Security News #0x41
- Nginx 1.3.9 & 1.4.0 are open to remote code execution. This has been announced as CVE 2013-2028, but it does not yet seem to have propagated to the CVE database. As is often the case, the folks at Metasploit have a module, though it targets only nginx 1.4.0 on either Ubuntu 13.04 or Debian Squeeze. VNSecurity provides an analysis of the problem.
- Joe Damato has a great explanatory piece on semtex.c, which exploits the recent Linux privilege escalation vulnerability (CVE 2013-2094).
- In related news, the exploit has apparently been ported to 32-bit Debian systems.
- I just spent some very enjoyable time with a blog post of Scott Sutherland. We all know that sometimes we are presented with a Windows system that is "locked down" in some way- a kiosk, or sometimes when a sysadmin decides to get a bit too enthusiastic with the old group policy. Because of the way Windows is built, often any little gap will let you get access to a shell. Once upon a time I needed to take some screen shots from a system that was locked down to prevent this. Well, a little work with the open file dialog in a notepad client got me the access I needed. Well, Scott has dozens of approaches on Windows systems old and new. I saw a lot of old favorites, and learned quite a number of new tricks.
- Raphael Mudge has another nice piece on how to use Armitage to pivot in a network to avoid detection, this time by an IDS.
- Ars Technica reports that the 2009 Aurora attacks against Google may have been a counter-intelligence operation to determine whom the US government was wiretapping, rather than a simple attack against Google and Chinese dissidents as originally thought.
- An updated version of Cain & Abel has been released.