Security News #0x13: PwnSQL

Now that I am back home after CISSE; I can start to get caught up on the security news- and boy is there a lot this week! MySQL and Internet Explorer got hammered, and Metasploit code was released to attack MS Word as well.

• Let’s start with MySQL. The original announcement of trouble occurred on Saturday June 9; the problem is that some versions of MySQL do not check their passwords correctly and so have a small chance of authenticating a user with the wrong password; just a few hundred attempts is sufficient! This has been reported as CVE 2012-2122. The Metasploit folks have a nice blog post that describes the issue. As might be expected, this ended up as a Metasploit Module quite quickly. Not, mind you that you need anything so complex as Metasploit. Dave Kennedy has a four line Python script to perform the attack.
• There are two serious vulnerabilities in Internet Explorer that are currently being exploited in the wild. These have just been added to Metasploit and apparently one is still unpatched. They are CVE-2012-1889 and CVE 2012-1875 / MS12-037.
• Exploit code for MS12-005, a vulnerability in Microsoft Word 2007/2010 on Windows 7 was added to Metasploit.
• Eric Romang has demos of some of these attacks:
  • MS12-005 / MS Office.
  • MS12-037 / IE.
  • CVE 2012-1889 / IE.
  • CVE 2012-2122 / MySQL.
• Anestis Bechtsoudis has a post on the use of SSH proxies with Metasploit.
• In a recent practice for the Cyber Defense team, we analyzed a Wireshark packet capture looking for the packets from a traceroute command. Well, the folks at securitytube just put up a video demonstration of a (Windows) tracetroute packet capture.
• If you have a password protected .pdf file and don’t have the password, you might want to try PDFCrack.
• Some folks have seen me grade the class labs and asked how I got the output of the Red Team nmap scans into such a nice html format. Zabomber has an explanation of how to get XML output from nmap.