Tageszusammenfassung - Dienstag 7-02-2017

End-of-Shift report

Timeframe: Montag 06-02-2017 18:00 − Dienstag 07-02-2017 18:00 Handler: Robert Waldner Co-Handler: n/a

Heute ist es soweit: Es ist Internationaler Safer Internet Day!

Der jährliche Aktionstag wurde 2004 von der Europäischen Kommission im Rahmen des Safer Internet-Programms ins Leben gerufen und findet seitdem jeden Februar statt. Mehr als 100 Länder beteiligen sich weltweit am Safer Internet Day, um über die sichere und verantwortungsvolle Internetnutzung aufzuklären. International organisiert das europäische Netzwerk Insafe den Safer Internet Day.

https://www.saferinternet.at/news/news-detail/article/heute-feiern-wir-es-ist-internationaler-safer-internet-day-639/

DFN-CERT-2017-0216/">Google Android Operating System: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0216/

Got an OpenBSD Web server? Better patch it

DoS-able bugs splatted OpenBSD and two of its SSL libraries need patches against a pair of denial-of-service bugs that can crash Web-facing servers

http://go.theregister.com/feed/www.theregister.co.uk/2017/02/07/got_an_openbsd_web_server_better_patch_it/

Vuln: PEAR HTML_AJAX CVE-2017-5677 PHP Object Injection Vulnerability

http://www.securityfocus.com/bid/96044

New Attack, Old Tricks

A Word document targets Mac users with malicious macros and an open-source payload.

https://objective-see.com/blog/blog_0x17.html

Citrix License Server for Windows and License Server VPX CVE-2017-5571 Open Redirect Vulnerability

http://www.securityfocus.com/bid/96028/discuss

DFN-CERT-2017-0217/">BlackBerry powered by Android: Mehrere Schwachstellen ermöglichen u.a. die komplette Systemübernahme

https://portal.cert.dfn.de/adv/DFN-CERT-2017-0217/

[2017-02-07] Multiple vulnerabilities in JUNG Smart Visu server

Attackers can dump password hashes and other available data from the operating system of the JUNG Smart Visu Server. An attacker is able to access and control all Smart Visu server installation if he is able to crack the hashes. The group address password can be removed by using a single PUT request.

https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170207_JUNG_Smart_Visu_Server_Multiple_vulnerabilities_v10.txt

IBM Security Bulletins

IBM Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i

http://www-01.ibm.com/support/docview.wss?uid=nas8N1021845

IBM Security Bulletin: Multiple Vulnerabilities in Oracle Outside In Technology affect IBM Rational DOORS Next Generation

http://www.ibm.com/support/docview.wss?uid=swg21997654

IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Flex System Manager (FSM) Storage Manager Install Anywhere (SMIA) Configuration tool

http://www-01.ibm.com/support/docview.wss?uid=isg3T1024798

IBM Security Bulletin: Multiple Vulnerabilities in OpenSSH affect IBM i

http://www.ibm.com/support/docview.wss?uid=nas8N1021846

IBM Security Bulletin: Security Vulnerability in OpenSSL affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

http://www.ibm.com/support/docview.wss?uid=swg21997056

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect AppScan Standard (CVE-2016-5597, CVE-2016-5542)

http://www-01.ibm.com/support/docview.wss?uid=swg21997784

IBM Security Bulletin: Fix Available for IBM iNotes Cross-site Scripting Vulnerability (CVE-2016-5883)

http://www.ibm.com/support/docview.wss?uid=swg21997010

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Cisco Switches and Directors.

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009663

IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Campaign, IBM Contact Optimization

http://www.ibm.com/support/docview.wss?uid=swg21982291

IBM Security Bulletin: Vulnerabilities in OpenSSL affect multiple N series products

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009687