3 min
Vulnerability Disclosure
How Poisonous is VENOM (CVE-2015-3456) to your Virtual Environments?
Today CrowdStrike disclosed VENOM [http://venom.crowdstrike.com/] (Virtualized
Environment Neglected Operations Manipulation) or CVE-2015-3456
[http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456], a vulnerability
that could allow an attacker with access to one virtual machine to compromise
the host system and access the data of other virtual machines. It's been a few
months since we've seen a branded and logo'd vulnerability disclosure, and the
main question everyone wants to know is wh
3 min
Exploits
R7-2015-01: CSRF, Backdoor, and Persistent XSS on ARRIS / Motorola Cable Modems
By combining a number of distinct vulnerabilities, attackers may take control of
the web interface for popular cable modems in order to further compromise
internal hosts over an external interface.
Affected Product
ARRIS / Motorola SURFboard SBG6580 Series Wi-Fi Cable Modem
The device is described by the vendor as a "fully integrated all-in-one home
networking solution that combines the functionality of a DOCSIS/EuroDOCSIS 3.0
cable modem, four-port 10/100/1000 Ethernet switch with advanced fi
1 min
Vulnerability Management
March 2015 OpenSSL Security Advisory
Today OpenSSL released a security advisory
[https://openssl.org/news/secadv_20150319.txt] listing 14 vulnerabilities
affecting various versions of OpenSSL. There are 2 High, 9 Moderate, and 3 Low
severity vulnerabilities in the mix.
The security community was anxious that there could be another Heartbleed (or
worse) in this list. Thankfully, this is NOT the case, even among the High
severity vulnerabilities. Many of these vulnerabilities are limited in their
scope, impact, and/or prevalence (es
2 min
Microsoft
A Closer Look at February 2015's Patch Tuesday
This month's Patch Tuesday covers nine security bulletins from Microsoft,
including what seems like a not-very-unusual mix of remote code execution (RCE)
vulnerabilities and security feature bypasses. However, two of these bulletins –
MS15-011 [https://technet.microsoft.com/en-us/library/security/ms15-011] and
MS15-014 [https://technet.microsoft.com/en-us/library/security/ms15-014] –
require a closer look, both because of the severity of the vulnerabilities that
they address and the changes Mi
4 min
Nexpose
GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data
A recently discovered severe vulnerability, nicknamed GHOST, can result in
remote code execution exploits on vulnerable systems. Affected systems should be
patched and rebooted immediately. Learn more about
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]
CVE-2015-0235 and its risks
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed].
The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.
Once the Nexpose 5.12.0 content update
3 min
Linux
GHOST in the Machine - Is CVE-2015-0235 another Heartbleed?
CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems
using older versions of the GNU C Library (glibc versions less than 2.18). The
bug was discovered by researchers at Qualys and named GHOST in reference to the
_gethostbyname function (and possibly because it makes for some nice puns).
To be clear, this is NOT the end of the Internet as we know, nor is it further
evidence (after Stormaggedon) that the end of the world is nigh. It's also not
another Heartbleed. But it
2 min
Vulnerability Disclosure
Poodle is back to take a "byte" out of TLS (CVE-2014-8730)
Back in early October 2014, we saw the original Poodle vulnerability, which
targeted SSLv3
[/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability]. This
week, we're seeing a new vulnerability that targets some TLS
implementations—made known on Monday, December 8, 2014—and called PoodleTLS, or
by its more official name: CVE-2014-8730. We've seen a number of questions in
the community about this new vulnerability so we wanted to touch on it
briefly—while we don't feel this new vulner
3 min
Vulnerability Disclosure
POODLE Jr.: The Revenge - How to scan for CVE-2014-8730
A severe vulnerability was disclosed in the F5 implementation of TLS 1.x that
allows incorrect padding and therefore jeopardizes the protocol's ability to
secure communications in a way similar to the POODLE vulnerability
[/2014/10/14/poodle-unleashed-understanding-the-ssl-30-vulnerability].
