Tageszusammenfassung - Mittwoch 17-07-2013

End-of-Shift report

Timeframe: Dienstag 16-07-2013 18:00 − Mittwoch 17-07-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Critical Patch Update - July 2013

This Critical Patch Update contains 89 new security fixes across the product families listed below.

http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html


Vulnerabilities in Drupal Modules/Themes

Drupal TinyBox Module Cross Site Scripting Vulnerability Drupal Hatch Theme Cross Site Scripting Vulnerability Drupal Stage File Proxy Module Denial Of Service Vulnerability

http://www.securityfocus.com/bid/61078 http://www.securityfocus.com/bid/61079 http://www.securityfocus.com/bid/61080


Android-Trojaner zum Selberbauen

Der Open-Source-Trojaner AndroRAT späht SMS-Nachrichten aus, kann Fotos mit der Smartphone-Kamera aufnehmen und das Handy sogar in eine Wanze verwandeln. Mit Hilfe eines zusätzlichen Tools können Cyber-Ganoven damit beliebige Apps trojanisieren.

http://www.heise.de/security/meldung/Android-Trojaner-zum-Selberbauen-1919235.html


Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to conduct cross-site request forgery attacks.

https://secunia.com/advisories/54182


IBM Java Multiple Vulnerabilities

IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious, local users to disclose certain sensitive information, manipulate certain data, and gain escalated privileges and by malicious people to conduct spoofing attacks, disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.

https://secunia.com/advisories/54154


Vuln: Linux Kernel CVE-2013-4125 Remote Denial of Service Vulnerability

The Linux kernel is prone to a remote denial-of-service vulnerability.

http://www.securityfocus.com/bid/61166


Atlassian Bamboo Web Interface OGNL Code Injection Vulnerabilities

Atlassian has acknowledged a vulnerability in Atlassian Bamboo, which can be exploited by malicious people to bypass certain security restrictions.

https://secunia.com/advisories/54189


Oracle Solaris Two Vulnerabilities

Oracle has acknowledged two vulnerabilities in multiple packages included in Oracle Solaris, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to compromise an application using the library.

https://secunia.com/advisories/54202


Bugtraq: ESA-2013-055: EMC Avamar Multiple Vulnerabilities

EMC Avamar Server 7.0 contains fixes for multiple security vulnerabilities that could be exploited by malicious users.

http://www.securityfocus.com/archive/1/527322


A look at Point of Sale RAM scraper malware and how it works

A special kind of malware has been hitting the headlines recently - that which attacks the RAM of Point of Sale (PoS) systems.

http://nakedsecurity.sophos.com/2013/07/16/a-look-at-point-of-sale-ram-scraper-malware-and-how-it-works/


Apache Struts DefaultActionMapper Redirection and OGNL Security Bypass Vulnerabilities

Two weaknesses and multiple vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.

https://secunia.com/advisories/54118