End-of-Shift report
Timeframe: Mittwoch 24-09-2014 18:00 − Donnerstag 25-09-2014 18:00
Handler: Stephan Richter
Co-Handler: n/a
Shellshock Bash Vulnerability
Current event - 1.0 of post This is a current event and as such this blog post is subject to change over the course of the next few days as we perform further supplementary research and analysis by NCC Group's Cyber Defence Operations and Security Consulting divisions. v1.0 - initial version Background Yesterday (24 September) CVE-2014-6271 was released with a corresponding patch for Bash (a common Linux shell). The risk arises from this vulnerability because of certain use cases. The use...
https://www.nccgroup.com/en/blog/2014/09/shellshock-bash-vulnerability/
Update on CVE-2014-6271: Vulnerability in bash (shellshock), (Thu, Sep 25th)
(this diary will be updated with links to relevant resources shortly) Yesterday, a vulnerability in bash was announced, that was originally found by,Stephane Schazelas. The vulnerability allows for arbitrary code execution in,bash by setting specific environment variables. Later, Travis Ormandy released,a second exploit that will work on patched systems, demonstration that the,patch released yesterday is incomplete. What is the impact of the vulnerability? At first, the vulnerability doesnt...
https://isc.sans.edu/diary.html?storyid=18707&rss
Bash-Lücke: ShellShock ist noch nicht ausgestanden
Die Sicherheitslücke in der Linux-Shell Bash, die nun unter dem Namen "ShellShock" firmiert, wird bereits als der schlimmere Bruder von Heartbleed bezeichnet. Sicher ist, dass der am Mittwoch ausgelieferte Patch weitere Lücken enthält.
http://www.heise.de/security/meldung/Bash-Luecke-ShellShock-ist-noch-nicht-ausgestanden-2403607.html
"Bash" (CVE-2014-6271) vulnerability - Q&A
The "bash" vulnerability is an extremely powerful vulnerability due to its high impact and the ease with which it can be exploited.
https://securelist.com/blog/research/66673/bash-cve-2014-6271-vulnerability-qa-2/
Bug in Bash shell creates big security hole on anything with *nix in it [Updated]
Could allow attackers to execute code on Linux, Unix, and Mac OS X.
http://feeds.arstechnica.com/~r/arstechnica/security/~3/94xcSgjPriY/
Bash Exploit Reported, First Round of Patches Incomplete
Reports of the first in-the-wild exploits targeting the Bash vulnerability have surfaced, as have complaints the first patches for the bug are incomplete.
http://threatpost.com/bash-exploit-reported-first-round-of-patches-incomplete/108550
RSA-Signaturen: Acht Jahre alte Sicherheitslücke kehrt zurück
In der NSS-Bibliothek ist eine Sicherheitslücke entdeckt worden, mit der sich RSA-Signaturen fälschen lassen. Betroffen sind die Browser Chrome und Firefox, für die bereits Updates erschienen sind. Es handelt sich um eine Variante der Bleichenbacher-Attacke von 2006.
http://www.golem.de/news/rsa-signaturen-acht-jahre-alte-sicherheitsluecke-kehrt-zurueck-1409-109453-rss.html
iOS-Sicherheitslücke ermöglicht Keylogging in Apps mit integriertem Browser
Einem Entwickler ist aufgefallen, dass Apple offenbar beim Trennen von Prozessen geschlampt hat. Bietet eine App eine Browser-Ansicht, kann diese von der App selbst beobachtet werden.
http://www.heise.de/security/meldung/iOS-Sicherheitsluecke-ermoeglicht-Keylogging-in-Apps-mit-integriertem-Browser-2403572.html
An Analysis of the CAs trusted by iOS 8.0
iOS 8.0 ships with a number of trusted certificates (also known as "root certificates" or "certificate authorities"), which iOS implicitly trusts. The root certificates are used to trust intermediate certificates, and the intermediate certificates are used to trust web site certificates. When you go to a web site using HTTPS, or an app makes a secure connection to something on the Internet (like your mail server), the web site (or mail server, or whatever) gives iOS its...
http://karl.kornel.us/2014/09/an-analysis-of-the-cas-trusted-by-ios-8-0/
GNU bash Environment Variable Processing Flaw Lets Users Execute Arbitrary Code
http://www.securitytracker.com/id/1030890
DSA-3032 bash
security update
http://www.debian.org/security/2014/dsa-3032
Security Advisories for Cisco IOS Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-dhcpv6
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-nat
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-mdns
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-sip
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-metadata
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140924-rsvp
Cisco Unified Communications Domain Manager glibc Arbitrary Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0475
IBM Security Bulletin: Vulnerability in IBM Java SDKs and IBM Java Runtime Technology Edition affecting Rational Functional Tester (CVE-2014-3086)
Multiple vulnerabilities exist in IBM SDKs Java Technology Edition and IBM Runtime Environment Java Technology Edition that are used by Rational Functional Tester (RFT). These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-3086 Affected product(s) and affected version(s): Rational Functional Tester version 8.2.2 and later Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin:...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_vulnerability_in_ibm_java_sdks_and_ibm_java_runtime_technology_edition_affecting_rational_functional_tester_cve_2014_3086?lang=en_us
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool OMNIbus (CVE-2014-4263, CVE-2014-4244)
There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in July 2014. CVE(s): CVE-2014-4263 and CVE-2014-4244 Affected product(s) and affected version(s): Tivoli Netcool/OMNIbus 7.3.0 Tivoli Netcool/OMNIbus 7.3.1 Tivoli Netcool/OMNIbus 7.4.0 Tivoli Netcool/OMNIbus 8.1.0 Refer to the following reference URLs for...
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_runtime_affect_tivoli_netcool_omnibus_cve_2014_4263_cve_2014_4244?lang=en_us
Security Advisories for Drupal Third-Party Modules
https://www.drupal.org/node/2344383
https://www.drupal.org/node/2344369
https://www.drupal.org/node/2344363
https://www.drupal.org/node/2344389
Mozilla Network Security Services certificates security bypass
http://xforce.iss.net/xforce/xfdb/96194
HPSBST03103 rev.1 - HP Storage EVA Command View Suite running OpenSSL, Remote Unauthorized Access, Disclosure of Information
A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04425253
Bugtraq: Two SQL Injections in All In One WP Security WordPress plugin
http://www.securityfocus.com/archive/1/533519
TYPO3-EXT-SA-2014-012: Several vulnerabilities in extension JobControl (dmmjobcontrol)
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to Cross-Site Scripting and SQL Injection.
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012/
Bugtraq: LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
http://www.securityfocus.com/archive/1/533543