The Nexpose 5.11.10 update provides coverage for this vulnerability, which has
been given the identifier CVE-2014-8730
[http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8730]. Learn more
about CVE-2
4 min
Authentication
Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit
On Tuesday, November 18th, Microsoft released an out-of-band security patch
affecting any Windows domain controllers that are not running in Azure. I have
not yet seen any cute graphics or buzzword names for it, so it will likely be
known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being
exploited in the wild to completely take over Windows domains" because it rolls
off the tongue a little better.
There is a very informative description of the vulnerability, impact, and
5 min
Metasploit
R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities
Rapid7 Labs has found multiple vulnerabilities in Hikvision
[http://www.hikvision.com/] DVR (Digital Video Recorder) devices such as the
DS-7204 [http://www.hikvision.com/en/Products_show.asp?id=7318] and other models
in the same product series that allow a remote attacker to gain full control of
the device. More specifically, three typical buffer overflow vulnerabilities
were discovered in Hikvision's RTSP request handling code: CVE-2014-4878,
CVE-2014-4879 and CVE-2014-4880. This blog post s
1 min
Whiteboard Wednesday
WinShock (CVE-2014-6321) - what is it & how to remediate - Whiteboard Wednesday [VIDEO]
This month's Patch Tuesday disclosed vulnerability CVE-2014-6321, dubbed by some
as "WinShock," and it's getting some major attention. Our Security Engineer
Justin Pagano gives a rundown of this vulnerability with the information we have
today—what it is, what it affects, and how you can best remediate it—in this
Special Edition of Whiteboard Wednesday
[http://www.rapid7.com/resources/videos/winshock-what-is-it-how-to-remediate.jsp]
.*
Whiteboard Wednesday video: WinShock - What is it? How to
3 min
Vulnerability Disclosure
Block the POODLE's bite: How to scan for CVE-2014-3566
A severe vulnerability was disclosed in the SSL 3.0 protocol that significantly
jeopardizes the protocol's ability to secure communications. All versions of SSL
have been deprecated and its use should be avoided wherever possible. POODLE
(Padding Oracle On Downgraded Legacy Encryption) is the attack that exploits
this vulnerability and allows a hacker to potentially steal information by
altering communications between the SSL client and the server (MitM). Learn
more
about CVE-2014-3566
[/2014/10
2 min
Vulnerability Disclosure
UserInsight Gets the All-Clear for ShellShock and Helps Detect Attackers on Your Network
If you're in security, you've likely already heard about the ShellShock
vulnerability [http://www.rapid7.com/resources/bashbug.jsp] (aka Bash Bug,
CVE-2014-6271, and CVE-204-7169). We have reviewed how ShellShock is being
exploited, and the disclosed vectors are not applicable to our UserInsight
deployment, yet we're following the security community's lead around patching
all of our systems.
In case other systems on your network have been compromised, you should be extra
vigilant about suspicio
3 min
Vulnerability Disclosure
Bash the bash bug: Here's how to scan for CVE-2014-6271 (Shellshock)
_[Edited 10:05 AM PDT, October, 2014 for the Nexpose 5.10.13 release]_
[Edited 10:05 AM PDT, September 26, 2014 for the Nexpose 5.10.11 release]
A severe vulnerability was disclosed in bash that is present on most Linux, BSD,
and Unix-like systems, including Mac OS X. The basis of this vulnerability
(nicknamed Shellshock) is that bash does not stop processing after the function
definition, leaving it vulnerable to malicious functions containing trailing
commands. Common Vulnerabilities and Exp
6 min
Linux
Bash-ing Into Your Network & Investigating CVE-2014-6271
[UPDATE September 29, 2014: Since our last update on this blog post, four new
CVEs that track ShellShock/bash bug-related issues have been announced. A new
patch
[http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html]
was released on Saturday September 27 that addressed the more critical CVEs
(CVE-2014-6277 and CVE-2014-6278). In sum: If you applied the ShellShock-related
patches before Saturday September 27, you likely need to apply this new patch
[http://lcamtuf.blogspo