[CERT-daily] Tageszusammenfassung - Dienstag 16-06-2015
Daily end-of-shift report
team at cert.at
Tue Jun 16 18:21:15 CEST 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 15-06-2015 18:00 − Dienstag 16-06-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** Dude, where's my heap? ***
---------------------------------------------
Guest posted by Ivan Fratric, spraying 1TB of memoryThe ability to place controlled content to a predictable location in memory can be an important primitive in exploitation of memory corruption vulnerabilities. A technique that is commonly used to this end in browser exploitation is heap spraying: By allocating a large amount of memory an attacker ensures that some of the allocations happen in a predictable memory region. In order to break this technique, in Windows 8 Microsoft introduced High...
---------------------------------------------
http://googleprojectzero.blogspot.com/2015/06/dude-wheres-my-heap.html
*** RFC 7540 - HTTP/2 protocol, (Mon, Jun 15th) ***
---------------------------------------------
RFC 7540 has been out for a month now. What should we expect with this new version? 1. New frame: HTTP/2 implements a binary protocol with the following frame structure: Length: The length of the frame payload expressed as an unsigned 24-bit integer. Values greater than 2^14 must not be sent unless the receiver has set a larger value for SETTINGS_MAX_FRAME_SIZE parameter. Type: The 8-bit type of the frame. It determines the format and semantics of the frame.">Length: The length of the...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19799&rss
*** LastPass Security Notice ***
---------------------------------------------
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
---------------------------------------------
https://blog.lastpass.com/2015/06/lastpass-security-notice.html/
*** Blackhats exploiting MacKeeper hole to foist dangerous trojan ***
---------------------------------------------
Peskware now net nasty Last months MacKeeper vulnerability is now being exploited in the wild to hijack Apple machines, according to BAE security researcher Sergei Shevchenko.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/16/blackhats_exploiting_mackeeper_hole_to_foist_dangerous_trojan/
*** Odd HTTP User Agents, (Tue, Jun 16th) ***
---------------------------------------------
Many web application firewalls do block odd user agents. However, decent vulnerability scanners will try to evade these simple protections by trying to emulate the user agent string of commonly used browsers. To figure out if I can distinguish bad from good, I compared some of the logs from our honeypotsto logs from a normalweb server (isc.sans.edu). Many of the top user agents hitting the honeypot are hardly seen on normal web sites, allowing me to identify possible vulnerability scanners.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19805&rss
*** Phone hacking blitz hammers UK.bizs poor VoIP handsets ***
---------------------------------------------
If I ever get my hands on those phreaking kids who hacked my phones... UK businesses are getting disproportionately targeted by a surge of attacks against Voice over IP (VoIP) systems.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/06/16/voip_hacking/
*** iOS Application Security Part 45 - Enhancements in Damn Vulnerable iOS app version 2.0 ***
---------------------------------------------
In this article, i would like to give a quick walkthrough of the new vulnerabilities and challenges that we have added in version 2.0 of Damn Vulnerable iOS app. In the Insecure Data storage section, we have added challenges for the following databases. Realm Database Couchbase Lite YapDatabase We have also added a new section...
---------------------------------------------
http://resources.infosecinstitute.com/ios-application-security-part-45-enhancements-in-damn-vulnerable-ios-app-version-2-0/
*** DSA-3289 p7zip - security update ***
---------------------------------------------
Alexander Cherepanov discovered that p7zip is susceptible to adirectory traversal vulnerability. While extracting an archive, itwill extract symlinks and then follow them if they are referenced infurther entries. This can be exploited by a rogue archive to writefiles outside the current directory.
