Tageszusammenfassung - Mittwoch 26-09-2012

End-of-Shift report

Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00 Handler: Stephan Richter Co-Handler: Robert Waldner

Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities

HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities

http://www.securityfocus.com/bid/55272


Espionage Hackers Target Watering Hole Sites

"Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities

http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-sites/


QNX QCONN Remote Command Execution Vurnerability

Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download: http://...

http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-2012090228


Samba 3.6.3 remote root exploit

Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {...

http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-2012090227 (Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus)

phpMyAdmin mit Backdoor

Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält.

http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/from/atom10


Schutz vor Fernlöschung von Samsung-Smartphones

Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden.

http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-Smartphones-1717765.html/from/atom10


More Java Woes, (Wed, Sep 26th)

A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need

http://isc.sans.edu/diary.html?storyid=14179&rss


Malicious PhpMyAdmin Served From SourceForge Mirror

An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmyadmin-served-from-sourceforge-mirror


Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability

libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/51084