Petya-Like Malware Campaign (CERT-EU Security Advisory 2017-014) 
A large malware campaign broke out on Tuesday, 27/06/2017 and was widely reported in the news. The malware used -- which appears to be similar to Petya -- has been augmented with efficient local network spreading mechanisms, which resulted in a very rapid infection rate inside affected organizations. The local propagation is apparently achieved by a combination of the use of EternalBlue (the same exploit as the one used by WannaCry earlier), EternalRomance, and WMIC/psexec propagation vector using credentials harvested with a code similar to Mimikatz. First analysis points to at least one likely infection vector being associated with software update systems for a Ukrainian tax accounting package called MeDoc. However, as among the impacted organizations there were those that did not use the software, it is likely that other infection vectors are also used.
Privileges Escalation Vulnerabilities in Unix Operating Systems (CERT-EU Security Advisory 2017-013)
On 19th of June 2017, Qualys Research Team published a blog post and a security advisory about vulnerabilities in the memory management of several UNIX operating systems. These vulnerabilities can lead to privilege escalation on these systems, by corrupting memory and executing arbitrary code. They named the bug Stack Clash as it exploits flaws in the way these operating system are handling the stack in memory.
A large ransomware campaign has been observed since Friday, May 12th, 2017. The payload delivered is a variant of ransomware malware called WannaCry. It appears to infect computers through a recent SMB vulnerability in Microsoft Windows operating system (CVE-2017-0145).
UPDATE Critical Cisco CMP Remote Code Execution Vulnerability (CERT-EU Security Advisory 2017-006)
Cisco security researchers found a vulnerability in the Cluster Management Protocol (CMP) code in Cisco IOS and Cisco IOS XE software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. Cisco has now released a software fix for this vulnerability.
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file leading to memory corruption. An attacker who successfully exploits this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
On 1st of May 2017, Intel reported that there is "an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small BusinessTechnology that can allow an unprivileged attacker to gain control of the manageability features provided by these products". Once exploited,it allows for DMA access to the system, which means that the attacker can arbitrarily read and write to memory on the system.
A vulnerability in Microsoft Office is actively exploited to distribute Dridex banking Trojan.
Broadcom Critical Wi-Fi SoC Vulnerability in iOS and Android (CERT-EU Security Advisory 2017-008)
The vulnerability resides in a widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices. An attacker within range may be able to execute arbitrary code on the Wi-Fi chip. Google Project Zero researcher Gal Beniamini, who discovered the flaw said it allowed the execution of malicious code by Wi-Fi proximity alone, requiring no user interaction [1].
VMWare released an advisory for VMWare ESXi, Workstation, and Fusion products [1]. The advisory addresses critical and moderate security issues that may allow a guest system to execute code on the host system (CVE-2017-4902, CVE-2017-4903, and CVE-2017-4904).
Critical Apache Struts 2 Framework Vulnerability (CERT-EU Security Advisory 2017-005)
Remote code execution is possible via Apache Struts 2 framework, when performing file upload based on Jakarta multipart parser. There are already several exploits in the wild (CVE-2017-5638).
Arbitrary Code Execution in Internet Explorer and Edge (CERT-EU Security Advisory 2017-004)
A high-severity vulnerability in Microsoft's Edge and Internet Explorer browsers allows attackers to execute malicious code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code (CVE-2017-0037).
CISCO Smart Install Protocol Issues (CERT-EU Security Advisory 2017-003)
It has been reported that there exists a way to misuse the Cisco Smart Install protocol messages. The misuse is directed towards Smart Install Clients allowing an unauthenticated remote attacker to change the startup configuration, load alternative IOS versions, and execute commands on affected devices. Cisco does not consider this issue a vulnerability. However, since Cisco Smart Install is enabled by default in a big number of modern switches and routers, CERT-EU considers this protocol abuse a potentially serious threat.
Ticketbleed Vulnerability Affecting F5 BIG-IP (CERT-EU Security Advisory 2017-002)
A vulnerability called Ticketbleed in F5 BIG-IP devices (CVE-2016-9244) could allow an unauthenticated, remote attacker to obtain sensitive information from memory if the non-default Session Tickets option is enabled for a Client SSL profile.
A vulnerability in CISCO WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the browser on the affected system. This vulnerability concerns browser extensions for CISCO WebEx Meetings Server and CISCO WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows with Google Chrome, Mozilla Firefox, and Internet Explorer.
UPDATE Critical Firefox Vulnerability (CERT-EU Security Advisory 2016-142)
On 29th of November 2016, a JavaScript code exploiting a vulnerability in Firefox has been discovered. The exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code [5].
Black Nurse ICMP DOS attacks (CERT-EU Security Advisory 2016-141)
TDC-SOC-CERT the CERT from TDC A/S, a Danish telecommunications company, observed and started analyzing a number of denial of service attacks (DOS) based on the ICMP protocol.
URGENT - 0 day Adobe Flash vulnerability (CERT-EU Security Advisory 2016-140)
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system."
Linux Kernel vulnerability "Dirty COW" (CERT-EU Security Advisory 2016-139)
It has been reported a serious vulnerability that has been present for nine years in a section of the Linux kernel, which is most probably part of all the distributions of this OS.
IKEv1 vulnerability in CISCO devices (CERT-EU Security Advisory 2016-138).
The advisory recommends integrity checks and provides detection guidance for the IKEv1 vulnerabilities discovered by CISCO in its devices.
Critical Adobe Flash Player vulnerabilities (APSB16-29) (CERT-EU Security Advisory 2016-137)
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS to address multiple critical vulnerabilities.
Pegasus Spyware targeting iOS devices CERT-EU Security Advisory 2016-136 - Updated
Three critical zero-day vulnerabilities were discovered, impacting Apple iOS and OS X devices. This advisory presents recommendations for end-users and Mobile Device Management administrators.
Leak of hacking tools targeting Fortinet devices CERT-EU Security Advisory 2016-135
On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include Fortinet devices. This advisory presents risk mitigation recommendations.
Leak of hacking tools targeting CISCO firewalls CERT-EU Security Advisory 2016-133
On 13th of august, a previously unknown group called "Shadow Brokers" publicly released a large number of hacking tools they claimed were used by the "Equation Group". The targeted devices include CISCO Adaptive Security Appliance (ASA) and PIX firewalls. This advisory presents risk mitigation recommendations.
SMB bug allows to leak user login and NTLMv2 hashes [CERT-EU Security Advisory 2016-132]
The Server Message Block (SMB) protocol is a network protocol allowing files and printers sharing over different networks (TCP/IP included).
HTTPoxy - CGI "HTTP_PROXY" variable name clash (CERT-EU Security Advisory 2016-130)
Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables. This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts [1].
The RESTful Web Services module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
The Webform Multiple File Upload module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
Drupal Coder Module Remote Code Execution Vulnerability (CERT-EU Security Advisory 2016-127)
The Coder module for Drupal is prone to a remote code-execution vulnerability; fixes are available.
Critical Adobe Flash bug (CVE-2016-4171) (CERT-EU Security Advisory 2016-126)
A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. An exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks [1].
Critical vulnerability in Adobe Flash Player (CVE-2016-4117) (CERT-EU Security Advisory 2016-125)
A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system [1].
On May 3rd, 2016, security researchers reported several bugs in ImageMagick [1], a package commonly used by web services to process images. [2][3]
Badlock Bug in Windows and Samba (CERT-EU Security Advisory 2016-123)
On April 12th, 2016 Badlock, a crucial security bug in Windows and Samba was disclosed.
Cisco - Denial of Service Vulnerabilities (CERT-EU Security Advisory 2016-122)
The March 23, 2016, release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication includes six Cisco Security Advisories that describe vulnerabilities in Cisco IOS Software.
Version: 17/03/2016 Corrigendum initial publication typos A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
Remote Code Execution in all git versions (client+server)<2.7.1 (CERT-EU Security Advisory 2016-120)
A vulnerability in Git allows a perpetrator to execute code remotely while cloning or pushing repository with large filenames or a large number of nested trees..
CISCO CVE-2016-1329 (CERT-EU Security Advisory 2016-119)
A vulnerability in Cisco NX-OS Software allows a perpetrator to connect to the device with administrative privileges.
DROWN Attack (CERT-EU Security Advisory 2016-118)
A vulnerability in SSLv2 can lead to a compromise the cryptographic scheme of safe transactions over Internet. The attack that exploits the vulnerability is called "DROWN". The attacker can easily interfere between client and server and monitor the transaction or even alter it. In other words, the vulnerability allows successful Man-In-the-Middle attacks.
Palo Alto critical bugs (CERT-EU Security Advisory 2016-117)
Palo Alto Networks has revealed four new vulnerabilities
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited.
Updated: CentOS has released updates to vulnerability remedy. F5 has published information about products affected products.
CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow (CERT-EU Security Advisory 2016-114)
Vulnerability in glibc allows unauthenticated attacker to remotely exploit and cause: - Denial-of-Service (DoS) - Remote code execution (administrator / root privileges) - Remote code execution (User)
CISCO IKE v1 and v2 Vulnerability (CERT-EU Security Advisory 2016-113)
A vulnerability in the Internet Key Exchange .v1 and .v2 of CISCO ASA software can be exploited causing DOS or even remote code execution.
Vulnerability in Java installers (CERT-EU Security Advisory 2016-84)
A user can be tricked into downloading files before installing Java 6, 7 or 8 resulting to a full compromise of his system.
SSH Login vulnerability on multiple Fortinet products (CERT-EU Security Advisory 2016-62) - UPDATED
The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible.
