnerabilities in Apache Commons Collections and Apache Groovy affect IBM UrbanCode Deploy and IBM UrbanCode Deploy with Patterns (CVE-2015-4852, CVE-2015-3253) ***
http://www.ibm.com/support/docview.wss?uid=swg21971291
---------------------------------------------
*** Vulnerability in Apache Commons affects IBM Tivoli Composite Application Manager Agent for WebSphere Applications (CVE-2015-7450) ***
http://www.ibm.com/support/docview.wss?uid=swg21972216
---------------------------------------------
*** Fix Available for Security Vulnerabilities in IBM WebSphere Portal (CVE-2015-4993, CVE-2015-4998, CVE-2015-5001, CVE-2015-7413) ***
http://www.ibm.com/support/docview.wss?uid=swg21970176
---------------------------------------------
More information about the Daily
mailing list