Security News #0x44
- There is a new Metasploit module to exploit MS13-037 (CVE 2013-2551). This is a vulnerability in Internet Explorer, and the module can exploit Internet Explorer 8 on Windows 7 with Service Pack 1, using either Java 6 or a particular version of ntdll.dll (6.1.7601.17514 or 6.1.7601.17725) to provide the ROP chain. Eric Romang has a demo. This exploit was used by VUPEN used in March in Pwn2Own 2013.
- There is a new Metasploit module to exploit CVE 2013-1488, a vulnerability in Java up through Java 7 Update 17. Like the other Java 7 U 17 exploit in Metasploit (Java Applet Reflection Type Confusion Remote Code Execution, CVE 2013-2423), I have been unable to get either of these to successfully exploit a Windows 7 (x64) SP 1 / Java 7 U17 target when the target is using only the 64 bit version of Java. If the target is running the 32-but version, then I can get a shell, after acknowledging using an insecure version of Java and allowing the applet to run:
- Exploit-db has new code to exploit CVE 2013-2094, the Linux PERF privilege escalation exploit. This code is brought to us by Andrea Bittau, and is meant to support more targets. It still seems to apply to x64 systems though.
- There is a DoS vulnerability in WordPress 3.5.1. What is interesting about this vulnerability is how the discoverer carefully traces the source code to explain the underlying cause; if you are a student, then this is definitely worth a look. The underlying vulnerability is probably CVE 2013-1723, though the number hasn’t been officially assigned yet.
- The same author (Krzysztof Katowicz-Kowalewski) found another DoS vulnerability, this one in Fail2ban 0.8.9; again the explanation on the blog is well worth reading for students.
- Now that Mimikatz has been incorporated into Metasploit, you may want to learn some of its other abilities: like the ability to steal user certificates.
- Did you know that you can use CTRL-T in Armitage to take screenshots? Well, I didn’t. Read on for more exploit management techniques.
- And speaking of Metasploit, did you know that you can use awk for your Metasploit shell?
- MS13-051 (CVE 2013-1331) is a vulnerability in Microsoft Office 2003 SP3 and Office 2011 for Mac. Microsoft reports that it is currently being used in targeted 0-day attacks.
- Bruce Schneier has a must read piece on how we are all essentially becoming serfs and vassals to the IT corporate lords who hold our data.