Posts tagged Exploits

3 min Exploits

R7-2015-01: CSRF, Backdoor, and Persistent XSS on ARRIS / Motorola Cable Modems

By combining a number of distinct vulnerabilities, attackers may take control of the web interface for popular cable modems in order to further compromise internal hosts over an external interface. Affected Product ARRIS / Motorola SURFboard SBG6580 Series Wi-Fi Cable Modem The device is described by the vendor as a "fully integrated all-in-one home networking solution that combines the functionality of a DOCSIS/EuroDOCSIS 3.0 cable modem, four-port 10/100/1000 Ethernet switch with advanced fi

1 min Vulnerability Management

March 2015 OpenSSL Security Advisory

Today OpenSSL released a security advisory [https://openssl.org/news/secadv_20150319.txt] listing 14 vulnerabilities affecting various versions of OpenSSL. There are 2 High, 9 Moderate, and 3 Low severity vulnerabilities in the mix. The security community was anxious that there could be another Heartbleed (or worse) in this list. Thankfully, this is NOT the case, even among the High severity vulnerabilities. Many of these vulnerabilities are limited in their scope, impact, and/or prevalence (es

2 min Microsoft

A Closer Look at February 2015's Patch Tuesday

This month's Patch Tuesday covers nine security bulletins from Microsoft, including what seems like a not-very-unusual mix of remote code execution (RCE) vulnerabilities and security feature bypasses. However, two of these bulletins – MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] – require a closer look, both because of the severity of the vulnerabilities that they address and the changes Mi

4 min Nexpose

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data

A recently discovered severe vulnerability, nicknamed GHOST, can result in remote code execution exploits on vulnerable systems. Affected systems should be patched and rebooted immediately. Learn more about [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed] CVE-2015-0235 and its risks [/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]. The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability. Once the Nexpose 5.12.0 content update

3 min Linux

GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?

CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18). The bug was discovered by researchers at Qualys and named GHOST in reference to the _gethostbyname function (and possibly because it makes for some nice puns). To be clear, this is NOT the end of the Internet as we know, nor is it further evidence (after Stormaggedon) that the end of the world is nigh. It's also not another Heartbleed. But it

2 min Vulnerability Disclosure

Poodle is back to take a "byte" out of TLS (CVE-2014-8730)

Back in early October 2014, we saw the original Poodle vulnerability, which targeted SSLv3 [/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability]. This week, we're seeing a new vulnerability that targets some TLS implementations—made known on Monday, December 8, 2014—and called PoodleTLS, or by its more official name: CVE-2014-8730. We've seen a number of questions in the community about this new vulnerability so we wanted to touch on it briefly—while we don't feel this new vulner

3 min Vulnerability Disclosure

POODLE Jr.: The Revenge - How to scan for CVE-2014-8730

A severe vulnerability was disclosed in the F5 implementation of TLS 1.x that allows incorrect padding and therefore jeopardizes the protocol's ability to secure communications in a way similar to the POODLE vulnerability [/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability]. The Nexpose 5.11.10 update provides coverage for this vulnerability, which has been given the identifier CVE-2014-8730 [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730]. Learn more about CVE-2

4 min Authentication

Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit

On Tuesday, November 18th, Microsoft released an out-of-band security patch affecting any Windows domain controllers that are not running in Azure. I have not yet seen any cute graphics or buzzword names for it, so it will likely be known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being exploited in the wild to completely take over Windows domains" because it rolls off the tongue a little better. There is a very informative description of the vulnerability, impact, and

5 min Metasploit

R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities

Rapid7 Labs has found multiple vulnerabilities in Hikvision [http://www.hikvision.com/] DVR (Digital Video Recorder) devices such as the DS-7204 [http://www.hikvision.com/en/Products_show.asp?id=7318] and other models in the same product series that allow a remote attacker to gain full control of the device. More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision's RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post s

1 min Whiteboard Wednesday

WinShock (CVE-2014-6321) - what is it & how to remediate - Whiteboard Wednesday [VIDEO]

This month's Patch Tuesday disclosed vulnerability CVE-2014-6321, dubbed by some as "WinShock," and it's getting some major attention. Our Security Engineer Justin Pagano gives a rundown of this vulnerability with the information we have today—what it is, what it affects, and how you can best remediate it—in this Special Edition of Whiteboard Wednesday [http://www.rapid7.com/resources/videos/winshock-what-is-it-how-to-remediate.jsp] .* Whiteboard Wednesday video: WinShock - What is it? How to

3 min Vulnerability Disclosure

Block the POODLE's bite: How to scan for CVE-2014-3566

A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly jeopardizes the protocol's ability to secure communications. All versions of SSL have been deprecated and its use should be avoided wherever possible. POODLE (Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits this vulnerability and allows a hacker to potentially steal information by altering communications between the SSL client and the server (MitM). Learn more about CVE-2014-3566 [/2014/10

2 min Vulnerability Disclosure

UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network

If you're in security, you've likely already heard about the ShellShock vulnerability [http://www.rapid7.com/resources/bashbug.jsp] (aka Bash Bug, CVE-2014-6271, and CVE-204-7169). We have reviewed how ShellShock is being exploited, and the disclosed vectors are not applicable to our UserInsight deployment, yet we're following the security community's lead around patching all of our systems. In case other systems on your network have been compromised, you should be extra vigilant about suspicio

3 min Vulnerability Disclosure

Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)

_[Edited 10:05 AM PDT, October, 2014 for the Nexpose 5.10.13 release]_ [Edited 10:05 AM PDT, September 26, 2014 for the Nexpose 5.10.11 release] A severe vulnerability was disclosed in bash that is present on most Linux, BSD, and Unix-like systems, including Mac OS X. The basis of this vulnerability (nicknamed Shellshock) is that bash does not stop processing after the function definition, leaving it vulnerable to malicious functions containing trailing commands. Common Vulnerabilities and Exp

6 min Linux

Bash-ing Into Your Network & Investigating CVE-2014-6271

[UPDATE September 29, 2014: Since our last update on this blog post, four new CVEs that track ShellShock/bash bug-related issues have been announced. A new patch [http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html] was released on Saturday September 27 that addressed the more critical CVEs (CVE-2014-6277 and CVE-2014-6278). In sum: If you applied the ShellShock-related patches before Saturday September 27, you likely need to apply this new patch [http://lcamtuf.blogspo

4 min Metasploit Weekly Wrapup

Weekly Metasploit Update: Post-4.10 Edition

Since we Last Left Our Heroes... Wow, it's been a busy couple weeks here, post-DefCon/Black Hat. As you no doubt have noticed, we released Metasploit 4.10 [/2014/08/13/credentials-are-the-new-exploits-make-credentials-work-for-you-with-with-metasploit-410] , which brings some major architectural changes to how our brute force login scanners are written, run, and logged -- you can read up on all that over at Dave TheLightCosine [https://twitter.com/TheLightCosine] Maloney's delightful documentati