---------------------------------------------
https://www.debian.org/security/2015/dsa-3289
*** VU#101500: Retrospect Backup Client uses weak password hashing ***
---------------------------------------------
Vulnerability Note VU#101500 Retrospect Backup Client uses weak password hashing Original Release date: 15 Jun 2015 | Last revised: 15 Jun 2015 Overview Retrospect Backup Client is a client to a network-based backup utility. This client stores passwords in a hashed format that is weak and susceptible to collision, allowing an attacker to generate a password hash collision and gain access to the targets backup files. Description CWE-916: Use of Password Hash With Insufficient Computational...
---------------------------------------------
http://www.kb.cert.org/vuls/id/101500
*** VU#626420: Pearson ProctorCache contains hard coded credentials ***
---------------------------------------------
Vulnerability Note VU#626420 Pearson ProctorCache contains hard coded credentials Original Release date: 16 Jun 2015 | Last revised: 16 Jun 2015 Overview The Pearson ProctorCache software uses a hard coded password for administrative tasks. Description The ProctorCache is designed to cache the testing content, as well as cache the responses and maintain a client list of active test-takers. ProctorCache is a server software package installed locally within the LAN on a Windows system.CWE-259:
---------------------------------------------
http://www.kb.cert.org/vuls/id/626420
*** Bugtraq: ESA-2015-106: EMC Unified Infrastructure Manager/Provisioning (UIM/P) Authentication Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/archive/1/535776
*** Security Advisory: MIT Kerberos 5 vulnerability CVE-2014-5355 ***
---------------------------------------------
(SOL16743)
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/16000/700/sol16743.html?ref=rss
*** RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability (Update A) ***
---------------------------------------------
This updated advisory is a follow-up to the original advisory titled ICSA-15-162-01 RLE Nova Wind Turbine HMI Unsecure Credentials Vulnerability that was published June 11, 2015, on the NCCIC/ICS-CERT web site. This updated advisory provides publicly disclosed vulnerabilities and mitigation measures for the RLE Nova-Wind Turbine HMI Unsecure Credentials Vulnerability.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-15-162-01A
*** IBM Security Bulletins ***
---------------------------------------------
Vulnerability in Diffie-Hellman ciphers affects TS3400 (CVE-2015-4000)
Vulnerability in Diffie-Hellman ciphers affects TS2900 (CVE-2015-4000)
Vulnerability in Diffie-Hellman ciphers affects IBM Cognos Metrics Manager (CVE-2015-4000)
Vulnerability in Diffie-Hellman ciphers affects the IBM Installation Manager and IBM Packaging Utility (CVE-2015-4000)
Vulnerability with Diffie-Hellman ciphers may affect Lotus Quickr 8.5 for WebSphere Portal (CVE-2015-4000)
Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Integrated Operations Management (CVE-2015-0491, CVE-2015-0459, CVE-2015-0469, CVE-2015-0458, CVE-2015-0480, CVE-2015-0488, CVE-2015-0478, CVE-2015-047...)
IBM QRadar Incident Forensics 7.2.4 is vulnerable to a cross site scripting vulnerability. (CVE-2015-1919)
Vulnerabilities in OpenSSL affect IBM Campaign, IBM ContactOptimization (CVE-2015-0209, CVE-2015-0286, CVE-2015-0288, CVE-2015-0292, CVE-2015-0293)
Open Source Apache Tomcat prior to 6.0.42 as used in IBM QRadar Security Information and Event Manager 7.1 MR2, and 7.2.4 is vulnerable to HTTP request smuggling. (CVE-2014-0227)
Vulnerabilities in OpenSSL affect IBM Campaign, IBM ContactOptimization (CVE-2014-3569)
IBM Tealeaf Customer Experience is affected by a vulnerability in OpenSSL (CVE-2014-3511, CVE-2014-3512)
Vulnerability in Diffie-Hellman ciphers affects IBM Operations Analytics - Predictive Insights (CVE-2015-4000)
Vulnerability in OpenSSL affects IBM XIV Storage System Gen3 (CVE-2014-3570)
Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Business Process Manager and WebSphere Lombardi Edition April 2015 CPU
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us
More information about the Daily
mailing list