Security News #0x72
- We have another new attack on Adobe Flash. This one, Adobe Flash Player Type Confusion Remote Code Execution works against IE6 through IE 10 and Flash 11.7, 11.8 and 11.9 prior to 11.9.900.170. The underlying problem here is CVE 2013-5331. Unlike Adobe Flash Player Integer Underflow Remote Code Execution mentioned last week, this one did not appear to affect my Windows 8 test system, probably because the unpatched system had too old a version of Flash.
- Metasploit also has a new attack on OpenSSH. Now don’t get tooo excited. This is a timing attack on usernames; essentially the difference in response times can be used to guess is a username is present on a system. The module is SSH Username Enumeration.
- There are now a couple of proof-of-concept exploits available for a root privilege escalation attack on Linux systems. The underlying problem is a race condition leading to memory corruption (CVE 2014-0196.) These are not simple, fire & forget exploits; as only PoCs they do require some additional work to actually get the exploit to work. Interested folks may want to take a look at the reddit and the discussion of the bug over at Red Hat. One worrying fact about this problem is that it apparently has been in the kernel since 2009.
- Students interested in research projects should take a long look at the Mozilla Winter of Security. It looks like a neat opportunity for the right students!
- If you want to learn about and understand how binary exploitation works, you should take a look at From Fuzzing to 0-Day over at techorganic.com. This is a great piece that shows how our intrepid attacker worked the process of finding a vulnerability, seeing what it did, and then building a (reliable) exploit for the problem. Sure, it is for Windows XP, so it avoids DEP and ASLR, but it is a great place to start learning.
- Mubix has a nice piece on a few different methods besides the venerable
psexecto perform pass the hash attacks on Windows systems. The fact that it comes in Python just adds to its juicy goodness.
- And if you have not seen the page of static web server one-liners, take a look and bookmark the page!
- I am always on the lookout for hacks against silly things, like TVs or cars. Well, what about hacking an electrical outlet?