Posts tagged Vulnerability Disclosure

2 min Vulnerability Disclosure

Breaking down the Logjam (vulnerability)

What is it Disclosed on May 19, 2015, the Logjam vulnerability [https://weakdh.org/imperfect-forward-secrecy.pdf] (CVE-2015-4000 [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4000]) is a flaw in common TLS implementations that can be used to intercept secure communications. This TLS protocol vulnerability would allow an active man-in-the-middle (MITM) attacker to silently downgrade a TLS session to export-level Diffie-Hellman keys. The attacker could hijack this downgraded session b

Read Full Post

3 min Vulnerability Disclosure

How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?

Today CrowdStrike disclosed VENOM [http://venom.crowdstrike.com/] (Virtualized Environment Neglected Operations Manipulation) or CVE-2015-3456 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456], a vulnerability that could allow an attacker with access to one virtual machine to compromise the host system and access the data of other virtual machines. It's been a few months since we've seen a branded and logo'd vulnerability disclosure, and the main question everyone wants to know is wh

Read Full Post

2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi

Read Full Post

2 min Android

R7-2015-02: Google Play Store X-Frame-Options (XFO) Gaps Enable Android Remote Code Execution (RCE)

Vulnerability Summary Due to a lack of complete coverage for X-Frame-Options [https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options] (XFO) support on Google's Play Store [https://play.google.com/] web application domain, a malicious user can leverage either a Cross-Site Scripting (XSS) vulnerability in a particular area of the Google Play Store web application, or a Universal XSS (UXSS) targeting affected browsers, to remotely install and launch the main intent of an arbitrary Play S

Read Full Post

4 min Nexpose

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

A recently discovered severe vulnerability, nicknamed GHOST, can result in remote code execution exploits on vulnerable systems. Affected systems should be patched and rebooted immediately. Learn more about [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed] CVE-2015-0235 and its risks [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]. The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability. Once the Nexpose 5.12.0 content update

Read Full Post

2 min Linux

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18). The bug was discovered by researchers at Qualys and named GHOST in reference to the _gethostbyname function (and possibly because it makes for some nice puns). To be clear, this is NOT the end of the Internet as we know, nor is it further evidence (after Stormaggedon) that the end of the world is nigh. It's also not another Heartbleed. But it

Read Full Post

3 min Vulnerability Disclosure

POODLE Jr.: The Revenge - How to scan for CVE-2014-8730

A severe vulnerability was disclosed in the F5 implementation of TLS 1.x that allows incorrect padding and therefore jeopardizes the protocol's ability to secure communications in a way similar to the POODLE vulnerability [/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability]. The Nexpose 5.11.10 update provides coverage for this vulnerability, which has been given the identifier CVE-2014-8730 [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730]. Learn more about CVE-2

Read Full Post

3 min Authentication

Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit

On Tuesday, November 18th, Microsoft released an out-of-band security patch affecting any Windows domain controllers that are not running in Azure. I have not yet seen any cute graphics or buzzword names for it, so it will likely be known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being exploited in the wild to completely take over Windows domains" because it rolls off the tongue a little better. There is a very informative description of the vulnerability, impact, and

Read Full Post

3 min Vulnerability Disclosure

R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access

Introduction GNU Wget is a command-line utility designed to download files via HTTP, HTTPS, and FTP.  Wget versions prior to 1.16 are vulnerable a symlink attack (CVE-2014-4877) when running in recursive mode with a FTP target. This vulnerability allows an attacker operating a malicious FTP server to create arbitrary files, directories, and symlinks on the user's filesystem. The symlink attack allows file contents to be overwritten, including binary files, and access to the entire filesystem wit

Read Full Post

3 min Vulnerability Disclosure

Block the POODLE's bite: How to scan for CVE-2014-3566

A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly jeopardizes the protocol's ability to secure communications. All versions of SSL have been deprecated and its use should be avoided wherever possible. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits this vulnerability and allows a hacker to potentially steal information by altering communications between the SSL client and the server (MitM). Learn more about CVE-2014-3566 [/2014/10

Read Full Post

2 min Vulnerability Disclosure

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

If you're in security, you've likely already heard about the ShellShock vulnerability [http://www.rapid7.com/resources/bashbug.jsp] (aka Bash Bug, CVE-2014-6271, and CVE-204-7169). We have reviewed how ShellShock is being exploited, and the disclosed vectors are not applicable to our UserInsight deployment, yet we're following the security community's lead around patching all of our systems. In case other systems on your network have been compromised, you should be extra vigilant about suspicio

Read Full Post

3 min Vulnerability Disclosure

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

_[Edited 10:05 AM PDT, October, 2014 for the Nexpose 5.10.13 release]_ [Edited 10:05 AM PDT, September 26, 2014 for the Nexpose 5.10.11 release] A severe vulnerability was disclosed in bash that is present on most Linux, BSD, and Unix-like systems, including Mac OS X. The basis of this vulnerability (nicknamed Shellshock) is that bash does not stop processing after the function definition, leaving it vulnerable to malicious functions containing trailing commands. Common Vulnerabilities and Exp

Read Full Post

9 min Vulnerability Disclosure

R7-2014-12: More Amplification Vulnerabilities in NTP Allow Even More DRDoS Attacks

Overview As part of Rapid7 Labs' Project Sonar [https://sonar.labs.rapid7.com/], among other things, we scan the entire public IPv4 space (minus those who have opted out) looking for listening NTP servers.  During this research we discovered some unknown NTP servers responding to our probes with messages that were entirely unexpected.  This lead to the writing of an NTP fuzzer in Metasploit [https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/fuzzers/ntp/ntp_protocol_fuz

Read Full Post

5 min Vulnerability Disclosure

R7-2014-01, R7-2014-02, R7-2014-03 Disclosures: Exposure of Critical Information Via SNMP Public Community String

Summary of Vulnerabilities This report details three critical information disclosure vulnerabilities. The vulnerabilities were discovered while Matthew Kienow and I (Deral Heiland [https://twitter.com/percent_x]) were researching information disclosure issues in SNMP on embedded appliances for a talk [http://carolinacon.org/abstracts.html#6] at CarolinaCon [http://carolinacon.org/index.html]. During this research project, most devices exposed information that would be classified as benign or pub

Read Full Post

4 min Vulnerability Disclosure

Supermicro IPMI Firmware Vulnerabilities

Introduction This post summarizes the results of a limited security analysis of the Supermicro IPMI firmware. This firmware is used in the baseboard management controller (BMC) of many Supermicro motherboards. The majority of our findings relate to firmware version SMT_X9_226. The information in this post was provided to Supermicro on August 22nd, 2013 in accordance with the Rapid7 vulnerability disclosure policy. Although we have a number of Metasploit modules in development to test these iss

Read Full Post

• ...
• 7
• 8
• 9
• 10