[CERT-daily] Tageszusammenfassung - Dienstag 17-03-2015

Tue Mar 17 18:12:16 CET 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 16-03-2015 18:00 − Dienstag 17-03-2015 18:00
Handler:     Robert Waldner
Co-Handler:  Stephan Richter


*** 3046310 - Improperly Issued Digital Certificates Could Allow Spoofing - Version: 1.0 ***
---------------------------------------------
Microsoft is aware of an improperly issued SSL certificate for the domain “live.fi” that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.
---------------------------------------------
https://technet.microsoft.com/en-us/library/security/3046310


*** Man who obtained Windows Live cert said his warnings went unanswered ***
---------------------------------------------
"I tried, just for fun," said man who reported hole to Microsoft and authorities.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/GS2QPGGMdJ0/


*** Forthcoming OpenSSL releases ***
---------------------------------------------
The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf. These releases will be made available on 19th March. They will fix a number of security defects. The highest severity defect fixed by these releases is classified as "high" severity.
---------------------------------------------
https://mta.openssl.org/pipermail/openssl-users/2015-March/000778.html


*** From PEiD To YARA, (Tue, Mar 17th) ***
---------------------------------------------
Some time ago, Jim Clausing had a diary entry about PeID (a packer identifier) and since then he has a PEiD signature database on his handler page. Now, wouldnt it be great if we could reuse these signatures? For example as YARA rules? Thats why I wrote a Python program that converts PEiD signatures to YARA rules: peid-userdb-to-yara-rules.py Here is an example: PEiD signature: [!EP (ExE Pack) V1.0 - Elite Coding Group] signature = 60 68 ?? ?? ?? ?? B8 ?? ?? ?? ?? FF 10 ep_only = true Generated...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=19473&rss


*** Zweifaktor-Dienst Authy ließ jeden rein ***
---------------------------------------------
Zwei-Faktor-Authentifizierung ist eine sichere Sache - wenn sie denn funktioniert. Authy, das von vielen prominenten Sites eingesetzt wird, ließ sich bis vor kurzem mit dem Generalschlüssel "../sms" umgehen.
---------------------------------------------
http://heise.de/-2576764


*** D-Link patches critical flaws in wireless range extender, Wi-Fi cameras firmware ***
---------------------------------------------
D-Link has released new firmware for its DAP-1320 wireless range extender and the DCS-93xL family of Wi-Fi cameras in order to patch two critical vulnerabilities that can lead to device hijacking. ...
---------------------------------------------
www.net-security.org/secworld.php?id=18093


*** Search for vulnerable servers unearths weak, thousands-times repeated RSA keys ***
---------------------------------------------
A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade (512-bit) RSA public key...
---------------------------------------------
http://www.net-security.org/secworld.php?id=18094


*** Cisco Virtual TelePresence Server Serial Console Privileged Access Vulnerability ***
---------------------------------------------
Cisco Virtual TelePresence Server Software contains a vulnerability that could allow an authenticated, local attacker to gain unauthorized access with elevated privileges. Updates are available.
---------------------------------------------
http://tools.cisco.com/security/center/viewAlert.x?alertId=37869


*** DSA-3192 checkpw - security update ***
---------------------------------------------
Hiroya Ito of GMO Pepabo, Inc. reported that checkpw, a passwordauthentication program, has a flaw in processing account names whichcontain double dashes. A remote attacker can use this flaw to cause adenial of service (infinite loop).
---------------------------------------------
https://www.debian.org/security/2015/dsa-3192


*** Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability ***
---------------------------------------------
Topic: Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Risk: High Text:/* Intel Network Adapter Diagnostic Driver IOCTL Handling Vulnerability Vendor: Intel Product webpage: http://www.intel.co...
---------------------------------------------
http://cxsecurity.com/issue/WLB-2015030110


*** TYPO3 CMS 6.2.11 released ***
---------------------------------------------
The TYPO3 Community announces the version 6.2.11 LTS of the TYPO3 Enterprise Content Management System.
---------------------------------------------
http://www.typo3.org/news/article/typo3-cms-6211-released/


*** HPSBHF03293 rev.1 - HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash, Remote Denial of Service (DoS), Code Execution, Disclosure of Information ***
---------------------------------------------
Potential security vulnerabilities have been identified with HP Virtual Connect 8Gb 24-Port FC Module running OpenSSL and Bash including: The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in Denial of Service (DoS) or disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information.
---------------------------------------------
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04595951