End-of-Shift report
Timeframe: Dienstag 25-09-2012 18:00 − Mittwoch 26-09-2012 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Vuln: HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities
HP Application Lifecycle Management XGO.ocx Multiple Remote Code Execution Vulnerabilities
http://www.securityfocus.com/bid/55272
Espionage Hackers Target Watering Hole Sites
"Security experts are accustomed to direct attacks, but some of todays more insidious incursions succeed in a roundabout way by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called watering hole tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-sites/
QNX QCONN Remote Command Execution Vurnerability
Topic: QNX QCONN Remote Command Execution Vurnerability Risk: High Text:# Title : QNX QCONN Remote Command Execution Vurnerability # Version : QNX 6.5.0 >= , QCONN >= 1.4.207944 # Download:
http://...
http://feedproxy.google.com/~r/securityalert_database/~3/ZxigkLQDTgU/WLB-2012090228
Samba 3.6.3 remote root exploit
Topic: Samba 3.6.3 remote root exploit Risk: High Text:#!/usr/bin/python # # finding targets 4 31337z: # gdb /usr/sbin/smbd `ps auwx | grep smbd | grep -v grep | head -n1 | awk {...
http://feedproxy.google.com/~r/securityalert_database/~3/JMaQdgM9SUg/WLB-2012090227
(Kommentar: aktuell ist Samba 3.6.8, manche Long-Term Distributionen wie Debian liefern aber noch älteres wie 3.5.6 aus)
phpMyAdmin mit Backdoor
Zeitweise wurde über einen der offiziellen Download-Server eine manipulierte Version des Datenbankverwaltungstools verteilt, die ein Backdoor-Skript enthält.
http://www.heise.de/security/meldung/phpMyAdmin-mit-Backdoor-1717377.html/from/atom10
Schutz vor Fernlöschung von Samsung-Smartphones
Einige Samsung-Smartphones kann man durch eine präparierte Webseite oder spezielle SMS ohne Einwilligung des Besitzers aus der Ferne löschen, wie am gestrigen Dienstag bekannt wurde. In Googles App-Shop Google Play gibt es nun das kostenlose Tool NoTelURL von Jörg Voss, das dafür sorgt, dass die USSD-Steuercodes nicht mehr ohne Zutun des Nutzers ausgeführt werden.
http://www.heise.de/security/meldung/Schutz-vor-Fernloeschung-von-Samsung-Smartphones-1717765.html/from/atom10
More Java Woes, (Wed, Sep 26th)
A number of readers alerted us of news reports stating that new full sandbox escape vulnerabilities had been reported to Oracle. At this point, there are no details available as to the nature of these vulnerabilities, and there is no evidence that any of these vulnerabilities are exploited. However, it is widely known that Oracle is working on a substantial backlog of these vulnerabilities. It is still recommended to use Java with caution. Some best practices: - Uninstall Java if you dont need
http://isc.sans.edu/diary.html?storyid=14179&rss
Malicious PhpMyAdmin Served From SourceForge Mirror
An anonymous reader writes with a bit of news about the compromised download of phpMyAdmin discovered on an sf.net mirror yesterday: "A malicious version of the open source Web-based MySQL database administration tool phpMyAdmin has been discovered on one of the official mirror sites of SourceForge, the popular online code repository for free and open source software. The file — phpMyAdmin-3.5.2.2-all-languages.zip — was modified to include a backdoor that allowed attackers to
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/15L5Bg-UnmY/malicious-phpmyadmin-served-from-sourceforge-mirror
Vuln: libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084