Tageszusammenfassung - Freitag 1-07-2016

End-of-Shift report

Timeframe: Donnerstag 30-06-2016 18:00 − Freitag 01-07-2016 18:00 Handler: Robert Waldner Co-Handler: n/a

F5: Security Advisory: GraphicsMagick vulnerability CVE-2016-5118

The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename. (CVE-2016-5118)

https://support.f5.com:443/kb/en-us/solutions/public/k/82/sol82747025.html?ref=rss

The Types of Penetration Testing

Black Box/White Box/Gray Box Testing Red/Blue/Purple Teams

http://resources.infosecinstitute.com/the-types-of-penetration-testing/

Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash

http://www.securitytracker.com/id/1036211

Eaton ELCSoft Programming Software Memory Vulnerabilities

This advisory contains mitigation details for a heap-based memory corruption vulnerability and a stack buffer overflow vulnerability in Eaton's ELCSoft programming software.

https://ics-cert.us-cert.gov/advisories/ICSA-16-182-01

Sofortmaßnahmen für Unternehmen bei Cyberangriffen

Die ersten 72 Stunden nach einem Cyber-Angriff können für die Rechtsverfolgung entscheidend sein, erklärten Wolf Theiss-Rechtsexperten vor Journalisten.

http://futurezone.at/b2b/sofortmassnahmen-fuer-unternehmen-bei-cyberangriffen/207.251.648

SSA-444217 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SICAM PAS

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf

SSA-547990 (Last Update 2016-06-30): Information Disclosure Vulnerabilities in SIPROTEC 4 and SIPROTEC Compact

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-547990.pdf

Security Advisory 2016-01: Security Update for OTRS FAQ package

An attacker could access and manipulate the database with an HTTP request.

https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/

Cracking Androids full-disk encryption is easy on millions of phones - with a little patience

Just need a couple of common bugs, some GPUs and time Androids full-disk encryption on millions of devices can be cracked by brute-force much more easily than expected - and theres working code to prove it.

http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/turns_out_breaking_android_fulldisk_encryption_is_easy_with_the_right_code/

Joomla com_smartformer 2.4.1 Shell Upload

* @package SmartFormer * @version 2.4.1 (J1.5 security fix) poc: 1 - choose a site and open it 2 - Upload shell.php 3 - Go to :/components/com_smartformer/files/shell.php

https://cxsecurity.com/issue/WLB-2016070002

Process Hallowing

In this article, we will learn what process hallowing is, how is it done, and how we can detect it while performing memory analysis.

http://resources.infosecinstitute.com/process-hallowing/

Exploiting Format Strings (Part 1)

Overview : In this article, we will learn what Format String Vulnerabilities is, how we exploit it to read specific values from the stack, further we will also have a look at how we can use different format specifiers to write arbitrary values to the stack.

http://resources.infosecinstitute.com/exploiting-format-strings-part-1/

UEFAs Euro 2016 app is airing football fans' privates in public

Offside! Lack of encryption bares usernames, passwords and more The official UEFA Euro 2016 app is leaking football fans' personal data, security researchers warn.

http://go.theregister.com/feed/www.theregister.co.uk/2016/07/01/euro_2016_app_privacy_flap/

Cracking Locky's New Anti-Sandbox Technique

This new trick may pose challenges for automated Locky tracking systems that utilize sandboxing due to the following considerations: New Locky binaries will not execute properly without the correct parameter. JavaScript downloaders may fail to download if the download locations are already down.

https://blog.fortinet.com/2016/06/30/cracking-locky-s-new-anti-sandbox-technique

Magento Re-Installation & Account Hijacking Vulnerabilities

Before discovering my latest Magento RCE, I've found two different vulnerabilities, both resulting in the complete compromise of customer data and/or the server. As they are far less complicated, I'm presenting both of them in this single blog post for your convenience. Vulnerable Versions: Magento EE & CE 2.x.x before 2.0.6.

http://netanelrub.in/2016/07/01/magento-re-installation-account-hijacking-vulnerabilities/

F5: Security Advisory: Cross Site Scripting (XSS) vulnerability in F5 WebSafe Dashboard CVE-2016-5235

https://support.f5.com:443/kb/en-us/solutions/public/k/48/sol48572812.html?ref=rss

A year of Windows kernel font fuzzing #2: the techniques

Posted by Mateusz Jurczyk of Google Project ZeroIn part #1 of the series (see here), we discussed the motivation and outcomes of our year long fuzzing effort against the Windows kernel font engine, followed by an analysis of two bug collisions with Keen Team and Hacking Team that ensued as a result of this work. While the bugs themselves are surely amusing, what we find even more interesting are the techniques and decisions we made to make the project as effective as it turned out to be.

http://googleprojectzero.blogspot.com/2016/07/a-year-of-windows-kernel-font-fuzzing-2.html

Cisco Configuration Assistant Request Processing Unauthorized Access Vulnerability

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160630-cca

IBM Security Bulletins

IBM Security Bulletin: Lotus Protector for Mail Security Affected By Multiple Open Source PHP Vulnerabilities.

http://www-01.ibm.com/support/docview.wss?uid=swg21985802

IBM Security Bulletin: Cross-site Request Forgery (CSRF) security vulnerability in IBM WebSphere Commerce (CVE-2016-2863)

http://www.ibm.com/support/docview.wss?uid=swg21983626

IBM Security Bulletin: HTTP response splitting attack in FastBack for Workstations Central Administration Console (CVE-2016-0359)

http://www.ibm.com/support/docview.wss?uid=swg21986310

IBM Security Bulletin: InstallAnywhere Vulnerability affects Daeja ViewONE Professional, Standard & Virtual (CVE-2016-4560)

http://www.ibm.com/support/docview.wss?uid=swg21984799

IBM Security Bulletin: OpenSource Apache Taglibs Vulnerability in FastBack for Workstations Central Administration Console (CVE-2015-0254)

http://www.ibm.com/support/docview.wss?uid=swg21986309

IBM Security Bulletin: IBM Cognos Business Intelligence Server 2016Q2 Security Updater : IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities.

http://www-01.ibm.com/support/docview.wss?uid=swg21984323

IBM Security Bulletin: Vulnerability in Open Source GNU glibc affects IBM OS Images for Red Hat Linux Systems. (CVE-2015-5277)

http://www.ibm.com/support/docview.wss?uid=swg21986400