MAAS History
Archives

Entries by drStrangeP0rk (171)

Thursday
Apr232009

Firefox 3.09 Update Fixes Memory Curruption and Same-Origin Violations

There are four crash bugs which leads to memory corruption. If the user had root privileges then an attack could execute code with those privileges. 

Same-Origin is a concept that relates to sscripting in web pages, this allows for the access of scripts originating from the same site to access each others methods and variables without limits. One involves Adobe Flash plug-in. This can allow attackers to execute scripts under the context of a legitimate web site, using cross site scripting (XXS) or cross-site request forgery (CSRF). 

It is recomended that this upodate be installed. 

Thursday
Apr162009

Zero Day Excel Flaw Patched from February 2009

The security bulletin describes an attackers ability to use a "malformed object" to cause a memory corruption allowing them to gain access to the system as that user. Without going into the importance of only doing general computer activities such as web surfing, reading email and performing office task as a limited user again users need to install this update. The attacker assumes the users permissions and can operate as such.

This update is available for download using the Microsoft Update tool in office. The flaw affects both Windows and Macintosh platforms. This flaw has been in the wild since February 2009 and is active across both platforms. 

Sunday
Apr052009

Proof of Concept Exploit Code Published

Six kernel vulnerabilities have been published which affect Mac OSX including 5 which can be used to exploit 10.5.6. They can be view on Milw0rm.com, see the link to the Apple specific exploits on the sidebar. These exploits can also affect Solaris kernels and FreeBSD. FreeBSD has been patched, Mac OSX has not as of yet.

Issue one exploits a remote heap overflow in AppleTalk network stack. The second and third exploits a memory leak which can cause the kernel to run out of memory. The fourth exploit relates to HFS vfs sysctl flaw which allows for a global variable to be altered without locking the mutual exclusion object (mutex). Mutex is used to allow multiple program threads to share resources, this is done by locking the mutex from other threads. In this case the locking process does not happen causing a potential of memory corruption.

The last has been know for some time, it relates to the HFS I/O control (IOCTL) handler. User supplied code can be inserted and executed with kernel level privileges. 

 

Friday
Apr032009

Microsoft Office PowerPoint Remote Code Execution

This affects MS Office SP3 2000, 2002, 2003 and MS Office 2004 Mac. An attacker can gain access to the user rights of systems running Microsoft Office Mac 2004 using specially crafted content in a PowerPoint document. This can be accomplished by sending the file to a unsuspecting user or downloading it from a site. The attacker can behave as the compromised user.

Again, user education is key to preventing this kind of attack. Only open documents from trusted sources, use MOICE (Windows OS) and do not open earlier versions of MS Office files. Since Office files are .ZIP files containing meta and content data it is important that trust policies be reiterated to users, namely if an Office document comes from an unknown source do not open it. This is also true of ICal files, mail, QT, etc. Never perform task such as email, office activities or web surfing as a system administrator or root. 

No updates at this time, see MS reference article attached for mitigation options.

Friday
Mar272009

OpenSSL Vulnerabilities 

What are considered moderate vulnerabilities in SSL/TLS which e-commerce sites and other sites using OpenSSL it is possible to cause a DoS attack by causing OpenSSL to crash. 

 

  1. ASN1 Printing Crash- CVE-2009-0590
  2. Incorrect Error Checking During CMS verification- CVE-2009-0591
  3. Invalid ASN1 clearing check- CVE-2009-00789