Tageszusammenfassung - Dienstag 6-08-2013

End-of-Shift report

Timeframe: Montag 05-08-2013 18:00 − Dienstag 06-08-2013 18:00 Handler: Stephan Richter Co-Handler: n/a

Security Bulletin: Tivoli Management Framework affected by vulnerabilities in OpenSSL 1.0.1c

OpenSSL versions before 1.0.1d do not follow best security practices and need to upgrade. On Linux (Intel or z/OS) platform, the components of Tivoli Management Framework 4.1.1 may include the files in OpenSSL which version is 1.0.1c or lower. CVE(s): CVE-2013-0169 CVE-2013-0166 CVE-2012-2686 Affected product(s) and affected version(s): Tivoli Management Framework 4.1.1 (Note: Tivoli Management Framework 4.3.1 does not have this issue.) Refer to the following reference URLs for...

https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_tivoli_management_framework_affected_by_vulnerabilities_in_openssl_1_0_1c?lang=en_us


MOXA WEAK ENTROPY IN DSA KEYS VULNERABILITY

OverviewResearcher Nadia Heninger of the University of California, San Diego, and researchers Zakir Durumeric, Eric Wustrow, and J. Alex Halderman of the University of Michigan identified an insufficient entropy vulnerability in Moxa’s OnCell Gateways. Moxa produced and released a firmware upgrade on April 3, 2013, that mitigates this vulnerability.This vulnerability could be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-13-217-01


Samba smbd CPU Processing Loop Lets Remote Users Deny Service

A vulnerability was reported in Samba. A remote user can cause denial of service conditions.

http://www.securitytracker.com/id/1028882


IBM iNotes Input Validation Flaws Permit Cross-Site Scripting Attacks and Integer Overflow Lets Remote Users Execute Arbitrary Code

Several vulnerabilities were reported in IBM iNotes. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can conduct cross-site scripting attacks.

http://www.securitytracker.com/id/1028884


Achtung: Anzeigen-Server OpenX enthält eine Hintertür

In den offiziellen Downloads vom OpenX-Server hat heise Security eine Hintertür gefunden, die offenbar seit fast einem Jahr vorhanden ist und bereits aktiv für Angriffe auf Anzeigen-Server genutzt wird.

http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt-eine-Hintertuer-1929769.html


Huawei B153 3G/UMTS Router WPS Weakness

Topic: Huawei B153 3G/UMTS Router WPS Weakness Risk: High Text:Huawei B153 3G/UMTS router WPS weakness [ADVISORY INFORMATION] Title: Huawei B153 3G/UMTS router WPS weakne...

http://cxsecurity.com/issue/WLB-2013080046


How to Check if Your Website is Part of the StealRat Botnet

For a few months now, we have been actively monitoring a spambot named StealRat, which primarily uses compromised websites and systems in its operations. We have continuously monitored its operations and identified about 195,000 thousand domains and IPs that have been compromised. The common denominator among these compromised sites is that they are running vulnerable [...]

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/bWOEp0_bDhw/


Java-Forum.org: Datenbank-Dump aufgetaucht

Nach den Vorfällen der letzten Woche sind nun Teile eines Datenbank-Dumps des Java-Forums aufgetaucht. Da Nutzerdaten eventuell in Gefahr sind, wird Usern geraten, Accounts mit gleichen Passwörtern entsprechend zu ändern.

http://www.heise.de/security/meldung/Java-Forum-org-Datenbank-Dump-aufgetaucht-1930233.html


Atlassian Confluence Xwork OGNL Double Evaluation Security Bypass Vulnerability

A vulnerability has been reported in Atlassian Confluence, which can be exploited by malicious people to bypass certain security restrictions.

https://secunia.com/advisories/54416


WordPress Xhanch - My Twitter Plugin Cross-Site Request Forgery Vulnerability

Charlie Eriksen has discovered a vulnerability in the Xhanch - My Twitter plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks.

https://secunia.com/advisories/53133


ownCloud Cross-Site Scripting and Security Bypass Vulnerabilities

Two vulnerabilities have been reported in ownCloud, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

https://secunia.com/advisories/54357


2Q Security Roundup: Mobile Flaws Form Lasting Security Problems

Threats on mobile platforms, devices, and applications have been swelling up over the past years; but this quarter, they have finally gone full throttle. Cybercriminals have found more sophisticated ways to bypass mobile security, and it’s not just through malicious applications anymore. Android Updates Lag, Users Suffer Critical Flaws Proof of the Android “Master Key” [...]Post from: Trendlabs Security Intelligence Blog - by Trend Micro2Q Security Roundup: Mobile Flaws Form

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/G6B7m5C3Pas/


Schneider Electric Vijeo Citect, CitectSCADA, PowerLogic SCADA Vulnerability

OverviewSchneider Electric has identified an XML external entity vulnerability in Vijeo Citect, CitectSCADA, and PowerLogic SCADA applications. Timur Yunusov, Alexey Osipov, and Ilya Karpov of Positive Technologies reported the vulnerability directly to Schneider Electric. Schneider Electric has produced patches that mitigate this vulnerability.Affected ProductsSchneider Electric reports that the vulnerability affects the following products:· Vijeo Citect Version 7.20 and all previous...

http://ics-cert.us-cert.gov/advisories/ICSA-13-217-02