[CERT-daily] Tageszusammenfassung - Mittwoch 24-02-2016

Wed Feb 24 18:10:43 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 23-02-2016 18:00 − Mittwoch 24-02-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Zahlreiche Hersteller patchen dramatische glibc-Lücke ***
---------------------------------------------
Linux ist fast überall und dementsprechend verbreitet ist auch die glibc, die in älteren Versionen angreifbar ist. Sicherheits-Updates gibt es unter anderem von Zyxel, VMware und Citrix, andere geben Entwarnung.
---------------------------------------------
http://heise.de/-3115787


*** OpenCms 9.5.2 Cross Site Scripting ***
---------------------------------------------
Topic: OpenCms 9.5.2 Cross Site Scripting Risk: Low Text: Advisory ID: SYSS-2015-063 Product: OpenCms Official Maintainer: Alkacon Software GmbH Affected Version(s): 9.5.2 Tested ...
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020206


*** DFN-CERT-2016-0326/">Bibliothek libssh: Zwei Schwachstellen ermöglichen u.a. das Umgehen von Sicherheitsvorkehrungen ***
---------------------------------------------
Zwei Schwachstellen in der Bibliothek libssh ermöglichen einem entfernten, nicht authentifizierten Angreifer das Durchführen eines Denial-of-Service (DoS)-Angriffs sowie das Umgehen von Sicherheitsvorkehrungen und in der Folge das Ausspähen von Informationen.
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-0326/


*** Squid: Multiple Denial of Service issues in HTTP Response processing. ***
---------------------------------------------
Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.
---------------------------------------------
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt


*** Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver ***
---------------------------------------------
Version(s): 11.1.2245; possibly earlier versions Description: A vulnerability was reported in avast!. A local user can gain system privileges on the target system. Avast Internet Security, Avast Pro Antivirus, Avast Premier, and Avast Free Antivirus are affected. Solution: The vendor has issued a fix (11.1.2253).
---------------------------------------------
http://www.securitytracker.com/id/1035093


*** Drupal 6 hits the end of the line ***
---------------------------------------------
If you have a Drupal 6 website then you wont be receiving any more official security advisories or patches; from today your site is vulnerable to any new security issues discovered in Drupal 6 core or its modules, forever.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/02/24/drupal-6-hits-the-end-of-the-line/


*** Admins aufgepasst: Krypto-Trojaner befällt hunderte Webserver ***
---------------------------------------------
Der Erpressungs-Trojaner CTB-Locker hat es dieses Mal nicht auf Windows-Nutzer, sondern auf Webserver abgesehen. Er hat bereits Dateien hunderter Websites verschlüsselt, ein Ende ist derzeit nicht absehbar.
---------------------------------------------
http://heise.de/-3116470


*** F5: sol13304944: NTP vulnerability CVE-2015-7974 ***
---------------------------------------------
NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." (CVE-2015-7974)
---------------------------------------------
https://support.f5.com/kb/en-us/solutions/public/k/13/sol13304944.html


*** Analyzis of a Malicious .lnk File with an Embedded Payload, (Wed, Feb 24th) ***
---------------------------------------------
We received some feedback today from Nick, aSANS ISC reader who detected an interesting phishing campaign based on an ACE file. I also detected the same kind of fileearlier this morning. ACE is an old compression algorithm developed by a German company called e-merge. This file format was popular around the year2000. Today it almost disappeared and was replaced by more popularformatsbut ACE files can still be handled by popular tools like WinRAR or WinZIP. The fact that the format is quite old
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20763&rss


*** Attackers Can Turn Microsofts Exploit Defense Tool EMET Against Itself ***
---------------------------------------------
itwbennett writes: FireEye researchers have found a way for exploits to trigger a specific function in EMET that disables all protections it enforces for other applications. The researchers believe that their new technique, which essentially uses EMET against itself, is more reliable and easier to use than any previously published bypasses. It works against all supported versions of EMET - 5.0, 5.1 and 5.2 - but Microsoft patched the issue in EMET 5.5, which was released on Feb. 2.
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/rwo8Nq2dFiw/attackers-can-turn-microsofts-exploit-defense-tool-emet-against-itself


*** Ransomware: Locky kommt jetzt auch über Jscript ***
---------------------------------------------
Eine Spam-Kampagne verteilt die Locky-Ransomware jetzt auch über Jscript-Anhänge in E-Mails - die angeblich von einem Wursthersteller kommen. (Trojaner, Virus)
---------------------------------------------
http://www.golem.de/news/ransomware-locky-kommt-jetzt-auch-ueber-javascript-1602-119331-rss.html


*** Mousejacking: What you need to know ***
---------------------------------------------
Got a wireless mouse or keyboards that uses a USB dongle? Seems that many of them can be fed fake clicks and keystrokes from a distance...
---------------------------------------------
https://nakedsecurity.sophos.com/2016/02/24/mousejacking-what-you-need-to-know/


*** Cisco ACE 4710 Application Control Engine Command Injection Vulnerability ***
---------------------------------------------
A vulnerability in the Device Manager GUI of the Cisco ACE 4710 Application Control Engine could allow an authenticated, remote attacker to execute any command-line interface (CLI) command on the ACE with admin user privileges. 
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace


*** Cleaners ought to be clean (and clear) ***
---------------------------------------------
There are many programs that purport to clean up and optimize system performance. While Microsoft does not endorse the use of these tools with Windows, we do not view them as unwanted or malicious. Many programs in this category have a practice of providing a free version of their software that scans your system, ...
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/02/24/cleaners-ought-to-be-clean-and-clear/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in the IBM SDK for Node.js affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-2086, CVE-2016-2216, ***
http://www.ibm.com/support/docview.wss?uid=swg21977146
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect the Cordova tools in Rational Application Developer affecting Rational Developer for i and Rational Developer for AIX and Linux (CVE-2016-0701, CVE-2015-3197) ***
http://www.ibm.com/support/docview.wss?uid=swg21977144
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM Explorer for z/OS 3.0 (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976483
---------------------------------------------
*** IBM Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2016-0483, CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, ***
http://www.ibm.com/support/docview.wss?uid=swg21977021
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK Version 8 Service Refresh 2 that affect IBM BigFix Compliance Analytics. ***
http://www.ibm.com/support/docview.wss?uid=swg21976854
---------------------------------------------
*** IBM Security Bulletin: Java specific SLOTH - Weak MD5 Signature Hash ***
http://www.ibm.com/support/docview.wss?uid=swg21975823
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime shipped with WebSphere Partner Gateway Advanced/Enterprise editions (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976925
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Method Composer (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21975877
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Developer for System z (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976476
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM SPSS Modeler (CVE-2016-0466, CVE-2015-7575, CVE-2016-0475) ***
http://www.ibm.com/support/docview.wss?uid=swg21977518
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affects IBM WebSphere MQ (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977523
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition for AIX (CVE-2016-0466, CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977061
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition (CVE-2016-0466, CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976970
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect FileNet Content Manager, IBM Content Foundation and FileNet BPM (CVE-2015-7575, CVE-2016-0475, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21975820
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs) ***
http://www.ibm.com/support/docview.wss?uid=swg21976845
---------------------------------------------
*** IBM Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal ***
http://www.ibm.com/support/docview.wss?uid=swg21976358
---------------------------------------------