[CERT-daily] Tageszusammenfassung - Mittwoch 2-11-2016

Wed Nov 2 18:25:36 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 31-10-2016 18:00 − Mittwoch 02-11-2016 18:00
Handler:     Alexander Riepl
Co-Handler:  Stephan Richter


*** New, more-powerful IoT botnet infects 3,500 devices in 5 days ***
---------------------------------------------
Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse.
---------------------------------------------
http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-notorious-mirai-infects-3500-devices/


*** Docker user? Havent patched Dirty COW yet? Got bad news for you ***
---------------------------------------------
Repeat after me, containerization isnt protection, its a management feature Heres another reason to pay attention to patching your Linux systems against the Dirty COW vulnerability: it can be used to escape Docker containers.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2016/11/01/docker_user_havent_patched_dirty_cow_yet_bad_news/


*** Sicherheits-Patch für Zero-Day-Lücke in Windows in Sicht ***
---------------------------------------------
Ein Ausnutzen der Schwachstelle soll nur in Verbindung mit einer bereits geschlossenen Flash-Lücke funktionieren. Microsoft kritisiert Google für die frühe Offenlegung der Lücke.
---------------------------------------------
https://heise.de/-3454255


*** Millionen Surf-Profile: Daten stammen angeblich auch von Browser-Addon WOT ***
---------------------------------------------
Die detaillierten Daten zum Surfverhalten von Millionen Deutschen, auf die NDR-Reporter Zugriff haben, stammen offenbar auch von der beliebten Browser-Erweiterung WOT. Die damit gesammelten Daten seien leicht bestimmten Personen zuzuordnen.
---------------------------------------------
https://heise.de/-3453820


*** Performance-Framework: Kritische Sicherheitslücken in Memcached geschlossen ***
---------------------------------------------
Von einer Sicherheitslücke in einem beliebten Performance-Framework sind auch Dienste wie Facebook, Youtube und Reddit betroffen gewesen. Angreifer hätten auf dem Zielsystem Code ausführen können. Ein Patch und ein Workaround sind verfügbar.
---------------------------------------------
http://www.golem.de/news/performance-framework-kritische-sicherheitsluecken-in-memcached-geschlossen-1611-124210-rss.html


*** Datenpanne: Wenn das iPhone die Geheimnummer der Nationalratspräsidentin kennt ***
---------------------------------------------
Offenbar durch einen Fehler bei AppleCare sind die Telefonbucheinträge mehrerer iPhone-Nutzer an andere übertragen worden, berichten der "Stern" und das österreichische Magazin "News".
---------------------------------------------
https://heise.de/-3454575


*** Belkin's WeMo Gear Can Hack Android Phones ***
---------------------------------------------
Vulnerabilities in WeMo home automation devices can be used to attack the Android apps used to manage devices remotely.
---------------------------------------------
http://threatpost.com/belkins-wemo-gear-can-hack-android-phones/121730/


*** Security Advisory: OpenSSL vulnerability CVE-2016-2179 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/23/sol23512141.html?ref=rss


*** Security Advisory 2016-02: Security Update for OTRS ***
---------------------------------------------
November 01, 2016 - Please read carefully and check if the version of your OTRS system is affected by this vulnerability. Please send information regarding vulnerabilities in OTRS to: security at otrs.org PGP Key pub 2048R/9C227C6B 2011-03-21 [expires at: 2017-08-20] uid OTRS Security Team  GPG Fingerprint E330 4608 DA6E 34B7 1551 C244 7F9E 44E9 9C22
---------------------------------------------
https://www.otrs.com/security-advisory-2016-02-security-update-otrs/


*** Palo Alto PAN-OS Insecure API Token Generation Lets Remote Users Access the Target Firewall API Interface ***
---------------------------------------------
http://www.securitytracker.com/id/1037153


*** Palo Alto PAN-OS Input Validation Flaw in Captive Portal Lets Remote Users Conduct Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1037152


*** DFN-CERT-2016-1794: Django: Zwei Schwachstellen ermöglichen u.a. das Erlangen von Benutzerrechten ***
---------------------------------------------
https://portal.cert.dfn.de/adv/DFN-CERT-2016-1794/


*** USN-3118-1: Mailman vulnerabilities ***
---------------------------------------------
Ubuntu Security Notice USN-3118-11st November, 2016mailman vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTSSummarySeveral security issues were fixed in Mailman.Software description mailman - Powerful, web-based mailing list manager  DetailsIt was discovered that the Mailman administrative web interface did notprotect against cross-site request forgery (CSRF) attacks. If anauthenticated user were
---------------------------------------------
http://www.ubuntu.com/usn/usn-3118-1/


*** CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure ***
---------------------------------------------
A defect in BINDs handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c
---------------------------------------------
https://kb.isc.org/article/AA-01434/0/CVE-2016-8864%3A-A-problem-handling-responses-containing-a-DNAME-answer-can-lead-to-an-assertion-failure.html


*** Symantec IT Management Suite Multiple Issues ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161031_00


*** Norton Mobile Security for Android Multiple Security Issues ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161101_00


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in Struts v2 affect IBM Security Identity Manager ( CVE-2016-1181 CVE-2016-1182 ) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992931
---------------------------------------------
*** IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to cross-site scripting (CVE-2016-6072) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991893
---------------------------------------------
*** IBM Security Bulletin: IBM Security Guardium Data Redaction is vulnerable to IBM SDK, Java Technology Edition Quarterly CPU Jul 2016 Includes Oracle Jul 2016 CPU (CVE-2016-3485) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21992001
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring (CVE-2016-3485, CVE-2016-3511, CVE-2016-3598) ***
http://www.ibm.com/support/docview.wss?uid=swg21993191
---------------------------------------------
*** IBM Security Bulletin: A command injection vulnerability has been identified in IBM Security Access Manager for Mobile appliances (CVE-2016-3028) ***
http://www.ibm.com/support/docview.wss?uid=swg21991110
---------------------------------------------
*** IBM Security Bulletin: A vulnerability associated with the default account lockout settings in IBM Security Access Manager for Mobile has been identified (CVE-2016-3025) ***
http://www.ibm.com/support/docview.wss?uid=swg21991107
---------------------------------------------


*** Cisco Security Advisories ***
---------------------------------------------
*** Cisco ASR 5500 Series with DPC2 Cards SESSMGR Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
---------------------------------------------
*** Cisco TelePresence Endpoints Local Command Injection Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
---------------------------------------------
*** Cisco ASR 900 Series Aggregation Services Routers Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
---------------------------------------------
*** Cisco Application Policy Infrastructure Controller Denial of Service Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
---------------------------------------------
*** Cisco Email Security Appliance RAR File Attachment Scanner Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
---------------------------------------------
*** Cisco Prime Home Authentication Bypass Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
---------------------------------------------
*** Cisco Meeting Server Session Description Protocol Media Lines Buffer Overflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
---------------------------------------------
*** Cisco Meeting Server and Meeting App Buffer Underflow Vulnerability ***
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
---------------------------------------------