[CERT-daily] Tageszusammenfassung - Montag 9-05-2016

Mon May 9 18:09:24 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 06-05-2016 18:00 − Montag 09-05-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Symantec Endpoint Encryption Unquoted Service Path Local Elevation of Privilege ***
---------------------------------------------
CVSS2 Base Score: 6.8
Symantec Endpoint Encryption (SEE) has an unquoted search path in EEDService. This could provide a non-privileged local user the ability to successfully insert arbitrary code in the root path. 
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20160506_00


*** WordPress 4.5.2 Security Release ***
---------------------------------------------
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS using specially crafted URIs through MediaElement.js, the third-party library used for media players. MediaElement.js and Plupload have also released updates fixing these issues.
---------------------------------------------
https://wordpress.org/news/2016/05/wordpress-4-5-2/


*** Lenovo Patches Serious Flaw In Pre-Installed Support Tool ***
---------------------------------------------
Reader itwbennett writes: Lenovo has made available a patch for the vulnerability in its Lenovo Solution Center, a support tool which comes pre-installed on many Lenovo laptops and desktops. The vulnerability could allow attackers to execute code with system privileges and take over computers. Users should automatically be prompted to update LSC when they open the application, but in case they arent, they should download the latest version (3.3.002) manually from Lenovos website. 
---------------------------------------------
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/8xQvMt43Nw8/lenovo-patches-serious-flaw-in-pre-installed-support-tool


*** The massive password breach that wasn't: Google says data is 98% 'bogus' ***
---------------------------------------------
When a script kiddie sells 272 million accounts for $1, be very, very skeptical.
---------------------------------------------
http://arstechnica.com/security/2016/05/the-massive-password-breach-that-wasnt-google-says-data-is-98-bogus/


*** Security Advisory: OpenSSL vulnerability CVE-2016-2109 ***
---------------------------------------------
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23230229.html?ref=rss


*** Analyzing ImageTragick Exploits in the Wild ***
---------------------------------------------
Three days ago the ImageMagic (ImageTragick) vulnerability was released to the world. We've been actively monitoring as promised, and have started to see a few different attacks targeting the vulnerability. Interestingly enough, the attacks themselves seem to be targeted against specific customers and not mass blanket attacks, which is what you'd expect ...
---------------------------------------------
https://blog.sucuri.net/2016/05/analyzing-imagetragick-exploits-in-the-wild.html


*** "Detecting the Siemens S7 Worm and Similar Capabilities" ***
---------------------------------------------
An article came out on May 5th titled "Daisy-chained research spells malware worm hell for power plants and other utilities" with the subtitle of "Worlds first PLC worm spreads like cancer". Having been on the receiving end of sensationalized headlines before I empathize with the authors of the research...
---------------------------------------------
http://ics.sans.org/blog/2016/05/08/detecting-the-siemens-s7-worm-and-similar-capabilities


*** World Password Day--Dont be an easy target ***
---------------------------------------------
Thursday, May 5th, marks the 'celebration' of the fourth annual World Password Day. 
.. 
* Have you updated the passwords on all of your accounts within the last three months? 
* Have you enabled two-factor authentication on accounts that allow it? 
*Are you using the strongest possible combinations of numbers, letters and symbols allowed by the site? 
*Are you using different passwords for every account (no duplicates or very similar variations)?
---------------------------------------------
http://community.hpe.com/t5/Protect-Your-Assets/World-Password-Day-Don-t-be-an-easy-target/ba-p/6856799


*** AlphaLocker Is the Most Professional Ransomware Kit to Date ... but security researchers already cracked it ***
---------------------------------------------
Luckily for us, other security experts have already cracked its secrets over the past weekend, and a decrypter was published that helps any of the infected victims recover their files for free, without paying the ransom. Nevertheless, heres a small intro into how crooks are creating, advertising, and then selling ransomware on the underground market.
---------------------------------------------
http://news.softpedia.com/news/alphalocker-is-the-most-professional-ransomware-kit-to-date-503776.shtml


*** ImageMagick Vulnerability Information ***
---------------------------------------------
A few days ago an ImageMagick vulnerability was disclosed dubbed 'ImageTragick' that affects WordPress websites whose host has ImageMagick installed. If you control your own hosting for your WordPress site, you should look to implement the following fix(es) immediately.
---------------------------------------------
https://make.wordpress.org/core/2016/05/06/imagemagick-vulnerability-information/


*** Wordpress-Plugin bleibt ungefixt ***
---------------------------------------------
Ein Sicherheitsforscher deckte zwei Lücken in der Wordpress-Erweiterung Event-Registration auf; die Hersteller reagieren jedoch nicht.
---------------------------------------------
http://heise.de/-3198956


*** Penetration Testing of a Citrix Server ***
---------------------------------------------
Here I'll discuss how I did a pentest of a Citrix server in a lab network. First, let us understand about Windows terminal service. Microsoft Windows Terminal Services, otherwise known as Remote Desktop Services, is one of the components of Windows 2003-08 Server, which allows multiple sessions to run the application over it.
---------------------------------------------
http://resources.infosecinstitute.com/penetration-testing-of-a-citrix-server/


*** Security Advisory - XSS Vulnerability in the Email App of Huawei Smartphone ***
---------------------------------------------
There is a vulnerability due to the lack of output encoding for some particular characters in the email APP built in the affected Smart Phones. A successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform a cross-site scripting (XSS) attack and lead to obtain the user information.
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20160507-01-emailapp-en


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: The vulnerability in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(CVE-2016-0363 and CVE-2016-0376) ***
http://www.ibm.com/support/docview.wss?uid=swg21982634
---------------------------------------------
*** IBM Security Bulletin: Security Bulletin: Vulnerability in OpenSSL affects IBM InfoSphere Master Data Management (CVE-2016-2842) ***
http://www.ibm.com/support/docview.wss?uid=swg21982353
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified - CVE-2016-0800 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005717
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS - CVE-2016-0800 ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005716
---------------------------------------------
*** IBM Security Bulletin: Apache Tomcat vulnerability affects IBM SONAS (CVE-2015-5345) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005712
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in InstallShield affects IBM Tivoli Storage Manager HSM for Windows (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21982741
---------------------------------------------
*** IBM Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542) ***
http://www.ibm.com/support/docview.wss?uid=swg21982440
---------------------------------------------
*** IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM SONAS (CVE-2015-7547) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005681
---------------------------------------------
*** IBM Security Bulletin: Potential vulnerabilities in IBM OpenPages GRC Platform with Database ***
http://www.ibm.com/support/docview.wss?uid=swg21982461
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in TLS affects IBM SONAS (CVE-2015-7575) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005722
---------------------------------------------
*** IBM Security Bulletin: Samba vulnerability issues on IBM SONAS (CVE-2015-5252, CVE-2015-5296, and CVE-2015-5299) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005693
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Apache Cordova Android may affect IBM WebSphere Portal (CVE-2015-5256) ***
http://www.ibm.com/support/knowledgecenter/SSHRKX_8.5.0/mp/integrate/wl_integrt.dita
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM SONAS (CVE-2015-1794, CVE-2015-3194, CVE-2015-3195, and CVE-2015-3196) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1005694
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in GSKit affect Tivoli Workload Scheduler (CVE-2015-7421, CVE-2015-7420) ***
http://www.ibm.com/support/docview.wss?uid=swg21982432
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Liberty for Java for IBM Bluemix April 2016 CPU (CVE-2016-3426, CVE-2016-3427) ***
http://www.ibm.com/support/docview.wss?uid=swg21982850
---------------------------------------------