Tageszusammenfassung - Mittwoch 23-03-2016

End-of-Shift report

Timeframe: Dienstag 22-03-2016 18:00 − Mittwoch 23-03-2016 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

What was all that about a scary iMessage flaw? Your three-minute guide

On Sunday, we were warned that hackers could read our iMessages texts, photos and videos. Should I be worried? As it turns out: no. If youre even a little curious about cryptography and secure programming, though, it should interest and amuse you.

http://www.theregister.co.uk/2016/03/23/imessages_flaw_details/

Google publishes list of Certificate Authorities it doesnt trust

Thawte experiment aims to expose issuers of dodgy creds Googles announced another expansion to the security information offered in its transparency projects: its now going to track certificates you might not want to trust.

http://go.theregister.com/feed/www.theregister.co.uk/2016/03/23/google_now_publishing_a_list_of_cas_it_doesnt_trust/

Abusing Oracles, (Wed, Mar 23rd)

No, no this has nothing to do with Oracle Corporation! This diary is about abusing encryption and decryption Oracles. First a bit of a background story. Most of the days I do web and mobile application penetration testing. While technical vulnerabilities, such as SQL Injection, XSS and similar are still commonly found, in last couple of years I would maybe dare to say that the Direct Object Reference (DOR) vulnerabilities have become prevalent.

https://isc.sans.edu/diary.html?storyid=20875&rss

Libmcrypt - Incorrect S-Boxes for GOST cipher (2008, unfixed)

PHP just decided to abandon the trash fire that is libmcrypt. There were (are?) still other projects that use(d) it, so Im sharing this link in the interest of strongly encouraging projects to drop it like a lead balloon. This is far from the only problem with it ...

https://www.reddit.com/r/netsec/comments/4bl8xu/libmcrypt_incorrect_sboxes_for_gost_cipher_2008/

Microsoft Adds New Feature in Office 2016 That Can Block Macro Malware

Microsoft is finally addressing the elephant in the room in terms of security for Office users and has announced a new feature in the Office 2016 suite that will make it harder for attackers to exploit macro malware. ... Sysadmins can now block macros that connect to the Internet ... "This feature can be controlled via Group Policy and configured per application," Microsoft explains. "It enables enterprise administrators to block macros from running in Word, Excel and PowerPoint

http://news.softpedia.com/news/microsoft-adds-new-feature-in-office-2016-that-can-block-macro-malware-502058.shtml

GroupWise 2014 R2 Hot Patch 1 - Windows Full Multilingual

Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.

https://download.novell.com/Download?buildid=AA7ZB93KAjc~

GroupWise 2014 R2 Hot Patch 1 - Windows Client Multilingual

Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.

https://download.novell.com/Download?buildid=dxd3rzvGvig~

GroupWise 2014 R2 Hot Patch 1 - Linux Full Multilingual

Abstract: GroupWise 2014 R2 Hot Patch 1 has been released. Be aware that there are security fixes in this release. Please see the Security section for details.

https://download.novell.com/Download?buildid=Wxix0_fCdmI~

sol51518670: Linux kernel vulnerability CVE-2015-2922

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (CVE-2015-2922)

https://support.f5.com/kb/en-us/solutions/public/k/51/sol51518670.html

F5 Security Advisory: Apache Tomcat 6.x vulnerabilities CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, and CVE-2016-0714

https://support.f5.com:443/kb/en-us/solutions/public/k/30/sol30971148.html?ref=rss

Cisco Security Advisories

Cisco IOS and NX-OS Software Locator/ID Separation Protocol Packet Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-lisp

Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi

Cisco IOS Software Wide Area Application Services Express Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-l4f

Cisco IOS and IOS XE Software Internet Key Exchange Version 2 Fragmentation Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2

Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6

ZDI-16-210: IBM Informix portmap Service Privilege Escalation Vulnerability

This vulnerability allows local users to execute arbitrary code on vulnerable installations of IBM Informix. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. www.zerodayinitiative.com/advisories/ZDI-16-210/

ZDI-16-209: IBM Informix nsrexecd Service Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-209/

ZDI-16-208: IBM Informix nsrd Service Privilege Escalation Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-16-208/