[CERT-daily] Tageszusammenfassung - Mittwoch 19-10-2016

Wed Oct 19 18:09:08 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 18-10-2016 18:00 − Mittwoch 19-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  n/a


*** Is it worth reporting ransomware? ***
---------------------------------------------
Answer: yes. Police forces badly need more people to tell them about attacks.
---------------------------------------------
https://nakedsecurity.sophos.com/2016/10/18/is-it-worth-reporting-ransomware/


*** Security Advisory: PHP vulnerability CVE-2015-8935 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63712424.html?ref=rss


*** PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code ***
---------------------------------------------
A remote user can supply specially crafted data that, when processed by the target application, will trigger a heap overflow in php_pcre_replace_impl() in the PCRE component and execute arbitrary code on the target system.
...
[Editor's note: The vendor indicates that these other memory errors require strings on the order of 2GB to exploit and that memory_limit and max_input_size values on the target system should prevent exploitation.]
---------------------------------------------
http://www.securitytracker.com/id/1037033


*** Security Advisory: TIFF vulnerability CVE-2015-7554 ***
---------------------------------------------
https://support.f5.com:443/kb/en-us/solutions/public/k/38/sol38871451.html?ref=rss


*** IDM 4.5 Midrange BiDirectional Driver 4.5 ***
---------------------------------------------
https://download.novell.com/Download?buildid=sQgqe1Stbog~


*** Hack.lu 2016 Wrap-Up Day #1 ***
---------------------------------------------
I'm back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project. 
---------------------------------------------
https://blog.rootshell.be/2016/10/18/hack-lu-2016-wrap-day-1/


*** Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges ***
---------------------------------------------
Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101
Description:   Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges.
---------------------------------------------
http://www.securitytracker.com/id/1037040


*** Oracle Database Multiple Flaws Let Remote and Local Users Access and Modify Data and Gain Elevated Privileges and Let Local Users Deny Service ***
---------------------------------------------
Version(s): 11.2.0.4, 12.1.0.2
Description:   Multiple vulnerabilities were reported in Oracle Database. A remote and local user can access data on the target system. A remote user can modify data on the target system. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can gain elevated privileges.
---------------------------------------------
http://www.securitytracker.com/id/1037035


*** Vuln: Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability ***
---------------------------------------------
http://www.securityfocus.com/bid/93730


*** MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1037050


*** Solaris Multiple Bugs Let Remote and Local Users Access Data and Deny Service and Let Local Users Modify Data and Deny Service ***
---------------------------------------------
Version(s): 10, 11.3
Description:   Multiple vulnerabilities were reported in Solaris. A remote or local user can access data on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can modify data on the target system. A local user can obtain elevated privileges on the target system.
---------------------------------------------
http://www.securitytracker.com/id/1037048


*** Installer of Evernote for Windows may insecurely load Dynamic Link Libraries ***
---------------------------------------------
http://jvn.jp/en/jp/JVN03251132/


*** Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability ***
---------------------------------------------
This advisory contains mitigation details for a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device.
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01


*** Cisco Talos: Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure ***
---------------------------------------------
Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer.
---------------------------------------------
http://blog.talosintel.com/2016/10/foxit-pdf-jbig2.html


*** CAIDA: Spoofer ***
---------------------------------------------
We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a networks ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts.
---------------------------------------------
https://www.caida.org/projects/spoofer/


*** IBM Security Bulletins ***
---------------------------------------------
*** IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788) ***
http://www.ibm.com/support/docview.wss?uid=swg2C1000137
---------------------------------------------
*** IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix ***
http://www.ibm.com/support/docview.wss?uid=swg21992427
---------------------------------------------
*** IBM Security Bulletin: IBM TRIRIGA Application Platform Reflected Cross-Site Scripting (XSS) (CVE-2016-5980) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991992
---------------------------------------------
*** IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3092 ***
http://www.ibm.com/support/docview.wss?uid=swg21992457
---------------------------------------------
*** IBM Security Bulletin: Information disclosure vulnerability in IBM Websphere Application Server and IBM Websphere Application Server Liberty affects IBM BigFix Remote Control (CVE-2016-5986) ***
http://www-01.ibm.com/support/docview.wss?uid=swg21991987
---------------------------------------------
*** IBM Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283) ***
http://www.ibm.com/support/docview.wss?uid=swg21991978
---------------------------------------------