Vol. 14, Num. 27
This is a weekly newsletter that provides in-depth analysis of the latest vulnerabilities with straightforward remediation advice. Qualys supplies a large part of the newly-discovered vulnerability content used in this newsletter.
CONTENTS:
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES 7/2/2014 - 7/8/2014
TOP VULNERABILITY THIS WEEK: Microsoft & Adobe Patch Tuesday; multiple
critical vulnerabilities.
NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM
Title: Microsoft Patch Tuesday for July 2014
Description: Microsoft releases patches for critical vulnerabilities
found in Microsoft Internet Explorer, and Windows Journal, important
vulnerabilities in the On-Screen Keyboard, Ancillary Function Driver and
DirectShow, and a denial of service vulnerability in the Microsoft
Service Bus (AMQP) system.
Reference: https://technet.microsoft.com/en-us/library/security/ms14-jul.aspx
Snort SID: 31380-31391
ClamAV: Html.Exploit.CVE_2014_1765, Html.Exploit.CVE_2014_2804,
Html.Exploit.CVE_2014_2787, Html.Exploit.CVE_2014_2801
Title: Adobe Patch Tuesday Jul 2014
Description: Adobe releases updates to Adobe Flash Player addressing
multiple security bypass vulnerabilities, and a JSONP callback API
vulnerability. Adobe Flash Player, and Adobe AIR are impacted.
Reference: http://helpx.adobe.com/security/products/flash-player/apsb14-17.html
Snort SID: 31392-31397
Java support over for Windows XP
www.zdnet.com/java-support-over-for-windows-xp-7000031226/
Threat Spotlight: A string of ‘paerls’
Part 1 & 2: http://sfi.re/1qSDrfO http://sfi.re/paerls2
Analysis of Asterope
http://stopmalvertising.com/malware-reports/analysis-of-asterope.html
Connected cars - convenient and vulnerable
http://blog.kaspersky.com/connected-car-weak/
USG Aurora Data Dump
www.digitalbond.com/blog/2014/07/07/usg-aurora-data-dump/
Volatility at Black Hat USA & DFRWS 2014
http://volatility-labs.blogspot.com/2014/07/volatility-at-black-hat-usa-dfrws-2014.html
Kansa: Automating Analysis
http://trustedsignal.blogspot.com/2014/07/kansa-automating-analysis.html
RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM
This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.
ID: CVE-2014-2969
Title: Netgear GS105PE Prosafe Plus Switch Contains Hard-Coded Login
Credentials
Vendor: Netgear
Description: NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5
have a hardcoded password of debugpassword for the ntgruser account,
which allows remote attackers to upload firmware or read or modify
memory contents, and consequently execute arbitrary code, via a request
to (1) produce_burn.cgi, (2) register_debug.cgi, or (3)
bootcode_update.cgi.
CVSS v2 Base Score: 8.3 (AV:A/AC:L/Au:N/C:C/I:C/A:C)
ID: CVE-2012-1876
Title: Microsoft Internet Explorer Col Element Memory Corruption
Vulnerability
Vendor: Microsoft
Description: Microsoft Internet Explorer 6 through 9, and 10 Consumer
Preview, does not properly handle objects in memory, which allows remote
attackers to execute arbitrary code by attempting to access a
nonexistent object, leading to a heap-based buffer overflow, aka “Col
Element Remote Code Execution Vulnerability,” as demonstrated by VUPEN
during a Pwn2Own competition at CanSecWest 2012.
CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
ID: N/A
Title: Supermicro Server Motherboard Credential Disclosure Vulnerability
Vendor: Supermicro
Description: Supermicro motherboards store administrator passwords in
plain text, which is available to any attacker who can connect to TCP
port 49152.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
ID: CVE-2014-0515
Title: Adobe Flash Player Shader Buffer Overflow
Vendor: Adobe
Description: Buffer overflow in Adobe Flash Player before 11.7.700.279
and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and
before 11.2.202.356 on Linux, allows remote attackers to execute
arbitrary code via unspecified vectors, as exploited in the wild in
April 2014.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
ID: CVE-2014-0094
Title: Apache Struts ClassLoader Manipulation Remote Code Execution
Vendor: Apache
Description: The ParametersInterceptor in Apache Struts before 2.3.16.1
allows remote attackers to “manipulate” the ClassLoader via the class
parameter, which is passed to the getClass method.
CVSS v2 Base Score: 5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N)
ID: CVE-2014-1776
Title: Microsoft Internet Explorer Use-after-Free Vulnerability
Vendor: Microsoft
Description: Use-after-free vulnerability in VGX.DLL in Microsoft
Internet Explorer 6 through 11 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via
unspecified vectors, as exploited in the wild in April 2014.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)
ID: CVE-2014-0160
Title: OpenSSL TLS Heartbeat Extension Buffer Oveflow Information
Disclosure Vulnerability (Heartbleed)
Vendor: OpenSSL Project
Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1
before 1.0.1g do not properly handle Heartbeart Extension packets, which
allows remote attackers to obtain sensitive information from process
memory via crafted packets that trigger a buffer over-read, as
demonstrated by reading private keys, related to d1_both.c and t1_lib.c.
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
MOST PREVALENT MALWARE FILES 7/2/2014 - 7/8/2014 COMPILED BY SOURCEFIRE
SHA 256: FA437EE13A4CC083D91B9DBD90F341CDA0051614998578AB51D0242742C04AB1
MD5: 7e271cf7bd83f1a0165f6beb3a3b49f9
VirusTotal:
https://www.virustotal.com/file/FA437EE13A4CC083D91B9DBD90F341CDA0051614998578AB51D0242742C04AB1/analysis/#additional-info
Typical Filename: cltmngui.exe
Claimed Product: ClientConnect Search Protect
Detection Name: W32.FA437EE13A-100.SBX.VIOC
SHA 256: 97667487392ACA1D94C0043FB725FE31855D5B65B1BDEBE58E0AC7E147D05BE4
MD5: 466af3fbfdd028b3d90238425c367b7e
VirusTotal:
https://www.virustotal.com/file/97667487392ACA1D94C0043FB725FE31855D5B65B1BDEBE58E0AC7E147D05BE4/analysis/#additional-info
Typical Filename: 8hsrchmn.exe
Claimed Product: Mindspark Toolbar Platform SearchScope Monitor
Detection Name: W32.MindsparkA.17hd.1201
SHA 256: 8679C8E6388FD3F927F7AC8ADCEB2CFECD0CEC3B95EA98F79D54119EFBD68034
MD5: 2b76e26f8314246c2a0f7968f73f00bb
VirusTotal:
https://www.virustotal.com/file/8679C8E6388FD3F927F7AC8ADCEB2CFECD0CEC3B95EA98F79D54119EFBD68034/analysis/#additional-info
Typical Filename: t8SrchMn.exe
Claimed Product: Mindspark Toolbar Platform SearchScope Monitor
Detection Name: W32.MindsparkA.17hd.1201
SHA 256: 1A84759D615916B53F8F41C9928C48FF005A970D6FA35893F9A7EC074DD77864
MD5: 738a57e0d8dd303b87220f209bd49024
VirusTotal:
https://www.virustotal.com/file/1A84759D615916B53F8F41C9928C48FF005A970D6FA35893F9A7EC074DD77864/analysis/#additional-info
Typical Filename: Updater.exe
Claimed Product: Updater_mpcb
Detection Name: W32.1A84759D61-78.SBX.VIOC
SHA 256: F8EA2EFA24813F1159ADCEF510EA33DCCEE50A5EF9F9C98EAE840AFAAB8DE8F8
MD5: 2c0a45683112082493b1fb3c09c60184
VirusTotal:
https://www.virustotal.com/file/F8EA2EFA24813F1159ADCEF510EA33DCCEE50A5EF9F9C98EAE840AFAAB8DE8F8/analysis/#additional-info
Typical Filename: 1cbrmon.exe
Claimed Product: Mindspark Toolbar Platform SearchScope Monitor
Detection Name: W32.MindsparkA.17hd.1201
OVERVIEW
CAPABILITIES
PLATFORM APPS
Use Cases
Segments
Resources
Research
Enterprise TruRisk Platform
Free Services