OpenSSH roaming feature vulnerabilities (CERT-EU Security Advisory 2016-50)
Since version 5.4 (released on March 8, 2010), the OpenSSH client supports an undocumented feature called roaming: if the connection to an SSH server breaks unexpectedly, and if the server supports roaming as well, the client is able to reconnect to the server and resume the suspended SSH session. [1]
FortiOS login vulnerability (CERT-EU Security Advisory 2016-45)
The FortiOS SSH has a login vulnerability. Remote console access to vulnerable devices with "Administrative Access" enabled for S= SH is possible. A Pyhton script was released that can be used to exploit the vulnerability.
JUNIPER multiple Security issues with ScreenOS (CVE-2015-7755) [CERT-EU Security Advisory 2015-825]
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.
Remote code execution vulnerability in jar analysis (CERT-EU Security Advisory 2015-824)
Tavis Ormandy and Natalie Silvanovich of Google Project Zero discovered a critical vulnerability in Fireeye devices. As a result, an attacker can send an email to a user or alternatively get them to click a link and completely compromise one of the most privileged machines on the network. This allows exfiltration of confidential data, tampering with traffic, lateral movement around networks and even self-propagating internet worms.
Crypto implementation flaws in Pacom GMS System (CERT-EU Security Advisory 2015-761)
The Pacom 1000 implementation have several serious implementation flaws in cryptography mechanisms. The flaws that were found can bypass the security of any unpatched installation. The issue could affect the Psysical Security entities of a constituent depending on the infrastructure.
Vulnerable Dell Self-Signed Root certificates (CERT-EU Security Advisory 2015-750)
Some Dell laptops and desktops come with a pre-installed self-signed root certificate under the name of eDellRoot and in some occasions have also an installed another self-signed root certificate under the name of DSDTestProvider. This is a potential security vulnerability that makes it easy for attackers to hijack Internet connections and masquerade as trusted websites. That security vulnerability compromises the security of encrypted HTTPS connections.
Logjam Attack (CERT-EU Security Advisory 2015-325)
Last days was published a new vulnerability related to TSL/SSL protocol called Logjam attack. This vulnerability allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography (which is an old working mode, still there to support legacy system enforcing former US cryptography exportation restrictions).
The vulnerability in Microsoft Windows Kerberos KDC could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account.
Malware distribution to German-speaking users (CERT-EU Security Advisory 2014-249)
CERT-EU has identified a malware distribution and fraud campaign with focus on german-speaking users.
A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows has been found.
NEW SSLv3 Padding Oracle On Downgraded Legacy Encryption attack (CERT-EU Security Advisory 2014-169)
The SSL protocol 3.0, as used in OpenSSL and other products, uses non-deterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain clear text data via a padding-oracle attack, aka the "POODLE" issue.
New: BadUSB (CERT-EU Security Advisory 2014-138)
BadUSB is a dangerous USB security flaw that allows attackers to turn a simple USB device into a keyboard, which can then be used to type malicious commands into the victim's computer.
BASH Vulnerability (CERT-EU Security Advisory 2014-137)
GNU BASH is prone to remote code execution vulnerability. Vulnerable GNU BASH versions processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service (DoS) condition, or perform a man-in-the-middle attack.
Multiple Vulnerabilities in OpenSSL [1] (CERT-EU Security Advisory 2014-053)
Several vulnerabilities have been discovered in OpenSSL library.
GnuTLS Hello Vulnerability (CERT-EU Security Advisory 2014-052)
This vulnerability affects the client side of the GnuTLS library. A server that sends a specially crafted Server Hello could corrupt the memory of a requesting client.
Cisco RADIUS DoS [1] (CERT-EU Security Advisory 2014-051)
Cisco Identity Services Engine Software (ISE) is an authentication, authorization, and accounting application.
Microsoft Internet Explorer 8 Remote Code Execution [1] (CERT-EU Security Advisory 2014-050)
Internet Explorer 8 is prone to a remote code-execution vulnerability due to a use-after-free condition.
Microsoft Security Updates (CERT-EU Security Advisory 2014-049)
Microsoft has published on a number of new security updates which has been released on May 08, 2014.
Security updates available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2014-048)
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.06) and earlier versions for Windows and Macintosh.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-047)
Adobe has released security updates for Adobe Flash Player 13.0.0.206 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.356 and earlier versions for Linux.
BIND nameservers security update[1] (CERT-EU Security Advisory 2014-046)
A defect in the pre-fetch feature (which is enabled by default) can cause BIND 9.10.0 to terminate with a "REQUIRE" assertion failure if it processes queries whose answers have particular attributes.
FreeBSD Security Advisory (CERT-EU Security Advisory 2014-045)
hen network packets making up a TCP stream (``TCP segments'') are received out-of-sequence, they are maintained in a reassembly queue by the destination system until they can be re-ordered and re-assembled.
Citrix NetScaler Application Delivery Security Update [1] (CERT-EU Security Advisory 2014-044)
A number of security vulnerabilities have been identified in the management component of the Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway products.
Oracle Critical Patch Update Advisory (CERT-EU Security Advisory 2014-043)
The Oracle Critical Patch Update for April 2014 [1] were released.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-042)
Adobe has released security updates for Adobe Flash Player 13.0.0.182 and earlier versions for Windows, Adobe Flash Player 13.0.0.201 and earlier versions for Macintosh and Adobe Flash Player 11.2.202.350 and earlier versions for Linux.
UPDATE: Microsoft has issued a cumulative security update for Internet Explorer (no 2965111) resolving the publicly disclosed vulnerability (CVE-2014-1776 [1]) as well as other eight privately reported vulnerabilities in IE [2].
VMware Security Advisories (VMSA-2014-0004.6) CERT-EU Security Advisory 2014-040
VMware product updates address OpenSSL security vulnerabilities.
VMware Security Advisories (VMSA-2014-0003) (CERT-EU Security Advisory 2014-039)
VMware vSphere Client updates address security vulnerabilities
Oracle Critical Patch Update Advisory of April 2014 (CERT-EU Security Advisory 2014-038)
Oracle Critical Patch Update Advisory of April 2014 contains 104 new security fixes across the product families.
Apache Tomcat Update (CERT-EU Security Advisory 2014-037)
It was possible to craft a malformed Content-Type header for a multipart request that caused Apache Tomcat to enter an infinite loop. A malicious user could, therefore, craft a malformed request that triggered a denial of service.
Microsoft Security Updates (EU Security Advisory 2014-036)
Microsoft has published on a number of new security updates which has been released on April 08, 2014.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-035)
Adobe has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
UPDATE OpenSSL CRITICAL vulnerability (CERT-EU Security Advisory 2014-034)
OpenSSL library is vulnerable to a memory leakage. Both servers and clients are affected. It can lead to a leak of the content of the memory allowing access to private keys, credentials, or any other confidential data . There are already some proofs of concept of this vulnerability available in the wild exploiting servers and clients.
UPDATE OpenSSL CRITICAL vulnerability (CERT-EU Security Advisory 2014-034)
OpenSSL software is vulnerable to memory leakage to the connected client or server. It could lead to a leak of the content of the memory; allowing access to private keys (PKI/x509 certificates private key) or any confidential data in the memory like credentials. We could locate some prove of concepts of this vulnerability on Internet.
OpenSSL CRITICAL vulnerability Reference (CERT-EU Security Advisory 2014-034)
OpenSSL software is vulnerable to memory leakage to the connected client or server. It could lead to a leak of the content of the memory; allowing access to private keys (PKI/x509 certificates private key) or any confidential data in the memory like credentials. We could locate some prove of concepts of this vulnerability on Internet.
Multiple vulnerabilities in Cisco IOS (CERT-EU Security Advisory 2014-033)
Cisco released its semiannual Cisco IOS Software Security Advisory Bundled Publication on March 26, 2014.
There is a vulnerability affecting multiple versions of Microsoft Word. At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word, or previews or opens a specially crafted RTF email message in Microsoft Outlook while using Microsoft Word as the email viewer. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-031)
Adobe has released security updates for Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.341 and earlier versions for Linux. [1]
Multiple vulnerabilities in Microsoft products (CERT-EU Security Advisory 2014-030)
Microsoft released five bulletins [1] to address 23 unique CVEs in Microsoft Windows, Internet Explorer and Silverlight.
Snake Campaign and Cyber Espionage Toolkit [1] (CERT-EU Security Advisory 2014-029)
BAE Systems have recently published a report on so called Snake Campaign and Cyber Espionage Toolkit [1].
A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.
Multiple Vulnerabilities in Cisco Wireless LAN Controllers [1] (CERT-EU Security Advisory 2014-027)
The Cisco Wireless LAN Controller (WLC) product family is affected by the following vulnerabilities
JBoss Enterprice Aplication Platform update [1] (CERT-EU Security Advisory 2014-026)
An update for Red Hat JBoss Enterprise Application Platform 6.2.1 is now available from the Red Hat Customer Portal.
SSL/TSL implementation security Issues [1] (CERT-EU Security Advisory 2014-025)
Recently have been published a couple of bugs in ssl/tsl protocol from Apple [1] and GNU [2].
Different vulnerabilities and default configuration in several brands of SOHO routers allowed dns misconfiguration in hundreds of thousands of devices.
Cisco Prime Infrastructure Command Execution Vulnerability [1] (CERT-EU Security Advisory 2014-023)
A vulnerability in Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.
SSL Vulnerability in iOS and OS X [1] (CERT-EU Security Advisory 2014-022)
Due to a flaw in authentication logic on iOS and OS X platforms, an attacker can bypass SSL/TLS verification routines upon the initial connection handshake.
Microsoft Security Advisory [1] (CERT-EU Security Advisory 2014-021)
Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 10.
Microsoft Security Advisory related to Adobe Flash Player [1] (CERT-EU Security Advisory 2014-020)
Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-019)
Adobe has released security updates for Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.336 and earlier versions for Linux.
