Tageszusammenfassung - Montag 15-09-2014

End-of-Shift report

Timeframe: Freitag 12-09-2014 18:00 − Montag 15-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Squid Off-by-One in snmpHandleUdp() Lets Remote Users Execute Arbitrary Code

A remote user can send a specially crafted UDP SNMP packet to trigger an off-by-one memory error in snmpHandleUdp() and potentially execute arbitrary code on the target system.

http://www.securitytracker.com/id/1030838


Rooted SSH/SFTP Daemon Default Login Credentials

The software comes pre-configured with a default login of User: root Password: abc123. This weak password would easily be guessed leading to root compromise of the android system.

http://cxsecurity.com/issue/WLB-2014090066


WordPress Photo Album Plus 5.4.4 Cross Site Scripting

http://cxsecurity.com/issue/WLB-2014090061


Malware 'Eskimo' hat es auf Steam-Konten abgesehen

Die Schadsoftware wird hauptsächlich im Twitch-Chat verbreitet - Guthaben sowie Items werden nach Hack übertragen

http://derstandard.at/2000005543386


IRC: Chatnetzwerk Freenode gehackt

Die Betreiber des IRC-Netzwerks Freenode haben eine Kompromittierung ihrer Server festgestellt. Alle Nutzer sollten vorsorglich ihr Passwort ändern.

http://www.golem.de/news/irc-chatnetzwerk-freenode-wurde-gehackt-1409-109231.html


Multiple vulnerabilities in IBM products

https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_pureapplication_system_modsecurity_chunked_header_security_bypass?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_apache_commons_fileupload_and_tomcat_vulnerability_in_workplace_xt?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_metrics_manager_is_affected_by_the_following_ibm_java_runtime_vulnerabilities_cve_2014_0878_cve_2014_0460?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_infosphere_streams_is_affected_by_a_vulnerability_in_the_ibm_reg_sdk_java_trade_technology_edition_cve_2014_4244?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_cognos_metrics_manager_is_affected_by_the_following_tomcat_vulnerabilities_cve_2014_0075_cve_2014_0096_cve_2014_0099_cve_2014_0119?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_found_in_ibm_sterling_secure_proxy_cve_2014_0878_cve_2014_0107_cve_2014_0453_cve_2014_4263_cve_2014_4244?lang=en_us https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_found_in_ibm_sterling_external_authentication_server_cve_2014_0878_cve_2014_0107_cve_2014_0453_cve_2014_4263_cve_2014_4244?lang=en_us


Trustwave.com: 2014 Business Password Analysis

We set out to determine how easily we could crack a sample of 626,718 hashed passwords we collected during thousands of network penetration tests performed in 2013 and some performed in 2014. ... We recovered more than half of the passwords within just the first ..

https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/


Moodle Bugs Let Remote Users Obtain Potentially Sensitive Information and Bypass Security Controls

Moodle Bugs Let Remote Users Obtain Potentially Sensitive Information and Bypass Security Controls

http://www.securitytracker.com/id/1030839


Hacking Canon Pixma Printers - Doomed Encryption

This blog post is another in the series demonstrating current insecurities in devices categorised as the 'Internet of Things'. This instalment will reveal how the firmware on Canon Pixma printers (used in the home and by SMEs) can be modified from the Internet to run custom code. ... For demonstration purposes I decided to get Doom running on the printer (Doom as in the classic 90s computer game).

http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/


Bugtraq: Open-Xchange Security Advisory 2014-09-15

http://www.securityfocus.com/archive/1/533443


[Honeypot Alert] New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered

Our web honeypots picked up some interesting attack traffic. The initial web application attack vector (PHP-CGI vulnerability) is not new, the malware payload is. We wanted to get this information out to the community quickly due to the following combined threat elements - Active exploit attempts to upload/install the malware The overall low detection rates among AV vendors The malware is actively being sold in underground ..

http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html