[CERT-daily] Tageszusammenfassung - Freitag 26-02-2016
Daily end-of-shift report
team at cert.at
Fri Feb 26 18:10:44 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 25-02-2016 18:00 − Freitag 26-02-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** VU#444472: QNAP Signage Station and iArtist Lite contain multiple vulnerabilities ***
---------------------------------------------
CVE-2015-6022An authenticated attacker without administrative permissions may upload a malicious file, such as a PHP script,
---------------------------------------------
http://www.kb.cert.org/vuls/id/444472
*** DSA-3492 gajim - security update ***
---------------------------------------------
Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabberclient. Gajim didnt verify the origin of roster update, allowing anattacker to spoof them and potentially allowing her to intercept messages.
---------------------------------------------
https://www.debian.org/security/2016/dsa-3492
*** Open Web Analytics 1.5.7 Cross Site Scripting ***
---------------------------------------------
Open Web Analytics suffers from a Cross-Site Scripting vulnerability in the owa_site_id parameter because it fails to sanitize input before rendering the content to the user. The vulnerability can be triggered by hitting the ALT+SHIFT+X key after the payload is injected.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020217
*** Bugtraq: Zimbra Cross-Site Scripting vulnerabilities ***
---------------------------------------------
Recently Zimbra Collaboration 8.6 Patch 5 was released. It fixed two Cross-Site Scripting vulnerabilities discovered by Fortinet's FortiGuard Labs.
---------------------------------------------
http://www.securityfocus.com/archive/1/537627
*** Sicherheitsupdate für ältere Apple-TV-Geräte ***
---------------------------------------------
Apple hat am Donnerstagabend das Betriebssystem älterer Multimediaboxen aktualisiert. Das Update bringt zahlreiche Security-Fixes.
---------------------------------------------
http://heise.de/-3118206
*** Quick Audit of *NIX Systems, (Fri, Feb 26th) ***
---------------------------------------------
If you think that only computers running Microsoft Windows are targeted by attackers, youre wrong! UNIX (used here as a generic term, not focusing on a specific distribution or brand) is a key operating system on the Internet. Many websites and other public services are relying on it (Netcraftis compiling interesting stats on this topic).
Therefore it is mandatory to keep an eye on your servers by using proactive and reactive controls.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=20771&rss
*** Apache Xerces-C Buffer Overflow Lets Remote Users Deny Service or Potentially Execute Arbitrary Code ***
---------------------------------------------
A vulnerability was reported in Apache Xerces-C. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted documents to trigger a buffer overflow in the XML parser library and cause the target application to crash or potentially execute arbitrary code on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1035113
*** Krypto-Trojaner Locky: Batch-Dateien infizieren Windows, Tool verspricht Schutz ***
---------------------------------------------
Batch-Dateien sind der neueste Schrei, wenn es darum geht, den Krypto-Trojaner Locky am Virenscanner vorbei zu schleusen - und der Plan geht auf. Auf der Suche nach Schutzmaßnahmen haben wir ein Tool ausprobiert, das Locky und Co. stoppen soll.
---------------------------------------------
http://heise.de/-3118188
*** Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities ***
---------------------------------------------
Infor CRM suffers from multiple stored cross-site scripting
vulnerabilities. Input passed to several POST/PUT parameters in
JSON format is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016020219
*** Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792) ***
---------------------------------------------
The following new pre-authentication exploit against Jenkins (CVE-2016-0792) works because Groovy is on the classpath. There are probably a million other apps that use XStream and have Groovy on the classpath. I put almost no effort into trying to find this vulnerable pattern in other open source applications -- this Jenkins CVE is just one of many.
---------------------------------------------
https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream
*** IKE/IKEv2: Ripe for DDoS Abuse ***
---------------------------------------------
This is my latest research into preemptive DDoS trends. This time I looked into IKEv2 and what potential it has in regards to DDoS abuse use cases and amplification measurements. The short answer is, it could be easily weaponized for DDoS campaigns.
---------------------------------------------
https://www.reddit.com/r/netsec/comments/47l3zv/ikeikev2_ripe_for_ddos_abuse_white_paper_in/
*** IBM Security Bulletins***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794 ***
http://www.ibm.com/support/docview.wss?uid=swg21977355
---------------------------------------------
*** IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Control Center (CVE-2015-4872, CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977686
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance information disclosure vulnerability (CVE-2015-5163) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021118
---------------------------------------------
*** Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402) ***
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099198
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM QRadar SIEM and Incident Forensics (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=swg21977665
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM SDK Java Technology Edition affects IBM Development Package for Apache Spark (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977538
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM B2B Advanced Communications (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976813
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM QRadar SIEM and Incident Forensics. (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977664
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2015-7575, CVE-2015-4872) ***
http://www.ibm.com/support/docview.wss?uid=swg21976276
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Control Center (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21977575
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448) ***
http://www.ibm.com/support/docview.wss?uid=swg21976545
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security AppScan Enterprise (CVE-2016-0466, CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976553
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Policy Tester (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=swg21976733
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005673
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1023364
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Tivoli Endpoint Manager for Remote Control. ***
http://www.ibm.com/support/docview.wss?uid=swg21976855
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-7575, CVE-2016-0466) ***
http://www.ibm.com/support/docview.wss?uid=swg21976768
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software ***
http://www.ibm.com/support/docview.wss?uid=swg21976840
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron (CVE-2015-7575, CVE-2016-0448) ***
http://www.ibm.com/support/docview.wss?uid=swg21977301
---------------------------------------------
*** IBM Security Bulletin: A security vulnerability has been identified in IBM Business Process Manager and IBM HTTP Server shipped with IBM Cloud Orchestrator (CVE-2015-1932, CVE-2015-4938) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000043
---------------------------------------------
More information about the Daily
mailing list