End-of-Shift report
Timeframe: Montag 05-12-2016 18:00 − Dienstag 06-12-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
Dirty Cow Vulnerability Patched in Android Security Bulletin
Todays Android Security Bulletin included a patch for the Dirty Cow vulnerability, a seven-year-old Linux bug that had yet to be patched by Google.
http://threatpost.com/dirty-cow-vulnerability-patched-in-android-security-bulletin/122266/
BlackBerry powered by Android Security Bulletin - December 2016
http://support.blackberry.com/kb/articleDetail?articleNumber=000038813
Arista CloudVision Portal bug revealed, plus evidence its been used
You know the drill: face-palm, download, patch, grumble about state of security, relax Arista customers: if youre running a version of CloudVision Portal (CVP) older than 2016.1.2.1, get an update or risk getting p0wned.
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/arista_cloud_portal_bug/
Printer security is so bad HP Inc will sell you services to fix it
Finally, FINALLY, someone is turning off Telnet and FTP Printer security is so awful HP Inc is willing to shut off shiny features and throw its own dedicated bodies at the perennial problem.
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/printer_security_sucks_so_bad_hp_has_opened_a_pain_outsourcing_unit/
GNU Netcat 0.7.1 Out-Of-Bounds Write
https://cxsecurity.com/issue/WLB-2016120029
In the three years since IETF said pervasive monitoring is an attack, whats changed?
IETF Security director Stephen Farrell offers a report card on evolving defences
http://go.theregister.com/feed/www.theregister.co.uk/2016/12/06/ietf_report_card/
[2016-12-06] Backdoor vulnerability in Sony IPELA ENGINE IP Cameras
Sony IPELA Engine IP Cameras contain multiple backdoors. Those backdoor accounts allow an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks, disrupt camera functionality, send manipulated images/video, add cameras into a Mirai-like botnet or spy on people.
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
DailyMotion anscheinend gehackt: 87,6 Millionen Nutzer betroffen
Unbekannte Hacker sollen in das Server-System die Videoportals eingestiegen sein und neben E-Mail-Adressen auch geschützte Passwörter kopiert haben.
https://heise.de/-3559563
Vuln: Joomla! Core CVE-2016-9836 Arbitrary File Upload Vulnerability
http://www.securityfocus.com/bid/94663
International Phone Fraud Tactics
This article outlines two different types of international phone fraud.
https://www.schneier.com/blog/archives/2016/12/international_p.html
Aufgepasst: Neuer Verschlüsselungstrojaner Goldeneye verbreitet sich rasant
Ein bisher unbekannter Verschlüsselungstrojaner tarnt sich als Bewerbungs-E-Mail und versucht, Systeme in ganz Deutschland zu verschlüsseln. Momentan wird er von vielen Virenscannern noch nicht erkannt.
https://heise.de/-3561396
Roundcube 1.2.2: Command Execution via Email
In this post, we show how a malicious user can execute arbitrary commands on the underlying operating system remotely, simply by writing an email in Roundcube 1.2.2 (>= 1.0). This vulnerability is highly critical because all default installations are affected. We urge all administrators to update the Roundcube installation to the latest version 1.2.3 as soon as possible.
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
Xen Security Advisory 199 (CVE-2016-9637) - qemu ioport array overflow
hen qemu is used as a device model within Xen, io requests are generated by the hypervisor and read by qemu from a shared ring. The entries in this ring use a common structure, including a 64-bit address field, for various accesses, including ioport addresses. Xen will write only 16-bit address ioport accesses. However, depending on the Xen and qemu version, the ring may be writeable by the guest. If so, the guest can generate out-of-range ioport accesses, resulting in wild pointer accesses
https://lists.xen.org/archives/html/xen-announce/2016-12/msg00001.html
IBM Security Bulletins
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager.
https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099503
IBM Security Bulletin: Lotus Protector for Mail Security Affected By Open Source Linux Kernel Vulnerabilities (CVE-2016-5195)
http://www.ibm.com/support/docview.wss?uid=swg21994535
IBM Security Bulletin: A busybox vulnerability affects IBM DataPower Gateways (CVE-2014-4607)
http://www-01.ibm.com/support/docview.wss?uid=swg21993006
IBM Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to various CVEs.
http://www.ibm.com/support/docview.wss?uid=swg21994719
IBM Security Bulletin: Multiple Security Vulnerabilities in Expat affect IBM Netezza Analytics
http://www-01.ibm.com/support/docview.wss?uid=swg21994401
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to various CGI vulnerabilities. (CVE-2016-5385, CVE-2016-5387, CVE-2016-5388)
http://www.ibm.com/support/docview.wss?uid=swg21994725
IBM Security Bulletin: Open Source Apache Xerces-C XML parser vulnerabilities affect IBM Integration Bus and WebSphere Message Broker (CVE-2016-4463, CVE-2016-0729)
http://www.ibm.com/support/docview.wss?uid=swg21985691
IBM Security Bulletin: Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705)
http://www-01.ibm.com/support/docview.wss?uid=swg21991065
IBM Security Bulletin: Multiple Vulnerabilities in NTP and OpenSSL affect IBM Netezza Firmware Diagnostics Tools
http://www-01.ibm.com/support/docview.wss?uid=swg21994484