End-of-Shift report
Timeframe: Freitag 20-02-2015 18:00 − Montag 23-02-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Wichtige Sicherheitsupdates für PHP
Neue PHP-Versionen schließen unter anderem eine kritische Sicherheitslücke, zu der bereits ein Exploit kursiert. Admins sollten daher keine Zeit verlieren.
http://heise.de/-2557586
Data Traffic & Network Security
Introduction Last year - dubbed "the Year of the Hack" - saw numerous major cyber attacks against prominent corporations, including JP Morgan bank and Sony Pictures Entertainment. And after Target in 2013, another retailer, Home Depot, suffered a data breach with more than 56 million credit cards stolen. The consequences of these incidents can be...
http://resources.infosecinstitute.com/data-traffic-network-security/
Flaw makes Cisco routing hardware vulnerable to DoS attacks
A serious vulnerability affecting the software of some of Ciscos routing hardware systems for telecommunications and Internet service providers could be exploited to mount DoS attacks, the company ha...
http://www.net-security.org/secworld.php?id=17990
Samba vulnerability (CVE-2015-0240)
CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authenticated is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
Superfish not the only app using Komodias SSL-busting code
As Lenovo backtracked on its initial position that the Superfish adware pre-installed on some of its notebooks is not a security danger, and released a security advisory about the "vulnerability" that...
http://www.net-security.org/secworld.php?id=17991
Privdog: Comodo-Adware hebelt HTTPS-Sicherheit aus
Die Adware Privdog hebelt ähnlich wie Superfish den Schutz von HTTPS komplett aus. Pikant daran: Privdog wurde von Comodo verbreitet, einer der größten Zertifizierungsstellen für TLS-Zertifikate.
http://www.golem.de/news/privdog-comodo-adware-hebelt-https-sicherheit-aus-1502-112534-rss.html
FireEye shares details on Masque Attack II affecting iOS devices
Masque Attack II entails bypassing an iOS prompt for trust and app URL scheme hijacking, FireEye said.
http://www.scmagazine.com/fireeye-shares-details-on-masque-attack-ii-affecting-ios-devices/article/399314/
Cisco Intrusion Prevention System Key Regeneration HTTPS Denial of Service Vulnerability
CVE-2015-0631
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0631
Cisco AsyncOS Software HTTP Redirect Vulnerability
CVE-2015-0624
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0624
IBM Security Bulletins
Tivoli Storage Manager Stack-based Buffer Overflow Elevation of Privilege: CVE-2014-6184
http://www.ibm.com/support/docview.wss?uid=swg21695878
Vulnerability in SSLv3 affects Tivoli Storage Manager for Virtual Environments 7.1 and FlashCopy Manager for VMware 4.1 (CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=swg21690828
OpenSSL vulnerabilities announced August 6th 2014 affect Juniper EX Series Network Switches sold by IBM for use in IBM Products (9 CVEs)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097073
Vulnerabilities in OpenSSL. Juniper EX Series Network Switches sold by IBM for use in IBM Products. (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5097126
Siemens SIMATIC STEP 7 TIA Portal Vulnerabilities
This advisory provides mitigation details for two vulnerabilities in the Siemens SIMATIC STEP 7 TIA Portal application.
https://ics-cert.us-cert.gov/advisories/ICSA-15-050-01
Vibe 3.4 - Hot Patch 1
Abstract: This patch addresses the Padding Oracle On Downgraded Legacy Encryption (POODLE) vulnerability and also provides a number of general bug fixes for Novell Vibe 3.4.Document ID: 5198730Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:NV-Vibe60DayEval-001.xml (719 bytes)NV-Vibe10Usr-001.xml (730 bytes)novell-vibe-3.4.0-windows.zip (185.69 MB)readme-Vibe-3.4-HP1.txt (4.13 kB)novell-vibe-3.4.0-linux.tar (187.8 MB)Products:Vibe 3.4Superceded Patches: None
https://download.novell.com/Download?buildid=EaNhJs2Offs~
Bugtraq: iTunes 12.1.1 for Windows: still outdated and VULNERABLE 3rd party libraries, still UNQUOTED and VULNERABLE pathnames C:\Program Files\...
http://www.securityfocus.com/archive/1/534728
MyBB 1.8.3 Multiple stored XSS-vulnerabilities
Topic: MyBB 1.8.3 Multiple stored XSS-vulnerabilities Risk: Low Text: The researchers adamziaja, Devilshakerz, DingjieYang and me found multiple stored XSS-vulnerabilities in the administrative ...
http://cxsecurity.com/issue/WLB-2015020109
DSA-3169 eglibc - security update
Several vulnerabilities have been fixed in eglibc, Debians version ofthe GNU C library:
https://www.debian.org/security/2015/dsa-3169
DSA-3164 typo3-src - security update
Pierrick Caillon discovered that the authentication could be bypassed inthe Typo 3 content management system. Please refer to the upstreamadvisory for additional information:
https://www.debian.org/security/2015/dsa-3164
Security Advisory: Elasticsearch vulnerability CVE-2015-1427
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM. We have been assigned CVE-2015-1427 for this. Fixed versions: Versions 1.3.8 and 1.4.3 disable sandboxing for Groovy by default. As a consequence, dynamic script execution is disabled for Groovy. CVSS: Overall CVSS score: 5.8
http://securityvulns.com/docs31742.html
HPSBUX03240 SSRT101872 rev.1 - HP-UX Running NTP, Remote Execution of Code, Denial of Service (DoS), or Other Vulnerabilties
Potential security vulnerabilities have been identified with HP-UX running NTP. These could be exploited remotely to execute code, create a Denial of Service (DoS), or other vulnerabilities.
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04554677