End-of-Shift report
Timeframe: Montag 14-11-2016 18:00 − Dienstag 15-11-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Vuln: Git for Windows CVE-2016-9274 Unspecified Untrusted Search Path vulnerability
http://www.securityfocus.com/bid/94289
CVE-2016-4484: Cryptsetup Initrd root Shell
An attacker with access to the console of the computer and with the ability to reboot the computer can launch a shell (with root permissions) when he/she is prompted for the password to unlock the system partition. The shell is executed in the initrd environment. Obviously, the system partition is encrypted and it is not possible to decrypt it (AFAWK). But other partitions may be not encrypted, and so accessible.
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit
The user parameter in the index.php file is vulnerable to a blind SQL time-based Injection attack. Proof of concept is exploit attached below
https://cxsecurity.com/issue/WLB-2016110127
ImageMagick MagickCore/fx.c Heap Buffer Overflow Vulnerability
ImageMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploits may result in denial-of-service condition.
http://www.securityfocus.com/bid/94310/discuss
The Kings in Your Castle, Pt #2
The second part of Marion Marschaleks and Raphael Vinots article series deals with questions that surround the tools and the data used by analysts. They shine a light on some of the challenges facing analysts when it comes to Indicators of Compromise. While those are easily created and implemented, they can end up being outdated rather quickly. For an effective strategy, other metrics are required which are less easy to create.
https://blog.gdatasoftware.com/2016/11/29304-the-kings-in-your-castle-pt-2
Beliebte Chrome-Erweiterungen zur Werbeschleuder mutiert
Einige beliebte Chrome-Erweiterungen werden offenbar zur Verbreitung dubioser Werbeanzeigen missbraucht. Wer eine davon installiert hat, sollte sie umgehend entfernen.
https://heise.de/-3465981
Windows Mobile Application Penetration Testing Part 4: Intercepting HTTP/HTTPS Traffic on Windows Phones
Introduction and Background: In the previous article of the series, we have discussed Sideloading concepts associated with Windows Phone 8.1 apps and UWP apps. In this article, we will discuss how to get your phones/emulators ready for intercepting HTTP/HTTPS traffic to proceed with further analysis of the application.
http://resources.infosecinstitute.com/windows-mobile-application-penetration-testing-part-4-intercepting-httphttps-traffic-on-windows-phones/
Bypassing Mixed Content Warnings - Loading Insecure Content in Secure Pages
There are no doubts that the web is moving forward to HTTPS (secure) content. Most important names have today their certificates ready and their websites are in effect, secure. But have you ever wandered: secure to what extent?
https://www.brokenbrowser.com/loading-insecure-content-in-secure-pages/
Cisco IOS XE Software Directory Traversal Vulnerability
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.The vulnerability is due to insufficient validation of files submitted to the affected installation utility. An attacker could exploit this vulnerability by uploading a crafted file to an affected system and running the installation utility command.
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161115-iosxe
Single Sign-on: Eine Milliarde Accounts für Hijacking anfällig
Single Sign-on ist praktisch, wird aber oft falsch implementiert. Sicherheitsforscher haben demonstriert, welche Fehler App-Entwickler dabei machen. Mehrere hundert Apps machten dabei Probleme.
http://www.golem.de/news/single-sign-on-eine-milliarde-accounts-fuer-hijacking-anfaellig-1611-124487-rss.html
DLL Loading Issue in Symantec Enterprise Products
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2016&suid=20161115_00
F5 Security Advisories
Security Advisory: OpenSSL vulnerability CVE-2016-2180
https://support.f5.com:443/kb/en-us/solutions/public/k/02/sol02652550.html?ref=rss
Security Advisory: BIG-IP ASM vulnerability CVE-2016-7472
https://support.f5.com:443/kb/en-us/solutions/public/k/17/sol17119920.html?ref=rss
Security Advisory: Apache Tomcat vulnerabilities CVE-2016-5018, CVE-2016-6794, and CVE-2016-6796
https://support.f5.com:443/kb/en-us/solutions/public/k/65/sol65230547.html?ref=rss
Security Advisory: Apache Tomcat vulnerability CVE-2016-6797
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36302720.html?ref=rss
Security Advisory: Apache Tomcat vulnerability CVE-2016-0762
https://support.f5.com:443/kb/en-us/solutions/public/k/36/sol36784855.html?ref=rss
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568)
http://www.ibm.com/support/docview.wss?uid=swg21993861
IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server (CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5582)
http://www-01.ibm.com/support/docview.wss?uid=swg21993857
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024488
IBM Security Bulletin: Vulnerability in Perl affects Power Hardware Management Console (CVE-2016-1238)
http://www.ibm.com/support/docview.wss?uid=nas8N1021704
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple perl vulnerabilities (CVE-2016-1238, CVE-2016-2381, CVE-2016-8853)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024470
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in fontconfig (CVE-2016-5384)
http://www.ibm.com/support/docview.wss?uid=isg3T1024468
IBM Security Bulletin: IBM Flex System Manager (FSM) is affected by a vulnerability in sqlite (CVE-2016-6153)
http://www-01.ibm.com/support/docview.wss?uid=isg3T1024467
IBM Security Bulletin: IBM PowerVC Local escalation of privilege vulnerability in DB2 for Linux (CVE-2016-5995)
http://www-01.ibm.com/support/docview.wss?uid=nas8N1021652
IBM Security Bulletin: Samba vulnerability issue in IBM SONAS (CVE-2016-2119)
http://www.ibm.com/support/docview.wss?uid=ssg1S1009570
IBM Security Bulletin: GPFS security vulnerabilities in IBM SONAS (CVE-2016-2985 and CVE-2016-2984 )
http://www.ibm.com/support/docview.wss?uid=ssg1S1009323