MoonPoint Support Logo

 


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
September
Sun Mon Tue Wed Thu Fri Sat
   
28 29 30      
2020
Months
Sep
Oct Nov Dec


Tue, May 03, 2016 11:18 pm

ImageMagick Vulnerability

ImageMagick is a free and open-source software suite widely used on Linux systems for displaying, converting and editing images. It is also available for many other platforms, including Apple's OS X and iOS operating systems and Microsoft Windows. A code execution bug was recently found in the software by Nikolay Ermishkin. Another security researcher, Ryan Huber, reports that the bug would allow a malefactor to create a malformed image file that when uploaded to a web server that processes images with ImageMagick, e.g., to resize an image uploaded by a website visitor, can cause the server to execute code embedded in the image by the malefactor. Huber stated that the exploit is trivial to implement so one should expect that many malicious individuals will soon attempt to exploit the vulnerability to compromise websites. If such individuals can compromise a website, they may then be able to place code on sites that could infect unsuspecting website visitors with other malicious software.

Huber advised website owners using ImageMagick for image processing on their sites to check the magic number in uploaded image files to verify that an uploaded file is an image file. Wikipedia provides a list of common magic numbers at List of file signatures. One reason for ImageMagick's popularity is that it supports a large number of different file formats, supporting over 200 file formats. You can find a list of the supported file formats at ImageMagick: Formats. If you have ImageMagic installed, you can check on which formats it supports on the installed system by issuing the command identify -list format.

References:

  1. Huge number of sites imperiled by critical image-processing vulnerability
    By: Dan Goodin
    Date: May 3, 2016
    Ars Technica

[/security/vulnerabilities] permanent link

Sat, Apr 16, 2016 3:55 pm

Security Advisory Posted for Adobe Flash Player

On April 5, 2016, Adobe released security advisory APSA16-01 (CVE number: CVE-2016-1019) for a vulnerability in the Adobe Flash Player . The vulnerability affects the player on Microsoft Windows, Apple OS X, Linux, and Google's Chrome OS. The vulnerability affects all versions of Windows from Windows 10 backwards through Windows XP. The vulnerability exists in Adobe Flash Player 21.0.0.197 and earlier versions. The vulnerability is currently being exploited "in the wild", i.e., malefactors are already taking advantage of the vulnerability to compromise vulnerable systems. The vulnerability allows malefactors to crash a system and even potentially gain remote control of the system. The vulnerability is being used by the Magnitude Exploit Kit to spread Locky ransomware - see Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player.

A software change Adobe made in version 21.0.0.182 will prevent the exploit from being successful, so users who have at least that version should be safe from the exploit allowing their systems to be compromised, since on versions 21.0.0.182 and 21.0.0.197, it will only cause a crash1. But I would advise users to upgrade to the current version of the Adobe Flash Player, which is version 21.0.0.213. If you use multiple web browsers on a system, you should ensure that each of them have the latest version of an Adobe Flash Player plug-in, if you have Adobe Flash Player support installed for the browser. You can check the version of the Flash Player being used by a browser by visiting Adobe's www.adobe.com/software/flash/about/ page. Alternate methods for checking the version of the Flash Player on Apple OS X systems can be found at Determining the version of Adobe Flash on an OS X system.

References:

  1. Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player
    Posted: APril 7, 2016
    Simply Security News, Views and Opinions from Trend Micro, Inc
  2. A Look Into Adobe Flash Player CVE-2016-1019 Zero-Day Attack
    Posted: April 8, 2016
    Simply Security News, Views and Opinions from Trend Micro, Inc

[/security/vulnerabilities/multios] permanent link

Tue, Feb 16, 2016 11:48 pm

glibc getaddrinfo stack-based buffer overflow vulnerability on Linux systems

A serious vulnerability in the GNU C Library, commonly known as glibc, were widely reported today. The GNU C Library is widely used on Linux systems and is used within routers that rely on Linux for their firmware. The vulnerability is within the getaddrinfo function that converts domain names, hostnames, and IP addresses between human-readable text and the structured binary formats used by the operating system. The vulnerability permits a buffer overflow attack to potentially allow the execution of arbitrary code on an affected system by an attacker.

An attacker could take advantage of the vulnerability through a lookup on an attacker controlled domain name or through compromised Domain Name System (DNS) servers, or via a man-in-the-middle attack where an attacker has the capabililty to alter DNS data flowing to/from the vulnerable system and DNS servers.

The vulnerability has been given the Common Vulnerabilities and Exposures (CVE) designation CVE-2015-7547. The issue was detected by Google researchers investigating a segmentation fault issue they encountered with a Secure Shell (SSH) application. The researches traced the issue to a buffer overflow inside glibc. When they reported the issue to the glibc maintainers, they found that the maintainers had been informed of the vulnerability in July and that individuals involved with the Red Hat distribution of Linux had also discovered the vulnerability and were working on a fix for it. The Google researchers disclosed the vulnerability today.

