[CERT-daily] Tageszusammenfassung - Donnerstag 15-10-2015

Daily end-of-shift report team at cert.at
Thu Oct 15 18:18:24 CEST 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 14-10-2015 18:00 − Donnerstag 15-10-2015 18:00
Handler:     Stephan Richter
Co-Handler:  n/a




*** Zero-Day in Magento Plugin Magmi Under Attack ***
---------------------------------------------
A zero-day in a popular plugin for the Magento ecommerce platform called Magmi is under attack.
---------------------------------------------
http://threatpost.com/zero-day-in-magento-plugin-magmi-under-attack/115026/




*** Security Advisory for Adobe Flash Player (APSA15-05) ***
---------------------------------------------
A Security Advisory (APSA15-05) has been published regarding a critical vulnerability (CVE-2015-7645) in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Adobe is aware of a report that an exploit for this vulnerability is being used...
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1280




*** Kritische Flash-Lücke: Adobe stellt Patch in Aussicht ***
---------------------------------------------
Einer Sicherheitsfirma zufolge greift die Gruppe Pawn Storm derzeit gezielt aktuelle Flash-Versionen über eine Zero-Day-Lücke an. Adobe hat nun einen Patch angekündigt.
---------------------------------------------
http://heise.de/-2847993




*** Exploit kit roundup: Less Angler, more Nuclear, (Thu, Oct 15th) ***
---------------------------------------------
Introduction Earlier this month, Ciscos Talos team published an in-depth report on the Angler exploit kit (EK) [1]. The report also documentedCiscos coordination with hosting providers to shut down malicious servers associated with this EK. The result? Ive found far less Angler EK in the last two...
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20255&rss




*** How is NSA breaking so much crypto? ***
---------------------------------------------
However, the documents do not explain how these breakthroughs work, and speculation about possible backdoors or broken algorithms has been rampant in the technical community. Yesterday at ACM CCS, one of the leading security research venues, we and twelve coauthors presented a paper that we think solves this technical mystery.
---------------------------------------------
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/




*** HTTP Evasions Explained - Part 5 - GZip Compression ***
---------------------------------------------
This is the fifth part in a series which will explain the evasions done by HTTP Evader. This part is about failures to handle gzip compression properly. Contrary to deflate compression all products Ive seen are able to handle gzip compression in theory. But several major products fail if you set some special bits, invalidate the checksum, remove some bytes from the end etc. But, the browsers unpack the content anyway so we get a bypass again.
---------------------------------------------
http://noxxi.de/research/http-evader-explained-5-gzip.html




*** Existing security standards do not sufficiently address IoT ***
---------------------------------------------
A lack of clarity and standards around Internet of Things (IoT) security is leading to a lack of confidence. According to the UK IT professionals surveyed by ISACA, 75 percent of the security exper...
---------------------------------------------
http://feedproxy.google.com/~r/HelpNetSecurity/~3/624P7Nfkph8/secworld.php




*** IETF verabschiedet Standard für die Absicherung des verschlüsselten Mail-Transports ***
---------------------------------------------
Die Spezifikation DANE over SMTP hat nur zwei Jahre für ihre Standardisierung benötigt. Das Bundesamt für Sicherheit und Informationstechnik fordert nun bereits von zertifizierten Mail-Providern die Umsetzung des DANE-Verfahrens.
---------------------------------------------
http://heise.de/-2848049




*** Juniper Security Advisories ***
---------------------------------------------

*** JSA10695 - 2015-10 Security Bulletin: Junos: Multiple privilege escalation vulnerabilities in Python on Junos (CVE-2014-6448) ***
http://kb.juniper.net/index?page=content&id=JSA10695&actp=RSS

*** JSA10702 - 2015-10 Security Bulletin: QFabric 3100 Director: CUPS printing system Improper Update of Reference Count leads to remote chained vulnerability attack via XSS against authenticated users (CVE-2015-1158, CVE-2015-1159) ***
http://kb.juniper.net/index?page=content&id=JSA10702&actp=RSS

*** JSA10706 - 2015-10 Security Bulletin: Junos: FTPS through SRX opens up wide range of data channel TCP ports (CVE-2015-5361) ***
http://kb.juniper.net/index?page=content&id=JSA10706&actp=RSS

*** JSA10701 - 2015-10 Security Bulletin: Junos: Trio Chipset (Trinity) Denial of service due to maliciously crafted uBFD packet. (CVE-2015-7748) ***
http://kb.juniper.net/index?page=content&id=JSA10701&actp=RSS

