Tageszusammenfassung - Montag 7-10-2013

End-of-Shift report

Timeframe: Freitag 04-10-2013 18:00 − Montag 07-10-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windowss Fast Communications Manager. (CVE-2013-4032)

Vulnerability in IBM DB2 for Unix, Linux and Windows server products could allow arbitrary data sent to the Fast Communications Manager (FCM) to cause server denial of service. CVE(s): CVE-2013-4032

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_denial_of_service_vulnerability_in_db2_for_unix_linux_and_windows_s_fast_communications_manager_cve_2013_4032?lang=en_us


Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, and CVE-2013-4067

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_40671?lang=en_us


Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-25)

A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat security updates scheduled for Tuesday, October 8, 2013. There are no known exploits in the wild for these updates. We will continue to provide updates …

http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-updates-for-adobe-reader-and-acrobat-apsb13-25.html


Cisco NX-OS RIP denial of service

Cisco NX-OS is vulnerable to a denial of service, caused by an error in the Routing Information Protocol (RIP) service engine. By sending a specially-crafted RIPv4 or RIPv6 message to UDP port 520, a remote attacker could exploit this vulnerability to cause the RIP service engine to restart.

http://xforce.iss.net/xforce/xfdb/87669


Cisco NX-OS configuration files information disclosure

Cisco NX-OS could allow a remote authenticated attacker to obtain sensitive information, caused by the improper sanitization of configuration files. By accessing the Cisco NX-OS management interface as a network-operator, an attacker could exploit this vulnerability to view restricted information within configuration files.

http://xforce.iss.net/xforce/xfdb/87670


The Hail Mary Cloud and the Lessons Learned

badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe." Read more of this story at Slashdot.

http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QrqADehWUPU/story01.htm


Why the state of application security is not so healthy

Web applications are often a common portal for breaches, so why arent they being better protected?

http://www.csoonline.com/article/740164/why-the-state-of-application-security-is-not-so-healthy?source=rss_network_security


[local] - FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit

* FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit * Author by CurcolHekerLink * * This exploit based on open source project, I can make it open source too. Right?

http://www.exploit-db.com/exploits/28718


Cybercrime in the Deep Web

Earlier, we published a blog post talking about the recent shut down of the Silk Road marketplace. There, we promised to release a new white paper looking at cybercrime activity on the Deep Web in more detail. This paper can now be found on our site here. While the Deep Web has often been uniquely associated […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCybercrime in the Deep Web

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RYkDXfurPWU/


Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities

Multiple vulnerabilities have been discovered in Aanval SAS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

https://secunia.com/advisories/55134


Abzockversuche: Anbieter werben mit angeblichem iOS-7-Jailbreak

Viele iPhone-Nutzer warten sehnsüchtig auf ein Jailbreak-Tool für iOS 7 – und einige von ihnen fallen auf Abzocker herein. Ein Test zeigt, wie die Masche funktioniert.

http://www.heise.de/newsticker/meldung/Abzockversuche-Anbieter-werben-mit-angeblichem-iOS-7-Jailbreak-1973330.html


Philips Xper Connect HTTP Request Handling Buffer Overflow Vulnerability

A vulnerability has been reported in Philips Xper Connect, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when handling HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted HTTP request to TCP port 6000.

https://secunia.com/advisories/55152


Door Control Systems: An Examination of Lines of Attack

In this blog post, we shall show that there are serious security vulnerabilities in one of the market-leading door control systems, and that these can be exploited not only to gain physical access to secure premises, but also to obtain confidential information about the organisation to whom the premises belong.

http://www.nccgroup.com/en/blog/2013/09/door-control-systems-an-examination-of-lines-of-attack/


McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshaled Object Arbitrary Code Execution Vulnerability

Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the application not properly restricting access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servlets within Apache Tomcat, which can be exploited to deploy and execute arbitrary Java code by sending a specially crafted marshaled object to TCP port 9111.

https://secunia.com/advisories/55112