End-of-Shift report
Timeframe: Dienstag 25-10-2016 18:00 − Donnerstag 27-10-2016 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
Asterisk users need to patch DoS bug
Overlap dialling lets attacker shut down system Asterisk users need to get busy with a patch.
www.theregister.co.uk/2016/10/25/asterisk_patch_dos_bug/
Denial of Service Vulnerability in Citrix License Server
A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote ..
https://support.citrix.com/article/CTX217430
Multiple Security Vulnerabilities in Citrix NetScaler Platform IPMI Lights Out Management (LOM) firmware
https://support.citrix.com/article/CTX216642
Memory Permission Weakness in Citrix XenApp and XenDesktop
https://support.citrix.com/article/CTX215460
Security Advisory - PXN Defense Mechanism Failure Vulnerability in Huawei Mobile Phones
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-01-pxn-en
VMSA-2016-0017
https://www.vmware.com/security/advisories/VMSA-2016-0017.html
Security Advisory - Two Information Leak Vulnerabilities in ION Memory Management Module of Huawei Smart Phone
http://www.huawei.com/en/psirt/security-advisories/2016/huawei-sa-20161026-02-smartphone-en
Cisco Identity Services Engine SQL Injection Vulnerability
A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise
Siemens SICAM RTU Devices Denial-of-Service Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01
Bundeskriminalamt gibt Tipps zum Schutz mobiler Geräte
http://derstandard.at/2000046518819
Security updates available for Adobe Flash Player (APSB16-36)
A Security Bulletin (APSB16-36) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe ..
https://blogs.adobe.com/psirt/?p=1416
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
On October 19, 2016, a new vulnerability related to a race condition in the memory manager of the Linux Kernel was disclosed. This vulnerability could allow ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
Installer of 7-Zip for Windows may insecurely load Dynamic Link Libraries
http://jvn.jp/en/jp/JVN76780067/
Cisco Email Security Appliance Malformed DGN File Attachment Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1
Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability
Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-pcp
Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability
A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics1
Cisco Email and Web Security Appliance JAR Advanced Malware Protection DoS Vulnerability
A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
Cisco Email Security Appliance FTP Denial of Service Vulnerability
A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.The ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6
Cisco Email Security Appliance Drop Bypass Vulnerability
A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5
Cisco Email Security Appliance Corrupted Attachment Fields Denial of Service Vulnerability
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3
Cisco Email Security Appliance Advanced Malware Protection Attachment Scanning Denial of Service Vulnerability
A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection ..
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2
Remote Code Execution Vulnerabilities Plague LibTIFF Library
Three vulnerabilities, all which can lead to remote code execution, exist in the LibTIFF library.
http://threatpost.com/remote-code-execution-vulnerabilities-plague-libtiff-library/121570/
Tripal BLAST UI - Highly Critical - Remote Code Execution - SA-CONTRIB-2016-054
This module enables you to run NCBI BLAST jobs on the host system.The module doesnt sufficiently validate advanced options available to users submitting BLAST jobs, thereby exposing the ability to enter a short snippet of shell code that will be ..
https://www.drupal.org/node/2822366
Office 2013 can now block macros to help prevent infection
In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros ..
https://blogs.technet.microsoft.com/mmpc/2016/10/26/office-2013-can-now-block-macros-to-help-prevent-infection/
Joomla! squashes critical privileged account creation holes
Borked two factor authentication also fixed Joomla! has revealed its patched twin critical flaws allowing attackers to bypass rules and create elevated privilege accounts.
www.theregister.co.uk/2016/10/27/joomla_squashes_critical_privileged_account_creation_holes/
Three LibTIFF bugs found, only two patched
Buffer overruns, remote code execution, you know the drill LibTIFF has three bugs that let booby-trapped files pwn a target - and only two of them have been patched.
www.theregister.co.uk/2016/10/27/three_libtiff_bugs_found_only_two_patched/
Inside the Gootkit C&C server
In September 2016, we discovered a new version of Gootkit with a characteristic and instantly recognizable feature: an extra check of the environment ..
http://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/
Citrix XenServer Security Update for CVE-2016-7777
A security vulnerability has been identified in Citrix XenServer that may allow malicious user code within an HVM guest VM to read or modify the contents of ..
https://support.citrix.com/article/CTX217363
IBM Security Bulletin: WebSphere Message Broker and IBM Integration Bus are affected by Open Source Tomcat vulnerability (CVE-2016-3092)
http://www.ibm.com/support/docview.wss?uid=swg21993043
Are the Days of “Booter” Services Numbered?
It may soon become easier for Internet service providers to anticipate and block certain types of online assaults launched by Web-based attack-for-hire services known as "booter" or "stresser" services, new research released today suggests.
https://krebsonsecurity.com/2016/10/are-the-days-of-booter-services-numbered/