Tageszusammenfassung - Montag 23-06-2014

End-of-Shift report

Timeframe: Freitag 20-06-2014 18:00 − Montag 23-06-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

IBM Security Bulletin: IBM Security Proventia Network Enterprise Scanner is affected by the following OpenSSL vulnerabilities

Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. CVE(s): CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 Affected product(s) and affected version(s): Products: IBM Security Enterprise Scanner Versions: 2.3

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_security_proventia_network_enterprise_scanner_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224_cve_2014_0221_cve_2014_0195_cve_2014_0198_cve_2010_5298_c


Wordpress 3.9.1-CSRF vulnerability

This is the new version released by Wordpress. version is 3.9.1(Latest) Cross site request Forgery(CSRF) is present in this version at the url shown: http://localhost/wordpress/wp-comments-post.php

http://cxsecurity.com/issue/WLB-2014060119


cups-filters 1.0.52 execute arbitrary commands

Topic: cups-filters 1.0.52 execute arbitrary commands Risk: High Text:The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP print...

http://cxsecurity.com/issue/WLB-2014060124


[SECURITY] [DSA 2966-1] samba security update

Multiple vulnerabilities were discovered and fixed in Samba, a SMB/CIFS file, print, and login server: CVE-2014-0178 Information leak vulnerability in the VFS code.. CVE-2014-0244 Denial of service (infinite CPU loop) in the nmbd.. CVE-2014-3493 Denial of service (daemon crash) in the smbd..

https://lists.debian.org/debian-security-announce/2014/msg00147.html


Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - LMI Authentication Bypass

IBM Security Access Manager for Mobile / IBM Security Access Manager for Web fails to properly handle certain input data such that it could be possible for an attacker to authenticate to the appliance Local Management Interface using invalid authentication data. CVE: CVE-2014-3053 CVSS Base Score: 8.0

http://www-01.ibm.com/support/docview.wss?uid=swg21676700


A peek inside a commercially available Android-based botnet for hire

Relying on the systematic release of DIY (do-it-yourself) mobile malware generating tools, commercial availability of mobile malware releases intersecting with the efficient exploitation of legitimate Web sites through fraudulent underground traffic exchanges, as well as the utilization of cybercrime-friendly affiliate based revenue sharing schemes, cybercriminals continue capitalizing on the ever-growing Android mobile market segment for the purpose of achieving a positive ROI ...

http://feedproxy.google.com/~r/WebrootThreatBlog/~3/m9Fm5dNY9bg/