JBoss Enterprice Aplication Platform update [1] (CERT-EU Security Advisory 2014-018)
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
Cisco Firewall Services Module (FWSM) Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a reload of an affected system.
Multiple Vulnerabilities in Cisco IPS Software [1] (CERT-EU Security Advisory 2014-016)
Cisco Intrusion Prevention System (IPS) Software is affected by the following vulnerabilities
Cisco UCS Director Default Credentials Vulnerability [1] (CERT-EU Security Advisory 2014-015)
A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
A vulnerability in the Cisco Unified SIP Phone 3905 could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
Man-in-the-Middle Attack Against Email Synchronization (CERT-EU Security Advisory 2014-013)
The attack consists in spoofing a SSID of a WiFi network to which devices try to connect (most devices actively advertise SSIDs of all networks known to them). Once a device connects to such network and tries to synchronize e-mails, a malicious server inside the spoofed network may potentially be able to access the email credentials. In case the SSL is used, a such server may try to impersonate the target email server and perform the SSL handshake, if the device is set to accept self-signed certificates.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2014-012)
Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.
Security update available for Adobe Shockwave Player (CERT-EU Security Advisory 2014-011)
Adobe has released a security update for Adobe Shockwave Player 12.0.7.148 and earlier versions on the Windows and Macintosh operating systems. This update addresses critical vulnerabilities that could potentially allow an attacker to remotely take control of the affected system.
Critical Vulnerability in MediaWiki Platform (CERT-EU Security Advisory 2014-010)
Researchers have discovered a critical vulnerability in the popular MediaWiki Web platform, which is used to run Wikipedia and tens of thousands of other wiki sites around the world. This vulnerability allows an attacker to perform remote code execution
Microsoft Security Updates (CERT-EU Security Advisory 2014-009)
Microsoft has published on a number of new security updates. This advisory is intended to help you plan for the deployment of these security updates more effectively.
UPDATED Bios update for Hewlett Packard server products (CERT-EU Security Advisory 2014-008)
There is a Bios update for HP Proliant G7 server.
Denial of Service on Bind BIND nameservers (CERT-EU Security Advisory 2014-007)
Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.
VMware multiple vulnerabilities (CERT-EU Security Advisory 2014-006)
VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues: VMware ESXi and ESX NFC NULL pointer dereference (CVE-2014-1207).
Multiple Bugfixes in PHP (CERT-EU Security Advisory 2014-005)
The PHP development team announces the immediate availability of PHP 5.5.8. About 15 bugs were fixed. The PHP development team announces the immediate availability of PHP 5.4.20. About 30 bugs were fixed.
Multiple Vulnerabilities in Cisco Secure Access Control System (CERT-EU Security Advisory 2014-004)
Cisco Secure Access Control System (ACS) is affected by the following vulnerabilities: -Cisco Secure ACS RMI Privilege Escalation Vulernability -Cisco Secure ACS RMI Unauthenticated User Access Vulnerability -Cisco Secure ACS Operating System Command Injection Vulnerability
Oracle Critical Patch Update Advisory of January 2014 (CERT-EU Security Advisory 2014-003)
Oracle Critical Patch Update Advisory of January 2014 contains 144 new security fixes across the product families.
Multiple Microsoft vulnerabilities (CERT-EU Security Advisory 2014-002)
The vulnerabilities could allow remote code execution if a specially crafted file is opened in an affected version of Microsoft Word or other affected Microsoft Office software. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. [1]
Multiple Adobe vulnerabilities (CERT-EU Security Advisory 2014-001)
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh.
Cisco ASA Denial of service (CERT-EU Security Advisory 2013-0100)
A vulnerability in the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected system to become unresponsive to management session requests via SSH, Telnet, HTTP, and HTTPS.
WMware ESX multiple vulnerabilities (CERT-EU Security Advisory 2013-0099)
VMware has updated several third party libraries in ESX that address multiple security vulnerabilities.
Microsoft December 2013 patches (CERT-EU Security Advisory 2013-0098)
Microsoft has released December 2013 patches.
VMware Products Increased privileges - Existing account [1] (CERT-EU Security Advisory 2013-0097)
VMware Workstation, Fusion, ESXi and ESX patches address a vulnerability in the LGTOSYNC.SYS driver which could result in a privilege escalation on older Windows-based Guest Operating Systems.
A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause the reload of an affected system.
JBoss Enterprice Aplication Platform update [1] (CERT-EU Security Advisory 2013-095)
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
Microsoft Advance Security Updates (CERT-EU Security Advisory 2013-094)
Microsoft has published an advanced for a number of new security updates which will be released on December 13, 2013.
A new Windows local privilege escalation vulnerability has been identified in the wild [1].
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2013-092)
Adobe has released security updates for Adobe Flash Player 11.9.900.117 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.310 and earlier versions for Linux.
Hotfix available for ColdFusion (CERT-EU Security Advisory 2013-091)
Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and Linux.
Microsoft Security Updates (CERT-EU Security Advisory 2013-090)
Microsoft has published on a number of new security updates which has been released on November 13, 2013.
Microsoft Security Advisory [1] (CERT-EU Security Advisory 2013-0089)
Microsoft is investigating private reports of a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync.
Cisco IOS XE: Denial of service - Remote/unauthenticated [1] (CERT-EU Security Advisory 2013-0088)
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities
Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability.
A vulnerability in the fabric interconnect of Cisco Unified Computing System could allow an authenticated, local attacker to cause a denial of service (DoS) condition.
RSA Authentication Agent: Reduced security [1] (CERT-EU Security Advisory 2013-0085)
In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent.
Several Vulnerabilities in Linux kernel [1] (CERT-EU Security Advisory 2013-0084)
* It was found that the fix for CVE-2012-3552 released via RHSA-2012 ... * An information leak flaw was found in the way Linux kernel's device mapper subsystem,... * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation....
Vulnerability in python-crypto (CERT-EU Security Advisory 2013-0083)
A cryptographic vulnerability was discovered in the pseudo random number generator in python-crypto.
Multiple Vulnerabilities in MySQL 5.1 on Debian (CERT-EU Security Advisory 2013-0082)
This DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html [1] [2]
Several Vulnerabilities in RedHat (CERT-EU Security Advisory 2013-0081)
Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities
Several Vulnerabilities in multiple VMware products (CERT-EU Security Advisory 2013-0079)
VMware has updated vCenter Server, vCenter Server Appliance (vCSA), vSphere Update Manager (VUM), ESXi and ESX to address multiple security vulnerabilities. [1] [2] [3]
Cisco Firewall Services Module (FWSM) Software for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers is affected by two vulnerabilities.
JBoss Middleware security update [1] (CERT-EU Security Advisory 2013-0077)
An update for the commons-fileupload component that fixes one security issue is now available from the Red Hat Customer Portal for Red Hat JBoss BRMS 5.3.1; and Red Hat JBoss Portal 4.3 CP07, 5.2.2 and 6.0.0.
Title: Oracle Critical Patch Update Advisory (CERT-EU Security Advisory 2013-0076)
The Oracle Critical Patch Update for October 2013 [1] were released.
Robert Matthews discovered that the Apache FCGID module, a FastCGI implementation for Apache HTTP Server, fails to perform adequate boundary checks on user-supplied input.
Security Advisory for Adobe Reader and Acrobat [1] (CERT-EU Security Advisory 2013-0074)
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows.
Microsoft Security Updates (CERT-EU Security Advisory 2013-073)
Microsoft has published on a number of new security updates which has been released on October 09, 2013.
Cisco IOS XR Software Memory Exhaustion Vulnerability [1] (CERT-EU Security Advisory 2013-0072)
Cisco IOS XR Software version 4.3.1 contains a vulnerability that could result in complete packet memory exhaustion.
Several Vulnerabilities in Mozilla Firefox prior to 24 (CERT-EU Security Advisory 2013-0071)
Several Critical, High and Moderate vulnerabilities have been fixed in Mozilla Firefox 24. [1]
Multiple Bugfixes in PHP (CERT-EU Security Advisory 2013-0070)
The PHP development team announces the immediate availability of PHP 5.5.4. This release fixes several bugs against PHP 5.5.3. [1]
Microsoft is investigating public reports of a vulnerability in all supported versions of Internet Explorer.
VMware Workstation and VMware Player address a vulnerability in the vmware-mount component which could result in a privilege escalation on linux-based host machines.
Microsoft Security Updates (CERT-EU Security Advisory 2013-067)
This bulletin summary lists 3 critical (MS13-059, MS13-060, MS13-061) and 5 important (MS13-062, MS13-063, MS13-064, MS13-065, MS13-066) Microsoft security bulletins released for August 2013 [1].
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2013-0066)
Microsoft has published a number of new security updates which are planned for release on August 13, 2013.
JBoss SOA Platform 5.3.1 security update [1] (CERT-EU Security Advisory 2013-0065)
Red Hat JBoss SOA Platform 5.3.1 roll up patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal.
Apache Struts Security Update [3] (CERT-EU Security Advisory 2013-0064)
A couple of vulnerabilities have that have been detected in Struts framework allow arbitrary code execution and open redirections.
OSPF LSA Manipulation Vulnerability in Multiple Cisco Products (CERT-EU Security Advisory 2013-0063)
Multiple Cisco products are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database.
Cisco WAAS Central Manager Remote Code Execution Vulnerability (CERT-EU Security Advisory 2013-0062)
Cisco Wide Area Application Services (WAAS) when configured as Central Manager (CM), contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the affected system.
Multiple Cisco content network and video delivery products contain a vulnerability when they are configured to run in central management mode.
