Tageszusammenfassung - Freitag 12-09-2014

End-of-Shift report

Timeframe: Donnerstag 11-09-2014 18:00 − Freitag 12-09-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

Hacker publishes tech support phone scammer slammer

Security pro Matthew Weeks has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, theres a problem with your computer" tech support scammers. Weeks day job is director at Root9b, but hes taken time to detail a zero-day flaw in Ammyy Admin he hopes will be used to fight back against tech support scammers.

http://www.theregister.co.uk/2014/09/12/phone_scammer_slammer/


Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability

A vulnerability in the GNU C library of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, local attacker to input crafted data to cause a heap-based buffer overflow. The vulnerability is due to incorrect sanitization of data. An attacker could exploit this vulnerability by setting an environment variable to a malicious value.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119


Schneider Electric VAMPSET Buffer Overflow

This advisory provides mitigation details for a buffer overflow vulnerability in Schneider Electric's VAMPSET software product.

https://ics-cert.us-cert.gov//advisories/ICSA-14-254-01


Ecava Integraxor SCADA Server Vulnerabilities

This advisory provides mitigation details for vulnerabilities in the Ecava Integraxor SCADA Server.

https://ics-cert.us-cert.gov//advisories/ICSA-14-224-01


Linux Kernel logi_dj_recv_destroy_djhid_device buffer overflow

Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the logi_dj_recv_destroy_djhid_device function. By sending an overly long string, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

http://xforce.iss.net/xforce/xfdb/95928


DNS cache poisoning used to steal emails

Does this happen in practice? CERT/CC researchers Jonathan Spring and Leigh Metcalf have evidence to suggest that it does. Using passive DNS data, they found a number of incorrect responses for A records belonging to mail servers of the big three webmail providers (Gmail, Yahoo! and Hotmail). Even though an increasing number of emails are sent over encrypted connections (using STARTTLS), there isnt really a way for the receiving mail server to enforce this, as HSTS does for secure HTTP

https://www.virusbtn.com/blog/2014/09_12.xml?rss


Multiple security bulletins for IBM products

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_samba_vulnerability_issue_on_ibm_storwize_v7000_unified_cve_2014_3493?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_samba_vulnerability_issue_on_ibm_sonas_cve_2014_3493?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_current_release_of_ibm_sdk_for_node_js?lang=en_us