5 min
Exploits
Exploiting Ruby on Rails with Metasploit (CVE-2013-0156)
Background
Earlier this week, a critical security flaw
[https://www.rapid7.com/blog/post/2013/01/09/serialization-mischief-in-ruby-land-cve-2013-0156/]
in Ruby on Rails (RoR) was identified that could expose an application to remote
code execution, SQL injection
[https://www.rapid7.com/fundamentals/sql-injection-attacks/], and denial of
service attacks. Ruby on Rails is a popular web application framework that is
used by both web sites and web-enabled products and this flaw is by far the
worst
4 min
Metasploit
Serialization Mischief in Ruby Land (CVE-2013-0156)
This afternoon a particularly scary advisory
[https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion]
was posted to the Ruby on Rails (RoR) security discussion list. The summary is
that the XML processor in RoR can be tricked into decoding the request as a YAML
document or as a Ruby Symbol, both of which can expose the application to remote
code execution or SQL injection. A gentleman by the name of Felix Wilhelm went
into detail [http://www.insinuator.net/2013/01/r
8 min
Metasploit
New Metasploit Exploit: Crystal Reports Viewer CVE-2010-2590
In this blog post we would like to share some details about the exploit for
CVE-2010-2590 [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2590],
which we released in the last Metasploit update
[/2012/12/19/weekly-metasploit-update]. This module exploits a heap-based buffer
overflow, discovered by Dmitriy Pletnev, in the
CrystalReports12.CrystalPrintControl.1 ActiveX control included in
PrintControl.dll. This control is shipped with the Crystal Reports Viewer, as
installed by default wi
7 min
Exploits
New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability
Today, we present to you a flashy new vulnerability with a color-matching
exploit straight from our super secret R&D safe house here in Metasploit
Country. Known as CVE-2012-4933
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4933], it applies to
Novell ZENworks Asset Management 7.5, which "integrates asset inventory,
software usage, software management and contract management to provide the most
complete software asset management tool available". Following our standard
disclosure polic
1 min
Nexpose
Moving from HML (High, Medium, Low) Hell to Security Heaven – Whiteboard Wednesdays
At last check there are about 22 new vulnerabilities being published and
categorized every single day (see National Vulnerability Database web site -
http://nvd.nist.gov/). In total, the National Vulnerability Database now
contains more than 53,000 vulnerabilities. No wonder security professionals are
overwhelmed with the sheer volume of vulnerabilities in their daily practices.
At the same time, the prioritization schema that many organizations use are
quite basic and are either proprietary or
2 min
Authentication
Free Scanner for MySQL Authentication Bypass CVE-2012-2122
The MySQL authentication bypass vulnerability (CVE-2012-2122) - explained in
detail in HD Moore's blog post
[/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql] - was
the cause for much concern when it was first discovered. In response, we've
created a new vulnerability scanner for CVE-2012-2122 called ScanNow
[http://www.rapid7.com/free-security-software-downloads/MySQL-vulnerability-scanner-CVE-2012-2122.jsp]
, which enables you to check your network for vulnerability to thi
3 min
Metasploit
New Critical Microsoft IE Zero-Day Exploits in Metasploit
We've been noticing a lot of exploit activities against Microsoft
vulnerabilities lately. We decided to look into some of these attacks, and
released two modules for CVE-2012-1889
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1889] and CVE-2012-1875
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1875] within a week of
the vulnerabilities' publication for our users to test their systems. Please
note that both are very important to any organization using Windows, because one
of
5 min
Vulnerability Disclosure
CVE-2012-2122: A Tragically Comedic Security Flaw in MySQL
Introduction
On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about
a recently patched security flaw CVE-2012-2122in the MySQL and MariaDB database
servers. This flaw was rooted in an assumption that the memcmp() function would
always return a value within the range -128 to 127 (signed character). On some
platforms and with certain optimizations enabled, this routine can return values
outside of this range, eventually causing the code that compares a hashed
password to s
2 min
Microsoft
Information Disclosure: Out of Office Auto Replies
Out of office replies are a blessing and a curse for organizations from an
operational security perspective. Many of the out of office auto replies I
receive contain too much information. Since many security professionals are at
the RSA Conference this week I've had plenty hit my inbox. This is nothing
compared to December around the holiday season. Like anything the information in
the replies can be used for good and bad. Good people are trying to ensure that
work continues while they are away
2 min
Vulnerability Disclosure
March Patch Tuesday Roundup
Since Microsoft is on this new staggered pattern of releases, we can expect a
feast or famine every other month...so get used to it. Depending on what side of
the desk you sit on you can adjust the context. With that being said, this
month's release brought us 3 patches addressing 4 vulnerabilities. I think we
were all expecting to see the MHTML
[http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096] protocol
handler issue resolved, however it didn't make the cut. Make sure IE is in
r