Home > Uncategorized > Security News #0x41

Security News #0x41

  • Nginx 1.3.9 & 1.4.0 are open to remote code execution. This has been announced as CVE 2013-2028, but it does not yet seem to have propagated to the CVE database. As is often the case, the folks at Metasploit have a module, though it targets only nginx 1.4.0 on either Ubuntu 13.04 or Debian Squeeze. VNSecurity provides an analysis of the problem.
  • Joe Damato has a great explanatory piece on semtex.c, which exploits the recent Linux privilege escalation vulnerability (CVE 2013-2094).
  • In related news, the exploit has apparently been ported to 32-bit Debian systems.
  • I just spent some very enjoyable time with a blog post of Scott Sutherland. We all know that sometimes we are presented with a Windows system that is "locked down" in some way- a kiosk, or sometimes when a sysadmin decides to get a bit too enthusiastic with the old group policy. Because of the way Windows is built, often any little gap will let you get access to a shell. Once upon a time I needed to take some screen shots from a system that was locked down to prevent this. Well, a little work with the open file dialog in a notepad client got me the access I needed. Well, Scott has dozens of approaches on Windows systems old and new. I saw a lot of old favorites, and learned quite a number of new tricks.
  • Raphael Mudge has another nice piece on how to use Armitage to pivot in a network to avoid detection, this time by an IDS.
  • Ars Technica reports that the 2009 Aurora attacks against Google may have been a counter-intelligence operation to determine whom the US government was wiretapping, rather than a simple attack against Google and Chinese dissidents as originally thought.
  • An updated version of Cain & Abel has been released.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: