End-of-Shift report
Timeframe: Dienstag 11-02-2014 18:00 − Mittwoch 12-02-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Security update available for Adobe Shockwave Player (APSB14-06)
A Security Bulletin (APSB14-06) has been published regarding an update for Adobe Shockwave Player 12.0.7.148 and earlier for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system.
http://blogs.adobe.com/psirt/?p=1051
Assessing risk for the February 2014 security updates
Today we released seven security bulletins addressing 31 unique CVEs. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.
https://blogs.technet.com/b/srd/archive/2014/02/11/assessing-risk-for-the-february-2014-security-updates.aspx
Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)
This security update resolves a privately reported vulnerability in Microsoft Forefront. The vulnerability could allow remote code execution if a specially crafted email message is scanned. This security update is rated Critical for all supported builds of Microsoft Forefront Protection for Exchange 2010.
http://technet.microsoft.com/en-us/security/bulletin/ms14-008
Attacking ICS Systems "Like Hacking in the 1980s"
Here's how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control system, so he went...
http://threatpost.com/attacking-ics-systems-like-hacking-in-the-1980s/104200
CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries
In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. The article reviews the vulnerabilitys technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue. How do we know about this vulnerability? About five days ago, Mark Thomas, a Project Management Committee Member and Committer in the Apache Tomcat project, sent an email about the accidentally leaked
http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
Suspected Mass Exploit Against Linksys E1000 / E1200 Routers, (Wed, Feb 12th)
Brett, who operates an ISP in Wyoming, notified us that he had a number of customers with compromissed Linksys routers these last couple of days. The routers, once compromissed, scan port 80 and 8080 as fast as they can (saturating bandwidth available). It is not clear which vulnerability is being exploited, but Brett eliminated weak passwords. E1200 routers with the latest firmware (2.0.06) appear to be immune agains the exploit used. E1000 routers are end-of-life and dont appear to have an...
http://isc.sans.edu/diary.html?storyid=17621&rss
Cracking Linksys "Encryption"
Perusing the release notes for the latest Linksys WRT120N firmware, one of the more interesting comments reads: Firmware 1.0.07 (Build 01) - Encrypts the configuration file. Having previously reversed their firmware obfuscation and patched their code to re-enable JTAG debugging, I thought that surely I would be able to use...
http://www.devttys0.com/2014/02/cracking-linksys-crypto/
MSRT February 2014 - Jenxcus
We have been seeing a lot more VBScript malware in recent months, thanks in most part to VBS/Jenxcus. Jenxcus is a worm coded in VBScript that is capable of propagating via removable drives. Its payload opens a backdoor on an infected machine, allowing it to be controlled by a remote attacker. For the past few months we have seen the number of affected machines remain constantly high. For this reason we have included Jenxcus in the February release of the Microsoft Malicious Software...
https://blogs.technet.com/b/mmpc/archive/2014/02/11/msrt-february-2014-jenxcus.aspx
BSI empfiehlt, dringend Fritz!Box-Update einzuspielen
Routerhersteller AVM hat am vergangenen Wochenende ein Update für seine Fritz!Box Routermodelle zur Verfügung gestellt, um eine in der letzten Woche bekannt gewordene Schwachstelle zu schließen.
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2014/Fritz-Box-Update_11022014.html
MatrikonOPC Improper Input Validation
Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the MatrikonOPC SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers have tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01
Cisco Unified Communications Manager several Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729
VU#727318: DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability
Vulnerability Note VU#727318 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability Original Release date: 11 Feb 2014 | Last revised: 11 Feb 2014 Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79) Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)DELL SonicWALL GMS/Analyzer/UMA version 7.1 contains a cross-site...
http://www.kb.cert.org/vuls/id/727318
FreePBX 2.x Code Execution
Topic: FreePBX 2.x Code Execution Risk: High Text:App : Freepbx 2.x download : schmoozecom.com Author : i-Hmx mail :
n0p1337 at gmail.com Home : sec4ever.com , secarrays ltd ...
http://cxsecurity.com/issue/WLB-2014020088
TYPO3 - Several vulnerabilities in third party extensions
http://typo3.org/news/article/several-vulnerabilities-in-third-party-extensions-9/
http://typo3.org/news/article/several-vulnerabilities-in-extension-mm-forum-mm-forum/
http://typo3.org/news/article/access-bypass-in-extensions-yet-another-gallery-yag-and-tools-for-extbase-development-pt-extb/
http://typo3.org/news/article/mass-assignment-in-extension-direct-mail-subscription-direct-mail-subscription/
http://typo3.org/news/article/insecure-unserialize-in-extension-news-tt-news/
[webapps] - NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/31617
McAfee Firewall Enterprise OpenSSL OCSP Response Verification Denial of Service Vulnerability
https://secunia.com/advisories/56930
https://secunia.com/advisories/56932
[webapps] - jDisk (stickto) v2.0.3 iOS - Multiple Vulnerabilities
http://www.exploit-db.com/exploits/31618
MyBB Extended Useradmininfo Plugin "User-Agent" Script Insertion Vulnerability
https://secunia.com/advisories/56921
Puppet Enterprise - CVE-2013-6393 (Threat of denial of service and potential for arbitrary code execution due to a flaw in libyaml)
A flaw in the way `libyaml` parsed YAML tags could lead to a heap-based buffer overflow. An attacker could submit a YAML document that, when parsed by an application using `libyaml`, would cause the application to crash or potentially execute malicious code. This has been patched in PE 3.1.3.
http://puppetlabs.com/security/cve/cve-2013-6393
FFmpeg Multiple Vulnerabilities
https://secunia.com/advisories/56838