Tageszusammenfassung - Mittwoch 12-02-2014

End-of-Shift report

Timeframe: Dienstag 11-02-2014 18:00 − Mittwoch 12-02-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Security update available for Adobe Shockwave Player (APSB14-06)

A Security Bulletin (APSB14-06) has been published regarding an update for Adobe Shockwave Player 12.0.7.148 and earlier for Windows and Macintosh. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system.

http://blogs.adobe.com/psirt/?p=1051


Assessing risk for the February 2014 security updates

Today we released seven security bulletins addressing 31 unique CVEs. Four bulletins have a maximum severity rating of Critical while the other three have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment.

https://blogs.technet.com/b/srd/archive/2014/02/11/assessing-risk-for-the-february-2014-security-updates.aspx


Vulnerability in Microsoft Forefront Protection for Exchange Could Allow Remote Code Execution (2927022)

This security update resolves a privately reported vulnerability in Microsoft Forefront. The vulnerability could allow remote code execution if a specially crafted email message is scanned. This security update is rated Critical for all supported builds of Microsoft Forefront Protection for Exchange 2010.

http://technet.microsoft.com/en-us/security/bulletin/ms14-008


Attacking ICS Systems "Like Hacking in the 1980s"

Here's how nuts the world of ICS security is: Jonathan Pollet, a security consultant who specializes in ICS systems, was at a Texas amusement park recently and the ride he was waiting for was malfunctioning. The operator told him the ride used a Siemens PLC as part of the control system, so he went...

http://threatpost.com/attacking-ics-systems-like-hacking-in-the-1980s/104200


CVE-2014-0050: Exploit with Boundaries, Loops without Boundaries

In this article I will discuss CVE-2014-0050: Apache Commons FileUpload and Apache Tomcat Denial-of-Service in detail. The article reviews the vulnerabilitys technical aspects in depth and includes recommendations that can help administrators defend from future exploitation of this security issue. How do we know about this vulnerability? About five days ago, Mark Thomas, a Project Management Committee Member and Committer in the Apache Tomcat project, sent an email about the accidentally leaked

http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html


Suspected Mass Exploit Against Linksys E1000 / E1200 Routers, (Wed, Feb 12th)

Brett, who operates an ISP in Wyoming, notified us that he had a number of customers with compromissed Linksys routers these last couple of days. The routers, once compromissed, scan port 80 and 8080 as fast as they can (saturating bandwidth available). It is not clear which vulnerability is being exploited, but Brett eliminated weak passwords. E1200 routers with the latest firmware (2.0.06) appear to be immune agains the exploit used. E1000 routers are end-of-life and dont appear to have an...

http://isc.sans.edu/diary.html?storyid=17621&rss


Cracking Linksys "Encryption"

Perusing the release notes for the latest Linksys WRT120N firmware, one of the more interesting comments reads: Firmware 1.0.07 (Build 01) - Encrypts the configuration file. Having previously reversed their firmware obfuscation and patched their code to re-enable JTAG debugging, I thought that surely I would be able to use...

http://www.devttys0.com/2014/02/cracking-linksys-crypto/


MSRT February 2014 - Jenxcus

We have been seeing a lot more VBScript malware in recent months, thanks in most part to VBS/Jenxcus. Jenxcus is a worm coded in VBScript that is capable of propagating via removable drives. Its payload opens a backdoor on an infected machine, allowing it to be controlled by a remote attacker. For the past few months we have seen the number of affected machines remain constantly high. For this reason we have included Jenxcus in the February release of the Microsoft Malicious Software...

https://blogs.technet.com/b/mmpc/archive/2014/02/11/msrt-february-2014-jenxcus.aspx


BSI empfiehlt, dringend Fritz!Box-Update einzuspielen

Routerhersteller AVM hat am vergangenen Wochenende ein Update für seine Fritz!Box Routermodelle zur Verfügung gestellt, um eine in der letzten Woche bekannt gewordene Schwachstelle zu schließen.

https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2014/Fritz-Box-Update_11022014.html


MatrikonOPC Improper Input Validation

Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the MatrikonOPC SCADA DNP3 OPC Server application. MatrikonOPC has produced a patch that mitigates this vulnerability. The researchers have tested the patch to validate that it resolves the vulnerability.This vulnerability could be exploited remotely.

http://ics-cert.us-cert.gov/advisories/ICSA-14-010-01


Cisco Unified Communications Manager several Vulnerabilities

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0722 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0723 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0724 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0725 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0726 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0727 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0728 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0729


VU#727318: DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability

Vulnerability Note VU#727318 DELL SonicWALL GMS/Analyzer/UMA contains a cross-site scripting (XSS) vulnerability Original Release date: 11 Feb 2014 | Last revised: 11 Feb 2014 Overview DELL SonicWALL GMS/Analyzer/UMA version 7.1, and possibly earlier versions, contains a cross-site scripting (XSS) vulnerability. (CWE-79) Description CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)DELL SonicWALL GMS/Analyzer/UMA version 7.1 contains a cross-site...

http://www.kb.cert.org/vuls/id/727318


FreePBX 2.x Code Execution

Topic: FreePBX 2.x Code Execution Risk: High Text:App : Freepbx 2.x download : schmoozecom.com Author : i-Hmx mail : n0p1337 at gmail.com Home : sec4ever.com , secarrays ltd ...

http://cxsecurity.com/issue/WLB-2014020088


TYPO3 - Several vulnerabilities in third party extensions

http://typo3.org/news/article/several-vulnerabilities-in-third-party-extensions-9/ http://typo3.org/news/article/several-vulnerabilities-in-extension-mm-forum-mm-forum/ http://typo3.org/news/article/access-bypass-in-extensions-yet-another-gallery-yag-and-tools-for-extbase-development-pt-extb/ http://typo3.org/news/article/mass-assignment-in-extension-direct-mail-subscription-direct-mail-subscription/ http://typo3.org/news/article/insecure-unserialize-in-extension-news-tt-news/


[webapps] - NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities

http://www.exploit-db.com/exploits/31617


McAfee Firewall Enterprise OpenSSL OCSP Response Verification Denial of Service Vulnerability

https://secunia.com/advisories/56930 https://secunia.com/advisories/56932


[webapps] - jDisk (stickto) v2.0.3 iOS - Multiple Vulnerabilities

http://www.exploit-db.com/exploits/31618


MyBB Extended Useradmininfo Plugin "User-Agent" Script Insertion Vulnerability

https://secunia.com/advisories/56921


Puppet Enterprise - CVE-2013-6393 (Threat of denial of service and potential for arbitrary code execution due to a flaw in libyaml)

A flaw in the way `libyaml` parsed YAML tags could lead to a heap-based buffer overflow. An attacker could submit a YAML document that, when parsed by an application using `libyaml`, would cause the application to crash or potentially execute malicious code. This has been patched in PE 3.1.3.

http://puppetlabs.com/security/cve/cve-2013-6393


FFmpeg Multiple Vulnerabilities

https://secunia.com/advisories/56838