End-of-Shift report
Timeframe: Freitag 17-05-2013 18:00 − Dienstag 21-05-2013 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Suchmaschine für Internet Census 2012
Die gewaltigen Datenmengen, die bei einem Portscan des gesamten Internets aufgelaufen sind, kann man jetzt auch komfortabel online durchsuchen.
http://www.heise.de/security/meldung/Suchmaschine-fuer-Internet-Census-2012-1865623.html
SSL: Another reason not to ignore IPv6, (Fri, May 17th)
Currently, many public web sites that allow access via IPv6 do so via proxies. This is seen as the "quick fix", as it requires minimum changes to the site itself. As far as the web application is concerned, all incoming traffic is IPv4. The most obvious issue here is logging, in that the application only "sees" the proxies IP address, unless it inspects headers added by the proxy, which will no point to (unreadable?) IPv6 addresses. But there is another issue: SSL
http://isc.sans.edu/diary.html?storyid=15833&rss
CKEditor comment or content post cross-site scripting
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the comment or content post field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site,...
http://xforce.iss.net/xforce/xfdb/84356
Vuln: WordPress Mail On Update Plugin Cross Site Request Forgery Vulnerability
The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
http://www.securityfocus.com/bid/59932
Hitachi JP1/Automatic Operation unspecified cross-site scripting
Hitachi JP1/Automatic Operation is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...
http://xforce.iss.net/xforce/xfdb/84365
Remote Code Injection Vulnerabilities Discovered in iOS Apps
Multiple vulnerabilities have been discovered in both File Lite and File Pro, two file management applications created by Perception Systems for iOS, currently available on Apple’s App Store.
http://threatpost.com/remote-code-injection-vulnerabilities-discovered-in-ios-apps/
Security Update: URL Manipulation Vulnerability in IBM WebSphere Portal versions
URL manipulation security vulnerabilities for IBM WebSphere Portal may allow a remote attacker to traverse directories on the system and view information contained in files. These vulnerabilities are susceptible to an exploit in the wild. Please review the updated security bulletins (see links below). CVE(s): CVE-2012-2181 and CVE-2012-4834 Affected product(s): IBM WebSphere Portal Affected version(s): 7.0.0.x and 8.0 Refer to the following reference URLs for remediation and additional...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_update_url_manipulation_vulnerability_in_ibm_websphere_portal_versions?lang=en_us
IBM WebSphere DataPower Appliance echo web service cross-site scripting
IBM WebSphere DataPower Appliance is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...
http://xforce.iss.net/xforce/xfdb/82221
Mitsubishi MX Component V3 ActiveX Vulnerability
This advisory recommends upgrading to MX Component 4.03 that is not affected by this vulnerability.
http://ics-cert.us-cert.gov/advisories/ICSA-13-140-01
Moodle Multiple Vulns
Topic: Moodle Multiple Vulns Risk: Medium Text:The following security notifications are now public. Thanks to OSS members for their cooperation. =...
http://cxsecurity.com/issue/WLB-2013050156
[remote] - Linksys WRT160nv2 apply.cgi Remote Command Injection
Some Linksys Routers are vulnerable to an authenticated OS command injection on their web interface where default credentials are admin/admin or admin/password. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload.
http://www.exploit-db.com/exploits/25608
Safeguarding ISPs from DDoS Attacks
A distributed-denial-of-service attack in Europe highlights the need for Internet service providers to implement security best practices to prevent future incidents, ENISAs Thomas Haeberlen says.
http://www.databreachtoday.asia/safeguarding-isps-from-ddos-attacks-a-5773
National Cyber Security Strategies in the World
A free and open Internet is at the heart of the new Cyber Security Strategy by the European Union High Representative Catherine Ashton and the European Commission. The new Communication is the first comprehensive policy document that the European Union has produced in this area. It comprises internal market, justice and home affairs and the foreign policy aspects of cyberspace issues. ENISA has listed all the documents of National Cyber Security Strategies in the EU but also in the world.
https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-in-the-world
Dovecot IMAP "APPEND" Parameters Processing Denial of Service Vulnerability
A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within IMAP functionality when processing the "APPEND" parameters and can be exploited to cause a hang.
https://secunia.com/advisories/53492
IBM Maximo Asset Management Products Java Multiple Vulnerabilities
IBM has acknowledged multiple vulnerabilities in IBM Maximo Asset Management products, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
https://secunia.com/advisories/53451
SAProuter NI Route Message Handling Vulnerability
ERPScan has reported a vulnerability in SAProuter, which can be exploited by malicious people to potentially compromise a vulnerable system.
https://secunia.com/advisories/53436
Bugtraq: Revision of "IPv6 Stable Privacy Addresses" (Fwd: I-D Action: draft-ietf-6man-stable-privacy-addresses-07.txt)
We have published a revision of our IETF I-D "A method for Generating
Stable Privacy-Enhanced Addresses with IPv6 Stateless Address
Autoconfiguration (SLAAC)".
http://www.securityfocus.com/archive/1/526646
Security Bulletin: IBM TS3310 Tape Library update for security vulnerabilities in OpenSSL (CVE-2013-0169)
Download an update to the TS3310 Tape Library, which contains a newer version of OpenSSL that fixes certain security vulnerabilities that were present in older versions of OpenSSL. CVEID: CVE-2013-0169 Affected product(s) and affected version(s): All TS3310 tape libraries with firmware versions lower than 636G Refer to the following reference URLs for remediation and additional vulnerability details. Source Bulletin:
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004345 X-Force
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_ts3310_tape_library_update_for_security_vulnerabilities_in_openssl_cve_2013_0169?lang=en_us