[CERT-daily] Tageszusammenfassung - Dienstag 10-03-2015
Daily end-of-shift report
team at cert.at
Tue Mar 10 18:18:06 CET 2015
=======================
= End-of-Shift report =
=======================
Timeframe: Montag 09-03-2015 18:00 − Dienstag 10-03-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
*** MS15-MAR - Microsoft Security Bulletin Summary for March 2015 - Version: 1.0 ***
---------------------------------------------
This bulletin summary lists security bulletins released for March 2015.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/MS15-MAR
*** Apple Patches for iOS, OS X and Apple TV, (Tue, Mar 10th) ***
---------------------------------------------
With yesterdays updates for iOS, OS X and Apple TV, Apple also addressed a number of security vulnerabilities, most notably the Freak vulnerability. After updating, the affected operating systems no longer support export quality ciphers. However, Apple browsers continue to support SSLv3 and as a result, continue to be vulnerable to POODLE. Quick Summary of the security content of Apples updates: XCode 6.2: This update addresses 4 vulnerabilities in subversion and 1 in git. OS X: 5...
---------------------------------------------
https://isc.sans.edu/diary/Apple+Patches+for+iOS%2C+OS+X+and+Apple+TV/19443
*** Exploiting the DRAM rowhammer bug to gain kernel privileges ***
---------------------------------------------
"Rowhammer" is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer...
---------------------------------------------
http://googleprojectzero.blogspot.co.at/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
*** Network Forensics What Are Your Investigations Missing - SANS DFIR WEBCAST ***
---------------------------------------------
Traditionally, computer forensic investigations focused exclusively on data from the seized media associated with a system of interest.Recently, memory analysis has become an integral part of forensic analysis, resulting in a new and significantly different way for digital examiners and investigators to perform their craft.Now another evolution in computer forensics is at hand - one that includes data collected from network devices as well as the from wires themselves. Every day, more and more...
---------------------------------------------
http://blog.malwareresearch.institute/video/2015/03/09/network-forensics-what-are-your-investigations-missing-sans-dfir-webcast
*** Yahoo Patches Critical eCommerce, Small Business Vulnerabilities ***
---------------------------------------------
Yahoo has fixed a handful of vulnerabilities that could have given an attacker free reign over all of its user-run eCommerce websites and caused multiple headaches for small business owners.
---------------------------------------------
http://threatpost.com/yahoo-patches-critical-ecommerce-small-business-vulnerabilities/111519
*** Attackers targeting Elasticsearch remote code execution hole ***
---------------------------------------------
Devs ring patch alarm bells, drop shell code Attackers are targeting a patched remote code execution vulnerability in Elasticsearch that grants unauthenticated bad guys access through a buggy API.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2015/03/10/elastic_search_vuln/
*** SMS Trojan bypasses CAPTCHA ***
---------------------------------------------
Trojan-SMS.AndroidOS.Podec proved to be remarkable: it can send messages to premium-rate numbers employing tools that bypass the Advice of Charge system. It can also subscribe users to premium-rate services while bypassing CAPTCHA.
---------------------------------------------
http://securelist.com/analysis/publications/69169/sms-trojan-bypasses-captcha/
*** Xen Security Advisory CVE-2015-2150 / XSA-120 ***
---------------------------------------------
Non-maskable interrupts triggerable by guests
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-120.html
*** Xen Security Advisory CVE-2015-2151 / XSA-123 ***
---------------------------------------------
Hypervisor memory corruption due to x86 emulator flaw
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-123.html
*** Xen Security Advisory XSA-124 ***
---------------------------------------------
Non-standard PCI device functionality may render pass-through insecure
---------------------------------------------
http://xenbits.xen.org/xsa/advisory-124.html
*** Exploiting the DRAM "Row Hammer" Bug ***
---------------------------------------------
IBM has determined that all IBM System z, System p, and System x products are not vulnerable to this attack. IBM is analyzing other IBM products to determine if they are potentially impacted by this issue. Please actively monitor both your IBM Support Portal for available fixes and/or remediation steps and this blog for additional information.
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/exploiting_the_dram_row_hammer_bug?lang=en_us
*** Row Hammer Privilege Escalation Vulnerability ***
---------------------------------------------
cisco-sa-20150309-rowhammer
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150309-rowhammer
*** Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products ***
---------------------------------------------
cisco-sa-20150310-ssl
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
*** Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response ***
---------------------------------------------
Topic: Varnish 4.0.3 heap-buffer-overflow while parsing backend server HTTP response Risk: High Text:Hi there, Latest varnish-cache 4.0.3 (https://www.varnish-cache.org/) seem to have a problem with parsing HTTP responses fro...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030056
*** Foxit Reader Update Service Unsafe Service Path Lets Local Users Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1031879
*** Foxit Reader GIF File LZWMinimumCodeSize Memory Corruption Error Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031878
*** Foxit Reader GIF File Ubyte Size Memory Corruption Error Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
http://www.securitytracker.com/id/1031877
*** Red Hat Enterprise MRG Messaging Qpid Daemon Bugs Let Remote Users Deny Service and Access the System ***
---------------------------------------------
http://www.securitytracker.com/id/1031872
*** Rails ActiveModel::Name Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1031873
*** Security Advisory: MainWP-Child WordPress Plugin ***
---------------------------------------------
Security Risk: Critical Exploitation level: Very Easy/Remote DREAD Score: 9/10 Vulnerability: Password bypass / Privilege Escalation Patched Version: 2.0.9.2 During a routine audit of our Website Firewall (WAF), we found a critical vulnerability affecting the popular MainWP Child WordPress plugin. According to worpdress.org, it is installed on more than 90,000 WordPress sites as as remote administration...
---------------------------------------------
http://blog.sucuri.net/2015/03/security-advisory-mainwp-child-wordpress-plugin.html
*** Google Analytics by Yoast 5.3.2 - Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7838
*** Fraction Theme <= 1.1.1 - Privilege Escalation via CSRF ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/7840
More information about the Daily
mailing list