Docker 1.3.2 - Security Advisory [24 Nov 2014]
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Around 5:00pm PST on November 23, the Domain Name Service records for at least some of the sites hosted by the online classified ad and discussion service Craigslist were hijacked. At least some Craigslist visitors found their Web requests redirected toward an underground Web forum previously associated with selling stolen celebrity photos and other malicious activities.

In a blog post, Craigslist CEO Jim Buckmaster said that the DNS records for Craigslist sites were altered to direct incoming traffic to what he characterized as “various non-craigslist sites.” The account was restored, and while the DNS records have been corrected at the registrar, some DNS servers were still redirecting traffic to other servers as late as this afternoon.

Craigslist's domain registrar is Network Solutions, which is owned by Web.com. [Update, 5:32 PM EST November 24: John Herbkersman, a spokesperson for Web.com, told Ars,“The issue has been resolved. At this time we are continuing to investigate the incident.”]

Read 4 remaining paragraphs | Comments

Multiple KDE Products CVE-2014-8600 Multiple Security Bypass Vulnerabilities
Drupal Core CVE-2014-9016 Denial of Service Vulnerability
Drupal Core CVE-2014-9015 Session Hijacking Vulnerability
Linux Kernel Multiple Security Vulnerabilities
CVE-2014-8419 - CodeMeter Weak Service Permissions

A Finnish IT company has uncovered a bug in WordPress 3 sites that could be used to launch a wide variety of malicious script-based attacks on site visitors’ browsers. Based on current WordPress usage statistics, the vulnerability could affect up to 86 percent of existing WordPress-powered sites.

The vulnerability, discovered by Jouko Pynnonen of Klikki Oy, allows an attacker to craft a comment on a blog post that includes malicious JavaScript code. On sites that allow comments without authentication—the default setting for WordPress—this could allow anyone to post malicious scripts within comments that could target site visitors or administrators. A proof of concept attack developed by Klikky Oy was able to hijack a WordPress site administrator’s session and create a new WordPress administrative account with a known password, change the current administrative password, and launch malicious PHP code on the server. That means an attacker could essentially lock the existing site administrator out and hijack the WordPress installation for malicious purposes.

“For instance, our [proof of concept] exploits first clean up traces of the injected script from the database,” the Klikki Oy team wrote in a blog post on the vulnerability, “then perform other administrative tasks such as changing the current user's password, adding a new administrator account, or using the plugin editor to write attacker-supplied PHP code on the server (this impact applies to any WordPress XSS if triggered by an administrator). These operations happen in the background without the user seeing anything out of the ordinary. If the attacker writes new PHP code on the server via the plugin editor, another AJAX request can be used to execute it instantaneously, whereby the attacker gains operating system level access on the server.”

Read 1 remaining paragraphs | Comments


Hello Dear Readers,

This diary comes to you by way of the real world and was taken very recently. Has anyone seen anything like this before? This handler was stunned into silence before the years of cynicism took over and I started breathing again. I was about to leave the convenience store, as I had passengers and they were in a hurry, but instead got out and took this picture. There were no cameras monitoring it, the position as you can tell, was around the side of the store, the placement in the area was convenient for drivers to use but terrible for monitoring. I could see someone driving up to use this, and then perhaps making a modification to it for say skimming or repeat after me boys and girls? Can we say pivot" />

comments: I would never use this (Agree/Disagree) This is risky (Agree/Disagree)


Richard Porter


rporter at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LinuxSecurity.com: Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities has been found in Ansible which may allow local privilege escalation.
LinuxSecurity.com: Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service.
LinuxSecurity.com: A NULL pointer dereference in Openswan may allow remote attackers to cause Denial of Service.
LinuxSecurity.com: Updated krb5 packages fix security vulnerability: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote [More...]
LinuxSecurity.com: Updated wireshark packages fix security vulnerabilities: SigComp UDVM buffer overflow (CVE-2014-8710). AMQP crash (CVE-2014-8711). [More...]
LinuxSecurity.com: Updated libvirt packages fix security vulnerability: Eric Blake discovered that libvirt incorrectly handled permissions when processing the qemuDomainFormatXML command. An attacker with read-only privileges could possibly use this to gain access to certain [More...]
LinuxSecurity.com: [More...] _______________________________________________________________________
LinuxSecurity.com: Updated qemu packages fix security vulnerabilities: Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host [More...]
LinuxSecurity.com: Updated srtp package fixes security vulnerability: Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how [More...]
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in asterisk: Remote crash when handling out of call message in certain dialplan configurations (CVE-2014-6610). [More...]
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
ClamAV CVE-2013-6497 Local Denial of Service Vulnerability
Python Imaging Library and Pillow CVE-2014-3007 Arbitrary Command Execution Vulnerability
ClamAV 'libclamav/pe.c' Heap Based Buffer Overflow Vulnerability
Multiple Puppet Products CVE-2014-3248 Remote Code Execution Vulnerability

Posted by InfoSec News on Nov 24


By Dan Goodin
Ars Technica
Nov 23 2014

Researchers have unearthed highly advanced malware they believe was
developed by a wealthy nation-state to spy on a wide range of
international targets in diverse industries, including hospitality,
energy, airline, and research.

Backdoor Regin, as researchers at security firm Symantec are...

Posted by InfoSec News on Nov 24


By Kim Zetter
Threat Level

In 1989, the year the Berlin Wall began to fall, American artist Jim
Sanborn was busy working on his Kryptos sculpture, a cryptographic puzzle
wrapped in a riddle that he created for the CIA’s headquarters and that
has been driving amateur and professional cryptographers mad ever since.

To honor the 25th anniversary of the Wall’s demise and...

Posted by InfoSec News on Nov 24


By Nick Westoll
Staff Reporter
Nov 24 2014

The Toronto Police Service website went down on Sunday evening after a
Twitter user threatened to hack it.

According to police, the site was the subject of a Distributed Denial of
Service (DDoS) attack.

Twitter user @AerithTOR claimed responsibility for the attack on the
social networking site....
Multiple Asterisk Products CVE-2014-6610 Out of Call Message Denial of Service Vulnerability
Ansible CVE-2014-4657 Remote Code Execution Vulnerability
Ansible CVE-2014-4678 Incomplete Fix Remote Code Execution Vulnerability
Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin
Internet Storm Center Infocon Status