*** JSA10700 - 2015-10 Security Bulletin: Junos: J-Web in vSRX-Series: A remote attacker can cause a denial of service to vSRX when J-Web is enabled causing the vSRX instance to reboot. (CVE-2014-6451) ***
http://kb.juniper.net/index?page=content&id=JSA10700&actp=RSS

*** JSA10703 - 2015-10 Security Bulletin: Junos: vSRX-Series: A remote attacker can cause a persistent denial of service to the vSRX through a specific connection request to the firewalls host-OS.(CVE-2015-7749) ***
http://kb.juniper.net/index?page=content&id=JSA10703&actp=RSS

*** JSA10708 - 2015-10 Security Bulletin: Junos: SSH allows unauthenticated remote user to consume large amounts of resources (CVE-2015-7752) ***
http://kb.juniper.net/index?page=content&id=JSA10708&actp=RSS

*** JSA10704 - 2015-10 Security Bulletin: ScreenOS: Network based denial of service vulnerability in ScreenOS (CVE-2015-7750) ***
http://kb.juniper.net/index?page=content&id=JSA10704&actp=RSS

*** JSA10707 - 2015-10 Security Bulletin: Junos: Corrupt pam.conf file allows unauthenticated root access (​CVE-2015-7751) ***
http://kb.juniper.net/index?page=content&id=JSA10707&actp=RSS

*** JSA10705 - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPView ***
http://kb.juniper.net/index?page=content&id=JSA10705&actp=RSS

*** JSA10699 - 2015-10 Security Bulletin: Junos: Crafted packets cause mbuf chain corruption which may result in kernel panic (CVE-2014-6450) ***
http://kb.juniper.net/index?page=content&id=JSA10699&actp=RSS




*** IBM Security Bulletins ***
---------------------------------------------

*** IBM Security Bulletin: Vulnerabilities in GNU glibc affect IBM Security Network Intrusion Prevention System (CVE-2013-2207, CVE-2014-8121, and CVE-2015-1781 ) ***
http://www.ibm.com/support/docview.wss?uid=swg21966788

*** IBM Security Bulletin: A vulnerability in net-snmp affects IBM Security Network Intrusion Prevention System (CVE-2015-5621) ***
http://www.ibm.com/support/docview.wss?uid=swg21966694

*** IBM Security Bulletin: IBM NetInsight is impacted by multiple vulnerabilities in open source cURL libcurl (CVE-2015-3153, CVE-2015-3236) ***
http://www.ibm.com/support/docview.wss?uid=swg21967448

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-2601, CVE-2015-2613, CVE-2015-2625, CVE-2015-1931) ***
http://www.ibm.com/support/docview.wss?uid=swg21968048

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2015-1931 CVE-2015-2601 CVE-2015-2613 CVE-2015-2625) ***
http://www.ibm.com/support/docview.wss?uid=swg21964927

*** IBM Security Bulletin: IBM Personal Communications with IBM GSKit - Malformed ECParameters causes infinite loop (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg21962890

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-1789, CVE-2015-1790, CVE-2015-1792) ***
http://www.ibm.com/support/docview.wss?uid=swg21968046

*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational Team Concert Build Agent (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176) ***
http://www.ibm.com/support/docview.wss?uid=swg21968724

*** IBM Security Bulletin: Logjam vulnerability affects IBM SmartCloud Entry (CVE-2015-4000) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1022754

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM FileNet System Monitor/IBM Enterprise Content Management System Monitor (CVE-2015-0488) ***
http://www.ibm.com/support/docview.wss?uid=swg21968052

*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access (CVE-2015-2613, CVE-2015-2601, CVE-2015-2625, CVE-2015-1931, CVE-2015-0488 CVE-2015-0478 CVE-2015-1916 CVE-2015-0204) ***
http://www.ibm.com/support/docview.wss?uid=swg21963609

*** IBM Security Bulletin: Cross Site Scripting (XSS) Vulnerability in IBM Sametime Rich Client and in IBM Sametime Proxy (CVE-2015-1917) ***
http://www.ibm.com/support/docview.wss?uid=swg21965839




*** Security Advisory: Stored XSS in Akismet WordPress Plugin ***
---------------------------------------------
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version: 3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. Vulnerability Disclosure Timeline: October 2nd, 2015 - Bug discovered, initial report to Automattic security team October 5th, 2015...
---------------------------------------------
http://feedproxy.google.com/~r/sucuri/blog/~3/abpAvnfFREc/security-advisory-stored-xss-in-akismet-wordpress-plugin.html


More information about the Daily mailing list