Hiển thị các bài đăng có nhãn Zero Day. Hiển thị tất cả bài đăng
Hiển thị các bài đăng có nhãn Zero Day. Hiển thị tất cả bài đăng

Thứ Bảy, 23 tháng 11, 2013

Trend Micro IWSS 3.1 privilege escalation

Date Disclosed:
10/25/2011

Date Patched:
Patch Not Yet Available

Vendor:
Trend Micro
Affected Software:
Trend Micro InterScan Web Security Suite for Linux and Solaris 3.1 and prior
Description:

The Trend Micro InterScan Web Security Suite (IWSS) will run scripts titled either "PatchExe.sh" or "RollbackExe.sh" out of the current directory with root privileges regardless of the privileges with which the  IWSS was initially launched with.  Successful exploitation would give an attacker root level access to the target machine.
Severity:
High
Code Execution:
Yes
Impact:
Local Elevation of Privilege to root privileges
This local vulnerability allows an attacker with file write privileges to run arbitrary scripts under the context of system root.
Mitigation:
No mitigation has been provided.
Protection:

Links:

Status:
10.25.2011 - Public Information Released
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

Trend Micro InterScan Messaging Multiple Vulnerabilities

Date Disclosed:
9/13/2012

Date Patched:
Patch not available.

Vendor:
Trend Micro
Affected Software:
Trend Micro InterScan Messaging Security Suite Version 7.1-Build_Win32_1394
Description:

InterScan Messaging Security Suite is vulnerable to multiple cross-site scripting vulnerabilities and a cross-site request forgery vulnerability. These could be used by an attacker to execute an arbitrary script in the context of a logged in user.
Severity:
Moderate
Code Execution:
Yes: arbitrary scripts can be executed.
Impact:

Arbitrary script execution
Attackers that successfully exploit this vulnerability will be able to execute scripts within the context of a currently logged in user. This could be used by attackers to perform unauthorized actions on behalf of target users.
Mitigation:
No mitigation is currently available.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 17182 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day)
  • 17183 - Trend Micro InterScan Messaging Multiple Vulnerabilities (Zero-Day) - x64
Links:

Status:
2012-09-13: Original Disclosure
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

ProFTPd Denial of Service

Date Disclosed:
9/11/2013

Date Patched:
No patch available.

Vendor:
ProFTPd
Affected Software:

ProFTPd 1.3.4d and prior
ProFTPd 1.3.5rc3 and prior
Description:
A vulnerability within ProFTPd can be triggered when handling specially crafted TCP packets, causing a denial of service condition. This occurs during authentication.
Severity:
Moderate
Code Execution:
No.
Impact:

Denial of Service
Exploitation of this vulnerability will render the service on the affected system unresponsive while the memory of the system is exhausted. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.
Mitigation:
Deactivate the use of keyboard interactive authentication.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 30703 - ProFTPD Denial of Service (Zero-Day)
Links:

Status:
2013-09-11: Original Disclosure
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

VMware ESX/ESXi Server Multiple Vulnerabilities

Date Disclosed:
7/31/2013

Date Patched:
Patch Not Yet Available

Vendor:
VMware
Affected Software:
VMware ESX 4.0
VMware ESXi 4.0, 5.0, 5.1
Description:
VMware ESX and ESXi contain multible vulnerabilities due to bundled versions of libxml2, GNU TLS, OpenSSL, and the Linux kernel. Successful exploitation may result in elevation of privilege, information disclosure, or denial of service.
Severity:
High
Code Execution:
Yes.
Impact:
Elevation of Privilege

Of the various vulnerabilities present in VMware ESX and ESXi, the worst of which may allow an attacker to have an opportunity to elevate their privileges. This may allow them to perform actions that would normally be restricted from them, including the ability to access sensitive data and executing arbitrary code.
Mitigation:
No mitigations are currently available.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 19926 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESXi 5.1/5.0/4.0
  • 19927 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESX 4.0
Links:

Status:
2013-07-31 - VMware security advisory released
2013-08-06 - Linux MSR proof of concept released
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

IE 8/9 mshtml.dll NULL_IMPORT_DESCRIPTOR Use After Free

Date Disclosed:
9/17/2013

Date Patched:
Patch Not Yet Available

Vendor:
Microsoft
Affected Software:
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8 (in the wild, targeted attacks focusing on XP and 7)
Internet Explorer 9 (in the wild, targeted attacks focusing on XP and 7)
Internet Explorer 10
Internet Explorer 11


Description:

There is a use after free in Internet Explorer, that when combined with a non-ASLR Office DLL, can allow for remote code execution in the context of the currently logged on user. This attack has been spotted in the wild in Japan, in targeted attacks. The attack is not widespread yet. However, with the introduction of a Microsoft Fix it, attackers may be able to more easily deduce the vulnerability being targeted, and produce exploits.
Severity:
High
Code Execution:
Yes.
Impact:
Remote Code Execution
Exploitation of this vulnerability is possible through the use of methods like drive-by attacks. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
Mitigation:
Apply the Microsoft Fix it immediately to prevent exploitation. Additionally, EMET 4.0 mitigates this attack. Otherwise, use other browsers such as Chrome.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 30541 - Microsoft Internet Explorer MSHTML NULL_IMPORT_DESCRIPTOR (Zero-Day)
  • 30542 - Microsoft Internet Explorer MSHTML NULL_IMPORT_DESCRIPTOR (Zero-Day) - x64
Links:

Status:
2013-09-17 - Public advisory released
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

systemd Multiple Vulnerabilities

Date Disclosed:
9/20/2013

Date Patched:
No patch available.

