End-of-Shift report
Timeframe: Freitag 19-04-2013 18:00 − Montag 22-04-2013 18:00
Handler: Stephan Richter
Co-Handler: Otmar Lendl
OpenStack keystone.conf insecure file permissions
Topic: OpenStack keystone.conf insecure file permissions Risk: Medium Text:As reported:
https://bugs.launchpad.net/keystone/+bug/1168252 The password configuration of LDAP and admin_token in keystone...
http://feedproxy.google.com/~r/securityalert_database/~3/Y9fS7PiNeIM/WLB-2013040141
nginx Arbitrary Code Execution NullByte Injection
Topic: nginx Arbitrary Code Execution NullByte Injection Risk: Low Text:# Exploit Title: nginx Arbitrary Code Execution NullByte Injection # Date: 24/08/2011 # Exploit Author: Neal Poole # Vendor ...
http://cxsecurity.com/wlb/WLB-2013040142
Vuln: Opera Web Browser Information Disclosure and Unspecified Vulnerabilities
Opera Web Browser Information Disclosure and Unspecified Vulnerabilities
http://www.securityfocus.com/bid/58864
libxml2 Multiple Use-After-Free Vulnerabilities
Topic: libxml2 Multiple Use-After-Free Vulnerabilities Risk: Medium Text:1) An use-after-free error in "htmlParseChunk()" can be exploited to dereference already freed memory. 2) Two use-after-free...
http://feedproxy.google.com/~r/securityalert_database/~3/yn55M8Cmawk/WLB-2013040150
Family of “BadNews” malware in Google Play downloaded up to 9 million times
Apps steal sensitive data, push SMS app that racks up charges to pricey service.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/hS0_oWvBHPU/
A Chargen-based DDoS? Chargen is still a thing?, (Sun, Apr 21st)
In the recent few days there was another denial of service attack launched at financial organizations. (Yeah, I know, DDoS on a bank, thats *totally* never happens). What is newsworthy isnt that it happened, it was the means used to execute the attack. Specifically, the organizations were flooded with UDP port 19 traffic which is the chargen protocol. I am not sure Ive ever seen a legitimate use of this protocol or encountered a machine that had it on intentionally before. For review, chargen...
http://isc.sans.edu/diary.html?storyid=15647&rss
ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation
Topic: ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation Risk: Medium Text:This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the 4.0.x branch is not affected and still supported with se...
http://cxsecurity.com/wlb/WLB-2013040156
Und täglich grüßt die Router-Lücke
Belkin, D-Link, Linksys, Netgear, Sitecom, TP-Link – es gibt kaum Hersteller, die bei der Firmware-Entwicklung nicht patzen. Es ist nach wie vor schockierend, was für mitunter haarsträubende Schwachstellen in verbreiteten Router-Modellen schlummern.
http://www.heise.de/security/meldung/Und-taeglich-gruesst-die-Router-Luecke-1846882.html
Avaya Communication Manager OpenSSL and glibc Vulnerabilities
Avaya Communication Manager OpenSSL and glibc Vulnerabilities
https://secunia.com/advisories/53166
8 tips for a security incident handling plan
Most of us know that there is no such thing as 100% security, and that - unfortunately - its only a matter of time until a security incident occurs. Despite this, its rare to see a good incident response process and plan in place.
http://nakedsecurity.sophos.com/2013/04/20/tips-incident-handling-plan/
McAfee Security Bulletin - ePO update fixes two vulnerabilities
Five separate CVE reports of potential ePO vulnerabilities were reported: CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487. Collectively, these vulnerabilities could allow unauthorized disclosure of information, unauthorized modification, or disruption of service. ePO is not vulnerable to any of these CVE vulnerabilities.
https://kc.mcafee.com/corporate/index/content&id=SB10041
Cisco Unified Contact Center Express Editor Information Disclosure Vulnerability
A vulnerability in the scripts editor software of the Cisco Unified Contact Center Express (Cisco Unified CCX) could allow an unauthenticated, remote attacker to have read access to scripts that are stored in the Cisco Unified CCX scripts repository.
http://tools.cisco.com/security/center/viewAlert.x?alertId=29050
Firefox FirePHP Extension Arbitrary Command Execution Weakness
Firefox FirePHP Extension Arbitrary Command Execution Weakness
https://secunia.com/advisories/53163
Global Mapper Insecure Library Loading Vulnerability
Global Mapper Insecure Library Loading Vulnerability
https://secunia.com/advisories/51510
DDoS Strikes Take EU Banks Offline
Experts Say Outages Not Linked to U.S. Attacks Distributed-denial-of-service attacks against banking institutions are becoming a global concern, and experts say many organizations outside the U.S. financial-services sector are ill-equipped to defend themselves. DDoS strikes have taken down online-banking sites in Northern Europe in recent days and weeks, several security experts say. Scott Hammack, CEO of DDoS-mitigation provider Prolexic, says...
http://www.bankinfosecurity.com/ddos-strikes-take-eu-banks-offline-a-5701/op-1
Bugtraq: [SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE
[SE-2012-01] Yet another Reflection API flaw affecting Oracles Java SE
http://www.securityfocus.com/archive/1/526415
Security Bulletin: IBM InfoSphere Data Replication Dashboard Username Enumeration (CVE-2013-0584)
A remote, unauthenticated user can enumerate a list of InfoSphere Data Replication Dashboard user accounts including which accounts do not require a password.
http://www-01.ibm.com/support/docview.wss?uid=swg21634798
A Primer on IPv4, IPv6 and Transition
There is something badly broken in todays Internet. At first blush that may sound like a contradiction in terms, or perhaps a wild conjecture intended only to grab your attention to get you to read on. After all, the Internet is a modern day technical marvel. In just a couple of decades the Internet has not only...
http://www.circleid.com/posts/20130421_a_primer_on_ipv4_ipv6_and_transition/
Security Advisory-The AR Abnormally Resets When Receiving Special DHCP Packets
Apr 20, 2013 14:38
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-258476.htm
WordPress - Vulnerabilities in multiple Plugins
WordPress All in One Webmaster Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/52877
WordPress FourSquare Checkins Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/53151
WordPress Facebook Members Plugin Cross-Site Request Forgery Vulnerability
https://secunia.com/advisories/52962
WordPress W3 Total Cache Arbitrary Code Execution Vulnerability
https://secunia.com/advisories/53052