Saturday, November 2, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Remote Command Execution

Independent Securiteam 

SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

admin , ,

Credit to Author: SSD / Maor Schwartz| Date: Mon, 01 Jan 2018 10:41:38 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in D-Link DSL-6850U versions BZ_1.00.01 – BZ_1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found are: Default Credentials Remote Command Execution Credit An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor … Continue reading SSD Advisory – D-Link DSL-6850U Multiple Vulnerabilities

Read more
Independent Securiteam 

SSD安全公告-Endian防火墙从存储型XSS到远程命令执行

admin , , , ,

Credit to Author: SSD / Maor Schwartz| Date: Mon, 11 Dec 2017 09:17:06 +0000

漏洞概要 以下安全公告描述了在Endian防火墙5.0.3版本中存在的一个存储型XSS漏洞,成功利用该漏洞可造成远程代码执行。 Endian防火墙是一个“专注Linux安全的发行版本,,它是一个独立的,统一的安全管理操作系统。 Endian防火墙基于强化的Linux操作系统。” 漏洞提交者 一位独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 厂商已经发布针对该漏洞的补丁。获取更多信息: https://help.endian.com/hc/en-us/articles/115012996087 漏洞详细信息 Endian防火墙是基于Linux的防火墙/网关。 它使用不同的颜色来标记其trusted,untrusted 和DMZ网络: 绿色 – trusted网络 红色 – untrusted 网络 橙色 – DMZ 蓝色 – WiFi 用户可控的输入没有经过充分过滤,通过从untrusted 网络(红色)发送电子邮件到DMZ上的邮件服务器(橙色),Endian防火墙会把来自untrusted 网络的电子邮件隔离。 当来自trusted网络(绿色)的用户登录到Endian Firewall WebAdmin并检查隔离区中的电子邮件(Services > Mail Quarantine > quarantine)时,会执行存储型XSS脚本。 漏洞证明 配置环境 安装Endian防火墙虚拟机并设置防火墙网络接口为以下IP: 绿色 – 192.168.0.190 红色 – 192.168.0.192 设置以下密码: Web管理员(admin/Password1) SSH管理员(root/Password1) 连接Webadmin接口,添加ORANGE网络并更改GREEN … Continue reading SSD安全公告-Endian防火墙从存储型XSS到远程命令执行

Read more
Independent Securiteam 

SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

admin , , ,

Credit to Author: SSD / Maor Schwartz| Date: Mon, 04 Dec 2017 09:37:02 +0000

Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Coredy CX-E120 Repeater. The Coredy CX-E120 WiFi Range Extender is “a network device with multifunction, which can be using for increasing the distance of a WiFi network by boosting the existing WiFi signal and enhancing the overall signal quality over long distances. An extender … Continue reading SSD Advisory – Coredy CX-E120 Repeater Multiple Vulnerabilities

Read more
Independent Securiteam 

SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution

admin , ,

Credit to Author: SSD / Maor Schwartz| Date: Mon, 27 Nov 2017 13:45:53 +0000

Vulnerability Summary The following advisory describes a remote command execution vulnerability found in Synology StorageManager. Storage Manager is “a management application that helps you organize and monitor the storage capacity on your Synology NAS. Depending on the model and number of installed hard drives, Storage Manager helps you accomplish the following tasks: Create different types … Continue reading SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution

Read more
Independent Securiteam 

SSD Advisory – DblTek Multiple Vulnerabilities

admin , , ,

Credit to Author: SSD / Maor Schwartz| Date: Tue, 21 Nov 2017 12:14:39 +0000

Vulnerabilities summary The following advisory describes 2 (two) vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 16, and 32-channel in order to meet the wide range of market … Continue reading SSD Advisory – DblTek Multiple Vulnerabilities

Read more
Independent Securiteam 

SSD安全公告-思科UCS平台模拟器远程代

admin , , , ,

Credit to Author: SSD / Maor Schwartz| Date: Tue, 14 Nov 2017 12:27:06 +0000

漏洞概要 以下安全公告描述了在思科UCS平台模拟器3.1(2ePE1)中发现的两个远程代码执行漏洞。 思科UCS平台模拟器是捆绑到虚拟机(VM)中的Cisco UCS Manager应用程序,VM包含模拟思科统一计算系统(Cisco UCS)硬件通信的软件,思科统一计算系统(Cisco UCS)硬件由思科UCS Manager配置和管理。 例如,你可以使用思科UCS平台模拟器来创建和测试支持的思科UCS配置,或者复制现有的思科UCS环境,以进行故障排除或开发。 在思科UCS平台模拟器中发现的漏洞是: 未经验证的远程代码执行漏洞 经认证的远程代码执行漏洞 一名独立的安全研究者向 Beyond Security 的 SSD 报告了该漏洞。 厂商响应 厂商已经发布了该漏洞的补丁,并发布以下CVE: CVE-2017-12243 漏洞详细信息 未经验证的远程代码执行漏洞 由于用户的输入在传递给IP/settings/ping函数时没有进行充分的过滤,导致未经身份验证的攻击者可以通过ping_NUM和ping_IP_ADDR参数注入命令,这些命令将在远程机器上以root身份执行。 漏洞证明 [crayon-5a0b6be0a3646409145393/] 通过发送以上请求之一后,思科 UCS响应如下: [crayon-5a0b6be0a364d408882306/] 经认证的远程代码执行漏洞 思科UCS平台模拟器容易受到格式字符串漏洞的攻击,导致远程代码执行。 思科UCS平台模拟器默认运行一个SSH服务器,通过ssh登录的用户运行以下命令: [crayon-5a0b6be0a3651407130446/] 得到下面的响应: [crayon-5a0b6be0a3653646969713/] 可以看到,通过执行ssh“show sel %x”命令,我们用libsamvsh.so中的system函数覆写了_ZN7clidcos15CommandEmulator16cli_param_filterEPKc函数的入口。 漏洞证明 为了利用此漏洞,请按照以下说明操作: 使用以下用户名和密码在vm上安装ucspe(安装全部3个网卡): 默认的ucspe用户:ucspe 默认的ucspe密码:ucspe 运行ucspe并记下ucspe的ip地址(在控制台可以看到“Connected to IP: ….”) 在这次漏洞证明中,我们将会使用ip-192.168.1.43。 在另一台机器上打开两个终端(例如Kali) 首先,在第一个终端上执行如下操作: 创建poc目录,将poc4_ucspe_3.1.2e.py放入poc目录,然后将当前目录改为poc目录 创建fifo1: [crayon-5a0b6be0a3656341006860/] 创建输出目录: [crayon-5a0b6be0a3658354860561/] … Continue reading SSD安全公告-思科UCS平台模拟器远程代

Read more
Independent Securiteam 

SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

admin , , ,

Credit to Author: SSD / Maor Schwartz| Date: Wed, 01 Nov 2017 05:08:10 +0000

Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.1(2ePE1). Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a virtual machine (VM). The VM includes software that emulates hardware communications for the Cisco Unified Computing System (Cisco UCS) hardware that is configured … Continue reading SSD Advisory – Cisco UCS Platform Emulator Remote Code Execution

Read more
Independent Securiteam 

SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

admin , , ,

Credit to Author: SSD / Maor Schwartz| Date: Wed, 18 Oct 2017 14:00:07 +0000

Vulnerability Summary The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3. Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.” Credit An … Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Read more