Author Archives: Nathan Grandbois

CA ARCserve DoS, Multiple CMS Vulns

Posted on by
Reply

Computer Associates ARCserve Backup 12.0.5454.0 and earlier can be Denial of Serviced by sending a specially crafted packet to port 41523. For more specific information please see CVE-2008-1979.

Several Content Management Systems are vulnerable to Remote File Inclusion (RFI) and SQL injection. As Adam said in a previous post, it appears that application developers are still not embracing the proper coding procedures that allow for these exploits to be developed. If you are an admin of a CMS please make sure that your application is tested regulary for any injection vulnerabilities.

F5 FirePass SSL VPN XSS

Posted on by
Reply

The F5 FirePass SSL VPN appliance is vulnerable to cross site scripting attacks within the management console. This device, designed to protect against XSS attacks, contains a XSS within the /vdesk/admincon/webyfiers.php and /vdesk/admincon/index.php pages that could permit an attacker to force premature termination of the parameter value and to inject an event handler script. This vulnerability has been confirmed in version 6.0.2, hotfix 3. Previous versions may be affected. There’s no fix for it at the moment, so users/admins should not browse to untrusted sites while logged in to the management interface.

VMWare ESX and Java ASP Vulns, Akamai Exploit

Posted on by
Reply

Sun’s Java Active Server Pages version 4.0.2 contains multiple vulnerabilities. These vulnerabilities are numerous and could result in a variety of negative consequences; including remote system compromise, bypassing security restrictions, and manipulation of data. Sun has released version 4.0.3 that corrects the issues in 4.0.2.

VMWare ESX server versions 2.x and 3.x are vulnerable to information disclosure, denial of service, and in some cases remote system compromise. All administrators and users of VMWare should consider applying the vendor provided patches to their software. Full details can be found at http://www.vmware.com/security/advisories/VMSA-2008-0009.html.

The Akamai download manager contains and input validation error in its’ ActiveX control. This could result in system compromise or a denial of service when a user visits a malicious web page. The vulnerability affects versions 2.2.3.5 and prior. A working exploit has already been released. Update to version 2.2.3.7, available at http://dlm.tools.akamai.com/tools/upgrade.html

CA Content Mgr DoS, Unspecified WebSphere Issue

Posted on by
Reply

A denial of service vulnerability has been reported in CA eTrust Content Manager. This vulnerability can also be exploited to compromise a vulnerable system. The vulnerability is caused due to boundary errors in certain FTP requests that could result in a stack based buffer overflow. The vulnerabilities are reported in CA eTrust Secure Content Manager 8.0.
CA has provided a patch for this issue.

Also, an unspecified vulnerability in IBM WebSphere Application Server has been reported. Very little details are available regarding this vulnerability. IBM has released fix pack 17 to address this issue (whatever it is).

MS Word CSS Exploit

Posted on by
Reply

A vulnerability in Microsoft Word could allow attackers the ability to execute arbitrary code. Cascading Style Sheets (CSS) are documents that allow the definition of various styles within a word document. A vulnerability in the processing of CSS results in memory corruption, which could be exploited by malicious attackers. Users would have to open an infected document on their local system to trigger the exploit.

Perl 5.8.8 Vulnerability – Trillian 3.1 Long Nick

Posted on by
Reply

A double free vulnerability exists in perl 5.8.8. A result of a UTF8 crafted regular expression, this vulnerability could cause a denial of service on certain operating systems. This has not been fixed as of the time of this writing.

A curious vulnerability has been announced for Trillian 3.1 where a specially formed nickname can cause a buffer overflow in Windows. Very few details are available at this time, and an exploit hasn’t been released, but I wouldn’t expect it to be long before we see a real PoC.

VoIPER – A VoIP Fuzzing Tool

Posted on by
Reply

VoIPER, a VoIP fuzzing framework, has been released. This tool includes a suite built on the Sulley fuzzing framework and a SIP torturer. The fuzzer currently incorporates tests for SIP INVITE, SIP ACK, SIP CANCEL, SIP request structure, and SPD over SIP. VoIPER, and tools like it, are likely to increase the likely hood that additional SIP vulnerabilities will be found. Proper architecture and configuration surrounding a SIP implementation is likely to reduce the potential for compromise in almost all scenarios.

High Profile XSS

Posted on by
Reply

A security issue in Barack Obama’s website has been exploited by a user to redirect users to Hillary Clinton’s website. Visitors of the community blogs section of his website were sent to Hillary Clintons home page via a Cross Site Scripting (XSS) vulnerability. This story highlights the importance of secure coding practices, as well as finding and remediating any XSS that are found on your site. Had the intentions of the user posting the XSS been malicious, he could have infected all of the visitors with malware/spyware. Moral of the story, XSS is not a vulnerability that should be taken lightly.

OpenOffice Overflow

Posted on by
Reply

Several OpenOffice vulnerabilities have been released over the weekend. In total, four advisories have been released detailing various types of overflows in the software. These could be exploited in various ways, all resulting in complete system compromise. Version 2.3 and below are vulnerable, and OpenOffice has released version 2.4, which addresses these vulnerabilities.