Posts filed under 'Vulnerabilities'
What was it this week attack applications that use Adobe PDF technologies? For whatever reason this week had an unusual number of disclosures amongst the hundreds of SQL injection and XSS attacking the PDF file format. With that said my favourite this week is a toss up between:
Sun Solaris Adobe Reader Multiple Vulnerabilities
Advisory URL: http://secunia.com/Advisories/33491/
Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user’s system.
and:
jhead ‘DoCommand()’ Arbitrary File Deletion Vulnerability
Advisory URL: http://www.securityfocus.com/bid/32506
I find the jhead rather amusing since I use that piece of software. What I find even funnier is that I do not believe it has not yet been patched on my system, but I could be wrong. It probably will not get patched on many production servers that are running applications that the lazy administrators do not want to break. I guess when all of their files disappear they will learn their lesson.
I do not know much information about the sun adviosory other than what is listed on the secunia website but I think that the solution is hilarious.
“Do not open PDF files from untrusted sources.”
Ok, my boss just sent me a PDF do I trust it?
“Sorry Mr Boss Man, I haven’t opened any PDF’s recently because Sun told me not to. I can’t verify that it was you who actually sent the document since you send me so many.”
Oh well, another day another advisory.
January 16th, 2009
So, its been a while since my last update, right on 50 days now. I was going to do a round up of some advisories. Turns out that it would take me too long to do this, since I have over 900 advisories in my RSS feeds. This is just for the time I had my RSS feed reader up. So, lets take the exact number of advisories I have in my feeds (904) and divide it by the number of days (904 / 50) = 18.08. Thats basically 18 advisories per day. Now, while those are not unique thats still a decent number per day. I might one day work on a security related Yahoo! pipe to de-dupe the results.
To the best of my knowledge there will be a Friday Favorite this week.
December 3rd, 2008
http://www.securityfocus.com/bid/31212/info
My Favorite Vulnerability from this week is the Apple QuickTime/iTunes QuickTime Type Remote Buffer Overflow found by securfrog. This vulnerability has concept Perl code which can cause a remote crash on firefox, IE or any browser using the Quicktime plugin. No shell code execution has been confirmed yet. I wonder when Apple is going to patch this one.
September 19th, 2008
The internet is so much a part of life and business these days that desktop applications are still a target. It is easy for a malicious user to exploit a desktop application via social engineering, man in the middle attacks, phishing and other means. In my opinion graphic designers are a good target for those with ill intent to target. Think about it, while most of their work relies on using a computer, they may not have the technical skills to understand the dangers of opening strange files, or visiting URL’s. Graphic designers often also work on new products for companies, therefor have inside information on a product as they are designing identities and media. Here is an vulnerability targeting the popular Adobe Illustrator. What irritates me about such products is the end user must rely on the Vendor for a patch. In this case CS2 has been replaced with CS3. Adobe products also have a tendency to be expensive, so it is unlikely that every graphic designer will update.
http://www.securityfocus.com/bid/31208/info
Adobe Illustrator is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. This issue affects only Adobe Illustrator CS2 for Macintosh.
September 18th, 2008
In the world of security a lot can happen in three days. Lets take the popular web content management system Drupal. Over the past three days both Secunia and Security Focus have published a total of five Drupal vulnerabilities. Although These advisories have all been patched in the latest release of Drupal, many companies and organizations on the web rely on Drupal to handle their day to day business, but how many of them keep their installation up to date? Cross Site Scripting or HTML Injection, SQL Injection and security bypasses are just the attack vectors targeted in these five Drupal vulnerabilities.
Drupal XSS / HTML Injection
http://www.securityfocus.com/bid/31146
http://www.securityfocus.com/bid/31224
Drupal Script Insertiaion
http://secunia.com/Advisories/31889/
Drupal SQL Injection
http://secunia.com/Advisories/31877/
Drupal Talk Module Script Insertion and Security Bypass
http://secunia.com/Advisories/31908/
September 18th, 2008
Not 24 hours after I posted about media player vulnerabilities this one was released. This vulnerability was reported by the vendor (Microsoft) and has luckily updates are already available. Hopefully nobody figures this out before the majority of people have updated.
http://www.securityfocus.com/bid/30550/info
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
September 16th, 2008
Media player exploits scare the crap out of me. The biggest reason that they scare me is because “end users don’t think before they click that link” (c) 2008 Web Insecurity. Now, when they normally get an e-mail, they would never click it if it was from their bank, but what happens if the link was from a co worker of theirs. Perhaps a peer in the professional industry, perhaps an e-mail from their doctors office, a friend or favorite department store mailing list with the details of a huge competition. The video form of media is very attractive to end users. Video’s always spread around the net and e-mail like wild fire, hence the name viral video. Now what happens when a media player vulnerability is not withheld like this new one: http://www.securityfocus.com/archive/1/496358? What happens when one of these gets added to MetaSploit, or perhaps in combination with XSS / XSRF maliciously linked in social networking sites?
I don’t have the answer, but I really don’t want to find out.
September 15th, 2008
If you use phpMyAdmin you may not update as regularly as you should. It seems like every week they come out with an update. The thing about phpMyAdmin is they have updates because exploits are released, but when they update they add a bunch of features. These features, you may like or you may hate. Either way, your forced to update if you don’t want to be left exploited. Here is the “Fix list” for 2.11.9.1:
- bug #2031221 [auth] Links to version number on login screen
- bug #2032707 [core] PMA does not start if ini_set() is disabled
- bug #2004915 [bookmarks] Saved queries greater than 1000 chars
not displayed
- bug #2037381 [export] Export type “replace” does not work
- bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
- bug #2045512 [export] Numbers in Excel export
+ [lang] Norwegian UTF-8 original file remerged
- bug #2074250 [parser] Undefined variable seen_from
- (2.11.9.1) [security] Code execution vulnerability
Now, I’ve removed the colors and formatting. They haven’t added any features in this one, its just a bug fix release. They put the [security] fix on the bottom, which to me is more important then any of the other “bugs”. The bugs are not in order, so I’m wondering why they put security at the bottom. Anyhow, a code execution vulnerability is not good, so update before you get owned.
September 15th, 2008
3Com has announced a new program to reward hackers and crackers alike to report their findings in hopes of obtaining zero day exploits faster.
Continue Reading July 25th, 2005
Cisco systems annouced a particularly serious vulnerability that would allow attackers to cripple internal telephone networks.
Continue Reading July 22nd, 2005
Previous Posts