Tageszusammenfassung - Freitag 24-05-2013

End-of-Shift report

Timeframe: Donnerstag 23-05-2013 18:00 − Freitag 24-05-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information

A potential security vulnerability has been identified in HP-UX Directory Server. The vulnerability could be exploited remotely resulting in information disclosure.

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083

---

Cisco NX-OS igmp_snoop_orib_fill_source_update() Function Remote Denial of Service Vulnerability

Cisco NX-OS contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition on a targeted device. Updates are available.

http://tools.cisco.com/security/center/viewAlert.x?alertId=26613

---

X.Org Security Advisory: May 23, 2013 - Protocol handling issues in X Window System client libraries

Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Orgs security team to analyze, confirm, and fix these issues.

http://www.x.org/wiki/Development/Security/Advisory-2013-05-23

---

Cisco WebEx for iOS Certificate Verification Security Issue

Charlie Eriksen has discovered a security issue in Cisco WebEx for iOS, which can be exploited by malicious people to conduct spoofing attacks.

https://secunia.com/advisories/51412

---

New Rmnet malware disables anti-virus programs

May 23, 2013 Russian anti-virus company Doctor Web is warning users about new malicious modules found in the malware that is used to create and maintain the Rmnet bot network. One of them allows attackers to disable the anti-virus software installed on the infected computers. Doctor Webs analysts also managed to hijack a Rmnet subnetwork whose bots contain these harmful components. Doctor Web already warned users about the wide distribution of Win32.Rmnet.12 andWin32.Rmnet.16 programs that...

http://news.drweb.com/show/?i=3551&lng=en&c=9

---

Google erneuert SSL-Zertifikate

Ab August spendiert Google seinen Diensten neue Zertifikate. Vor allem sollen die mit alten 1024-Bit-RSA-Keys ausrangiert und gegen solche mit 2048 Bit ersetzt werden.

http://www.heise.de/security/meldung/Google-erneuert-SSL-Zertifikate-1869150.html

---

Malware dont need Coffee

On the 10th of may was advertised on underground forum by bomba_service a new Ransomware in Affiliate mode.

http://malware.dontneedcoffee.com/2013/05/unveiling-locker-bomba-aka-lucky-locker.html

---

0-Days in Novell Client für Windows

Wer noch Novell Client für Windows einsetzt, sollte sich nach Alternativen umsehen.

http://www.heise.de/security/meldung/0-Days-in-Novell-Client-fuer-Windows-1869196.html

---

Vuln: MediaWiki Arbitrary File Upload Vulnerability

MediaWiki is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer. Note that this issue could be exploited to execute arbitrary code, however, this has not been confirmed.

http://www.securityfocus.com/bid/60077