End-of-Shift report
Timeframe: Mittwoch 22-04-2015 18:00 − Donnerstag 23-04-2015 18:00
Handler: Stephan Richter
Co-Handler: n/a
Deep dive into QUANTUM INSERT
Summary and recommendations QUANTUMINSERT (QI) is actually a relatively old technique. In order to exploit it, you will need a monitoring capabilities to leak information of observed TCP sessions and a host that can send spoofed packets. Your spoofed packet also needs to arrive faster than the original packet to be able to be successful. Any...
http://blog.fox-it.com/2015/04/20/deep-dive-into-quantum-insert/
Sicherheitsfirma warnt vor iOS-Killer-Funktion
Ein bösartiger Hotspot könnte iOS-Geräte in einen endlosen Reboot-Cycle schicken, warnt eine Sicherheitsfirma. Ursache ist anscheinend ein Fehler in Apples Verschlüsselungsimplementierung.
http://heise.de/-2617385
New Threat Report
Our latest comprehensive threat report, based on our analysis of H2 2014 data, is now available.
https://www.f-secure.com/weblog/archives/00002805.html
Mobile Threats Incident Handling: Updated ENISA material
http://www.enisa.europa.eu/media/news-items/mobile-threats-incident-handling-updated-enisa-material
Schadcode durch WLAN-Pakete
Durch eine Lücke in dem Standard-Tool wpa_supplicant können Angreifer anfällige Systeme über WLAN kompromittieren. Es kommt unter anderem bei Android und Linux zum Einsatz. Abhilfe schafft ein Patch, eine abgesicherte Version soll folgen.
http://heise.de/-2618115
wpa_supplicant P2P SSID processing vulnerability
A vulnerability was found in how wpa_supplicant uses SSID information parsed from management frames that create or update P2P peer entries (e.g., Probe Response frame or number of P2P Public Action frames). SSID field has valid length range of 0-32 octets. However, it is transmitted in an element that has a 8-bit length field and potential maximum payload length of 255 octets. wpa_supplicant was not sufficiently verifying the payload length on one of the code paths using the SSID received from
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
SSA-237894 (Last Update 2015-04-23): Vulnerability in SIMATIC PCS 7
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-237894.pdf
PowerDNS decompression bug can cause crashes
Topic: PowerDNS decompression bug can cause crashes Risk: Medium Text:Hi everybody, Please be aware of PowerDNS Security Advisory 2015-01 (
http://doc.powerdns.com/md/security/powerdns-advisory-...
http://cxsecurity.com/issue/WLB-2015040155
Security patch 02 for ZEN 11 Appliance - Freak - See TID 7016312
Abstract: Patch for CVE-2015-0204 (FREAK) - OpenSSL RSA Temporary Key Cryptographic Downgrade Vulnerability for ZCM ApplianceDocument ID: 5207650Security Alert: YesDistribution Type: PublicEntitlement Required: NoFiles:ZCM_11_Security_Patch_2.zip (12.65 MB)Products:ZENworks Configuration Management 11ZENworks Configuration Management 11.1ZENworks Configuration Management 11 SP3ZENworks Configuration Management 11.2ZENworks Configuration Management 11.2.1ZENworks Configuration Management
https://download.novell.com/Download?buildid=Ddi7yDlFrqA~
ZDI-15-149: Novell Zenworks Rtrlet.class Session ID Disclosure Vulnerability
This vulnerability allows attackers to disclose Session IDs of logged in users on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ly4m30xpA5I/
ZDI-15-148: Novell Zenworks schedule.ScheduleQuery SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/04USkHANe4s/
ZDI-15-147: Novell Zenworks GetStoredResult.class SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/vaCwk090UHI/
ZDI-15-153: Novell ZENworks Preboot Policy Service Stack Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. Authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/sPdD0Sy4sxQ/
ZDI-15-152: Novell Zenworks com.novell.zenworks.inventory.rtr.actionclasses.wcreports Information Disclosure Vulnerability
This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/GTCY2AUbObw/
ZDI-15-151: Novell Zenworks Rtrlet doPost Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks. By default, authentication is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Wi0h3ROfwWc/
ZDI-15-150: Novell Zenworks FileViewer Information Disclosure Vulnerability
This vulnerability allows attackers to obtain sensitive information on vulnerable installations of Novell Zenworks. User interaction is not required to exploit this vulnerability.
