End-of-Shift report
Timeframe: Mittwoch 23-04-2014 18:00 − Donnerstag 24-04-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
NetSupport Information Leakage Using Nmap Script
NetSupport allows corporations to remotely manage and connect to PCs and servers from a central location for the purposes of desktop support. In my last post I discussed how I wrote a script using the NetSupport scripting language to find versions of NetSupport running on clients with default installations that didnt require authentication to remotely connect to them. Essentially you could use NetSupport to bypassany Domain or local credentials to remotely connect to the PC and...
http://blog.spiderlabs.com/2014/04/netsupport-information-leakage-using-nmap-script.html
DHCPv6 and DUID Confusion, (Wed, Apr 23rd)
In IPv6, DHCP is taking somewhat a back seat to router advertisements. Many smaller networks are unlikely to use DHCP. However, in particular for Enterprise/larger networks, DHCPv6 still offers a lot of advantages when it comes to managing hosts and accounting for IP addresses in use. One of the big differences when it comes to DHCPv6 is that a host identifies itself with a DUID (DHCP Unique Identifier) which can be different from a MAC address. There are essentially three ways to come up with...
http://isc.sans.edu/diary.html?storyid=18015&rss
Cisco: Hey, IT depts. Youre all malware hosts
Security report also notes skills shortage Everybody - at least every multinational that Cisco checked out for its 2014 Annual Security Report - is hosting malware of some kind, and there arent enough security professionals to go around.
http://go.theregister.com/feed/www.theregister.co.uk/2014/04/24/cisco_youre_ialli_malware_hosts/
DrDoS attacks to reach 800 Gbps in 2015
While the network time protocol (NTP) DrDoS threats that became prevalent in early 2014 have been contained, new distributed reflected denial of service threats will lead to attacks in excess of 800 Gbps during the next 12 to 18 months.
http://www.net-security.org/secworld.php?id=16733
Zero-Day-Lücke in Apache Struts 2
Durch eine kleine Abwandlung einer bereits gepatchten Lücke können Angreifer wieder Code in den Server einschleusen.
http://www.heise.de/security/meldung/Zero-Day-Luecke-in-Apache-Struts-2-2176605.html
Situational Awareness Alert for OpenSSL Vulnerability (Update D)
This alert update is a follow-up to the updated NCCIC/ICS-CERT Alert titled ICS-ALERT-14-009-01C Situational Awareness Alert for OpenSSL Vulnerability that was published April 17, 2014, on the ICS-CERT web site.
http://ics-cert.us-cert.gov/alerts/ICS-ALERT-14-099-01D
Drupal - Vulnerabilities in Third-Party Modules
https://drupal.org/node/2248073
https://drupal.org/node/2248077
https://drupal.org/node/2248145
https://drupal.org/node/2248171
Attachmate Reflection OpenSSL TLS Heartbeat Buffer Overread Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1030144
Bugtraq: Weak firmware encryption and predictable WPA key on Sitecom routers
http://www.securityfocus.com/archive/1/531920
SSA-892012 (Last Update 2014-04-24): Web Vulnerabilities in SIMATIC S7-1200 CPU
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf
Vuln: Check_MK Multiple Vulnerabilities
http://www.securityfocus.com/bid/66389
http://www.securityfocus.com/bid/66391
http://www.securityfocus.com/bid/66394
http://www.securityfocus.com/bid/66396
Notice: (Revision) CUSTOMER ATTENTION REQUIRED: HP Integrated Lights-Out and Integrated Lights-Out 2 - Scanning First-Generation iLO or iLO 2 Devices for the Heartbleed Vulnerability Results in iLO Lockup Requiring Power to be PHYSICALLY Removed
The first-generation iLO and iLO 2 products use the RSA SSL libraries and there is a bug in these libraries that will cause first-generation iLO and iLO 2 devices to enter a live lockup situation when a vulnerability scanner runs to check for the Heartbleed vulnerability. Although the servers operating system will continue to function normally, first-generation iLO and iLO 2 will no longer be responsive over the management network.
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04249852-1
HPSBHF03006 rev.1 - HP Integrated Lights-Out 2 (iLO 2) Denial of Service
A potential security vulnerability has been identified in HP Integrated Lights-Out 2 (iLO 2) servers that allows for a Denial of Service. The denial of service condition occurs only when the iLO 2 is scanned by vulnerability assessment tools that test for CVE-2014-0160 (Heartbleed vulnerability).
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04244787
HP Security Bulletins for CVE 2014-0160
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04239375
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04259321
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04261644
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04236102
Vuln: EMC Connectrix Manager Converged Network Edition Remote Information Disclosure Vulnerability
http://www.securityfocus.com/bid/66308