End-of-Shift report
Timeframe: Mittwoch 25-06-2014 18:00 − Donnerstag 26-06-2014 18:00
Handler: Stephan Richter
Co-Handler: Robert Waldner
Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection.
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140625_00
VMware Patches Apache Struts Flaws in vCOPS
VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines.
http://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858
phpMyAdmin 4.2.3 XSS
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a hide or unhide action.
http://cxsecurity.com/issue/WLB-2014060139
Sophos Anti-Virus Input Validation Flaw in Configuration Console Permits Cross-Site Scripting Attacks
A vulnerability was reported in the Sophos Anti-Virus Configuration Console. A remote user can conduct cross-site scripting attacks.
Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Sophos Anti-Virus configuration console software and will run in the security context of that site.
http://www.securitytracker.com/id/1030467
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.33
Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 7.0.0.33 and IBM WebSphere Application Server Hypervisor Edition 7.0.0.33
CVE(s): CVE-2013-6323, CVE-2013-6329, CVE-2013-6349, CVE-2013-6738, CVE-2014-0859, CVE-2013-6438, CVE-2013-6747, CVE-2014-3022, CVE-2014-0891, CVE-2014-0965, CVE-2014-0050, CVE-2014-0098, CVE-2014-0963 and CVE-2014-0114
Affected product(s) and affected version(s): WebSphere Application Server and bundling
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_33?lang=en_us
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.9
Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.0.0.9 and IBM WebSphere Application Server Hypervisor 8.0.0.9
CVE(s): CVE-2013-6323, CVE-2013-6329, CVE-2013-6349, CVE-2014-0823, CVE-2013-6738, CVE-2014-0857, CVE-2014-0859, CVE-2013-6438, CVE-2013-6747, CVE-2014-3022, CVE-2014-0891, CVE-2014-0965, CVE-2014-0050, CVE-2014-0098, CVE-2014-0963 and CVE-2014-0076
Affected product(s) and affected version(s): WebSphere Application Server and bundling
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_8_0_0_9?lang=en_us
IBM Security Bulletin: Rational ClearQuest is affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-3470
Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. The OpenSSL commponent is shipped as embedded in cqperl. Customers might be affected when there is perl hooks or scripts that are using SSL connections. ClearQuest itself does not provide any service using OpenSSL.
CVE(s): CVE-2014-0224 and CVE-2014-3470
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_rational_clearquest_is_affected_by_the_following_openssl_vulnerabilities_cve_2014_0224_cve_2014_3470?lang=en_us
PayPal 2FA mobe flaw chills warm and fuzzy security feeling
PayPal's second factor authentication (2FA) protection can be mitigated through mobile device interfaces that allow fraudsters to steal funds with a victim's username and password, Duo Security researchers say.
http://go.theregister.com/feed/www.theregister.co.uk/2014/06/26/paypal_2fa_mobe_flaw_chills_warm_and_fuzzy_security_feeling/
Multiple Cross Site Scripting in Sophos Antivirus Configuration Console (Linux)
The Configuration Console of Sophos Antivirus 9.5.1 (Linux) does not sanitize several input parameters before sending them back to the browser, so an attacker could inject code inside these parameters, including JavaScript code. ... CVE: CVE-2014-2385
Affected version: 9.5.1
Fixed version: 9.6.1
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2385/
Weniger NTP-Server für dDoS ausnutzbar, aber...
Die noch verwundbaren Zeitserver sind aber zum Teil so schlecht konfiguriert, dass verheerende NTP-Verstärkungsangriffe nach wie vor möglich sind.
http://www.heise.de/newsticker/meldung/Weniger-NTP-Server-fuer-dDoS-ausnutzbar-aber-2239107.html/from/rss09?wt_mc=rss.ho.beitrag.rdf
Fighting cybercrime: Strategic cooperation agreement signed between ENISA and Europol
The heads of ENISA and Europol today signed a strategic cooperation agreement in Europol's headquarters in The Hague, to facilitate closer cooperation and exchange of expertise in the fight against cybercrime.
http://www.enisa.europa.eu/media/press-releases/fighting-cybercrime-strategic-cooperation-agreement-signed-between-enisa-and-europol
2014 Cyber Attacks Timeline Master Index (at least so far)
Finally I was able to organize the timelines collected in 2014. I have created a new page with the 2014 Cyber Attacks Timeline Master Index accessible either directly or from the link in the top menu bar. Hopefully it will be regularly updated. With this opportunity I also re-ordered the timelines and stats for 2013. Now everything should be more structured.
http://hackmageddon.com/2014/06/24/2014-cyber-attacks-timeline-master-index-at-least-so-far/
Update to Microsoft Update client
This article describes the update that further improves the security of Windows Update (WU) / Microsoft Update (MU) client for Windows 8, Windows RT, Windows Server 2012, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1. Note: Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 with update 2919355 already include these improvements.
http://support.microsoft.com/kb/2887535
Hacking Blind (PDF)
Abstract We show that it is possible to write remote stack buffer overflow exploits without possessing a copy of the target binary or source code, against services that restart after a crash. This makes it possible to hack proprietary closed-binary services, or open-source servers manually compiled and installed from source where the binary remains unknown to the attacker.
http://www.exploit-db.com/download_pdf/33872