VMware ESX and ESXi updates to third party libraries (CERT-EU Security Advisory 2013-0060)
VMware has updated several third party libraries in ESX and ESXi to address multiple security vulnerabilities.
Apache Security Update (CERT-EU Security Advisory 2013-0059)
The Apache Software Foundation and the Apache HTTP Server Project have released a new version of Apache Httpd server which solves several vulnerabilities.
Oracle Critical Patch Update Advisory (CERT-EU Security Advisory 2013-0058)
The Oracle Critical Patch Update for July 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible.
Adobe Flash Player Security Update (CERT-EU Security Advisory 2013-0057)
Adobe has released security updates for Adobe Flash Player 11.7.700.224 and earlier versions for Windows, Adobe Flash Player 11.7.700.225 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.291 and earlier versions for Linux, Adobe Flash Player 11.1.115.63 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.59 and earlier versions for Android 3.x and 2.x.
Apache Tomcat Security Update (CERT-EU Security Advisory 2013-0056)
FORM authentication associates the most recent request requiring authentication with the current session.
Microsoft recent news related to security issues and tools [1] (CERT-EU Security Advisory 2013-0055)
Microsoft has publish some information in its security blog that can be of CERT-EU constituency interest [1].
Cisco ASA Software Vulnerability [1] (CERT-EU Security Advisory 2013-0054)
A vulnerability on Cisco ASA could cause a reload of the affected device.
Oracle Java SE Critical Patch Update - June 2013 (CERT-EU Security Advisory 2013-053)
The Oracle Java SE Critical Patch Update [1] for June 2013 were released on.
VMware vCenter Chargeback Manager Remote Code Execution [1] (CERT-EU Security Advisory 2013-0052)
The vCenter Chargeback Manager contains a critical vulnerability that allows for remote code execution.
Security updates available for Adobe Flash Player [1] (CERT-EU Security Advisory 2013-051)
Adobe has released security updates for Adobe Flash Player 11.7.700.202 and earlier versions for Windows, Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.285 and earlier versions for Linux, Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x.
Microsoft Security Updates (CERT-EU Security Advisory 2013-050)
Microsoft has published on a number of new security updates which has been released on June 11, 2013.
Denial of Service on Bind BIND nameservers [1] (CERT-EU Security Advisory 2013-0049)
A defect exists which allows an attacker to crash a BIND 9 recursive resolver with a RUNTIME_CHECK error in resolver.c.
Linux kernel Vulnerabilities (CERT-EU Security Advisory 2013-0048)
A recently-discovered vulnerability in the Linux kernel allows a local user to escalate their privilege level and gain root access.
Microsoft Internet Explorer Security Advisory [1] (CERT-EU Security Advisory 2013-0047)
This security update resolves one publicly disclosed vulnerability in Internet Explorer.
Security updates available for Adobe Reader and Acrobat [1] (CERT-EU Security Advisory 2013-0046)
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.02) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.4 and earlier 9.x versions for Linux.
Security updates available for Adobe Flash Player [1] (CERT-EU Security Advisory 2013-0045)
Adobe has released security updates for Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.280 and earlier versions for Linux, Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x.
Hotfix available for ColdFusion [1] (CERT-EU Security Advisory 2013-0044)
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Microsoft Security Updates (CERT-EU Security Advisory 2013-0043)
This bulletin summary lists security bulletins released for May 2013.
Microsoft Internet Explorer 8 Security Advisory (CERT-EU Security Advisory 2013-0042)
Microsoft is investigating public reports of a vulnerability in Internet Explorer 8 [1]. Microsoft is aware of attacks that attempt to exploit this vulnerability.
Cisco ASA Software Vulnerability (CERT-EU Security Advisory 2013-0041)
Cisco ASA has several vulnerabilities related with VPN software.
Linux kernel Local Vulnerabilities (CERT-EU Security Advisory 2013-0040)
Linux kernel has several vulneravilities that can cause a denial of service or escalate privileges.
Oracle Critical Patch Update - April 2013 (CERT-EU Security Advisory 2013-0039)
The Critical Patch Update for April 2013 [2] and The Oracle Java SE Critical Patch Update [3] for April 2013 were released on. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update.
Hotfix available for ColdFusion [1] (CERT-EU Security Advisory 2013-0038)
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX.
Security updates available for Adobe Flash Player [1] (CERT-EU Security Advisory 2013-0037)
Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Cisco Network Admission Control (NAC) Manager contains a vulnerability that could allow an unauthenticated remote attacker to execute arbitrary code and take full control of the vulnerable system.
Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR) contains the following denial of service (DoS) vulnerabilities: Cisco IOS XE Software IPv6 Multicast Traffic Denial of Service Vulnerability Cisco IOS XE Software MVPNv6 Traffic Denial of Service Vulnerability Cisco IOS XE Software L2TP Traffic Denial of Service Vulnerability Cisco IOS XE Software Bridge Domain Interface Denial of Service Vulnerability Cisco IOS XE Software SIP Traffic Denial of Service Vulnerability
VMware ESX Execute arbitrary code/commands [1] (CERT-EU Security Advisory 2013-0034)
VMware ESXi security updates for third party library.
Denial of Service on Bind BIND nameservers [1] (CERT-EU Security Advisory 2013-0033)
A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.
Linux kernel stack corruption Vulnerability [1] (CERT-EU Security Advisory 2013-0032)
A race conditon in ptrace can lead to kernel stack corruption and arbitrary kernel-mode code execution.
Microsoft Security Updates (CERT-EU Security Advisory 2013-0031)
CERT-EU has received advance notification from Microsoft on a number of new security updates which has been released on March 12, 2013.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2013-0030)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on March 12, 2013.
Oracle Java JRE y JDK Security Alert (CERT-EU Security Advisory 2013-0029)
This Security Alert addresses security issues affecting Java running in web browsers. These vulnerabilities are not applicable to Java running on servers, standalone Java desktop applications or embedded Java applications. They also do not affect Oracle server-based software.
VMware vCenter Server, ESX and ESXi: Multiple vulnerabilities (CERT-EU Security Advisory 2013-0028)
VMware has updated VMware vCenter Server, ESXi and ESX to address a vulnerability in the Network File Copy (NFC) Protocol. This update also addresses multiple security vulnerabilities in third party libraries used by VirtualCenter, ESX and ESXi.
Linux kernel Local Privilege Escalation Vulnerability (CERT-EU Security Advisory 2013-0027)
Linux kernel is prone to a local privilege-escalation vulnerability because it fails to adequately bounds-check user-supplied input.
New Apache HTTP server version corrects some vulnerabilities (CERT-EU Security Advisory 2013-0026)
The Apache Software Foundation has released a new version the Apache HTTP server that fixes some vulnerabilities.
Security Updates Available for Adobe Flash Player (CERT-EU Security Advisory 2013-0025)
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
This Critical Patch Update includes all fixes provided in the Oracle Java SE Critical Patch Update February 2013 (CERT-EU Security Advisory 2013-0019), plus an additional five fixes which had been previously planned for delivery. This distribution therefore completes the content for all originally planned fixes to be included in the Java SE Critical Patch Update for February 2013. Note also that Oracle has scheduled a Java SE Critical Patch Update for April 16, 2013, in addition to those previously scheduled in June and October of 2013 and in January of 2014. This additional distribution will be used to further accelerate Java security fixes to Java users.
JBoss Enterprise Application Platform 5.2.0 security update (CERT-EU Security Advisory 2013-0023)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix two security issues.
JBoss Enterprise Application Platform 4.3.0 security update (CERT-EU Security Advisory 2013-0022)
Updated JBoss Enterprise Application Platform 4.3.0 packages that fix two security issues.
Security Advisory for Adobe Reader and Acrobat (CERT-EU Security Advisory 2013-0021)
Adobe has identified two critical vulnerabilities affecting Adobe Reader and Acrobat for Windows and Macintosh.
Microsoft Security Updates (CERT-EU Security Advisory 2013-0020)
ERT-EU has received advance notification from Microsoft on a number of new security updates which has been released on February 12, 2013.
Oracle Java SE Critical Patch Update Advisory - February 2013 (CERT-EU Security Advisory 2013-0019)
The original Critical Patch Update for Java SE - February 2013 was scheduled to be released on February 19th, but Oracle decided to accelerate the release of this Critical Patch Update because active exploitation of one of the vulnerabilities affecting the Java Runtime Environment (JRE) in desktop browsers, was addressed with this Critical Patch Update.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2013-0018)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on February 12, 2013.
VMware security updates for vSphere (CERT-EU Security Advisory 2013-0017)
VMware vSphere security updates for the authentication service and third party libraries.
JBoss Enterprise Web Platform 5.2.0 security update (CERT-EU Security Advisory 2013-0016)
Updated JBoss Enterprise Web Platform 5.2.0 that fix one security issue.
JBoss Enterprise Application Platform 5.2.0 security update (CERT-EU Security Advisory 2013-0015)
Updated JBoss Enterprise Application Platform 5.2.0 that fix one security issue.
JBoss Enterprise Web Platform 5.2.0 update (CERT-EU Security Advisory 2013-0014)
JBoss Enterprise Web Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal.
Oracle Critical Patch Update - Junuary 2013 (CERT-EU Security Advisory 2013-0013)
The Critical Patch Update for Junuary 2013 [1] were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update. Be aware that Sun and MySQL patches have also been included in this realised. The Critical Patch Update Advisory [2] is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents. Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information. And the information concerning the fixed vulnerabilities [3].
This Security Alert addresses security issues CVE-2013-0422 (US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability) and another vulnerability possibly related to "permissions of certain Java classes," as exploited in the wild in January 2013, and as demonstrated by Blackhole and Nuclear Pack, affecting Java running in web browsers.
