Security News

[SECURITY] [DSA 4519-1] libreoffice security update

Bug Traq - 10 September, 2019 - 10:41

Posted by Moritz Muehlenhoff on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4519-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 08, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2019-9854

It was...

NtFileSins / Windows NTFS Privileged File Access Enumeration Tool

Bug Traq - 10 September, 2019 - 10:36

Posted by apparitionsec on Sep 10

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE hand out a default "Access Denied" error message,
# when a file exists or doesn't exist, when...

[SECURITY] [DSA 4518-1] ghostscript security update

Bug Traq - 10 September, 2019 - 10:32

Posted by Salvatore Bonaccorso on Sep 10

-------------------------------------------------------------------------
Debian Security Advisory DSA-4518-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 07, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : ghostscript
CVE ID : CVE-2019-14811 CVE-2019-14812...

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Bug Traq - 10 September, 2019 - 10:28

Posted by Kevin Kotas on Sep 10

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...

NtFileSins v2.1 / Windows NTFS Privileged File Access Enumeration Tool

Full Disclosure - 9 September, 2019 - 16:52

Posted by hyp3rlinx on Sep 09

Fixed a bug in the save report logic.

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2.1
# Fixed: save() logic to log report in case no Zone.Identifiers found.
# Added: Check for Zone.Identifer:$DATA to see if any identified files were
downloaded from internet.
#
# Windows File Enumeration Intel Gathering.
# Standard users can prove existence of privileged user artifacts.
#
# Typically, the Windows commands DIR or TYPE...

CVE-2018-18809 Path traversal in Tibco JasperSoft

Full Disclosure - 9 September, 2019 - 16:52

Posted by Elar Lang on Sep 09

Title: CVE-2018-18809 Path traversal in Tibco JasperSoft
Credit: Elar Lang / https://security.elarlang.eu
Vendor/Product: Tibco JasperSoft (https://www.jaspersoft.com/)
Vulnerability: Path traversal
CVE: CVE-2018-18809

# Path traversal
Vulnerability is in reportresource/reportresource/ service and in resource
parameter. There is "defence" - value for resource param must start with
net/sf/jasperreports/.

Available for remote not...

Core FTP LE Version 2.2, build 1935 - Local Buffer Overflow (SEH Unicode)

Full Disclosure - 9 September, 2019 - 16:52

Posted by Debashis Pal on Sep 09

#!/usr/bin/python

# Exploit Title: Core FTP LE Version 2.2, build 1935 - Local Buffer
Overflow (SEH Unicode)
# Vulnerability Details: Core FTP LE Version 2.2, build 1935 is prone to a
buffer overflow vulnerability that may result in a DoS user local folder
selection pane
# Exploit Type : DOS
# Date: 08-Sep-2019
# Vulnerable Software: Core FTP LE
# Version: Version 2.2, build 1935
# Vendor Homepage: http://www.coreftp.com/
# Software Link:...

CA20190904-01: Security Notice for CA Common Services Distributed Intelligence Architecture (DIA)

Full Disclosure - 9 September, 2019 - 16:51

Posted by Kevin Kotas via Fulldisclosure on Sep 09

CA20190904-01: Security Notice for CA Common Services Distributed
Intelligence Architecture (DIA)

Issued: September 4th, 2019
Last Updated: September 4th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Common Services in the Distributed
Intelligence Architecture (DIA) component. A vulnerability exists,
CVE-2019-13656, that can allow a remote attacker to execute arbitrary
code. CA published solutions...

Re: CVE 2019-13224 (UAF in PHP and Ruby regex lib)

Full Disclosure - 9 September, 2019 - 16:50

Posted by Marcin Kozlowski on Sep 09

Hi list,

Read about potential UAF in PHP and Ruby via regex library "oniguruma" (for
example here:
https://thehackernews.com/2019/09/php-programming-language.html)

However, I didn't find default PHP and Ruby vulnerable:

https://github.com/kkos/oniguruma/issues/153

My investigation showed the onig_new_deluxe() is not used by default.
However, modified PHP to use it and fuzzed it and was able to reproduce UAF
in 7 mins :)

Write...

NtFileSins v2 / Windows NTFS Privileged File Access Enumeration Tool

Full Disclosure - 9 September, 2019 - 16:48

Posted by hyp3rlinx on Sep 09

NtFileSins v2, exploits Windows privileged file access enumeration
vulnerability to gather intelligence on privileged users. This version
includes Zone.Identifier checks to see if any discovered files were
internet downloaded.

from subprocess import Popen, PIPE
import sys,argparse,re

# NtFileSins v2
# Added: Check for Zone.Identifer:$DATA to see if any identified files were
downloaded from internet.
#
# Windows File Enumeration Intel Gathering....

Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor & Command Execution Vulnerability

Full Disclosure - 9 September, 2019 - 04:16

Posted by Vulnerability Lab on Sep 09

Document Title:
===============
Dabman & Imperial (i&d) Web Radio Devices - Undocumented Telnet Backdoor
& Command Execution Vulnerability

References (Source):
====================
https://www.vulnerability-lab.com/get_content.php?id=2183

Video: https://www.vulnerability-lab.com/get_content.php?id=2190

Vulnerability Magazine:...

Re: Longer form questions

Daily Dave - 6 September, 2019 - 14:13

Posted by John Lampe on Sep 06

I think Dave nailed it when he said "anomaly detection algorithm". There is
still value in being able to take netflow data, ip intel, protocol hashing
and enumeration (even encrypted ones), client fingerprinting, and a lot of
other things and bringing that all together. Call it a NIDS, passive
scanner, whatever...it's still an integral part of security. oh, and the
places where those tools live is prime real estate. If you're...

Re: Longer form questions

Daily Dave - 6 September, 2019 - 12:30

Posted by Allen DeRyke on Sep 06

Network security monitoring is alive and well; netflow, bro, zeek, and
packet capture are incredibly valuable data sources for DFIR and "threat
hunting" purposes; however signature-based IDS as a primary detection
mechanism has always been a bit of a story that vendors sell blue teams to
sleep better at night. The metadata tools do raise the bar for your
adversaries opsec, and the ugly reality is that these tools help us "get...

Re: Longer form questions

Daily Dave - 6 September, 2019 - 12:28

Posted by Konrads Smelkovs on Sep 06

1) no egress monitoring at network level means very limited clue on first
signs of trouble and timeline
2) network traffic monitoring can point out anomalies very early on.
3) the idea that because a vendor has painted a solution architecture where
everything logs centrally or EDR works all the time is imaginary.
Netflows/Tiered network meta-data provides a solid fallback.

The biggest problem with network monitoring is “cloud”. There is less...

Re: Longer form questions

Daily Dave - 6 September, 2019 - 12:24

Posted by Nick Selby on Sep 06

I agree with Chris, and I like Anton's question: usually the people who say
NIDS is dead are those who are complaining that NIDS doesn't do some thing
that they think NIDS should and does not do - case in point, detecting all
evil. NIDS is not the answer to securing a network but then, nothing is
*the* answer. As a veteran of a lot of incident responses, I can state that
most of the time, the network is not owned by super ninjas - or if...

Re: Totaljs CMS authenticated path traversal (could lead to RCE)

Full Disclosure - 6 September, 2019 - 12:02

Posted by paw on Sep 06

Update:

[+] CVE-id: CVE-2019-15952

Il 30/08/19 19:45, paw ha scritto:

Windows NTFS / Privileged File Access Enumeration

Full Disclosure - 6 September, 2019 - 12:00

Posted by hyp3rlinx on Sep 06

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft.
Starting with Windows NT 3.1, it is the default file system of the Windows
NT family.

[Vulnerability Type]...

[SECURITY] [DSA 4517-1] exim4 security update

Bug Traq - 6 September, 2019 - 06:29

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4517-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 06, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : exim4
CVE ID : CVE-2019-15846

"Zerons"...

Windows NTFS / Privileged File Access Enumeration

Bug Traq - 6 September, 2019 - 06:27

Posted by apparitionsec on Sep 06

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-NTFS-PRIVILEGED-FILE-ACCESS-ENUMERATION.txt
[+] ISR: ApparitionSec

[Vendor]
www.microsoft.com

[Product]
Windows NTFS

NTFS is a proprietary journaling file system developed by Microsoft. Starting with Windows NT 3.1, it is the default
file system of the Windows NT family....

[SECURITY] [DSA 4516-1] firefox-esr security update

Bug Traq - 6 September, 2019 - 06:22

Posted by Moritz Muehlenhoff on Sep 06

-------------------------------------------------------------------------
Debian Security Advisory DSA-4516-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 05, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package : firefox-esr
CVE ID : CVE-2019-9812 CVE-2019-11740...
Syndicate content