Tageszusammenfassung - Dienstag 9-04-2013

End-of-Shift report

Timeframe: Montag 08-04-2013 18:00 − Dienstag 09-04-2013 18:00 Handler: Robert Waldner Co-Handler: Stephan Richter

Google AD Sync Tool Vulnerability (GADS)

Topic: Google AD Sync Tool Vulnerability (GADS) Risk: High Text:Due to a weakness in the way the Java encryption algorithm (PBEwithMD5andDES) has been implemented in the GADS tool all store...

http://feedproxy.google.com/~r/securityalert_database/~3/knSZ3WmkiLY/WLB-2013040065

HP System Management Homepage Local Privilege Escalation

Topic: HP System Management Homepage Local Privilege Escalation Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

http://feedproxy.google.com/~r/securityalert_database/~3/Peuq5i06_sw/WLB-2013040060

Security Bulletin: SONAS Fix Available for SONAS CIFS Attribute Vulnerability (CVE-2013-0454)

SONAS includes a version of Samba that is affected by a vulnerability that sets incorrect attributes to a SONAS CIFS export. CVE(s): CVE-2013-0454Affected product(s) & Affected version(s): Affected releases: SONAS 1.1 through 1.3.2.1-20. Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin: http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004287X-Force Database: http://xforce.iss.net/xforce/xfdb/80970

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_sonas_fix_available_for_sonas_cifs_attribute_vulnerability_cve_2013_04544?lang=en_us

Security Vulnerability for ActiveX Control packaged with IBM Cognos Disclosure Management Client (CVE-2013-0501)

A third party ActiveX control (EdrawSoft) may have been registered in the Windows registry by the CDM client installation process. This ActiveX control contains a security vulnerability that could allow unauthorized file access to the user’s machine from malicious web sites.CVE(s): CVE-2013-0501Affected product(s) & Affected version(s): IBM Cognos Disclosure Management 10.2.0 Refer to the following reference URLs for remediation and additional vulnerability details.Source Bulletin:...

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_for_activex_control_packaged_with_ibm_cognos_disclosure_management_client_cve_2013_05018?lang=en_us

ICS-CERT has released an Advisory "ICSA-13-098-01 Canary Labs Inc Trend Link Insecure ActiveX Control Method" (PDF)

This advisory provides mitigation details for a vulnerability in the Canary Labs, Inc. Trend Link software.

http://ics-cert.us-cert.gov/pdf/ICSA-13-098-01.pdf

TinyWebGallery image.php path disclosure

TinyWebGallery image.php path disclosure

http://xforce.iss.net/xforce/xfdb/83286

International cyber exercise confirms the importance of international collaboration

On 20 and 21 March, the National Cyber Security Centre (NCSC) participated in an international cyber exercise by the International Watch and Warning Network (IWWN) entitled Cyberstorm IV. Cyberstorm IV is the last in a series of cyber exercises during which malware is investigated for 36 consecutive hours. Together with its partners at IWWN, the Department of Homeland Security (of the United States) has organized the international ingredient of Cyberstorm IV.

http://www.ncsc.nl/english/current-topics/news/international-cyber-exercise-confirms-the-importance-of-international-collaboration.html