Tageszusammenfassung - Montag 27-01-2014

End-of-Shift report

Timeframe: Freitag 24-01-2014 18:00 − Montag 27-01-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

ModSecurity Advanced Topic of the Week: HMAC Token Protection

This blog post presents a powerful feature of ModSecurity v2.7 that has been highly under-utilized by most users: HMAC Token Protection. There was a previous blog post written that outlined some usage examples here, however we did not properly demonstrate the protection coverage gained by its usage. Specifically, by using the HMAC Token Protection capabilities of ModSecurity, you can reduce the attack surface of the following attacks/vulnerabilities: Forceful Browsing of Website Content

http://feedproxy.google.com/~r/SpiderlabsAnterior/~3/4JiUhR_1fSQ/modsecurity-advanced-topic-of-the-week-hmac-token-protection.html


Mitigation of NTP amplification attacks involving Junos

When an NTP client or server is enabled within the [edit system ntp] hierarchy level of the Junos configuration, REQ_MON_GETLIST and REQ_MON_GETLIST_1 control messages supported by the monlist feature within NTP may allow remote attackers to cause a denial of service. NTP is not enabled in Junos by default. Once NTP is enabled, an attacker can exploit these control messages in two different ways:...

http://kb.juniper.net/InfoCenter/index/content&id=JSA10613


Sicherheitslücke in Pages: Update angeraten

Nutzer der Mac- und iOS-Version von Pages sollten die neueste Version installieren - eine Sicherheitslücke in älteren Versionen erlaubt unter Umständen das Ausführen von Schadcode.

http://www.heise.de/security/meldung/Sicherheitsluecke-in-Pages-Update-angeraten-2098132.html


First Android bootkit has infected 350,000 devices

January 24, 2014 Russian anti-virus company Doctor Web is warning users about a dangerous Trojan for Android that resides in the memory of infected devices and launches itself early on in the OS loading stage, acting as a bootkit. This allows the Trojan to minimize the possibility that it will be deleted, without tampering with the devices file system. Currently, this malignant program is operating on more than 350,000 mobile devices belonging to users in various countries,...

http://news.drweb.com/show/?i=4206&lng=en&c=9


Security Advisory-DoS Vulnerability in Eudemon8000E

Huawei Eudemon8000E firewall allows users to log in to the device using Telnet or SSH. When an attacker sends to the device a mass of TCP packets with special structure, the logging process become slowly and users may be unable to log in to the device (HWNSIRT-2014-0101).

http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-325385.htm


Security Bulletin: GSKit certificate chain vulnerability in IBM Security Directory Server and Tivoli Directory Server (CVE-2013-6747)

A vulnerability has been identified in the GSKit component utilized by IBM Security Directory Server (ISDS) and IBM Tivoli Directory Server (TDS). A malformed certificate chain can cause the ISDS or TDS client application or server process using GSKit to hang or crash.

https://www-304.ibm.com/support/docview.wss?uid=swg21662902


Security Bulletin: IBM Security SiteProtector System can be affected by a vulnerability in the IBM Java JRE (CVE-2013-5809)

IBM Security SiteProtector System can be affected by vulnerability in the IBM Java JRE. This vulnerability could allow a remote attacker to affect confidentiality, integrity, and availability by means of unknown vectors related to the Java 2D component.

http://www-01.ibm.com/support/docview.wss?uid=swg21662685


Security Bulletin eDiscovery Manager (CVE-2013-5791 and CVE-2013-5763)

CVE-2013-5791 - CVSS Score: 10 An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Filters component could allow a local attacker to cause a denial of service. CVE-2013-5763 - CVSS Score: 6.8 Oracle Outside In technology is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the OS/2 Metafile parser. By causing a vulnerable application to process a malicious file, a remote attacker...

http://www-01.ibm.com/support/docview.wss?uid=swg21659481


Vulnerability Note VU#168751 - Emerson Network Power Avocent MergePoint Unity 2016 KVM switches contain a directory traversal vulnerability

Emerson Network Power Avocent MergePoint Unity 2016 (MPU2016) KVM switches running firmware version 1.9.16473 and possibly previous versions contain a directory traversal vulnerability. An attacker can use directory traversal to download critical files such as /etc/passwd to obtain the credentials for the device.

http://www.kb.cert.org/vuls/id/168751


Vulnerability Note VU#105686 - Thecus NAS Server N8800 contains multiple vulnerabilities

CVE-2013-5667 - Thecus NAS Server N8800 Firmware 5.03.01 get_userid OS Command Injection CVE-2013-5668 - Thecus NAS Server N8800 Firmware 5.03.01 CVE-2013-5669 - Thecus NAS Server N8800 Firmware 5.03.01 plain text administrative password

http://www.kb.cert.org/vuls/id/105686


Cisco Video Surveillance Operations Manager MySQL Database Insufficient Authentication Controls

A vulnerability in the configuration of the MySQL database as installed by Cisco Video Surveillance Operations Manager (VSOM) could allow an unauthenticated, remote attacker to access the MySQL database.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0674


Security update available for Adobe Digital Editions

Adobe has released a security update for Adobe Digital Editions for Windows and Macintosh. This update addresses a vulnerability in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.

http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html


Hitachi Cosminexus Products Multiple Java Vulnerabilities

https://secunia.com/advisories/56545


Drupal Doubleclick for Publishers Module Slot Names Script Insertion Vulnerability

https://secunia.com/advisories/56521


WordPress SS Downloads Plugin Multiple Cross-Site Scripting Vulnerabilities

https://secunia.com/advisories/56532