End-of-Shift report
Timeframe: Freitag 20-06-2014 18:00 − Montag 23-06-2014 18:00
Handler: Robert Waldner
Co-Handler: n/a
IBM Security Bulletin: IBM Security Proventia Network Enterprise Scanner is affected by the following OpenSSL vulnerabilities
Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project.
CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470
Affected product(s) and affected version(s):
Products: IBM Security Enterprise Scanner
Versions: 2.3
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_security_proventia_network_enterprise_scanner_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224_cve_2014_0221_cve_2014_0195_cve_2014_0198_cve_2010_5298_c
Wordpress 3.9.1-CSRF vulnerability
This is the new version released by Wordpress.
version is 3.9.1(Latest)
Cross site request Forgery(CSRF) is present in this version at the url
shown:
http://localhost/wordpress/wp-comments-post.php
http://cxsecurity.com/issue/WLB-2014060119
cups-filters 1.0.52 execute arbitrary commands
Topic: cups-filters 1.0.52 execute arbitrary commands
Risk: High
Text:The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP print...
http://cxsecurity.com/issue/WLB-2014060124
[SECURITY] [DSA 2966-1] samba security update
Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server:
CVE-2014-0178 Information leak vulnerability in the VFS code..
CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd..
CVE-2014-3493 Denial of service (daemon crash) in the smbd..
https://lists.debian.org/debian-security-announce/2014/msg00147.html
Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - LMI Authentication Bypass
IBM Security Access Manager for Mobile / IBM Security Access Manager for Web fails to properly handle certain input data such that it could be possible for an attacker to authenticate to the appliance Local Management Interface using invalid authentication data.
CVE: CVE-2014-3053
CVSS Base Score: 8.0
http://www-01.ibm.com/support/docview.wss?uid=swg21676700
A peek inside a commercially available Android-based botnet for hire
Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI ...
http://feedproxy.google.com/~r/WebrootThreatBlog/~3/m9Fm5dNY9bg/