Vendor:
Red Hat
Affected Software:
systemd 208 and prior
Description:

Multiple vulnerabilities exist within systemd:
CVE-2013-4391: An integer overflow allows a buffer overflow within systemd, which could be exploited by a remote attacker to cause a denial of service or execute arbitrary remote code within the context of the daemon's user.
CVE-2013-4392: A race condition in systemd could allow a local attacker to modify permissions in a way so as to elevate their permissions on the system.
CVE-2013-4393: A denial of service vulnerability within systemd, specifically in the journald functionality, could allow a local attacker to prevent users from being able to log in.
CVE-2013-4394: An elevation of privelege vulnerability exists within systemd, due to the way SetX11Keyboard() sanitized X Keyboard Extension layouts descriptions.
Severity:
High
Code Execution:
Yes. CVE-2013-4391 permits remote code execution.
Impact:

Local Elevation of Privilege (CVE-2013-4392 and CVE-2013-4394)
Local attackers exploiting this vulnerability will be able to elevate their privileges on a system. Attackers will likely leverage this to hide their presence on the compromised system.
 
Remote Code Execution (CVE-2013-4391)

Exploitation of this vulnerability is possible by forming a malicious request and sending it to the affected server. Remote attackers who successfully exploit this vulnerability will be able to execute arbitrary commands on the vulnerable system with the same rights as the web service.
 
Denial of Service (CVE-2013-4393)
Exploitation of this vulnerability will render the service on the affected system unresponsive for a limited time. This is a permanent denial of service, so attackers do not need to continue attacking the system to maintain the denial of service condition.
Mitigation:
No mitigations exist.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 30979 - systemd Multiple Vulnerabilities (20131009) (Zero-Day)
Links:

Status:

2013-09-20: Original Disclosure (CVE-2013-4391, CVE-2013-4392, and CVE-2013-4393)
2013-10-02: Original Disclosure (CVE-2013-4394)
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

Netgear WNDR3700 Bypass

Date Disclosed:
10/31/2013

Date Patched:
No patch available.

Vendor:
Netgear
Affected Software:

WNDR4700 router
WNDR3700v4 router
Possibly other routers
1.0.1.42 firmware and prior
Description:

Affected devices are vulnerable to a security bypass flaw that permits attackers to access any part of the management interface of the device. If remote administration is enabled, this can be exploited from the Internet.
Severity:
High
Code Execution:
No
Impact:

Security Bypass
This vulnerability allows an attacker to bypass certain security restrictions on the system, allowing the attacker to gain unauthorized access to the system.
Mitigation:
To help mitigate WAN-based attacks, disable the administration interface for non-local network addresses.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 31286 - Netgear WNDR3700 Bypass (20131031) (Zero-Day)
  • 31234 - Multiple Router Vendor ping6 Command Injection (Zero-Day) - Remote
Links:

Status:
2013-10-31: Original Disclosure
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

Internet Explorer MHTML Mime-Formatted Request Vulnerability

Date Disclosed:
9/23/2011

Date Patched:
No patch available.

Vendor:
Microsoft
Affected Software:
Microsoft Internet Explorer 8
Description:

Microsoft Internet Explorer ignores the file extension of the target document when parsing data with the MHTML protocol handler.  Successful exploitation could allow information disclosure via cross-site scripting.
Severity:
Moderate
Code Execution:
No
Impact:
Information Disclosure
By convincing a user to click on a specially crafted link, an attacker could execute script commands within the context of the user's browser.
Mitigation:
No mitigation has been provided.
Protection:

Links:

Status:
9.23.2011 - Public Information Released
Copyright ©1998-2011 eEye Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:

Microsoft Windows GDI+ Remote Code Execution

Date Disclosed:
11/5/2013

Date Patched:
Patch Not Yet Available

Vendor:
Microsoft
Affected Software:
Windows Vista SP2
Windows Server 2008 SP2
Office 2003 SP3
Office 2007 SP3
Office 2010 SP2
Lync 2010
Lync 2013
Description:



A specially crafted TIFF content may cause a memory corruption which can be leveraged to gain arbitrary remote code execution within the context of the currently logged on user. This vulnerability has been exploited in the wild in targeted attacks in the Middle East and South Asia. The primary attack vector has been an email with a malicious attachment.
Severity:
High
Code Execution:
Yes.
Impact:
Remote Code Execution
A remote attacker may convince a target user to open an Office document that contains maliciously crafted TIFF content. Once opened, the vulnerability will be exploited to give a remote attacker arbitrary code execution, within the context of the currently logged on user, on the target system.
Mitigation:
Apply the Microsoft Fix it. Avoid opening untrustworthy Office files. Use EMET to help mitigate exploitation.
Protection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
  • 31367 - Microsoft Windows GDI+ Remote Code Execution (20131105) (Zero-Day)
Links:

Status:
2013-11-5 - Microsoft advisory released
Copyright ©1998-2011 eEye Digital Security
Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
Người đăng: vào lúc Không có nhận xét nào:
Nhãn:
Đăng ký: Bài đăng (Atom)