Tageszusammenfassung - Freitag 26-09-2014

End-of-Shift report

Timeframe: Donnerstag 25-09-2014 18:00 − Freitag 26-09-2014 18:00 Handler: Stephan Richter Co-Handler: n/a

Patching Bash Vulnerability a Challenge for ICS, SCADA

Experts are concerned that many Linux-based industrial control systems and embedded systems could be too steep a patching challenge and remain in the crosshairs of the Bash vulnerability.

http://threatpost.com/patching-bash-vulnerability-a-challenge-for-ics-scada/108575

---

Bash Vulnerability (Shellshock) Exploit Emerges in the Wild, Leads to BASHLITE Malware

Just several hours after the news on the bash vulnerability (covered under CVE-2014-7169) broke out; it was reportedly being exploited in the wild already. This vulnerability can allow execution of arbitrary code thus compromising the security of systems. Some of the possible scenarios that attackers can do range from changing the contents of web server and...

http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/-OM1T28JyB8/

---

Linux ELF bash 0day: The fun has only just begun...

Background: CVE-2014-6271 + CVE-2014-7169 During the mayhem of bash 0day remote execution vulnerability CVE-2014-6271 and CVE-2014-7169, not for bragging but as a FYI, I happened to be the first who reversed for the first ELF malware spotted used in the wild. The assembly analysis and summary I wrote and posted in here --> [-1-] [-2-] The fun has only just begun...Yes. Today I was informed there is another payload distributed, thanks to my good friend, Father Robin Jackson (credit): Which...

http://blog.malwaremustdie.org/2014/09/linux-elf-bash-0day-fun-has-only-just.html

---

Bad boy builds beastly Bash bug botnet - boxen battered

DDoS zombie army found in the wild hours after flaw surfaces Mere hours after its discovery, the Shell Shock Bash vulnerability was exploited by an attacker to build a botnet.

http://go.theregister.com/feed/www.theregister.co.uk/2014/09/26/bad_guy_builds_beastly_bash_botnet/

---

Vulnerabilities in LibVNCServer

LibVNCServer CVE-2014-6054 Denial of Service Vulnerability

http://www.securityfocus.com/bid/70094 libVNCserver CVE-2014-6051 Integer Overflow Vulnerability

http://www.securityfocus.com/bid/70093 LibVNCServer CVE-2014-6053 Remote Denial of Service Vulnerability

http://www.securityfocus.com/bid/70092 LibVNCServer CVE-2014-6052 Denial of Service Vulnerability

http://www.securityfocus.com/bid/70091

---

JSA10648 - 2014-09 Out of Cycle Security Bulletin: Multiple Products: Shell command injection vulnerability in Bash (CVE-2014-6271, CVE-2014-7169)

Products vulnerable to remote exploitation risks: Junos Space is vulnerable in all versions. JSA Series (STRM) devices are vulnerable in all versions.

http://kb.juniper.net/index/content&id=JSA10648&actp=RSS

---

GNU Bash Environmental Variable Command Injection Vulnerability

cisco-sa-20140926-bash

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

---

DSA-3035 bash

security update

http://www.debian.org/security/2014/dsa-3035

---

TYPO3-EXT-SA-2014-011: Several vulnerabilities in extension phpMyAdmin (phpmyadmin)

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Cross-Site Scripting and Cross-Site Request Forgery.

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-011/

---

Bugtraq: [SECURITY] [DSA 3036-1] mediawiki security update

[SECURITY] [DSA 3036-1] mediawiki security update

http://www.securityfocus.com/archive/1/533552