Category Archives: Emerging Threats

WordPress Code Execution Vulnerability

Posted on by
Reply

Two new vulnerabilities have been identified in WordPress 2.5. The vulnerabilities could allow an attacker to conduct xss attacks, bypass some security restrictions, compromise the vulnerable system. The first vuln could allow an attacker to bypass the authentication mechanism by creating a cookie with certain settings.

The second vulnerability is caused by passing input to an unspecified parameter which is not properly sanitised by the server. This vulnerability can be exploited to execute arbitrary script code in a user’s browser session.

All users should update to the latest version of WordPress, version 2.5.1.

Perl 5.8.8 Vulnerability – Trillian 3.1 Long Nick

Posted on by
Reply

A double free vulnerability exists in perl 5.8.8. A result of a UTF8 crafted regular expression, this vulnerability could cause a denial of service on certain operating systems. This has not been fixed as of the time of this writing.

A curious vulnerability has been announced for Trillian 3.1 where a specially formed nickname can cause a buffer overflow in Windows. Very few details are available at this time, and an exploit hasn’t been released, but I wouldn’t expect it to be long before we see a real PoC.

VoIPER – A VoIP Fuzzing Tool

Posted on by
Reply

VoIPER, a VoIP fuzzing framework, has been released. This tool includes a suite built on the Sulley fuzzing framework and a SIP torturer. The fuzzer currently incorporates tests for SIP INVITE, SIP ACK, SIP CANCEL, SIP request structure, and SPD over SIP. VoIPER, and tools like it, are likely to increase the likely hood that additional SIP vulnerabilities will be found. Proper architecture and configuration surrounding a SIP implementation is likely to reduce the potential for compromise in almost all scenarios.

High Profile XSS

Posted on by
Reply

A security issue in Barack Obama’s website has been exploited by a user to redirect users to Hillary Clinton’s website. Visitors of the community blogs section of his website were sent to Hillary Clintons home page via a Cross Site Scripting (XSS) vulnerability. This story highlights the importance of secure coding practices, as well as finding and remediating any XSS that are found on your site. Had the intentions of the user posting the XSS been malicious, he could have infected all of the visitors with malware/spyware. Moral of the story, XSS is not a vulnerability that should be taken lightly.

OpenOffice Overflow

Posted on by
Reply

Several OpenOffice vulnerabilities have been released over the weekend. In total, four advisories have been released detailing various types of overflows in the software. These could be exploited in various ways, all resulting in complete system compromise. Version 2.3 and below are vulnerable, and OpenOffice has released version 2.4, which addresses these vulnerabilities.

Intel Centrino Wireless Exploit

Posted on by
Reply

A popular attack framework has released an exploit that takes advantage of a vulnerability within older Intel Centrino wireless drivers. Specifically the Intel 2200BG has this issue. The vulnerability exists with the w22n51.sys driver which has a buffer overflow. It would be a very good idea to make sure you are running the latest wireless drivers if you’re using an Intel Centrino based laptop, as the exploit will infect every machine vulnerable within the vicinity at the kernel level.

Cisco Network Admission Control Appliance Vulnerability

Posted on by
Reply

The Cisco Network Admission Control Appliance (NAC) contains a vulnerability that allows the shared secret used by the Cisco Clean Access Server (CAS) and the Cisco Clean Access Manager (CAM) to be captured. This can then be leveraged to gain control over the CAS.

The following versions of NAC are known to be vulnerable:
 All 3.5.x versions
 All 3.6.x versions prior to 3.6.4.4
 All 4.0.x versions prior to 4.0.6
 All 4.1.x versions prior to 4.1.2

For full details see Cisco’s original advisory at: http://www.cisco.com/warp/public/707/cisco-sa-20080416-nac.shtml

CA Products ActiveX Control Vulnerabilities

Posted on by
Reply

The ActiveX control gui_cm_ctrls.ocx in a number of CA products contains vulnerabilities caused by improper input validation. Successful exploits can lead to arbitrary code execution and could lead to full compromise of an affected system.

BrightStor ARCServe Backup for Laptops and Desktops r11.5 (Server only, client is not affected).
CA Desktop Management Suite r11.2 C2
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C2
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C2
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C2
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C2
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
CA Desktop and Server Management r11.2 C2
CA Desktop and Server Management r11.2 C1
CA Desktop and Server Management r11.2a
CA Desktop and Server Management r11.2
CA Desktop and Server Management r11.1 (GA, a, C1)

For full details see the original advisory at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256

Critical Oracle Vulnerabilities

Posted on by
Reply

Multiple vulnerabilities have been reported in the Oracle products listed below. The packages SDO_GEOM, SDO_IDX, and SDO_UTIL do not properly sanitize input, this can allow the injection of arbitrary SQL code. Additionally there are issues with the DBMS_STATS_INTERNAL package. These issues could allow an attacker to gain DBA privileges. There are additional issues that remain unspecified. See Oracle’s original advisory at: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html

* Oracle Database 11g, version 11.1.0.6
* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
* Oracle Application Server 10g (9.0.4), version 9.0.4.3
* Oracle Collaboration Suite 10g, version 10.1.2
* Oracle E-Business Suite Release 12, version 12.0.4
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09
* Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0
* Oracle Siebel SimBuilder versions 7.8.2, 7.8.5