» Vulnerability

Unpatched kernel-level vuln affects all Windows versions

carrumba — Sun, 08 Aug 2010 22:29:25 +0000

Researchers have identified a kernel-level vulnerability in Windows that allows attackers to gain escalated privileges and may also allow them to remotely execute malicious code. All versions of the Microsoft OS are affected, including the heavily fortified Windows 7.

The buffer overflow, which was originally reported here, can be exploited to escalate privileges or crash vulnerable machines, IT research company Vupen said. The flaw may also allow attackers to execute arbitrary code with kernel privileges.

The bug resides in the “CreateDIBPalette()” function of a device driver known as “Win32k.sys.” It is exploited by pasting a large number of color values into an improperly allocated buffer, potentially allowing attackers to sneak in malicious payloads, vulnerability tracking service Secunia warned.

A proof of concept exploit for the man-in-the-middle vulnerability related to SSL/TLS

carrumba — Sun, 08 Nov 2009 20:05:39 +0000

This is the document with the proof of concept which explains the attack on the SSL/TLS reconnect vulnerability. It allows to inject data into the encrypted data stream, often without detection by either end of the connection.

I normally don’t publish exploit codes because of it’s short time value. But this one is rather special. It shows an alternative to the techniques we use here (the human factor as weakness). It’s a design flaw.

Read the document here.

Nikto web vulnerability scanner

carrumba — Sun, 05 Jul 2009 11:43:42 +0000


Tool name :	Nikto

Description :	Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan items and plugins are frequently updated and can be automatically updated (if desired).

Homepage :	cirt.net

Nessus

carrumba — Sun, 17 May 2009 12:15:02 +0000


Tool name :	Nessus

Description :	Nessus was a popular free and open source vulnerability scanner until they closed the source code in 2005 and removed the free “registered feed” version in 2008. A limited “Home Feed” is still available, though it is only licensed for home network use. Some people avoid paying by violating the “Home Feed” license, or by avoiding feeds entirely and using just the plugins included with each release. But for most users, the cost has increased from free to $1200/year. Despite this, Nessus is still the best UNIX vulnerability scanner available and among the best to run on Windows. Nessus is constantly updated, with more than 20,000 plugins. Key features include remote and local (authenticated) security checks, a client/server architecture with a GTK graphical interface, and an embedded scripting language for writing your own plugins or understanding the existing ones.

Homepage :	www.nessus.org