UPDATED - Microsoft Internet Explorer Security Advisory (CERT-EU Security Advisory 2013-0002)
Microsoft is investigating public reports of vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8. Internet Explorer 9 and Internet Explorer 10 are not affected by the vulnerability. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8. Applying the Microsoft Fix it solution, "MSHTML Shim Workaround," prevents the exploitation of this issue.
Cisco Prime LAN Management Solution (LMS) Virtual Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is due to improper validation of authentication and authorization commands sent to certain TCP ports. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.
Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.
Several vulnerabilities in Firefox, Thunderbird and Seamonkey (CERT-EU Security Advisory 2013-0009)
Mozilla developers identified and fixed several vulnerabilities [1-20]
Security updates for Adobe Reader and Acrobat [1] (CERT-EU Security Advisory 2013-0008)
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.0) and earlier versions for Windows and Macintosh, and Adobe Reader 9.5.1 and earlier 9.x versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. CVE numbers: CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627
Security Updates Available for Adobe Flash Player [1] (CERT-EU Security Advisory 2013-0007)
Adobe has released security updates for Adobe Flash Player 11.5.502.135 and earlier versions for Windows, Adobe Flash Player 11.5.502.136 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.258 and earlier versions for Linux, Adobe Flash Player 11.1.115.34 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.29 and earlier versions for Android 3.x and 2.x. These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.
Multiple Vulnerabilities in Adobe ColdFusion [1] (CERT-EU Security Advisory 2013-0006)
Adobe has identified three vulnerabilities affecting ColdFusion for Windows, Macintosh and UNIX: CVE-2013-0625 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user to remotely circumvent authentication controls, potentially allowing the attacker to take control of the affected server. CVE-2013-0629 affects ColdFusion 10, 9.0.2, 9.0.1 and 9.0, and could permit an unauthorized user access to restricted directories. CVE-2013-0631 affects ColdFusion 9.0.2, 9.0.1 and 9.0, and could result in information disclosure from a compromised server.
VMware security updates for vCSA and ESXi [1] (CERT-EU Security Advisory 2013-0005
VMware has updated vCenter Server Appliance (vCSA) and ESX to address multiple security vulnerabilities.
Microsoft Security Updates (CERT-EU Security Advisory 2013-0004)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 January 2013.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2013-0003)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on January 08, 2013. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The January 2013 Advance Notification Summary page is now live at http://technet.microsoft.com/security/bulletin/ms13-jan.
CERT-EU has been made aware of a security issue related to certificates issued by TURKTRUST Inc. TURKTRUST Inc is certificate provider which CA is included in several trusted CA databases used by products like browsers. Consequently, fraudulent certificates can be issued and be used to impersonate server and sites. A fraudulent certificate has been identified to impersonate *.google.com. [1]
Microsoft Security Update (CERT-EU Security Advisory 2012-0150)
CERT-EU has received notification from Microsoft on an update KB2753842 to resolve an issue with OpenType fonts not properly rendering after the original update was installed. Customers who have successfully installed the original KB2753842 update still need to install the rereleased update.
JBoss Enterprise SOA Platform 5.3.0 update [1] (CERT-EU Security Advisory 2012-0149)
JBoss Enterprise SOA Platform 5.3.0 roll up patch 2, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
Updated JBoss Enterprise Application Platform 6.0.1 packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact.
JBoss Enterprise BRMS Platform 5.3.1 update (CERT-EU Security Advisory 2012-0147)
JBoss Enterprise BRMS Platform 5.3.1, which fixes one security issue, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal.
JBoss Enterprise BRMS Platform 5.3.0 security update (CERT-EU Security Advisory 2012-0145)
An update for JBoss Enterprise BRMS Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal.
VMware View Server directory traversal (CERT-EU Security Advisory 2012-0144)
VMware View releases address a critical directory traversal vulnerability in the View Connection Server and View Security Server.
Adobe Hotfix available for ColdFusion 10 and earlier (CERT-EU Security Advisory 2012-0143)
Adobe has released a security hotfix for ColdFusion 10 and earlier versions for Windows, Macintosh and UNIX. This hotfix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment. Adobe recommends users update their product installation using the instructions provided below.
Security Updates Available for Adobe Flash Player (CERT-EU Security Advisory 2012-0142)
Adobe has released security updates for Adobe Flash Player 11.5.502.110 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.251 and earlier versions for Linux, Adobe Flash Player 11.1.115.27 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.24 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0141)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 12 December 2012.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2012-0140)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on December 11, 2012.
Denial of Service on Bind BIND nameservers using DNS64 (CERT-EU Security Advisory 2012-0139)
A nameserver can be crashed with a require assertion failure if a client sends a crafted query which can be resulted in a DoS.
Samsung printers and some Dell printers manufactured for Samsung contain and snmp account that could be used to get privileged access to the devices.
The PHP development team announces the immediate availability of PHP 5.4.9 and PHP 5.3.19. These releases fix over 15 bugs. All users of PHP are encouraged to upgrade to PHP 5.4.9, or at least 5.3.19.
Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. CVE-2012-5424 CVSS Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Web Security Appliances (WSA) include versions of Sophos Anti-Virus that contain multiple vulnerabilities that could allow an unauthenticated, remote attacker to gain control of the system, escalate privileges, or cause a denial-of-service (DoS) condition. CVSS Base Score: 9.7 (AV:N/AC:L/Au:N/C:C/I:C/A:P) [4]
Multiple vulnerabilities in Mozilla products (CERT-EU Security Advisory 2012-0134)
Several vulnerabilities have been detected in Mozilla products. Some of the ones reported below might already have been covered by previous CERT-EU advisories, but are mentioned for the sake of completeness. CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218, CVE-2012-4210, CVE-2012-4209, CVE-2012-5837, CVE-2012-4207, CVE-2012-5841, CVE-2012-4208, CVE-2012-4206, CVE-2012-4205, CVE-2012-4204, CVE-2012-4203, CVE-2012-5836, CVE-2012-4201, CVE-2012-4202, CVE-2012-5843, CVE-2012-5842
The Apache Tomcat security team issued new releases for Apache Tomcat to fix two security issues: Denial of Service for Tomcat 6.x and DIGEST authentication weaknesses for Tomcat 7.x and 5.5.x. CVE numbers: CVE-2012-2733, CVE-2012-3439
A potential security vulnerability has been identified with HP Integrated Lights-Out iLO3 and iLO4. The vulnerability could be remotely exploited resulting in a disclosure of information. CVE number: CVE-2012-3271 CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Security Updates Available for Adobe Flash Player [1] ( CERT-EU Security Advisory 2012-0130)
Adobe has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. These updates address critical vulnerabilities in the software. CVE numbers: CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280
Hotfix available for ColdFusion 10 for Windows [1] (CERT-EU Security Advisory 2012-0131)
Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation using the instructions provided in the "Solution" section below. CVE number: CVE-2012-5674
VMware has updated the vSphere API to address a denial of service vulnerability in ESX and ESXi. VMware has also updated the ESX Service Console to include several open source security updates. CVE-2012-5703, CVE-2012-1033, CVE-2012-1667, CVE-2012-3817, CVE-2011-4940, CVE-2011-4944, CVE-2012-1150, CVE-2012-0876, CVE-2012-1148, CVE-2012-0441
VMware Hosted Products and OVF Tool address security issues (ERT-EU Security Advisory 2012-0128)
VMware Hosted products and OVFTool patches address several security issues. CVE-2012-5458, CVE-2012-5459 and CVE-2012-3569
VMware has provided an upgrade path for vCenter Operations and CapacityIQ and an update for Movie Decoder. These updates address multiple security vulnerabilities. CVE-2012-4897, CVE-2012-5050, CVE-2012-5051
VMware vSphere and vCOps updates to third party libraries (CERT-EU Security Advisory 2012-0126)
VMware has updated several third party libraries in vSphere and vcOps to address multiple security vulnerabilities. CVE-2010-4180, CVE-2010-4252, CVE-2011-0014, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2012-0050 CVE-2012-2110 CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-3188, CVE-2011-3209, CVE-2011-3363, CVE-2011-4110, CVE-2011-1020, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2012-0207, CVE-2011-2699, CVE-2012-1583 CVE-2010-2761, CVE-2010-4410, CVE-2011-3597 CVE-2012-0841 CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2011-4128, CVE-2012-1569, CVE-2012-1573 CVE-2012-0060, CVE-2012-0061, CVE-2012-0815 CVE-2012-0393.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0125)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on November 13, 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively. Please note that the list of affected software shown below is an abstract. The full list of affected components can be found in [1]. Microsof's security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft's web-based security content, the information in Microsoft's web-based security content is authoritative.
Multiple Updates on JBOSS Products [1] (CERT-EU Security Advisory 2012-0123)
1) An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. [1]
Oracle Critical Patch Update - October 2012 [1] (CERT-EU Security Advisory 2012-0124)
The Critical Patch Update for October 2012 [2] and The Oracle Java SE Critical Patch Update [3] for October 2012 were released. Oracle strongly recommends applying the patches as soon as possible. Please note that Sun products are included in this Critical Patch Update.
Denial of Service on Bind [1] (CERT-EU Security Advisory 2012-0122)
A nameserver can be locked up if it can be induced to load a specially crafted combination of resource records.
Multiple Updates Available for CISCO Products [1,2,3] (CERT-EU Security Advisory 2012-0121)
CISCO has published multiple updates on their products that fix several vulnerabilities
Microsoft Security Updates (CERT-EU Security Advisory 2012-0120)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the October 09, 2012.
Security Updates Available for Adobe Flash Player (CERT-EU Security Advisory 2012-0119)
Adobe has released security updates for Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier for versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Revocation of Adobe Code Signing Certificate (CERT-EU Security Advisory 2012-0118)
Adobe is investigating what appears to be the misuse of an Adobe code signing certificate. Adobe has revoked the certificate on October 4 for all software code signed after July 10, 2012 (00:00 GMT). Adobe has issued updates signed using a new digital certificate for all affected products.
JBoss Enterprise Data Services Platform 5.3.0 update (CERT-EU Security Advisory 2012-0117)
JBoss Enterprise Data Services Platform 5.3.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update (CERT-EU Security Advisory 2012-0116)
An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal.
Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer 10 on all supported editions of Windows 8 and Windows Server 2012. The update addresses the vulnerabilities in Adobe Flash Player by updating the affected Adobe Flash libraries contained within Internet Explorer 10.
There appears to have been an exploit detected that affects fully patched versions of Microsoft Internet Explorer versions 6 through 9, and allows downloading and running arbitrary executables.
Security update available for Bind 9 (CERT-EU Security Advisor 2012-0113)
If a record with RDATA in excess of 65535 bytes is loaded into a nameserver, a subsequent query for that record will cause named to exit with an assertion failure.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0112)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 12 September 2012.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2012-0111)
ERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on September 11, 2012.
Oracle Java Runtime Environment (JRE) is prone to a remote code execution vulnerability.
Apache 'mod-rpaf' Module Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0109)
The Apache 'mod-rpaf' module is prone to a denial-of-service vulnerability.
Security update available for Adobe Flash Player (CERT-EU Security Advisory 2012-0108)
Adobe has released security updates for Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to open a specially crafted Excel ('.xls') file. Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploits will result in denial-of-service conditions.
Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution.
Microsoft is aware that detailed exploit code has been published for known weaknesses in the Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2). The MS-CHAP v2 protocol is widely used as an authentication method in Point-to-Point Tunneling Protocol (PPTP)-based VPNs.
Cisco IOS XR Software Route Processor DoS Vulnerability (CERT-EU Security Advisory 2012-0105)
Cisco IOS XR Software is prone to a denial-of-service vulnerability.An attacker can exploit this issue to cause the route processor on an affected device to stop transmitting packets from the route processor CPU to the fabric, resulting in a denial-of-service condition.To exploit this issue, attackers can use readily available network utilities.
Multiple Cisco Nexus devices are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the device to crash, denying service to legitimate users.
The JMX console as shipped with JBoss EAP 5.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. This vulnerability allows an attacker to invoke operations on mbeans via the JMX console.
When using the web gateway, an authenticated user is able to access other users' files without further access control if the URL of the file is known. The URL for a file contains non guessable elements.
Security update available for Adobe Shockwave Player (CERT-EU Security Advisory 2012-0101)
Adobe has released an update for Adobe Shockwave Player 11.6.5.635 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.5.635 and earlier versions update to Adobe Shockwave Player 11.6.6.636 using the instructions provided in the "Solution" section below.
Security update available for Adobe Flash Player (CERT-EU Security Advisory 2012-0100)
Adobe has released security updates for Adobe Flash Player 11.3.300.270 and earlier versions for Windows, Macintosh and Linux. These updates address a vulnerability (CVE-2012-1535) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Security update available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0099)
Adobe has released security updates for Adobe Reader and Acrobat X (10.1.3) and earlier versions for Windows and Macintosh. These updates address vulnerabilities in the software that could cause the application to crash and potentially allow an attacker to take control of the affected system.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0098)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 14 August 2012.
JBoss Enterprise SOA Platform 5.3.0 security update (CERT-EU Security Advisory 2012-0097)
An update for the JMX Console in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal.
Oracle Security Alert for CVE-2012-3132 (CERT-EU Security Advisory 2012-0096)
This security alert addresses the security issue CVE-2012-3132, the Privilege Escalation vulnerability in the Oracle Database Server that was recently disclosed at the Black Hat USA 2012 Briefings held in July 2012 involving INDEXTYPE CTXSYS.CONTEXT.
Microsoft Security Updates - Advance Notification (CERT-EU Security Advisory 2012-0095)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on August 14, 2012.
The Linux kernel is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to cause a kernel crash, denying service to legitimate users.
Cisco IOS SSH2 Sessions Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0093)
Cisco IOS is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.
Cisco ASA 5500 Series Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0092)
The Cisco Adaptive Security Appliance (ASA) 5500 Series is prone to a remote denial-of-service vulnerability. Successful exploits may allow an attacker to cause excessive memory consumption, resulting in a denial-of-service condition.
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions.
Denial of Service vulnerability in ISC BIND (CERT-EU Security Advisory 2012-0090)
Some versions of ISC BIND 9, when DNSSEC validation is enabled, do not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Jbossas security update (CERT-EU Security Advisory 2012-0089)
An update for JBoss Enterprise Portal Platform 4.3 CP07 that fixes one security issue is now available from the Red Hat Customer Portal. All users of JBoss Enterprise Portal Platform 4.3 CP07 as provided from the Red Hat Customer Portal are advised to install this update.
Multiple vulnerabilities fixed in php(CERT-EU Security Advisory 2012-0088)
Multiple vulnerabilities has been discovered and corrected in php. Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service. The updated packages have been upgraded to the 5.3.15 version which is not vulnerable to these issues.
Data_len paremeter of sock_alloc_send_pskb() function is not validated before setting frags of allocated skb, which can lead to heap overflow CVE-2012-2136 CVSS v2 Base Score:6.2 (MEDIUM) (AV:L/AC:H/Au:N/C:C/I:C/A:C).
Several vulnerabilities addressed in this Critical Patch Update affect multiple products. Each vulnerability is identified by a CVE# which is a unique identifier for vulnerability. The highest CVSS 2.0 Base Score for vulnerabilities in this Critical Patch Update is 10.0 for Oracle JRockit of Oracle Fusion Middleware.
VMware ESXi update to third party library ( CERT-EU Security Advisory 2012-0084)
VMware ESXi update addresses several security issues related to third party component libxml2.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0083 )
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 July 2012. This advisory is intended to help you plan for the deployment of these security updates more effectively.
JBOSS security updates (CERT-EU Security Advisory 2012-0082)
Updated resteasy packages that fix one security issue are now available for several JBOSS products
Linux Kernel is vulnerable to a denial of service, caused by an error related to adding epoll file descriptors in each other in circle.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0080)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 10 July 2012.
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries
The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases,exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
Linux kernel security flaw in the NFSv4 implementation(CERT-EU Security Advisory 2012-0077)
The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.
The vulnerability which was patched in MS12-037 as part of the June edition of Microsoft's Patch Tuesday is being exploited in the wild.
VMware products allow user-assisted remote attackers to execute arbitrary code on the host OS or cause a denial of service (memory corruption) on the host OS via a crafted Checkpoint file.
An update that fixes one security issue is now available from the Red Hat Customer Portal.The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,is available from the CVE link in the References section.
NEW!!! CERT-EU has recently received several alerts about connections from IP addresses within our constituency to the rogue DNS Servers listed below. It was later confirmed that, while some of these connections were genuine, other connections were in fact spoofed.
Oracle Java SE Critical Patch Update Advisory - June 2012(CERT-EU Security Advisory 2012-0073)
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes.
Security updates available for Adobe Flash Player (CERT-EU Security Advisory 2012-0072)
Adobe released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
CERT-EU has been made aware of an action taken by FBI to eradicate the DNSChanger malware [1,4]. A list of rogue DNS servers has been published and can be used to identify infected PCs in your network, see "What can you do" section below.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0071)
CERT-EU has received advance notification from Microsoft on a number of new security updates which are planned for release on 12 June 2012.
Linkedin password hash database leaked (CERT-EU Security Advisory 2012-0070)
Linkedin confirmed[1] that a file containing around 65 million of (unsalted) SHA1 password hashes connected to a Linkedin accounts have been publicly posted.
Several vulnerabilities in Firefox, Thunderbird and Seamonkey (CERT-EU Security Advisory 2012-0069)
The most severe vulnerability (Priority: urgent; Severity: urgent; classification done by Redhat) allows a remote attacker to run code in the security context of a user of Firefox, Thunderbird or Seamonkey, when they open a malicious website or email.
Denial of Service vulnerability in ISC BIND (CERT-EU Security Advisory 2012-0068)
CVE-2012-1667: Handling of zero length rdata can cause named to terminate unexpectedly CVSS Score: 8.5 HIGH[2] CVSS Equation: (AV:N/AC:L/Au:N/C:P/I:N/A:C) A problem in BIND was uncovered while testing with experimental DNS record types. It is possible to add records to BIND with null (zero length) rdata fields.
Vulnerability in Microsoft Certificate Authority(CERT-EU Security Advisory 2012-0067)
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.
Symantec Endpoint Protection Multiple Issues (CERT-EU Security Advisory 2012-0066)
Symantec was notified of a vulnerable service running on the Symantec Endpoint Protection 12.1 management console. Successful access to this service can potentially allow an unauthorized remote attacker to launch a two-stage exploit attempt against the targeted server.
Multiple issues in Linux Kernel (CERT-EU Security Advisory 2012-0065)
Multiple issues in Linux Kernel include multiple buffer overflows in the hfsplus filesystem implementation, problems with handling the use of file system capabilities by the cap_bprm_set_creds function in security/commoncap.c, and the KVM implementation makes a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
OpenSSL Security Advisory - Invalid TLS/DTLS record attack(CERT-EU Security Advisory 2012-0064)
A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack or arbitrary code execution on both clients and servers.[1,3]
Multiple vulnerabilities in Adobe Shockwave Player (CERT-EU Security Advisory 2012-0063)
Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities (memory corruption) that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system allowing unauthorized disclosure of information, unauthorized modification or disruption of service.
Microsft Security Updates (CERT-EU Security Advisory 2012-0062)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 8 May 2012.
