[CERT-daily] Tageszusammenfassung - Dienstag 15-11-2016

[Daily end-of-shift report]

=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 14-11-2016 18:00 − Dienstag 15-11-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** Vuln: Git for Windows CVE-2016-9274 Unspecified Untrusted Search Path vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/94289




*** CVE-2016-4484: Cryptsetup Initrd root Shell ***
---------------------------------------------
An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not possible to decrypt it (AFAWK). But other partitions may be not encrypted, and so accessible.
---------------------------------------------
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html




*** phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit ***
---------------------------------------------
The user parameter in the index.php file is vulnerable to a blind SQL time-based Injection attack. Proof of concept is exploit attached below
---------------------------------------------
https://cxsecurity.com/issue/WLB-2016110127




*** ImageMagick  MagickCore/fx.c Heap Buffer Overflow Vulnerability ***
---------------------------------------------
ImageMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service condition.
---------------------------------------------
http://www.securityfocus.com/bid/94310/discuss




*** The Kings in Your Castle, Pt #2 ***
---------------------------------------------
The second part of Marion Marschaleks and Raphael Vinots article series deals with questions that surround the tools and the data used by analysts. They shine a light on some of the challenges facing analysts when it comes to Indicators of Compromise. While those are easily created and implemented, they can end up being outdated rather quickly. For an effective strategy, other metrics are required which are less easy to create.
---------------------------------------------
https://blog.gdatasoftware.com/2016/11/29304-the-kings-in-your-castle-pt-2




*** Beliebte Chrome-Erweiterungen zur Werbeschleuder mutiert ***
---------------------------------------------
Einige beliebte Chrome-Erweiterungen werden offenbar zur Verbreitung dubioser Werbeanzeigen missbraucht. Wer eine davon installiert hat, sollte sie umgehend entfernen.
---------------------------------------------
https://heise.de/-3465981




*** Windows Mobile Application Penetration Testing Part 4: Intercepting HTTP/HTTPS Traffic on Windows Phones ***
---------------------------------------------
Introduction and Background: In the previous article of the series, we have discussed Sideloading concepts associated with Windows Phone 8.1 apps and UWP apps. In this article, we will discuss how to get your phones/emulators ready for intercepting HTTP/HTTPS traffic to proceed with further analysis of the application. 
---------------------------------------------
http://resources.infosecinstitute.com/windows-mobile-application-penetration-testing-part-4-intercepting-httphttps-traffic-on-windows-phones/




*** Bypassing Mixed Content Warnings - Loading Insecure Content in Secure Pages ***
---------------------------------------------
There are no doubts that the web is moving forward to HTTPS (secure) content. Most important names have today their certificates ready and their websites are in effect, secure. But have you ever wandered: secure to what extent?
---------------------------------------------
https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/




*** Cisco IOS XE Software Directory Traversal Vulnerability ***
---------------------------------------------
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command.
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe




*** Single Sign-on: Eine Milliarde Accounts für Hijacking anfällig ***
---------------------------------------------
Single Sign-on ist praktisch, wird aber oft falsch implementiert. Sicherheitsforscher haben demonstriert, welche Fehler App-Entwickler dabei machen. Mehrere hundert Apps machten dabei Probleme.
---------------------------------------------
http://www.golem.de/news/single-sign-on-eine-milliarde-accounts-fuer-hijacking-anfaellig-1611-124487-rss.html




*** DLL Loading Issue in Symantec Enterprise Products ***
---------------------------------------------
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161115_00




*** F5 Security Advisories ***
---------------------------------------------
*** Security Advisory: OpenSSL vulnerability CVE-2016-2180 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02652550.html?ref=rss
---------------------------------------------
*** Security Advisory: BIG-IP ASM vulnerability CVE-2016-7472 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?ref=rss
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65230547.html?ref=rss
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerability CVE-2016-6797 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36302720.html?ref=rss
---------------------------------------------
*** Security Advisory: Apache Tomcat vulnerability CVE-2016-0762 ***
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36784855.html?ref=rss
---------------------------------------------




*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568) ***
http://www.ibm.com/support/docview.wss?uid=swg21993861
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5582) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21993857
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024488
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in Perl affects Power Hardware Management Console (‪‪CVE-2016-1238‬) ***
http://www.ibm.com/support/docview.wss?uid=nas8N1021704
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2016-8853) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024470
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in fontconfig (CVE-2016-5384) ***
http://www.ibm.com/support/docview.wss?uid=isg3T1024468
---------------------------------------------
*** IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in sqlite (CVE-2016-6153) ***
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024467
---------------------------------------------
*** IBM Security Bulletin: IBM PowerVC Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995) ***
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021652
---------------------------------------------
*** IBM Security Bulletin: Samba vulnerability issue in IBM SONAS (CVE-2016-2119) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009570
---------------------------------------------
*** IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2016-2985 and CVE-2016-2984 ) ***
http://www.ibm.com/support/docview.wss?uid=ssg1S1009323
---------------------------------------------