End-of-Shift report
Timeframe: Freitag 04-10-2013 18:00 − Montag 07-10-2013 18:00
Handler: Robert Waldner
Co-Handler: n/a
Security Bulletin: Denial of Service Vulnerability in DB2 for Unix, Linux and Windowss Fast Communications Manager. (CVE-2013-4032)
Vulnerability in IBM DB2 for Unix, Linux and Windows server products could allow arbitrary data sent to the Fast Communications Manager (FCM) to cause server denial of service. CVE(s): CVE-2013-4032
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_denial_of_service_vulnerability_in_db2_for_unix_linux_and_windows_s_fast_communications_manager_cve_2013_4032?lang=en_us
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067)
Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4066 and CVE-2013-4067) CVE(s): CVE-2013-4066, and CVE-2013-4067
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_security_vulnerabilities_exist_in_ibm_infosphere_information_server_cve_2013_4066_and_cve_2013_40671?lang=en_us
Prenotification: Upcoming Security Updates for Adobe Reader and Acrobat (APSB13-25)
A prenotification Security Advisory has been posted in regards to upcoming Adobe Reader and Acrobat security updates scheduled for Tuesday, October 8, 2013. There are no known exploits in the wild for these updates. We will continue to provide updates …
http://blogs.adobe.com/psirt/2013/10/prenotification-upcoming-security-updates-for-adobe-reader-and-acrobat-apsb13-25.html
Cisco NX-OS RIP denial of service
Cisco NX-OS is vulnerable to a denial of service, caused by an error in the Routing Information Protocol (RIP) service engine. By sending a specially-crafted RIPv4 or RIPv6 message to UDP port 520, a remote attacker could exploit this vulnerability to cause the RIP service engine to restart.
http://xforce.iss.net/xforce/xfdb/87669
Cisco NX-OS configuration files information disclosure
Cisco NX-OS could allow a remote authenticated attacker to obtain sensitive information, caused by the improper sanitization of configuration files. By accessing the Cisco NX-OS management interface as a network-operator, an attacker could exploit this vulnerability to view restricted information within configuration files.
http://xforce.iss.net/xforce/xfdb/87670
The Hail Mary Cloud and the Lessons Learned
badger.foo writes "Against ridiculous odds and even after gaining some media focus, the botnet dubbed The Hail Mary Cloud apparently succeeded in staying under the radar and kept compromising Linux machines for several years. This article sums up the known facts about the botnet and suggests some practical measures to keep your servers safe." Read more of this story at Slashdot.
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/QrqADehWUPU/story01.htm
Why the state of application security is not so healthy
Web applications are often a common portal for breaches, so why arent they being better protected?
http://www.csoonline.com/article/740164/why-the-state-of-application-security-is-not-so-healthy?source=rss_network_security
[local] - FreeBSD Intel SYSRET Kernel Privilege Escalation Exploit
* FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit
* Author by CurcolHekerLink
*
* This exploit based on open source project, I can make it open source too. Right?
http://www.exploit-db.com/exploits/28718
Cybercrime in the Deep Web
Earlier, we published a blog post talking about the recent shut down of the Silk Road marketplace. There, we promised to release a new white paper looking at cybercrime activity on the Deep Web in more detail. This paper can now be found on our site here. While the Deep Web has often been uniquely associated […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroCybercrime in the Deep Web
http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/RYkDXfurPWU/
Aanval SAS Cross-Site Scripting and SQL Injection Vulnerabilities
Multiple vulnerabilities have been discovered in Aanval SAS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
https://secunia.com/advisories/55134
Abzockversuche: Anbieter werben mit angeblichem iOS-7-Jailbreak
Viele iPhone-Nutzer warten sehnsüchtig auf ein Jailbreak-Tool für iOS 7 – und einige von ihnen fallen auf Abzocker herein. Ein Test zeigt, wie die Masche funktioniert.
http://www.heise.de/newsticker/meldung/Abzockversuche-Anbieter-werben-mit-angeblichem-iOS-7-Jailbreak-1973330.html
Philips Xper Connect HTTP Request Handling Buffer Overflow Vulnerability
A vulnerability has been reported in Philips Xper Connect, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error when handling HTTP requests and can be exploited to cause a heap-based buffer overflow by sending a specially crafted HTTP request to TCP port 6000.
https://secunia.com/advisories/55152
Door Control Systems: An Examination of Lines of Attack
In this blog post, we shall show that there are serious security vulnerabilities in one of the market-leading door control systems, and that these can be exploited not only to gain physical access to secure premises, but also to obtain confidential information about the organisation to whom the premises belong.
http://www.nccgroup.com/en/blog/2013/09/door-control-systems-an-examination-of-lines-of-attack/
McAfee Web Reporter Premium EJBInvokerServlet / JMXInvokerServlet Marshaled Object Arbitrary Code Execution Vulnerability
Andrea Micalizzi has discovered a vulnerability in McAfee Web Reporter Premium, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to the application not properly restricting access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servlets within Apache Tomcat, which can be exploited to deploy and execute arbitrary Java code by sending a specially crafted marshaled object to TCP port 9111.
https://secunia.com/advisories/55112