[CERT-daily] Tageszusammenfassung - Donnerstag 27-10-2016

Thu Oct 27 18:06:19 CEST 2016

=======================
= End-of-Shift report =
=======================

Timeframe:   Dienstag 25-10-2016 18:00 − Donnerstag 27-10-2016 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl


*** Asterisk users need to patch DoS bug ***
---------------------------------------------
Overlap dialling lets attacker shut down system Asterisk users need to get busy with a patch.
---------------------------------------------
www.theregister.co.uk/2016/10/25/asterisk_patch_dos_bug/


*** Denial of Service Vulnerability in Citrix License Server ***
---------------------------------------------
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote ..
---------------------------------------------
https://support.citrix.com/article/CTX217430


*** Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware ***
---------------------------------------------
https://support.citrix.com/article/CTX216642


*** Memory Permission Weakness in Citrix XenApp and XenDesktop ***
---------------------------------------------
https://support.citrix.com/article/CTX215460


*** Security Advisory - PXN Defense Mechanism Failure Vulnerability in Huawei Mobile Phones ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-01-pxn-en


*** VMSA-2016-0017 ***
---------------------------------------------
https://www.vmware.com/security/advisories/VMSA-2016-0017.html


*** Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone ***
---------------------------------------------
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-02-smartphone-en


*** Cisco Identity Services Engine SQL Injection Vulnerability ***
---------------------------------------------
A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise


*** Siemens SICAM RTU Devices Denial-of-Service Vulnerability ***
---------------------------------------------
https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01


*** Bundeskriminalamt gibt Tipps zum Schutz mobiler Geräte ***
---------------------------------------------
http://derstandard.at/2000046518819


*** Security updates available for Adobe Flash Player (APSB16-36) ***
---------------------------------------------
A Security Bulletin (APSB16-36) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1416


*** Vulnerability in Linux Kernel Affecting Cisco Products: October 2016 ***
---------------------------------------------
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux


*** Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries ***
---------------------------------------------
http://jvn.jp/en/jp/JVN76780067/


*** Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1


*** Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability ***
---------------------------------------------
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp


*** Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability ***
---------------------------------------------
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1


*** Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability ***
---------------------------------------------
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3


*** Cisco Email Security Appliance FTP Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.The ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6


*** Cisco Email Security Appliance Drop Bypass Vulnerability ***
---------------------------------------------
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5


*** Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3


*** Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability ***
---------------------------------------------
A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection ..
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2


*** Remote Code Execution Vulnerabilities Plague LibTIFF Library ***
---------------------------------------------
Three vulnerabilities, all which can lead to remote code execution, exist in the LibTIFF library.
---------------------------------------------
http://threatpost.com/remote-code-execution-vulnerabilities-plague-libtiff-library/121570/


*** Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054 ***
---------------------------------------------
This module enables you to run NCBI BLAST jobs on the host system.The module doesnt sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be ..
---------------------------------------------
https://www.drupal.org/node/2822366


*** Office 2013 can now block macros to help prevent infection ***
---------------------------------------------
In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros ..
---------------------------------------------
https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/


*** Joomla! squashes critical privileged account creation holes ***
---------------------------------------------
Borked two factor authentication also fixed Joomla! has revealed its patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts.
---------------------------------------------
www.theregister.co.uk/2016/10/27/joomla_squashes_critical_privileged_account_creation_holes/


*** Three LibTIFF bugs found, only two patched ***
---------------------------------------------
Buffer overruns, remote code execution, you know the drill LibTIFF has three bugs that let booby-trapped files pwn a target - and only two of them have been patched.
---------------------------------------------
www.theregister.co.uk/2016/10/27/three_libtiff_bugs_found_only_two_patched/


*** Inside the Gootkit C&C server ***
---------------------------------------------
In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment ..
---------------------------------------------
http://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/


*** Citrix XenServer Security Update for CVE-2016-7777 ***
---------------------------------------------
A security vulnerability has been identified in Citrix XenServer that may allow malicious user code within an HVM guest VM to read or modify the contents of ..
---------------------------------------------
https://support.citrix.com/article/CTX217363


*** IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability (CVE-2016-3092) ***
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg21993043


*** Are the Days of “Booter” Services Numbered? ***
---------------------------------------------
It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as "booter" or "stresser" services, new research released today suggests.
---------------------------------------------
https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/