Remote code-execution vulnerability in Adobe Flash Player (CERT-EU Security Advisory 2012-0061)
Adobe released security updates for Adobe Flash Player. These updates address an object confusion vulnerability (CVE-2012-0779)[2] that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There is a vulnerability in certain CGI-based setups that has gone unnoticed for at least 8 years (!) [1,2]. Some systems support a method for supplying an array of strings to the CGI script. This is only used in the case of an 'indexed' query.
The bug, which Oracle reported as fixed in the most recent Critical Patch Update [2,5], is only fixed in upcoming versions of the database, not in currently shipping releases, and there is publicly available proof-of-concept exploit code circulating [3,4].
Two critical vulnerabilities have been identified in the Oracle Grid Engine component of Oracle Sun Products Suite
VMware ESX updates to ESX Service Console (CERT-EU Security Advisory 2012-0057)
======= VMware has released a patch to the ESX Service Console Operating System (COS) kernel which addresses several security issues in the COS kernel. The ESX Console Operating System (COS) libxml2 rpms are updated to the following versions libxml2-2.6.26-2.1.12.el5_7.2 and libxml2-python-2.6.26-2.1.12.el5_7.2 which addresses several security issues. The list of CVEs patched includes: CVE-2011-3191, CVE-2011-4348, CVE-2012-0028 CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, and CVE-2011-3919. CVSS v2 Base Score for these vulnerabilities vary from 4.3 to 7.1 (from MEDIUM to HIGH)
OpenSSL Security Advisory - ASN1 BIO vulnerability (CERT-EU Security Advisory 2012-0056)
A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Incorrect integer conversions in OpenSSL can result in memory corruption.
Oracle Critical Patch Update - April 2012 (CERT-EU Security Advisory 2012-0055)
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible.
Privilege escalation vulnerability in VMWare products (CERT-EU Security Advisory 2012-0054)
VMware has release a patch to fix a privilege escalation issue in the hosted products and ESXi/ESX. The vulnerability may lead to unauthorised access in the targeted Virtual Machines (guest) or cause a denial of service.
Remote code execution in Samba(CERT-EU Security Advisory 2012-0053)
Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.
Multiple vulnerabilities in Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0052)
Adobe has released a patch for several vulnerabilities found in the Adobe Reader and Acrobat product. These vulnerabilities may lead to unauthorised access to the targeted system or cause a denial of service (memory corruption). The vendor has assessed these vulnerabilities as CRITICAL.
Microsft Security Updates (CERT-EU Security Advisory 2012-0051)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 10 April 2012.
Buffer Overflow Vulnerabilities in the Cisco WebEx Player (CERT-EU Security Advisory 2012-0050)
The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. Successful exploitation of the vulnerabilities could cause the Cisco WRF player application to crash and, in some cases, allow a remote attacker to execute arbitrary code on the system with the privileges of the user who is running the WRF player application.
Title: JBoss Enterprise BRMS Platform 5.2.0 update (CERT-EU Security Advisory 2012-0049)
JBoss Enterprise BRMS Platform 5.2.0 roll up patch 1, which fixes two security issues, various bugs:
Memory corruption vulnerability in libpng (CERT-EU Security Advisory 2012-0048)
libpng through 1.5.9, 1.4.10, 1.2.48, and 1.0.58 are vulnerable to memory corruption that can lead to remote arbitrary code execution and denial of service. This vulnerability impacts Linux, Windows and Mac OS platforms.
Multiple vulnerabilities in VMWare ESX [1](CERT-EU Security Advisory 2012-0047)
VMware ESXi and ESX address several security issues: - - VMware ROM Overwrite Privilege Escalation - - ESX third party update for Service Console kernel - - ESX third party update for Service Console krb5 RPM These vulnerabilities may lead to unauthorised access to the targeted Virtual Machines or cause a denial of service.
Multiple vulnerabilities in Adobe Flash Player (CERT-EU Security Advisory 2012-0046)
Adobe has released a patch for two vulnerabilities found in the Flash Player product. This update resolves: - - a memory corruption vulnerability related to URL security domain checking that could lead to code execution (ActiveX, Windows 7 or Vista only) (CVE-2012-0772). - - a memory corruption vulnerability in the NetStream class that could lead to code execution (CVE-2012-0773).
JBOSS Security Updates (CERT-EU Security Advisory 2012-0045)
An update for JBoss Operations Network 2.4.2 that fixes one security issue is now available from the Red Hat Customer Portal.
Multiple vulnerabilities in Mozilla Thunderbird and Firefox (CERT-EU Security Advisory 2012-0044)
Several vulnerabilities have been detected in Mozilla products; some of these have been covered by previous CERT-EU advisories already, but are mentioned here again for the sake of completeness.
VMware issues Security Advisories & Certifications (Reference: CERT-EU Security Advisory 2012-0043)
VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues.
a. VMware Virtual Desktop Display Driver Privilege Escalation. Exploitation of these issues may lead to local privilege escalation on View virtual desktops. b. View Manager Portal Cross-site Scripting. The attacker can trigger this vulnerability by supplying a crafted URL to the victim and convincing them to click on the link.
The Cisco AnyConnect ActiveX control contains a buffer overflow vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Denial of Service Vulnerability in Cisco Firewall (CERT-EU Security Advisory 2012-0040)
When multicast routing is enabled, these devices allow remote attackers to cause a denial of service (device reload) via a crafted IPv4 PIM message, aka Bug IDs CSCtr47517 and CSCtu97367.
These issues allow remote attackers to cause a denial of service (device reload) via a crafted series of (1) IPv4 or (2) IPv6 UDP packets, aka Bug ID CSCtq10441.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Multiple unspecified vulnerabilities in the browser engine allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
An attacker can exploit this issue to disclose certain data from the user's memory. Information obtained may aid in further attacks.
Microsoft Security Updates (CERT-EU Security Advisory 2012-0036)
CERT-EU has received notification from Microsoft on a number of new security updates which have been released on the 13 March 2012.
JBOSS Security Updates (CERT-EU Security Advisory 2012-0035)
JBoss Enterprise SOA Platform 5.2.0 roll up patch 1, which fixes one security issue and various bugs, is now available from the Red Hat Customer Portal.
OpenSSL Security Update (CERT-EU Security Advisory 2012-0034)
OpenSSL has issued a security update for the CMS and S/MIME Bleichenbacher attack (CVE-2012-0884).
VMware VirtualCenter Update 6b and ESX 3.5 patch update JRE.
The vCenter Chargeback Manager contains a vulnerability that allows information leakage and denial-of-service.
Adobe Flash Player - Multiple Vulnarabilities (CERT-EU Security Advisory 2012-0019:Update 1)
Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.
CVE-2012-0397 Buffer overflow in EMC RSA SecurID Software Token Converter before 2.6.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.[1][2]
Vulnerabilities in Adobe Flash Player (CERT-EU Security Advisory 2012-0030)
CVE-2012-0768 and CVE-2012-0769. This vulnerability is currently undergoing analysis and not all information is available. Adobe has rated this incident as Priority 2 Critical.
Kelihos Botnet is Back and Active (CERT-EU Security Advisory 2012-0029)
In September 2011, Microsoft announced the takedown of the Kelihos botnet [1]. In the beginning of 2012, Kaspersky found a new version of Kelihos in the wild [2]. Kelihos (also know as Hlux) is a Spambot with the capability to steal credentials from the victims computer and drop additional malware. While the old version used the second level domain cz.cc for it’s distribution and to control the botnet, the new version takes advantage of TLD .eu in combination with Fast Flux techniques [3]. More detailed analysis may be found in [3].
CVSS Base Scores CVE-2012-0330: Error while processing malformed SIP message CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Multiple Vulnerabilities in Cisco Unity Connection (CERT-EU Security Advisory 2012-0027)
CVSS Base Scores CVE-2012-0366: Privilege Escalation Vulnerability CVSS v2 Base Score: 9.0 (CRITICAL) (AV:N/AC:L/Au:S/C:C/I:C/A:C) [3])
CVSS Base Scores CVE-2011-4486: SCCP Registration may Cause Reload CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Multiple Vulnerabilities in Cisco Wireless LAN Controllers (CERT-EU Security Advisory 2012-0025)
CVSS Base Scores CVE-2012-0368: HTTP Denial of Service Vulnerability CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3])
Cisco Cius Denial of Service Vulnerability (CERT-EU Security Advisory 2012-0024)
Cisco Cius Software contains a denial of service vulnerability that could cause the device to stop responding (DoS).
Remote code execution vulnerability in smbd ( CERT-EU Security Advisory 2012-0023)
An input validation flaw in Samba could allow a remote attacker to execute arbitrary code with the privileges of the Samba server (root). CVE-2012-0870
Cisco Small Business SRP 500 Series Multiple Vulnerabilities ( CERT-EU Security Advisory 2012-0022)
Several vulnerabilities have been fixed in Cisco Small Business (SRP 500) Series Services Ready Platforms.
The NFS implementation in the Linux kernel is prone to a local denial-of-service vulnerability due to null-pointer dereference error. CVE-2011-4325
Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet.
Adobe Flash Player - Multiple Vulnarabilities (CERT-EU Security Advisory 2012-0019)
Critical vulnerabilities have been identified in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x.
Oracle Java SE Critical Patch Update (CERT-EU Security Advisory 2012-0018)
A Critical Patch Update is a collection of patches for multiple security vulnerabilities. The Critical Patch Update for Java SE also includes non-security fixes. Critical Patch Updates are cumulative and each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 14 new security fixes across Java SE products.
Adobe Shockwave Player - remote code execution vulnerability (CERT-EU Security Advisory 2012-0017)
Adobe reported vulnerabilities in their Shockwave Players that could allow an attacker to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.3.633 and earlier versions to update to Adobe Shockwave Player 11.6.4.634.
