End-of-Shift report
Timeframe: Donnerstag 25-02-2016 18:00 − Freitag 26-02-2016 18:00
Handler: Robert Waldner
Co-Handler: n/a
VU#444472: QNAP Signage Station and iArtist Lite contain multiple vulnerabilities
CVE-2015-6022An authenticated attacker without administrative permissions may upload a malicious file, such as a PHP script,
http://www.kb.cert.org/vuls/id/444472
DSA-3492 gajim - security update
Daniel Gultsch discovered a vulnerability in Gajim, an XMPP/jabberclient. Gajim didnt verify the origin of roster update, allowing anattacker to spoof them and potentially allowing her to intercept messages.
https://www.debian.org/security/2016/dsa-3492
Open Web Analytics 1.5.7 Cross Site Scripting
Open Web Analytics suffers from a Cross-Site Scripting vulnerability in the owa_site_id parameter because it fails to sanitize input before rendering the content to the user. The vulnerability can be triggered by hitting the ALT+SHIFT+X key after the payload is injected.
https://cxsecurity.com/issue/WLB-2016020217
Bugtraq: Zimbra Cross-Site Scripting vulnerabilities
Recently Zimbra Collaboration 8.6 Patch 5 was released. It fixed two Cross-Site Scripting vulnerabilities discovered by Fortinet's FortiGuard Labs.
http://www.securityfocus.com/archive/1/537627
Sicherheitsupdate für ältere Apple-TV-Geräte
Apple hat am Donnerstagabend das Betriebssystem älterer Multimediaboxen aktualisiert. Das Update bringt zahlreiche Security-Fixes.
http://heise.de/-3118206
Quick Audit of *NIX Systems, (Fri, Feb 26th)
If you think that only computers running Microsoft Windows are targeted by attackers, youre wrong! UNIX (used here as a generic term, not focusing on a specific distribution or brand) is a key operating system on the Internet. Many websites and other public services are relying on it (Netcraftis compiling interesting stats on this topic).
Therefore it is mandatory to keep an eye on your servers by using proactive and reactive controls.
https://isc.sans.edu/diary.html?storyid=20771&rss
Apache Xerces-C Buffer Overflow Lets Remote Users Deny Service or Potentially Execute Arbitrary Code
A vulnerability was reported in Apache Xerces-C. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted documents to trigger a buffer overflow in the XML parser library and cause the target application to crash or potentially execute arbitrary code on the target system.
http://www.securitytracker.com/id/1035113
Krypto-Trojaner Locky: Batch-Dateien infizieren Windows, Tool verspricht Schutz
Batch-Dateien sind der neueste Schrei, wenn es darum geht, den Krypto-Trojaner Locky am Virenscanner vorbei zu schleusen - und der Plan geht auf. Auf der Suche nach Schutzmaßnahmen haben wir ein Tool ausprobiert, das Locky und Co. stoppen soll.
http://heise.de/-3118188
Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities
Infor CRM suffers from multiple stored cross-site scripting
vulnerabilities. Input passed to several POST/PUT parameters in
JSON format is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
https://cxsecurity.com/issue/WLB-2016020219
Serialization Must Die: Act 2: XStream (Jenkins CVE-2016-0792)
The following new pre-authentication exploit against Jenkins (CVE-2016-0792) works because Groovy is on the classpath. There are probably a million other apps that use XStream and have Groovy on the classpath. I put almost no effort into trying to find this vulnerable pattern in other open source applications -- this Jenkins CVE is just one of many.
https://www.contrastsecurity.com/security-influencers/serialization-must-die-act-2-xstream
IKE/IKEv2: Ripe for DDoS Abuse
This is my latest research into preemptive DDoS trends. This time I looked into IKEv2 and what potential it has in regards to DDoS abuse use cases and amplification measurements. The short answer is, it could be easily weaponized for DDoS campaigns.
https://www.reddit.com/r/netsec/comments/47l3zv/ikeikev2_ripe_for_ddos_abuse_white_paper_in/
IBM Security Bulletins***
IBM Security Bulletin: Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794
http://www.ibm.com/support/docview.wss?uid=swg21977355
IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Control Center (CVE-2015-4872, CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977686
IBM Security Bulletin: IBM PowerVC is impacted by OpenStack Glance information disclosure vulnerability (CVE-2015-5163)
http://www.ibm.com/support/docview.wss?uid=nas8N1021118
Security Bulletin: Vulnerabilities in glibc affect IBM Integrated Management Module II (IMM2) for System x, BladeCenter and Flex Systems (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, CVE-2014-9402)
http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5099198
IBM Security Bulletin: GNU C library (glibc) vulnerability affects IBM QRadar SIEM and Incident Forensics (CVE-2015-7547)
http://www.ibm.com/support/docview.wss?uid=swg21977665
IBM Security Bulletin: Vulnerability in IBM SDK Java Technology Edition affects IBM Development Package for Apache Spark (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977538
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM B2B Advanced Communications (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976813
IBM Security Bulletin: Vulnerability in IBM Java SDK affects IBM QRadar SIEM and Incident Forensics. (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977664
IBM Security Bulletin: Vulnerabilities in IBM Java Runtime affect Watson Explorer, Watson Content Analytics, and OmniFind Enterprise Edition (CVE-2015-7575, CVE-2015-4872)
http://www.ibm.com/support/docview.wss?uid=swg21976276
IBM Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Control Center (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21977575
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
http://www.ibm.com/support/docview.wss?uid=swg21976545
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security AppScan Enterprise (CVE-2016-0466, CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976553
IBM Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Policy Tester (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=swg21976733
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=ssg1S1005673
IBM Security Bulletin: Vulnerability in IBM Java SDK affect IBM Spectrum Scale RAID/IBM GPFS Native RAID (CVE-2015-7575)
http://www.ibm.com/support/docview.wss?uid=isg3T1023364
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Tivoli Endpoint Manager for Remote Control.
http://www.ibm.com/support/docview.wss?uid=swg21976855
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-7575, CVE-2016-0466)
http://www.ibm.com/support/docview.wss?uid=swg21976768
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software
http://www.ibm.com/support/docview.wss?uid=swg21976840
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron (CVE-2015-7575, CVE-2016-0448)
http://www.ibm.com/support/docview.wss?uid=swg21977301
IBM Security Bulletin: A security vulnerability has been identified in IBM Business Process Manager and IBM HTTP Server shipped with IBM Cloud Orchestrator (CVE-2015-1932, CVE-2015-4938)
http://www.ibm.com/support/docview.wss?uid=swg2C1000043