[CERT-daily] Tageszusammenfassung - Dienstag 21-07-2015

Daily end-of-shift report team at cert.at
Tue Jul 21 18:24:19 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 20-07-2015 18:00 − Dienstag 21-07-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl
Co-Handler:  Stephan Richter




*** One Perfect Bug: Exploiting Type Confusion in Flash ***
---------------------------------------------
Posted by Natalie Silvanovich, Dazed and (Type) ConfusedFor some attackers, it is important that an exploit be extremely reliable. That is to say, the exploit should consistently lead to code execution when it is run on a system with a known platform and Flash version. One way to create such an exploit is to use an especially high-quality bug. This post describes the exploitation of one such bug, and the factors that make it especially good for reliable exploitation.The BugCVE-2015-3077 is a...
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/07/one-perfect-bug-exploiting-type_20.html




*** Hackers Remotely Kill a Jeep on the Highway - With Me in It ***
---------------------------------------------
I was driving 70 mph on the edge of downtown St. Louis when the exploit began to take hold.
---------------------------------------------
http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/




*** Searching Through the VirusTotal Database, (Tue, Jul 21st) ***
---------------------------------------------
Now that my overview of Sysinternals tools with VirusTotal support is complete (Process Explorer, Autoruns and Sigcheck), lets address a couple of remarks I received (BTW, if I missed a Sysinternals tools, let me know with a comment). 1) Upload of files. Some people are worried that the Sysinternals tools will upload (confidential) files to VirusTotal. That is a valid concern, but for each tool I described, I showed how to enable hash searching first. Configured like this, the Sysinternals...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19945&rss




*** Finding XSS Vulnerabilities More Quickly with Dynamic Contextual Analysis ***
---------------------------------------------
Cross-Site Scripting (XSS) has been around since the 1990s and countless scanners have been created to find this vulnerability class. Each scanner has its own set of payloads with some more extensive than others. However, almost all of these payloads...
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Finding-XSS-Vulnerabilities-More-Quickly-with-Dynamic-Contextual-Analysis/




*** Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop ***
---------------------------------------------
Pwn storm brews Gird your loins, admins; researchers are set to drop 32 zero-day vulnerabilities at the Black Hat hacking fest in Las Vegas in August.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/07/21/black_hat_2015_32_scada_mobile_zerodays_will_drop/




*** x86 Exploitation 101: "House of Spirit" - Friendly stack overflow ***
---------------------------------------------
The last technique from the "Malloc Maleficarum" is different from all the others because, among the requirements, there's a stack overflow.
---------------------------------------------
https://gbmaster.wordpress.com/2015/07/21/x86-exploitation-101-house-of-spirit-friendly-stack-overflow/




*** Cybercrime - Tipping the Balance ***
---------------------------------------------
It's been said before (on this very blog) but it's worth saying again; if you work back far enough from any cybercrime, eventually you find a person. Someone, somewhere is writing the code and calling the shots. When this statement is presented to a non-technical audience, the question that typically follows is "so who are these people?", and hot on it's heels "why are they doing this?". Simple and reasonable queries, but as most of us know, the answers...
---------------------------------------------
https://blog.team-cymru.org/2015/07/cybercrime-tipping-the-balance/




*** Key findings from the ENISA Workshop: Protection of Electronic Communications Infrastructure and Information Sharing ***
---------------------------------------------
ENISA’s Workshop on the Protection of Electronic Communications Infrastructure and Information Sharing successfully concluded with the participation of more than forty-five (45) participants from twenty (20) Member States. Representatives included Ministries and National Regulatory Agencies, Electronic communication providers and infrastructure owners.
---------------------------------------------
http://www.enisa.europa.eu/media/news-items/key-findings-from-the-enisa-workshop-protection-of-electronic-communications-infrastructure-and-information-sharing




*** Operation Shrouded Horizon: Darkode and its Ties to Bulletproof Hosting Services ***
---------------------------------------------
One of the challenges in fighting cybercrime is that it is borderless; cybercriminals can conduct their malicious activities in countries that do not have strict implementation of cybercrime laws. However, no matter how difficult and perilous the task of arresting attackers and taking down cybercriminal operations is, it can be achieved through collaboration between security researchers...
---------------------------------------------
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-S0neNV90as/




*** DFN-CERT-2015-1104: Microsoft Internet Explorer: Mehrere Schwachstellen ermöglichen das Ausführen beliebigen Programmcodes ***
---------------------------------------------
ZDI-15-362-1: Schwachstelle im Internet Explorer ermöglicht das Ausführen beliebigen Programmcodes
Eine Schwachstelle im Internet Explorer basiert auf der Behandlung von CTreePos-Objekten, die durch eine bestimmte Manipulation von Elementen eines Dokumentes zu der Wiederverwendung eines Zeigers auf bereits freigegebenen Speicher führt ("Use-After-Free"). Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstelle mit Hilfe einer speziell präparierten Website oder Datei ausnutzen, wenn er einen Benutzer zum Besuch der Webseite oder zum Öffnen der Datei verleiten kann, um beliebigen Programmcode zur Ausführung zu bringen.