http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/-6nZPEvRTF0/
Security Advisory: Linux kernel vulnerabilities CVE-2014-8159 and CVE-2014-8369
(SOL16478)
https://support.f5.com:443/kb/en-us/solutions/public/16000/400/sol16478.html?ref=rss
Security Advisory: Rsync vulnerability CVE-2007-6199
(SOL15549)
https://support.f5.com:443/kb/en-us/solutions/public/15000/500/sol15549.html?ref=rss
Security Advisory: Linux kernel vulnerability CVE-2009-4537
(SOL16479)
https://support.f5.com:443/kb/en-us/solutions/public/16000/400/sol16479.html?ref=rss
DSA-3232 curl - security update
Several vulnerabilities were discovered in cURL, an URL transfer library:
https://www.debian.org/security/2015/dsa-3232
iPassword Manager 2.6 Script Insertion
Topic: iPassword Manager 2.6 Script Insertion Risk: Low Text:Document Title: iPassword Manager v2.6 iOS - Persistent Vulnerabilities References (Source): ==
http://www...
http://cxsecurity.com/issue/WLB-2015040147
Docker Privilege Escalation
Topic: Docker Privilege Escalation Risk: Medium Text:TLDR; Don’t use the ‘docker’ group Docker, if you aren’t already familiar with it, is a lightweight runtime and pack...
http://cxsecurity.com/issue/WLB-2015040151
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in SSLv3 affects IBM/Cisco switches and directors (CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005132
IBM Security Bulletin: Vulnerabilities in OpenSSL affecting Sametime Unified Telephony (OpenSSL: CVE-2014-3569, CVE-2014-3570, CVE-2014-3572, CVE-2014-8725, CVE-2015-0204, CVE-2015-0205)
http://www.ibm.com/support/docview.wss?uid=swg21882876
IBM Security Bulletin: RPM vulnerability issue on IBM SONAS (CVE-2013-6435)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005166
IBM Security Bulletin: RPM vulnerability issue on IBM Storwize V7000 Unified (CVE-2013-6435)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005160
IBM Security Bulletin: Vulnerabilities in Network Time Protocol (NTP) affect IBM Storwize V7000 Unified (CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005147
IBM Security Bulletin: Open Source GNU glibc vulnerabilities on IBM Storwize V7000 Unified (CVE-2014-7817, CVE-2014-9087)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005075
IBM Security Bulletin: Open Source GNU glibc vulnerabilities on IBM SONAS (CVE-2014-7817, CVE-2014-9087)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005152
IBM Security Bulletin: NSS vulnerability issue on IBM Storwize V7000 Unified (CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005148
IBM Security Bulletin: Vulnerability in NSS affects SAN Volume Controller and Storwize Family (CVE-2014-3566)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005209
IBM Security Bulletin: Security Bulletin: IBM i is affected by several OpenSSL vulnerabilities.
http://www.ibm.com/support/docview.wss?uid=nas8N1020693
IBM Security Bulletin: Vulnerabilities in OpenSSL including ClientHello DoS affect IBM Sterling B2B Integrator (CVE-2015-0209, CVE-2015-0287, CVE-2015-0292, and others)
http://www.ibm.com/support/docview.wss?uid=swg21883249
IBM Security Bulletin: Vulnerabilities in OpenSSL affects Rational Software Architect for Websphere Software
http://www.ibm.com/support/docview.wss?uid=swg21882955
IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Mobile (CVE-2015-0138)
http://www.ibm.com/support/docview.wss?uid=swg21701358
IBM Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Security Access Manager for Web (CVE-2015-0138)
http://www.ibm.com/support/docview.wss?uid=swg21701548
IBM Security Bulletin: Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2015-0240)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005125
IBM Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2015-0240)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005157
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects Rational Lifecycle Integration Adapter for HP ALM (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21883226
IBM Security Bulletin: Vulnerability in RC4 stream cipher affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-2808)
http://www.ibm.com/support/docview.wss?uid=swg21701114