Tageszusammenfassung - Dienstag 25-03-2014

End-of-Shift report

Timeframe: Montag 24-03-2014 18:00 − Dienstag 25-03-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Microsoft Security Advisory (2953095): Vulnerability in Microsoft Word Could Allow Remote Code Execution - Version: 1.0

Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer.

http://technet.microsoft.com/en-us/security/advisory/2953095


Security Advisory 2953095: recommendation to stay protected and for detections

Today, Microsoft released Security Advisory 2953095 to notify customers of a vulnerability in Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. This blog will discuss mitigations and temporary defensive strategies that will help customers to protect themselves while we are working on a security update. This blog also provides some preliminary details of the exploit code observed in the wild. Mitigations and Workaround The in the wild

http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx


[dos] - Windows Media Player 11.0.5721.5230 - Memory Corruption PoC

#[+] Exploit Title: Windows Media Player 11.0.5721.5230 Memory Corruption PoC #[+] Date: 22-03-2014 #[+] Category: DoS/PoC #[+] Tested on: WinXp/Windows 7 Pro

http://www.exploit-db.com/exploits/32477


Security Notice- Allegro RomPager Information Disclosure Vulnerability in Multiple Huawei Routers

Huawei has noticed an information disclosure vulnerability on the RomPager embedded web server, which is developed by Allegro. The vulnerability affects Huawei HG520c, MT880, and MT886 access routers.

http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-330381.htm


Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

Summary: Three vulnerabilities were found in cacti version 0.8.7g. The vulnerabilities are: 1) Stored Cross-Site Scripting (XSS) (via URL) 2) Missing CSRF (Cross-Site Request Forgery) token allows execution of arbitrary commands 3) The use of exec-like function calls without safety checks allow arbitrary commands

http://www.securityfocus.com/archive/1/531588


Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga

Two vulnerabilities were found in icinga version 1.9.1. These vulnerabilities are: 1) several buffer overflows 2) Off-by-one memory access

http://www.securityfocus.com/archive/1/531593


Bugtraq: Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk

Several vulnerabilities were found in check_mk version 1.2.2p2. The vulnerabilities are: 1 - Reflected Cross-Site Scripting (XSS) 2 - Stored Cross-Site Scripting (XSS) (via URL) 3 - Stored Cross-Site Scripting (XSS) (via external data, no link necessary) 4 - Stored Cross-Site Scripting (XSS) (via external data on service port, no link necessary) 5 - Missing CSRF (Cross-Site Request Forgery) token allows execution of arbitrary commands 6 - Multiple use of exec-like function calls which allow arbitrary commands 7 - Deletion of arbitrary files

http://www.securityfocus.com/archive/1/531594


Net-snmp snmptrapd Community String Processing Lets Remote Users Deny Service

A remote user can send a specially crafted SNMP trap request with an empty community string to trigger a flaw in newSVpv() and cause the target snmptrapd service to crash. Systems with the Perl handler enabled are affected.

http://www.securitytracker.com/id/1029950


Trojan.PWS.OSMP.21 infects payment terminals

March 25, 2014 Home users aren't the only ones being targeted by today's threats - various financial organisations are receiving their own share of attention from criminals who are crafting malicious applications for ATMs and payment terminals. Doctor Web has issued a warning regarding one such Trojan, namely, Trojan.PWS.OSMP.21. This malware is infecting the terminals of a major Russian payment system.

http://news.drweb.com/show/?i=4259&lng=en&c=9


RSA BSAFE Micro Edition Suite (MES) 4.0.x Denial Of Service

Summary: RSA BSAFE MES 4.0.5 contains fix for a security vulnerability that could potentially be exploited by malicious users to deny access to the affected system. Details: This vulnerability may cause unpredictable application behavior resulting in a server crash due to faulty certificate chain processing logic.

http://cxsecurity.com/issue/WLB-2014030193


PHP Fileinfo libmagic AWK File Processing Denial of Service Vulnerability

A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the libmagic library bundled in the Fileinfo extension when processing certain AWK scripts, which can be exploited to cause excessive CPU resources consumption via a specially crafted AWK script file.

https://secunia.com/advisories/57564


OpenVZ update for kernel

OpenVZ has issued an update for kernel. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system.

https://secunia.com/advisories/57573


Password Hashing Competition

Theres a private competition to identify new password hashing schemes. Submissions are due at the end of the month.

https://www.schneier.com/blog/archives/2014/03/password_hashin.html