ZDI-15-361-1: Schwachstelle im Internet Explorer ermöglicht das Ausführen beliebigen Programmcodes
Eine Schwachstelle im Internet Explorer basiert auf der Behandlung von CCurrentStyle-Objekten, die durch eine bestimmte Manipulation von Elementen eines Dokumentes zu der Wiederverwendung eines Zeigers auf bereits freigegebenen Speicher führt ("Use-After-Free"). Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstelle mit Hilfe einer speziell präparierten Website oder Datei ausnutzen, wenn er einen Benutzer zum Besuch der Webseite oder zum Öffnen der Datei verleiten kann, um beliebigen Programmcode zur Ausführung zu bringen.

ZDI-15-360-1: Schwachstelle im Internet Explorer ermöglicht das Ausführen beliebigen Programmcodes
Eine Schwachstelle im Internet Explorer basiert auf der Behandlung von CAttrArray-Objekten, die durch eine bestimmte Manipulation von Elementen eines Dokumentes zu der Wiederverwendung eines Zeigers auf bereits freigegebenen Speicher führt ("Use-After-Free"). Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstelle mit Hilfe einer speziell präparierten Website oder Datei ausnutzen, wenn er einen Benutzer zum Besuch der Webseite oder zum Öffnen der Datei verleiten kann, um beliebigen Programmcode zur Ausführung zu bringen.

ZDI-15-359-1: Schwachstelle im Internet Explorer ermöglicht das Ausführen beliebigen Programmcodes
Eine Schwachstelle im Internet Explorer basiert auf der Verarbeitung von Arrays für die Repräsentation von HTML-Tabellen, die durch eine bestimmte Manipulation von Elementen eines Dokumentes zu einem Speicherüberlauf ("Out-Of-Bounds Memory Access") führt. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstelle mit Hilfe einer speziell präparierten Website oder Datei ausnutzen, wenn er einen Benutzer zum Besuch der Webseite oder zum Öffnen der Datei verleiten kann, um beliebigen Programmcode zur Ausführung zu bringen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2015-1104/




*** MS15-078 - Critical: Vulnerability in Microsoft Font Driver Could Allow Remote Code Execution (3079904) - Version: 1.0 ***
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-078




*** ZDI-15-358: BitTorrent/uTorrent URI Protocol Command Line Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent and uTorrent. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-358/




*** ZDI-15-363: (0Day) Hewlett-Packard Client Automation Agent Stack Based Buffer Overflow Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-363/




*** ZDI-15-364: (0Day) Hewlett-Packard Client Automation Agent Command Injection Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Client Automation. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-364/




*** ZDI-15-365: Apache Groovy Deserialization of Untrusted Data Remote Code Execution Vulnerability ***
---------------------------------------------
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Groovy. Authentication is not required to exploit this vulnerability.
---------------------------------------------
http://www.zerodayinitiative.com/advisories/ZDI-15-365/




*** VU#912036: N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password ***
---------------------------------------------
Vulnerability Note VU#912036 N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password Original Release date: 20 Jul 2015 | Last revised: 20 Jul 2015   Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined.  Description CWE-547: Use of Hard-coded,...
---------------------------------------------
http://www.kb.cert.org/vuls/id/912036




*** Cisco WebEx Meetings Reflected Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39755




*** Cisco WebEx Training Center Stored Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39753




*** Cisco WebEx Administration Site Stored Cross-Site Scripting Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=39756




*** Cisco Videoscape Policy Resource Manager Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=40050




*** [R1] OpenSSL secadv_20150709 Vulnerability Affects Tenable SecurityCenter ***
---------------------------------------------
http://www.tenable.com/security/tns-2015-08




*** SSA-267489 (Last Update 2015-07-21): Vulnerabilities in Android App Sm at rtClient ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf




*** SSA-396873 (Last Update: 2015-07-21): TLS Vulnerability in Ruggedcom ROS- and ROX-based Devices ***
---------------------------------------------
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf




*** Active Super Shop 1.0 Cross Site Scripting ***
---------------------------------------------
Topic: Active Super Shop 1.0 Cross Site Scripting Risk: Low Text:# Exploit Title:Active Super Shop Persistent XSS # Date: Fri July 17 2015 # Exploit Author: Angelo Ruwantha # Vendor Homepag...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070101




*** WordPress Mailcwp 1.99 Shell Upload ***
---------------------------------------------
Topic: WordPress Mailcwp 1.99 Shell Upload Risk: High Text:Title: Remote file upload vulnerability in mailcwp v1.99 wordpress plugin Author: Larry W. Cashdollar, @_larry0 Date: 2015-07...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015070100


More information about the Daily mailing list