[CERT-daily] Tageszusammenfassung - Montag 7-11-2016

Mon Nov 7 18:11:13 CET 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 04-11-2016 18:00 − Montag 07-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Sophos Web Appliance 4.2.1.3 Remote Code Execution ***
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110036


*** Two Critical MySQL Bugs Discovered ***
---------------------------------------------
An anonymous reader quotes InfoWorld: Two critical privilege escalation vulnerabilities in MySQL, MariaDB, and PerconaDB can help take control of ..
---------------------------------------------
https://developers.slashdot.org/story/16/11/05/056227/two-critical-mysql-bugs-discovered


*** Tech support scammers use denial of service bug to hang victims ***
---------------------------------------------
Process pig keeps eyes glued on fraudsters phone number. Tech support fraudsters have taught an old denial of service bug new tricks to add a convincing layer of authenticity to scams.
---------------------------------------------
www.theregister.co.uk/2016/11/07/tech_support_scammers_use_denial_of_service_bug_to_hang_victims/


*** Vuln: cURL/libcURL CVE-2016-8625 Remote Security Bypass Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94107


*** Disassembling a Mobile Trojan Attack ***
---------------------------------------------
In fact, any site using AdSense to display adverts could potentially have displayed messages that downloaded the dangerous Svpeng and automatically saved it to ..
---------------------------------------------
http://securelist.com/blog/research/76286/disassembling-a-mobile-trojan-attack/


*** Hintergrund: Threat Intelligence: IT-Sicherheit zum Selbermachen? ***
---------------------------------------------
Viele IT-Sicherheitsfirmen erweitern ihr Portfolio derzeit um sogenannte Threat Intelligence. Die ist jedoch kein Allheilmittel sondern muss gezielt eingesetzt werden, um einen echten Mehrwert zu erzielen. Dr. Timo Steffens vom ..
---------------------------------------------
https://heise.de/-3453595


*** SSA-701708 (Last Update 2016-11-07): Local Privilege Escalation in Industrial Products ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-701708.pdf


*** SSA-378531 (Last Update 2016-11-07): Vulnerabilities in SIMATIC WinCC, PCS 7 and WinCC Runtime Professional ***
---------------------------------------------
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-378531.pdf


*** IBM Security Bulletin: Vulnerability in IBM Java SDK affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2016-5597) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21993700


*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-3598) ***
---------------------------------------------
http://www-01.ibm.com/support/docview.wss?uid=swg21992715


*** IBM Security Bulletin: IBM WebSphere Cast Iron Solution is affected by Apache Tomcat vulnerability (CVE-2016-5388) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21992977


*** Login Form Hijacking Vulnerability in Citrix NetScaler Gateway ***
---------------------------------------------
https://support.citrix.com/article/CTX213313


*** Citrix XenServer Security Update for CVE-2016-0800 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that could, if exploited, allow a malicious attacker with access to the XenServer ..
---------------------------------------------
https://support.citrix.com/article/CTX208403


*** Multiple Security Vulnerabilities in Citrix NetScaler Platform ... ***
---------------------------------------------
A number of security vulnerabilities have been identified in firmware used in the Lights Out Management (LOM) component across all NetScaler ..
---------------------------------------------
https://support.citrix.com/article/CTX216642