CERT-EU has been made aware of an action taken by FBI to eradicate the DNSChanger malware [1,4]. A list of rogue DNS servers has been published and can be used to identify infected PCs in your network, see "What can you do" section below.
PHP5 Arbitrary Remote Code Execution Vulnerability (CERT-EU Security Advisory 2012-0015)
The PHP development team announced the immediate availability of PHP 5.3.10. This release delivers a critical security fix. This release fixes the arbitrary remote code execution vulnerability CVE-2012-0830.
Multiple vulnerabilities in JBoss Operations Network (CERT-EU Security Advisory 2012-0014)
Red Hat has released fixes to JBoss Operations Network (JBoss ON), a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Oracle has released a security advisory about a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (OC4J) and Oracle iPlanet Web Server due to hashing collisions. No authentication is required to exploit this vulnerability, so it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to affect the system availability.
Multiple vulnerabilities in JBoss Web server (CERT-EU Security Advisory 2012-0012)
Red Hat has released fixes to JBoss Communications Platform and JBoss Web, the web container of JBoss Enterprise Application Platform. These vulnerabilities can allow remote attackers to access sensitive information or cause a denial of service.
Multiple vulnerabilities in Apache HTTP server (CERT-EU Security Advisory 2012-0011)
The Apache Software Foundation has released a new version the Apache HTTP server that fixes multiple vulnerabilities. These vulnerabilities can allow remote attackers to access sensitive information, cause a denial of service or allow local users to escalate privileges.
Multiple vulnerabilities in VMware ESXi and ESX (CERT-EU Security Advisory 2012-0010)
VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues
Sudo format string vulnerability (CERT-EU Security Advisory 2012-0009)
A flaw exists in the debugging code in sudo versions 1.8.0 through 1.8.3p1 that can be used to crash sudo or potentially allow an unauthorized user to elevate privileges to root.
Cisco IronPort Email Security Appliances (ESA) and Cisco IronPort Security Management Appliances (SMA) contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges
Vulnerability in OpenSSL in DTLS applications (CERT-EU Security Advisory 2012-0006)
OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.
Cisco IP Video Phone E20 Default Root Account Cisco TelePresence Software version TE 4.1.0 contains a default account vulnerability that could allow an unauthenticated, remote attacker to take complete control of the affected device.
Remote Security Vulnerability in Oracle Sun Solaris (CERT-EU Security Advisory 2012-0004)
Oracle Sun Solaris is prone to a remote security vulnerability. Fixes are available.
Multiple vulnerabilities in Apache Tomcat (CERT-EU Security Advisory 2012-0003)
The Apache Tomcat security team disclosed two vulnerabilities in their product. Fixes are available. The vulnerabilities allow unauthorized disclosure of information and disruption of service.
Multiple vulnerabilities in OpenSSL (CERT-EU Security Advisory 2012-0002)
The OpenSSL project disclosed various vulnerabilities in their product.
Security updates available for Adobe Reader and Acrobat (CERT-EU Security Advisory 2012-0001).
These updates address critical vulnerabilities (CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373) in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. These updates include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows as referenced in Security Bulletin APSB11-30.
Microsoft has released an out-of-band security update [1] that resolves one publicly disclosed vulnerability [2] and three privately reported vulnerabilities in Microsoft .NET Framework.
Multiple vulnerabilities have been found in Mozilla Firefox / Thunderbird. A fix is available.
Multiple vulnerabilities on JBoss Enterprise Portal Platform (CERT-EU Security Advisory 2011-0031)
Multiple vulnerabilities have been found in JBoss Enterprise Portal Platform. A patch is available.
RSA SecurID Software Token is prone to a vulnerability that lets attackers execute arbitrary code. This vulnerability may be exploited to load arbitrary libraries by tricking a user into opening a Software Token file located on a compromised or malicious share.
Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 are prone to an information disclosure vulnerability, exploitable by a remote attacker to obtain information from the browser history.[1] Updated versions are available.[3]
Unspecified vulnerability in Adobe Flash Player 11.1.102.55 (Security Advisory 2011-0027)
Adobe Flash Player 11.1.102.55 on Windows and Mac OS X is prone to remote attacks by execution of arbitrary code via a crafted SWF file.
Adobe Acrobat and Reader U3D Memory Corruption Vulnerability (Security Advisory 2011-0026)
Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability.
JBoss Application Server Administrative Console Cross-Site Scripting (Security Advisory 2011-0025)
JBoss Application Server console is prone to a cross-site scripting vulnerability while handling DOM objects; fixes are available.
JBoss AS Administration Cross Site Request Forgery Vulnerability (Security Advisory 2011-0024)
JBoss AS is prone to a cross-site request-forgery vulnerability; fixes are available.
HP Printers and Digital Senders Remote Security Bypass Vulnerability (Security Advisory 2011-0023)
HP Printers and Digital Senders are prone to a security-bypass vulnerability leading to the installation of a malicious firmware
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability Apache HTTP Server is prone to a security-bypass vulnerability.
Multiple Linux Kernel Vulnerabilities (CERT-EU Security Advisory 2011-0021)
Linux kernel is prone to multiple 'hardlink' stack-based buffer-overflow vulnerabilities and multiple integer-overflow vulnerabilities because of a failure to properly bounds check user-supplied input. Specifically, hardlink fails to properly handle deeply nested directories.
IBM Lotus Mobile Connect is prone to a cross-site scripting vulnerability. Fixes are available. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0019)
The Linux kernel is prone to a remote denial-of-service vulnerability. Specifically, this issue occurs when using certain network drivers for handling VLAN 0 frames with the priority tag set. Attackers can remotely exploit this issue by sending specially crafted packets to the affected computer. An attacker can exploit this issue to cause the kernel to crash, denying service to legitimate users.
Linux Kernel - Remote Denial of Service Vulnerability (CERT-EU Security Advisory 2011-0018)
The Linux kernel is prone to a remote denial-of-service vulnerability. To exploit this issue, attackers can use readily available network utilities.
Microsoft Windows Kernel Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0017)
Microsoft Windows is prone to a remote code-execution vulnerability. A commercial exploit is available for CORE IMPACT; urgency raised.
Oracle Java Remote Java Runtime Environment (CERT-EU Security Advisory 2011-0016)
Oracle Java SE is prone to a remote vulnerability in Java Runtime Environment. A commercial exploit is available through VUPEN Security; urgency raised.
ISC BIND 9 Recursive Queries Remote DoS (CERT-EU Security Advisory 2011-0015)
ISC BIND is prone to a remote denial-of-service vulnerability
Adobe Acrobat and Reader - Multiple Vulnarabilities (CERT-EU Security Advisory 2011-0014)
Critical vulnerabilities have been identified in Adobe Acrobat and Reader.
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability (CERT-EU Security Advisory 2011-0013)
Adobe Flash Player - Multiple Vulnerabilities (CERT-EU Security Advisory 2011-0012)
Critical vulnerabilities have been identified in Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier versions for Android. [1]
Mozilla Firefox and Thunderbird are prone to a security-bypass vulnerability [1]. This issue occurs because installed add-ons fail to properly use 'XPCNativeWrappers' in the 'loadSubScript()' function.
Mozilla Firefox and Thunderbird are prone to an HTML-injection vulnerability CVE-2011-3648(Candidate) Exploits are available. Fixes are available.
Multiple vulnerabilities on Adobe Shockwave Player (CERT-EU Security Advisory 2011-0009)
Adobe Shockwave Player is prone to several memory corruption vulnerabilities [1] leading to arbitrary code execution.
Oracle is prone to a buffer-overflow discovered in 2007 which remains unpatched [1][2]. An exploit code has become available [3] which raises the criticality of the advisory.
Potential DoS threat against SSL/TLS servers (CERT-EU Security Advisory 2011-0007)
A hacker group has released a tool [1] that can perform denial of service attacks against SSL based servers. The released tool exploits a flaw in the SSL secure renegotiation feature. The attack requires very low resources at the client side, a single PC with a DSL connection might be enough to take all resources of an average SSL server. It will require more resources (about 20 laptops) to take the resources of larger server farms. This makes the threat more important than standard DoS attempts through resource exhaustion.
A vulnerability [1] has been released on the Apache HTTP server in reverse-proxy mode. The vulnerability impacts httpd 1.3 all versions and httpd 2.x all versions using the mod_proxy with certain configuration of RewriteRule or ProxyPassMatch. See [1] http://seclists.org/fulldisclosure/2011/Oct/232 for further details.
Two security researchers demonstrated[1] an attack against encrypted SSL and TLS "cookies", which sometimes store credentials (for example, Google or Facebook) to keep a user logged in. The attack received a lot of media attention. This advisory aims at explaining what a potential attacker would need to do for a successful attack, and what can/must be done to mitigate it. Click for further details.
Adobe announced[1] the availability of a patch for multiple critical vulnerabilities found in Flash Player. Click for further details.
Oracle emergency patch for Apache HTTPD DoS vulnerability (CERT-EU Security Advisory 2011-0003)
Oracle announced[1] the availability of a patch for a denial of service vulnerability in Apache HTTPD. Click for further details.
Info
This website is managed by CERT-EU. Find out more about us.
For questions or comments, please contact us at:
email: cert-eu@ec.europa.eu
PGP Fingerprint: D894 7318 0495 62AB 9DE8 41DC B3F8 FCC1 B607 5AB8
Emergency phone: +3222990005
Tools
Thursday, June 29, 2017
5:46:00 PM CEST
Edition
Tuesday, August 30, 2016 4:24:00 PM CEST
Edition: 1
Select another edition
< Prev 1
Contents
