End-of-Shift report
Timeframe: Dienstag 04-06-2013 18:00 − Mittwoch 05-06-2013 18:00
Handler: Stephan Richter
Co-Handler: n/a
Get Set Null Java Security
Java, being widely used by the applications, has also been actively targeted by malware authors. One of the most common techniques to exploit Java applications, is to disable the security manager. This blog provides widely used logic used by malware authors...
http://www.fireeye.com/blog/technical/2013/06/get-set-null-java-security.html
Schneider Electric Quantum Ethernet Module Hard-Coded Credentials
This updated advisory is a follow-up to the original advisory titled ICSA-12-018-01 Schneider Electric Quantum Ethernet Module Hard-Coded Credentials that was published on January 17, 2012, on the ICS-CERT Web page
http://ics-cert.us-cert.gov/advisories/ICSA-12-018-01A
Schneider Electric PLCs Multiple Vulnerabilities
This updated advisory is a follow-up to the updated advisory titled ICSA-13-077-01A Schneider Electric PLCS Multiple Vulnerabilities (Update A) that was published March 20, 2013, on the ICS-CERT Web page.
http://ics-cert.us-cert.gov/advisories/ICSA-13-077-01B
Richard Porter ISC Handler on Duty (c) SANS Internet Storm Center.
http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://isc.sans.edu/diary.html?storyid=15932&rss
IBM AIX inet IPv6 Bug Lets Remote Users Deny Service
On systems configured with IPv6, a remote user can send a specially crafted IPv6 packet to cause the target system to hang.
http://www.securitytracker.com/id/1028626
Mac OSX Server DirectoryService Buffer Overflow
Topic: Mac OSX Server DirectoryService Buffer Overflow Risk: High Text:Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1....
http://cxsecurity.com/issue/WLB-2013060040
NetGear DGN1000 and NetGear DGN2200 security bypass
NetGear DGN1000 and NetGear DGN2200 could allow a remote attacker to bypass security restrictions, caused by an error in the interface when handling requests containing the currentsetting.htm substring. An attacker could exploit this vulnerability to gain unauthorized access to restricted functionality.
http://xforce.iss.net/xforce/xfdb/84662
[2013-06-05] Critical vulnerabilities in CTERA portal
CTERA portal contains multiple and partly critical security issues such as XML External Entity injection that allows unauthenticated attackers to fully take over the affected server.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130605-0_CTERA_PORTAL_Multiple_Vulnerabilities_v10.txt
Apple Mac OS X Multiple Vulnerabilities
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
https://secunia.com/advisories/53684
PRTG Network Monitor login.htm cross-site scripting
PRTG Network Monitor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the login.htm script. A remote attacker could exploit this vulnerability using the errormsg...
http://xforce.iss.net/xforce/xfdb/84686
Apache Struts OGNL Expression Injection Vulnerabilities
Security Research Laboratory has reported some vulnerabilities in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions.
https://secunia.com/advisories/53693
Monkey HTTP Daemon "mk_request_header_process()" Signedness Error Buffer Overflow Vulnerability
A vulnerability has been discovered in Monkey HTTP Daemon, which can be exploited by malicious people to compromise a vulnerable system.
https://secunia.com/advisories/53697
CVE-2013-3919: A recursive resolver can be crashed by a query for a malformed zone
A bug has been discovered in the most recent releases of BIND 9 which has the potential for deliberate exploitation as a denial-of-service attack. By sending a recursive resolver a query for a record in a specially malformed zone, an attacker can cause BIND 9 to exit with a fatal "RUNTIME_CHECK" error in resolver.c
https://kb.isc.org/article/AA-00967