"A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function call. A remote attacker could use this flaw to execute arbitary code with the permissions of the user running the application."
— Permalien
A few months ago I decided to get started on fuzzing. I chose the reference implementation of the Network Time Protocol (NTP), ntpd, as my first target, since I have some background with NTP and the protocol seemed simple enough to be a good learning experience. Also, ntpd is available for many platforms and widely in use, including being part of the default OS X installation.
— Permalien
Advisory: Drupal - pre-auth SQL Injection Vulnerability
Release Date: 2014/10/15
Last Modified: 2014/10/15
Author: Stefan Horst [stefan.horst[at]sektioneins.de]
Application: Drupal >= 7.0 <= 7.31
Severity: Full SQL injection, which results in total control and code execution of Website.
Risk: Highly Critical
Vendor Status: Drupal 7.32 fixed this bug
— Permalien
Today we are publishing details of a vulnerability in the design of SSL version 3.0. This vulnerability allows the plaintext of secure connections to be calculated by a network attacker. I discovered this issue in collaboration with Thai Duong and Krzysztof Kotowicz (also Googlers).
http://seenthis.net/messages/302666
Côté serveurs, les actions concrètes :
Apache avec GnuTLS : GnuTLSPriorities SECURE:-VERS-SSL3.0
Apache avec OpenSSL : SSLProtocol -SSLv3 -SSLv2
Nginx avec OpenSSL : ssl_protocols TLSv1.2 TLSv1.1 TLSv1
Postfix avec OpenSSL : smtpd_tls_protocols = !SSLv2,!SSLv3
Serveurs IMAP Dovecot : ssl_protocols = !SSLv2 !SSLv3
Serveurs IMAP Courier : TLS_PROTOCOL="TLS1_2:TLS1_1:TLS1"
Côté Clients:
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0
http://blog.erratasec.com/2014/10/some-poodle-notes.html
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
— Permalien
Rainer Gerhards, the rsyslog project leader, reported a vulnerability in Rsyslog, a system for log processing. As a consequence of this vulnerability an attacker can send malformed messages to a server, if this one accepts data from untrusted sources, and trigger a denial of service attack.
For the stable distribution (wheezy), this problem has been fixed in version 5.8.11-3+deb7u1.
— Permalien
This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system.
The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage.
— Permalien
Recently a critical vulnerability has been found in TP-LINK routers and few other router devices. This particular vulnerability to which I am referring was described here. Basically it is so called ROM-0 attack. In short attacker by requesting ROM-0 through HTTP request (ie. http://192.168.1.1/ROM-0) can download all important and secret data stored in your router. This includes your ADSL login/password combination, WIFI password and basically all of your configuration data.
The list of vulnerable devices is presented below: