End-of-Shift report
Timeframe: Dienstag 18-10-2016 18:00 − Mittwoch 19-10-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Is it worth reporting ransomware?
Answer: yes. Police forces badly need more people to tell them about attacks.
https://nakedsecurity.sophos.com/2016/10/18/is-it-worth-reporting-ransomware/
Security Advisory: PHP vulnerability CVE-2015-8935
https://support.f5.com:443/kb/en-us/solutions/public/k/63/sol63712424.html?ref=rss
PHP Buffer Overflow in php_pcre_replace_impl() Lets Remote Users Execute Arbitrary Code
A remote user can supply specially crafted data that, when processed by the target application, will trigger a heap overflow in php_pcre_replace_impl() in the PCRE component and execute arbitrary code on the target system.
...
[Editor's note: The vendor indicates that these other memory errors require strings on the order of 2GB to exploit and that memory_limit and max_input_size values on the target system should prevent exploitation.]
http://www.securitytracker.com/id/1037033
Security Advisory: TIFF vulnerability CVE-2015-7554
https://support.f5.com:443/kb/en-us/solutions/public/k/38/sol38871451.html?ref=rss
IDM 4.5 Midrange BiDirectional Driver 4.5
https://download.novell.com/Download?buildid=sQgqe1Stbog~
Hack.lu 2016 Wrap-Up Day #1
I'm back to Luxembourg for a new edition of hack.lu. In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project.
https://blog.rootshell.be/2016/10/18/hack-lu-2016-wrap-day-1/
Oracle Java SE Multiple Flaws Let Remote Users Access Data, Partially Modify Data, and Gain Elevated Privileges
Version(s): 6u121, 7u111, 8u102; Java SE Embedded: 8u101
Description: Multiple vulnerabilities were reported in Oracle Java SE. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can gain elevated privileges.
http://www.securitytracker.com/id/1037040
Oracle Database Multiple Flaws Let Remote and Local Users Access and Modify Data and Gain Elevated Privileges and Let Local Users Deny Service
Version(s): 11.2.0.4, 12.1.0.2
Description: Multiple vulnerabilities were reported in Oracle Database. A remote and local user can access data on the target system. A remote user can modify data on the target system. A local user can cause denial of service conditions on the target system. A local user can obtain elevated privileges on the target system. A remote authenticated user can gain elevated privileges.
http://www.securitytracker.com/id/1037035
Vuln: Oracle Fusion Middleware CVE-2016-5531 Remote Security Vulnerability
http://www.securityfocus.com/bid/93730
MySQL Multiple Bugs Let Remote Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Modify Data and Gain Elevated Privileges
http://www.securitytracker.com/id/1037050
Solaris Multiple Bugs Let Remote and Local Users Access Data and Deny Service and Let Local Users Modify Data and Deny Service
Version(s): 10, 11.3
Description: Multiple vulnerabilities were reported in Solaris. A remote or local user can access data on the target system. A remote or local user can cause denial of service conditions on the target system. A local user can modify data on the target system. A local user can obtain elevated privileges on the target system.
http://www.securitytracker.com/id/1037048
Installer of Evernote for Windows may insecurely load Dynamic Link Libraries
http://jvn.jp/en/jp/JVN03251132/
Schneider Electric PowerLogic PM8ECC Hard-coded Password Vulnerability
This advisory contains mitigation details for a hard-coded password vulnerability in Schneider Electric's PowerLogic PM8ECC device.
https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01
Cisco Talos: Vulnerability Spotlight: Foxit PDF Reader JBIG2 Parser Information Disclosure
Talos has identified an information disclosure vulnerability in Foxit PDF Reader (TALOS-2016-0201/CVE-2016-8334). A wrongly bounded call to `memcpy`, while parsing jbig2 segments within a PDF file, can be triggered in Foxit PDF Reader causing an out-of-bounds heap memory to be read into a buffer.
http://blog.talosintel.com/2016/10/foxit-pdf-jbig2.html
CAIDA: Spoofer
We have developed and support a new client-server system for Windows, MacOS, and UNIX-like systems that periodically tests a networks ability to both send and receive packets with forged source IP addresses (spoofed packets). We are (in the process of) producing reports and visualizations that will inform operators, response teams, and policy analysts.
https://www.caida.org/projects/spoofer/
IBM Security Bulletins
IBM Security Bulletin: Vulnerability in OpenSSL affects IBM Cloud Orchestrator, HTTP Server and bundling products shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2015-1788)
http://www.ibm.com/support/docview.wss?uid=swg2C1000137
IBM Security Bulletin: Multiple vulnerabilities may affect IBM SDK for Node.js in IBM Bluemix
http://www.ibm.com/support/docview.wss?uid=swg21992427
IBM Security Bulletin: IBM TRIRIGA Application Platform Reflected Cross-Site Scripting (XSS) (CVE-2016-5980)
http://www-01.ibm.com/support/docview.wss?uid=swg21991992
IBM Security Bulletin: Apache Commons FileUpload Vulnerability affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2016-3092
http://www.ibm.com/support/docview.wss?uid=swg21992457
IBM Security Bulletin: Information disclosure vulnerability in IBM Websphere Application Server and IBM Websphere Application Server Liberty affects IBM BigFix Remote Control (CVE-2016-5986)
http://www-01.ibm.com/support/docview.wss?uid=swg21991987
IBM Security Bulletin: A vulnerability in PCRE affects IBM Tivoli Network Manager IP Edition (CVE-2016-1283)
http://www.ibm.com/support/docview.wss?uid=swg21991978