Home > Uncategorized > Security News #0x44

Security News #0x44

Exploits
  • There is a new Metasploit module to exploit MS13-037 (CVE 2013-2551). This is a vulnerability in Internet Explorer, and the module can exploit Internet Explorer 8 on Windows 7 with Service Pack 1, using either Java 6 or a particular version of ntdll.dll (6.1.7601.17514 or 6.1.7601.17725) to provide the ROP chain. Eric Romang has a demo. This exploit was used by VUPEN used in March in Pwn2Own 2013.
  • There is a new Metasploit module to exploit CVE 2013-1488, a vulnerability in Java up through Java 7 Update 17. Like the other Java 7 U 17 exploit in Metasploit (Java Applet Reflection Type Confusion Remote Code Execution, CVE 2013-2423), I have been unable to get either of these to successfully exploit a Windows 7 (x64) SP 1 / Java 7 U17 target when the target is using only the 64 bit version of Java. If the target is running the 32-but version, then I can get a shell, after acknowledging using an insecure version of Java and allowing the applet to run:
    Windows 7 SP1 x64- Daneel-2013-06-16-13-57-13 Windows 7 SP1 x64- Daneel-2013-06-16-13-57-37
    Exploit
                                                        

  • Exploit-db has new code to exploit CVE 2013-2094, the Linux PERF privilege escalation exploit. This code is brought to us by Andrea Bittau, and is meant to support more targets. It still seems to apply to x64 systems though.
  • There is a DoS vulnerability in WordPress 3.5.1. What is interesting about this vulnerability is how the discoverer carefully traces the source code to explain the underlying cause; if you are a student, then this is definitely worth a look. The underlying vulnerability is probably CVE 2013-1723, though the number hasn’t been officially assigned yet.
  • The same author (Krzysztof Katowicz-Kowalewski) found another DoS vulnerability, this one in Fail2ban 0.8.9; again the explanation on the blog is well worth reading for students.
Security Tools
  • Now that Mimikatz has been incorporated into Metasploit, you may want to learn some of its other abilities: like the ability to steal user certificates.
  • Did you know that you can use CTRL-T in Armitage to take screenshots? Well, I didn’t. Read on for more exploit management techniques.
  • And speaking of Metasploit, did you know that you can use awk for your Metasploit shell?
Industry News
  • MS13-051 (CVE 2013-1331) is a vulnerability in Microsoft Office 2003 SP3 and Office 2011 for Mac. Microsoft reports that it is currently being used in targeted 0-day attacks.
  • Bruce Schneier has a must read piece on how we are all essentially becoming serfs and vassals to the IT corporate lords who hold our data.
  • Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: