5 min
Vulnerability Disclosure
Seven FOSS Tricks and Treats (Part One)
Adventures in FOSS Exploitation, Part One: Vulnerability Discovery
_This is the first of a pair of blog posts covering the disclosure of seven new
Metasploit modules exploiting seven popular free, open source software (FOSS)
projects.
Back over DEFCON, Metasploit contributor Brandon Perry decided to peek in on
SourceForge, that grand-daddy of open source software distribution sites, to see
what vulnerabilities and exposures he could shake loose from an assortment of
popular open source enterpri
3 min
Product Updates
Weekly Update: Cooperative Disclosure and Assessing Joomla
Cooperative Disclosure
I'm in attendance this year at Rapid7's UNITED Security Summit, and the
conversations I'm finding myself in are tending to revolve around vulnerability
disclosure. While Metasploit doesn't traffic in zero-day vulnerabilities every
day, it happens often enough that we have a disclosure policy that we stick to
when we get a hold of newly uncovered vulnerabilities.
What's not talked about in that disclosure policy is the Metasploit exploit dev
community's willingness to help
6 min
Metasploit
Good Exploits Never Die: Return of CVE-2012-1823
According to Parallels, "Plesk is the most widely used hosting control panel
solution, providing everything needed for creating and offering rich hosting
plans and managing customers and resellers, including an intuitive User
Interface for setting up and managing websites, email, databases, and DNS."
(source: Parallels [http://www.parallels.com/products/plesk/webhosters/]). On
Jun 05 kingcope shocked Plesk world by announcing a new 0 day which could allow
for remote command execution:
Accordi
13 min
Metasploit
From the Wild to Metasploit: Exploit for MoinMoin Wiki (CVE-2012-6081)
Recently we've added to Metasploit a module for CVE-2012-6081,
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6081] an arbitrary file
upload vulnerability affecting to the version 1.9.5 (patched!) of the MoinMoin
[http://moinmo.in/] Wiki software. In this blog entry we would like to share
both the vulnerability details and how this one was converted in RCE (exploited
in the wild!) because the exploitation is quite interesting, where several
details must have into account to successful e
5 min
Exploits
Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)
Background
Earlier this week, a critical security flaw
[https://www.rapid7.com/blog/post/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156/]
in Ruby on Rails (RoR) was identified that could expose an application to remote
code execution, SQL injection
[https://www.rapid7.com/fundamentals/sql-injection-attacks/], and denial of
service attacks. Ruby on Rails is a popular web application framework that is
used by both web sites and web-enabled products and this flaw is by far the
worst
4 min
Metasploit
Serialization Mischief in Ruby Land (CVE-2013-0156)
This afternoon a particularly scary advisory
[https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion]
was posted to the Ruby on Rails (RoR) security discussion list. The summary is
that the XML processor in RoR can be tricked into decoding the request as a YAML
document or as a Ruby Symbol, both of which can expose the application to remote
code execution or SQL injection. A gentleman by the name of Felix Wilhelm went
into detail [http://www.insinuator.net/2013/01/r
8 min
Metasploit
New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590
In this blog post we would like to share some details about the exploit for
CVE-2010-2590 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2590],
which we released in the last Metasploit update
[/2012/12/19/weekly-metasploit-update]. This module exploits a heap-based buffer
overflow, discovered by Dmitriy Pletnev, in the
CrystalReports12.CrystalPrintControl.1 ActiveX control included in
PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as
installed by default wi
7 min
Exploits
New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability
Today, we present to you a flashy new vulnerability with a color-matching
exploit straight from our super secret R&D safe house here in Metasploit
Country. Known as CVE-2012-4933
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4933], it applies to
Novell ZENworks Asset Management 7.5, which "integrates asset inventory,
software usage, software management and contract management to provide the most
complete software asset management tool available". Following our standard
disclosure polic
1 min
Nexpose
Moving from HML (High, Medium, Low) Hell to Security Heaven – Whiteboard Wednesdays
At last check there are about 22 new vulnerabilities being published and
categorized every single day (see National Vulnerability Database web site -
http://nvd.nist.gov/). In total, the National Vulnerability Database now
contains more than 53,000 vulnerabilities. No wonder security professionals are
overwhelmed with the sheer volume of vulnerabilities in their daily practices.
At the same time, the prioritization schema that many organizations use are
quite basic and are either proprietary or
2 min
Authentication
Free Scanner for MySQL Authentication Bypass CVE-2012-2122
The MySQL authentication bypass vulnerability (CVE-2012-2122) - explained in
detail in HD Moore's blog post
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql] - was
the cause for much concern when it was first discovered. In response, we've
created a new vulnerability scanner for CVE-2012-2122 called ScanNow
[http://www.rapid7.com/free-security-software-downloads/MySQL-vulnerability-scanner-CVE-2012-2122.jsp]
, which enables you to check your network for vulnerability to thi
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
5 min
Vulnerability Disclosure
CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL
Introduction
On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about
a recently patched security flaw CVE-2012-2122in the MySQL and MariaDB database
servers. This flaw was rooted in an assumption that the memcmp() function would
always return a value within the range -128 to 127 (signed character). On some
platforms and with certain optimizations enabled, this routine can return values
outside of this range, eventually causing the code that compares a hashed
password to s
2 min
Microsoft
Information Disclosure: Out of Office Auto Replies
Out of office replies are a blessing and a curse for organizations from an
operational security perspective. Many of the out of office auto replies I
receive contain too much information. Since many security professionals are at
the RSA Conference this week I've had plenty hit my inbox. This is nothing
compared to December around the holiday season. Like anything the information in
the replies can be used for good and bad. Good people are trying to ensure that
work continues while they are away
2 min
Vulnerability Disclosure
March Patch Tuesday Roundup
Since Microsoft is on this new staggered pattern of releases, we can expect a
feast or famine every other month...so get used to it. Depending on what side of
the desk you sit on you can adjust the context. With that being said, this
month's release brought us 3 patches addressing 4 vulnerabilities. I think we
were all expecting to see the MHTML
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol
handler issue resolved, however it didn't make the cut. Make sure IE is in
r