[CERT-daily] Tageszusammenfassung - Freitag 11-11-2016
Daily end-of-shift report
team at cert.at
Fri Nov 11 18:05:21 CET 2016
=======================
= End-of-Shift report =
=======================
Timeframe: Donnerstag 10-11-2016 18:00 − Freitag 11-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
*** Benevolent malware? reincarna/Linux.Wifatch, (Fri, Nov 11th) ***
---------------------------------------------
In the new to me department. It looks like this one has been around for more thanthree years. Today I was doing some banner grabbing looking for a Mirainodethat had gotten away from me, and came across the Telnet banner below. It appears this device is infected with a piece of malware called Reincarna/Linux.Wifatch. It purports to being a memory resident malware that defends the device from more malicious malware.
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=21703&rss
*** BSI-Bericht zur Lage der IT-Sicherheit: Die Lage bleibt angespannt ***
---------------------------------------------
In seinem neuesten Bericht beurteilt das Bundesamt für Sicherheit in der Informationstechnik die aktuelle Gefährdungslage der IT-Sicherheit in Deutschland. Dabei zeigt es Schwachstellen auf und bewertet unter anderem Angriffsmethoden.
---------------------------------------------
https://www.heise.de/newsticker/meldung/BSI-Bericht-zur-Lage-der-IT-Sicherheit-Die-Lage-bleibt-angespannt-3463977.html
*** CA Unified Infrastructure Management Directory Traversal Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a directory traversal vulnerability in CA Technologies Unified Infrastructure Management application.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01
*** F5 Security Advisory: Linux TCP stack vulnerability CVE-2016-5696 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/46/sol46514822.html?ref=rss
*** Vuln: Brocade NetIron OS CVE-2016-8203 Memory Corruption Vulnerability ***
---------------------------------------------
An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed.
Brocade NetIron OS 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a are vulnerable.
---------------------------------------------
http://www.securityfocus.com/bid/94232
*** F5 Security Advisory: TMM vulnerability CVE-2016-7476 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/87/sol87416818.html?ref=rss
*** MyBB 1.8.6 Cross Site Scripting ***
---------------------------------------------
These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110096
*** Security Advisory - Path Traversal Vulnerability in Huawei Home Gateway Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2015/hw-462908
*** Vuln: Multiple I-O DATA Network Camera Products CVE-2016-7814 Information Disclosure Vulnerability ***
---------------------------------------------
An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks.
The following products and versions are vulnerable:
TS-WRLP firmware version 1.00.01 and prior
TS-WRLA firmware version 1.00.01 and prior
---------------------------------------------
http://www.securityfocus.com/bid/94250
*** Security Advisory - Input Validation Vulnerability in Some Huawei Products ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161111-01-mpls-en
*** Windows Mobile Application Penetration Testing Part 3: Sideloading ***
---------------------------------------------
Introduction and Background: In the First article of the series, we have covered the introduction and background required to start learning Windows Mobile Application Penetration Testing. We have also seen the requirements for setting up Windows Phone 8.1 emulators as well as Windows 10 mobile emulators.
---------------------------------------------
http://resources.infosecinstitute.com/windows-mobile-application-penetration-testing-part-3-sideloading/
*** TYPO3: Cross-Site Scripting in extension "HTML5 Video Player" (html5videoplayer) ***
---------------------------------------------
It has been discovered that the extension "HTML5 Video Player" (html5videoplayer) is susceptible to Cross-Site Scripting.
---------------------------------------------
https://typo3.org/news/article/cross-site-scripting-in-extension-html5-video-player-html5videoplayer/
*** TYPO3: Multiple vulnerabilities in extension "TC Directmail " (tcdirectmail) ***
---------------------------------------------
It has been discovered that the extension "TC Directmail " (tcdirectmail) is susceptible to Cross Site-Scripting and SQL Injection.
---------------------------------------------
https://typo3.org/news/article/multiple-vulnerabilities-in-extension-tc-directmail-tcdirectmail/
*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerabilities in PAM affect Power Hardware Management Console (CVE-2013-7041 and CVE-2015-3238) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021702
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDKs affect IBM Virtualization Engine TS7700 April 2016 ***
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009348
---------------------------------------------
More information about the Daily
mailing list