If you are responsible for a Linux system or other equipment that uses glibc, you should update the software as soon as feasible. If you have a system that uses the RPM Package Manager, you can see what version of glibc is installed and the build date for the package with rpm -qi glibc. On systems that use the open-source command-line package-management utility yum, you can issue the command yum update glibc from the root account. The currently available version for CentOS Linux systems is glibc 2.17. CentOS is functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL)

References:

  1. Extremely severe bug leaves dizzying number of software and devices vulnerable
    By Dan Goodin
    Date: February 16, 2016 Ars Technica
  2. CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
    Posted By: Fermin J. Serna, Staff Security Engineer and Kevin Stadmeyer, Technical Program Manager for Google
    Date Posted: February 16, 2016
    Google Online Security Blog

[/security/vulnerabilities/linux] permanent link

Tue, Dec 02, 2014 9:45 pm

Shellshock Vulnerability on OS X Systems

You can test a system to determine if it may be vulnerable to being exploited through the shellshock, aka bashdoor, vulnerability using the command env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'. If it is vulnerable, you will see the commands executed that appear after the semicolon. On vulnerable systems, Bash is executing commands that are concatenated at the end of function definitions stored in the contents of environment variables.

When I checked a MacBook Pro running, OS X 10.8.4, I saw output indicating it was vulnerable, i.e., I saw "vulnerable" displayed when the command was run. The check can be performed by opening a Terminal window and entering the code. The terminal application is in Applications/Utilities.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test

A bash shell prompt could be otained by a malicious remote user if Remote Login was enabled and Guest Access was also enabled, though, hopefully, if Remote Login was enabled, Guest Access would not be enabled. Of course, a malicious person could also gain access to the system remotely if Remote Login is enabled and a weak password is present for an account on the system that is allowed remote access.

A OS X system could also be vulnerable if it is functioning as a web server and there are scripts present on the server that would allow an attacker to provide any input he wishes that could be executed as code by the script.

Apple released a fix for the vulnerability for OS X systems on September 29, 2014.

After the laptop was upgraded to OS X 10.8.5 and security updates were applied, I didn't see "vulnerable" displayed when the code was executed.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
this is a test

And when I tested the related vulnerability CVE-2014-7169, the date was no longer displayed.

$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory

A system that has been patched for both CVE-2014-6271 and CVE-2014-7169 will simply echo the word "date" and the file "echo" will not be created, as shown above.

References:

  1. Shellshock Vulnerability: What Mac OS X users Need to Know | The Mac Security Blog
    By Derek Erwin
    Date: September 26, 2014
    Intego - Mac Antivirus & Security
  2. Shellshock (software bug)
    Wikipedia

[/security/vulnerabilities/multios] permanent link

Tue, Sep 05, 2006 12:01 pm

OpenSSL Vulnerabilities up to Version 0.9.7c

OpenSSL is an Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols and provides a full-strength general purpose cryptography library. Versions of OpenSSL prior to 0.9.6k and 0.9.7c are vulnerable to Denial of Service (DoS) attacks or could theoretically allow remote execution of arbitrary code.

OpenSSL
version
Applicable
advisories
Effect
0.9.6d and
earlier
30-Jul-2002 Practical to run arbitrary code remotely
0.9.6e-h and
0.9.7
19-Feb-2003 Practical (LAN) attack to recover frequently repeated plaintext such as passwords
0.9.6i and
0.9.7a
17-Mar-2003
19-Mar-2003
Practical (LAN) attacks to obtain or use secret key
0.9.6j and
0.9.7b
30-Sep-2003 Denial of Service, and theoretically possible run arbitrary code remotely
0.9.6k and
0.9.7c
  Clean at present

Some attacks may not be feasible except from systems on the same LAN as the attacked system, since a very fast connection between the attacker and target may be needed to make the attack practicable. If a webserver is in a datacenter with perhaps dozens or even hundreds of other systems, a compromised system within the datacenter could be used by an attacker to exploit these vulnerabilities on other servers within the same datacenter, however.

If you need to determine which version of OpenSSL you are running, you can use the command openssl version. You may need to specify the full path to the command if it isn't in your default path. For a Solaris 10 system, you can use the following path:

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004

For Solaris 7, use /usr/local/ssl/bin/openssl version.

References:

  1. Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites
    Netcraft
    November 3, 2003
  2. ESB-2003.0871 -- Sun Alert Notification -- OpenSSL Vulnerabilitiyes in Sun Grid Engine 5.3
    Australian Computer Emergency Response Team (AusCERT)
    December 24, 2003

[/security/vulnerabilities/multios] permanent link

Tue, Jan 10, 2006 10:56 pm

Windows Vulnerability in Embedded Web Fonts

Microsoft released a patch today, which is January's "Patch Tuesday", for a vulnerability in the way Windows handles fonts embedded in a webpage. The vulnerability could allow a malicious webpage developer, or someone who has compromised a website, to install an embedded font on a webpage such that when a user views the webpage the user's system could be compromised, potentially even allowing a remote attacker to take complete control of the user's PC.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Mon, Jan 02, 2006 11:45 pm

WMF Vulnerability Could Allow Remote Code Execution

Code that will allow attackers to compromise a Windows-based PC using a vulnerability in the way such systems handle images has been posted online over the holidays. Exploitation of this vulnerability by attackers could allow them to install spyware on a system or take complete control of it.

The vulnerability is within software that is part of the Windows operating system distribution. The affected software processes Windows MetaFile (WMF) images, but an attacker need only rename an infected WMF file with a JPG, GIF, PNG, or other common graphic file format extension to avoid any block on all WMF files, since a Windows system will examine the contents of files with those extensions and execute the code in them, if they are really WMF files.

An attacker can send infected images by email or put them on a website. The mere presence of an infected file on a system can lead to the system's infection, if file indexing software, such as Google's desktop search utility is presence. When the file is indexed, the exploit is triggered.

[ More Info ]

[/security/vulnerabilities/windows] permanent link

Once You Know, You Newegg AliExpress by Alibaba.com

Shop Amazon Local - Subscribe to Deals in Your Neighborhood

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo