MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
October
Sun Mon Tue Wed Thu Fri Sat
   
9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    
2024
Months
OctNov Dec


Sat, Apr 16, 2016 3:55 pm

Security Advisory Posted for Adobe Flash Player

On April 5, 2016, Adobe released security advisory APSA16-01 (CVE number: CVE-2016-1019) for a vulnerability in the Adobe Flash Player . The vulnerability affects the player on Microsoft Windows, Apple OS X, Linux, and Google's Chrome OS. The vulnerability affects all versions of Windows from Windows 10 backwards through Windows XP. The vulnerability exists in Adobe Flash Player 21.0.0.197 and earlier versions. The vulnerability is currently being exploited "in the wild", i.e., malefactors are already taking advantage of the vulnerability to compromise vulnerable systems. The vulnerability allows malefactors to crash a system and even potentially gain remote control of the system. The vulnerability is being used by the Magnitude Exploit Kit to spread Locky ransomware - see Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player.

A software change Adobe made in version 21.0.0.182 will prevent the exploit from being successful, so users who have at least that version should be safe from the exploit allowing their systems to be compromised, since on versions 21.0.0.182 and 21.0.0.197, it will only cause a crash1. But I would advise users to upgrade to the current version of the Adobe Flash Player, which is version 21.0.0.213. If you use multiple web browsers on a system, you should ensure that each of them have the latest version of an Adobe Flash Player plug-in, if you have Adobe Flash Player support installed for the browser. You can check the version of the Flash Player being used by a browser by visiting Adobe's www.adobe.com/software/flash/about/ page. Alternate methods for checking the version of the Flash Player on Apple OS X systems can be found at Determining the version of Adobe Flash on an OS X system.

References:

  1. Zero-Day Attack Discovered in Magnitude Exploit Kit Targeting CVE-2016-1019 in Older Versions of Adobe Flash Player
    Posted: APril 7, 2016
    Simply Security News, Views and Opinions from Trend Micro, Inc
  2. A Look Into Adobe Flash Player CVE-2016-1019 Zero-Day Attack
    Posted: April 8, 2016
    Simply Security News, Views and Opinions from Trend Micro, Inc

[/security/vulnerabilities/multios] permanent link

Tue, Dec 02, 2014 9:45 pm

Shellshock Vulnerability on OS X Systems

You can test a system to determine if it may be vulnerable to being exploited through the shellshock, aka bashdoor, vulnerability using the command env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'. If it is vulnerable, you will see the commands executed that appear after the semicolon. On vulnerable systems, Bash is executing commands that are concatenated at the end of function definitions stored in the contents of environment variables.

When I checked a MacBook Pro running, OS X 10.8.4, I saw output indicating it was vulnerable, i.e., I saw "vulnerable" displayed when the command was run. The check can be performed by opening a Terminal window and entering the code. The terminal application is in Applications/Utilities.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test

A bash shell prompt could be otained by a malicious remote user if Remote Login was enabled and Guest Access was also enabled, though, hopefully, if Remote Login was enabled, Guest Access would not be enabled. Of course, a malicious person could also gain access to the system remotely if Remote Login is enabled and a weak password is present for an account on the system that is allowed remote access.

A OS X system could also be vulnerable if it is functioning as a web server and there are scripts present on the server that would allow an attacker to provide any input he wishes that could be executed as code by the script.

Apple released a fix for the vulnerability for OS X systems on September 29, 2014.

After the laptop was upgraded to OS X 10.8.5 and security updates were applied, I didn't see "vulnerable" displayed when the code was executed.

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
this is a test

And when I tested the related vulnerability CVE-2014-7169, the date was no longer displayed.

$ env X='() { (a)=>\' sh -c "echo date"; cat echo
date
cat: echo: No such file or directory

A system that has been patched for both CVE-2014-6271 and CVE-2014-7169 will simply echo the word "date" and the file "echo" will not be created, as shown above.

References:

  1. Shellshock Vulnerability: What Mac OS X users Need to Know | The Mac Security Blog
    By Derek Erwin
    Date: September 26, 2014
    Intego - Mac Antivirus & Security
  2. Shellshock (software bug)
    Wikipedia

[/security/vulnerabilities/multios] permanent link

Tue, Sep 05, 2006 12:01 pm

OpenSSL Vulnerabilities up to Version 0.9.7c

OpenSSL is an Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols and provides a full-strength general purpose cryptography library. Versions of OpenSSL prior to 0.9.6k and 0.9.7c are vulnerable to Denial of Service (DoS) attacks or could theoretically allow remote execution of arbitrary code.

OpenSSL
version
Applicable
advisories
Effect
0.9.6d and
earlier
30-Jul-2002 Practical to run arbitrary code remotely
0.9.6e-h and
0.9.7
19-Feb-2003 Practical (LAN) attack to recover frequently repeated plaintext such as passwords
0.9.6i and
0.9.7a
17-Mar-2003
19-Mar-2003
Practical (LAN) attacks to obtain or use secret key
0.9.6j and
0.9.7b
30-Sep-2003 Denial of Service, and theoretically possible run arbitrary code remotely
0.9.6k and
0.9.7c
  Clean at present

Some attacks may not be feasible except from systems on the same LAN as the attacked system, since a very fast connection between the attacker and target may be needed to make the attack practicable. If a webserver is in a datacenter with perhaps dozens or even hundreds of other systems, a compromised system within the datacenter could be used by an attacker to exploit these vulnerabilities on other servers within the same datacenter, however.

If you need to determine which version of OpenSSL you are running, you can use the command openssl version. You may need to specify the full path to the command if it isn't in your default path. For a Solaris 10 system, you can use the following path:

# /usr/sfw/bin/openssl version
OpenSSL 0.9.7d 17 Mar 2004

For Solaris 7, use /usr/local/ssl/bin/openssl version.

References:

  1. Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites
    Netcraft
    November 3, 2003
  2. ESB-2003.0871 -- Sun Alert Notification -- OpenSSL Vulnerabilitiyes in Sun Grid Engine 5.3
    Australian Computer Emergency Response Team (AusCERT)
    December 24, 2003

[/security/vulnerabilities/multios] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo