advisory – Page 2 – Insinuator.net

July 1, 2016 by Sven Nobis

Jenkins Remoting RCE II – The return of the ysoserial

Jenkins Logo

Jenkins is a continuous integration server, widely used in Java environments for building automation and deployment. The project recently disclosed an unauthenticated remote code execution vulnerability discovered by Moritz Bechler. Depending on the development environment, a Jenkins server can be a critical part of the infrastructure: It often creates the application packages that later will be deployed on production application servers. If an attacker can execute arbitrary code, s/he can easily manipulate those packages and inject additional code. Another scenario would be that the attacker stealing credentials, like passwords, private keys that are used for authentication in the deployment process or similar.

Continue reading “Jenkins Remoting RCE II – The return of the ysoserial”

Breaking

June 30, 2016 by Wojtek Przibylla

Some infos about SAP Security Note 2258786

On the 8th of March SAP released the security note for a vulnerability we reported during an assessment of a SAP landscape. The issue affects the SAP NetWeaver Web Administration Interface. By knowing a special URL a malicious user can acquire version information about the services enabled in the SAP system as well as the operating system used. We wanted to share some details on the issue.
Continue reading “Some infos about SAP Security Note 2258786”

Breaking

May 30, 2016 by Christopher Werny

CVE-2016-1409 – IPv6 NDP DoS Vulnerability in Cisco Software

Dear readers,

As you may have already noticed, Cisco released an urgent security advisory describing an IPv6 Neighbor Discovery DoS Vulnerability in several flavors of Cisco’s operating systems. Currently IOS-XR, XE and NX-OS are affected while ASA and “classic” IOS are under investigation. At first glance, it might look like yet another IPv6 DoS vulnerability. Looking closer, Cisco is mentioning an unauthenticated, remote attacker due to insufficient processing logic for crafted IPv6 NDP packets that are sent to an affected device. Following the public discussion about the vulnerability, it seems that these packets will reach the, probably low rate-limited, LPTS filter/queue on IOS XR devices “crowding” out legitimate NDP packets resulting in a DoS for IPv6 traffic, or in general a high CPU load as these packets will be processed by the CPU. More details are currently not available, but this might indicate the affected systems aren’t doing proper message validation checks on NDP packets (in addition to the LPTS filter/queue problem).

Continue reading “CVE-2016-1409 – IPv6 NDP DoS Vulnerability in Cisco Software”

Breaking

May 24, 2016 by Benjamin Schwendemann

WPAD Name Collision Vulnerability (TA16-144A)

Yesterday the US-CERT released a Technical Alert (TA16-144A) about the recently found WPAD Name Collision Vulnerability. We will give you a summary about the vulnerability as well as the basic mechanisms here.

Continue reading “WPAD Name Collision Vulnerability (TA16-144A)”

Breaking

May 23, 2016 by Olga Yanushkevich

BMC BladeLogic Vulnerabilities PoCs

Hi everyone!

A quick update: earlier in our blog we released BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543 vulnerabilities. Now the exploits are also available in our github if you want to check your systems 😉

Have a nice week,
Olga

Events

March 31, 2016 by Olga Yanushkevich

BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543

Hi everyone,

Hope those of you who attended Troopers16 enjoyed it as much as we did! In this post I want to summarize my Troopers16 talk and provide you with some details about freshly assigned CVE-2016-1542 and CVE-2016-1543 related to BMC BladeLogic software.
Continue reading “BMC BladeLogic: CVE-2016-1542 and CVE-2016-1543”

Breaking

December 17, 2015 by Felix Wilhelm

Xen XSA 155: Double fetches in paravirtualized devices

As part of my research on the security of paravirtualized devices, I reported a number of vulnerabilities to the Xen security team, which were patched today. All of them are double fetch vulnerabilities affecting the different backend components used for paravirtualized devices. While the severity and impact of these bugs varies heavily and is dependent on a lot of external factors, I would recommend patching them as soon as possible. In the rest of this blog post I’ll give a short teaser about my research with full details coming out in the first quarter of 2016 .

Continue reading “Xen XSA 155: Double fetches in paravirtualized devices”

Breaking

October 2, 2015 by Matthias Luft

VMware did it again: vCenter Remote Code Execution

Yesterday 7Elements released the description of a Remote Code Execution vulnerability in VMware vCenter. The information came in at a good point as I’m at the moment drafting a follow-up blogpost for this one which will summarize some of our approaches to virtualization security. The vCenter vulnerability is both quite critical and particularly interesting in several ways:

Continue reading “VMware did it again: vCenter Remote Code Execution”

Breaking

April 12, 2015 by Felix Wilhelm

General Pr0ken Filesystem – Hacking IBM’s GPFS

This post is a short wrap-up of our Troopers talk about the research we did on IBM’s General Parallel File System. If you are interested in all the technical details take a look at our slides or the video recording. We will also give an updated version of this talk at the PHDays conference in Moscow next month.

The IBM General Parallel File System is a distributed file system used in large scale enterprise environments, high performance clusters as well as some of the worlds largest super computers. It is considered by many in the industry to be the most feature rich and production hardened distributed file system currently available. GPFS has a long and really interesting history, going back to the Tiger Shark file system created by IBM 1993.

Of course, this makes it an interesting target for security research. When looking at GPFS from an implementation point of view, the Linux version is made up of three different components: User space utilities and helper scripts, the mmfsd network daemon and multiple Linux kernel modules. We (Florian Grunow and me) spent some time analyzing the internals of these components and discovered critical vulnerabilities in all of them.

Continue reading “General Pr0ken Filesystem – Hacking IBM’s GPFS”

Breaking

March 21, 2015 by Kevin Schaller

XML External Entity (XXE) Injection in Apache Batik Library [CVE-2015-0250]

During one of our latest web application code review projects I came across a vulnerability for which I think it is worth to speak about. It is an injection based attack against XML parsers which uses a rarely required feature called external entity expansion. The XML specification allows XML documents to define entities which reference resources external to the document and parsers typically support this feature by default. If an application parses XML input from untrusted sources and the parsing routine is not properly configured this can be exploited by an attacker with a so called XML external entity (XXE) injection. A successful XXE injection attack could allow an attacker to access the file system, cause a DoS attack or inject script code (e.g. Javascript to perform an XSS attack).
Continue reading “XML External Entity (XXE) Injection in Apache Batik Library [CVE-2015-0250]”