Security News
Re: Longer form questions
Posted by Chris Rohlf on Sep 06
I think netflows have a lot of value in production and corp environments.But if the question is ‘can NIDS, now or in the future, detect client side
remotes against scriptable targets’ then the answer is a resounding no.
NIDS in server environments simply can’t scale up enough or model the
complex tech stacks they sit in front of.
Sure you can write a signature to match a single exploit instance but its
easily bypassed, and requires...
AST-2019-005: Remote Crash Vulnerability in audio transcoding
Posted by Asterisk Security Team on Sep 06
Asterisk Project Security Advisory - AST-2019-005Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
Re: Longer form questions
Posted by Anton Chuvakin on Sep 06
Wow, indeed, so 2007, this brings back memories ....But on a more serious note: do you guys truly think that network security
monitoring (whether NIDS, network forensics / capture, "NTA / NDR", Bro /
Zeek and such) is "dead dead"? And there no hope for any
zombie-apocalypse-style revival? :-)
AST-2019-004: Crash when negotiating for T.38 with a declined stream
Posted by Asterisk Security Team on Sep 06
Asterisk Project Security Advisory - AST-2019-004Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...
Re: Longer form questions
Posted by Chris Rohlf on Sep 05
I’ve been happily ignoring Twitter the last few weeks so when I saw a DDpost come in I got excited and felt nostalgic for 2007, which
coincidentally this thread reminds me of. Not just because Dave is trolling
Rob but also because I thought the idea of network based protocol and file
parsers died around that time. How many HTTP implementation quirks does the
Snort engine implement these days? Back then it was almost none. But what
about now?...
Re: Longer form questions
Posted by Dave Aitel on Sep 05
https://blog.talosintelligence.com/2019/09/the-latest-on-bluekeep-and-dejablue.htmlOk, so as someone pointed out in private email, they have a blog that goes
through a 20 step process to exporting your private key from your RDP
server to the MITM box that is parsing the protocol. I think this is an
unlikely configuration, but in theory it IS possible. An anomaly detection
algorithm might be a better option for real world detection, even though...
AST-2019-005: Remote Crash Vulnerability in audio transcoding
Posted by Asterisk Security Team on Sep 05
Asterisk Project Security Advisory - AST-2019-005Product Asterisk
Summary Remote Crash Vulnerability in audio transcoding
Nature of Advisory Denial of Service
Susceptibility Remote Unauthenticated Sessions
Severity Minor...
AST-2019-004: Crash when negotiating for T.38 with a declined stream
Posted by Asterisk Security Team on Sep 05
Asterisk Project Security Advisory - AST-2019-004Product Asterisk
Summary Crash when negotiating for T.38 with a declined
stream
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions...
[slackware-security] seamonkey (SSA:2019-247-01)
Posted by Slackware Security Team on Sep 05
[slackware-security] seamonkey (SSA:2019-247-01)New seamonkey packages are available for Slackware 14.2 and -current to
fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/seamonkey-2.49.5-i586-1_slack14.2.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
http://www.seamonkey-project.org/releases/2.49.5
(* Security...
SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
Posted by SEC Consult Vulnerability Lab on Sep 04
SEC Consult Vulnerability Lab Security Advisory < 20190904-0 >=======================================================================
title: Multiple vulnerabilities
product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,
Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,
Cisco 160W
vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15...
SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
Posted by SEC Consult Vulnerability Lab on Sep 04
SEC Consult Vulnerability Lab Security Advisory < 20190904-0 >=======================================================================
title: Multiple vulnerabilities
product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,
Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,
Cisco 160W
vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15...
[SECURITY] [DSA 4515-1] webkit2gtk security update
Posted by Moritz Mühlenhoff on Sep 04
-------------------------------------------------------------------------Debian Security Advisory DSA-4515-1 security () debian org
https://www.debian.org/security/ Alberto Garcia
September 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : webkit2gtk
CVE ID : CVE-2019-8644 CVE-2019-8649...
Longer form questions
Posted by Dave Aitel on Sep 04
So I like the BLUEKEEP marketing train because it's a very hard bug todetect authoritatively for either endpoint protection or for network-based
defenses. So when companies make claims about it, it's worth asking how
they did that. Twitter is a terrible place for that, but since I know
everyone in the industry who does this kind of thing is on this list I
figured I'd ask here...
-dave...
[SECURITY] [DSA 4514-1] varnish security update
Posted by Moritz Muehlenhoff on Sep 04
-------------------------------------------------------------------------Debian Security Advisory DSA-4514-1 security () debian org
https://www.debian.org/security/ Moritz Muehlenhoff
September 04, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : varnish
CVE ID : CVE-2019-15892
Alf-Andre Walla...
[SECURITY] [DSA 4513-1] samba security update
Posted by Salvatore Bonaccorso on Sep 04
-------------------------------------------------------------------------Debian Security Advisory DSA-4513-1 security () debian org
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2019 https://www.debian.org/security/faq
-------------------------------------------------------------------------
Package : samba
CVE ID : CVE-2019-10197
Stefan Metzmacher...
One Identity Defender - Insecure Cryptographic Storage
Posted by spicyitalian--- via Fulldisclosure on Sep 03
Title: One Identity Defender - Insecure Cryptographic StorageDate: 01 September 2019
Affected Software:
==================
One Identity Defender 5.9.3
Other versions are likely also vulnerable.
Insecure Cryptographic Storage:
==============================
Defender stores token seeds, PAP secrets, and user passwords in Active Directory attributes that are readable by all
authenticated users. Defender passwords are hashed using MD5 in...
Totaljs CMS Broken Access Control on the API call
Posted by paw on Sep 03
[+] Author/Discoverer: Riccardo Krauter @CertimeterGroup[+] Title: Totaljs CMS Broken Access Control on the API call
[+] Affected software: Totaljs CMS 12.0
[+] Description: An authenticated user with limited privileges can get
access to resource that did not own by calling the associated API.
The CMS manage correctly the privilege only for the front-end resource
path, but it does not the same for the API request. This lead to
vertical and...
Totaljs CMS Authenticated Code injection on widget creation
Posted by paw on Sep 03
[+] Author/Discoverer: Riccardo Krauter @CertimeterGroup[+] Title: Totaljs CMS Authenticated Code injection on widget creation.
[+] Affected software: Totaljs CMS 12.0
[+] Description:
An authenticated user with “widgets” privilege can gain RCE on the
remote server by creating a malicious widget with a special tag
containing java-script code that will be evaluated server side.
In the process of evaluating the tag by back-end is...
Totaljs CMS Insecure Admin Session cookie
Posted by paw on Sep 03
[+] Author/Discoverer: Riccardo Krauter @CertimeterGroup[+] Title: Totaljs CMS Insecure Admin Session cookie
[+] Affected software: Totaljs CMS 12.0
[+] Description:
A low privilege user can easily crack the owned cookie to obtain the
“random” values inside it. If this user can leak a session cookie owned
by another admin, then it’s possible to brute force it with O(n)=2n
instead of O(n)=n^x complexity and steal the admin password....
Totaljs CMS authenticated path traversal (could lead to RCE)
Posted by paw on Sep 03
*Totaljs CMS authenticated path traversal (could lead to RCE)*[+] Author/Discoverer: Riccardo Krauter @CertimeterGroup
**
[+] Title: Totaljs CMS authenticated path traversal (could lead to RCE)
[+] Affected software: Totaljs CMS 12.0
[+] Description: An authenticated user with “Pages” privilege can
include via path traversal attack (../) .html files that are outside the
permitted directory. Also if the page contains template directive,...
