Monthly Archives: May 2015

US-CERT

Cisco Releases Security Advisories for TelePresence Products

Original release date: May 14, 2015

Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition.

Users and administrators are encouraged to review Cisco Advisories cisco-sa-20150513-tc and cisco-sa-20150513-tp and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Full Disclosure

Read heap overflow / invalid memory access in Wireshark

Posted by Hanno Böck on May 14

https://blog.fuzzing-project.org/11-Read-heap-overflow-invalid-memory-access-in-Wireshark-TFPA-0072015.html

The Wireshark parser code for Android Logcat network packages contained
a read heap overflow in the function detect_version().

This issue was reported to the Wireshark developers on May 5th. It was
fixed in the 1.12.5 release of Wireshark, published on May 12th. The
beta release 1.99.5 and the Git head code are not affected.

Appart from…

Full Disclosure

How to detect a promiscuous interface by using WMIC

Posted by Eiji James Yoshida on May 14

Hello all,

You can detect a promiscuous interface if you use Windows Management
Instrumentation Command-line (WMIC).

You don’t need PromiscDetect and Promqry.

# Command
wmic /NAMESPACE:\rootwmi PATH MSNdis_CurrentPacketFilter GET

# NDIS_PACKET_TYPE
00000001 1 DIRECTED
00000010 2 MULTICAST
00000100 4 ALL_MULTICAST
00001000 8 BROADCAST
00010000 16 SOURCE_ROUTING
00100000 32 PROMISCUOUS…

Full Disclosure

Broken, Abandoned, and Forgotten Code, Part 4

Posted by Zach C on May 14

Part 4 is up. An undersized malloc() during firmware decoding puts our
hopes and dreams of persistent exploitation in peril.
http://shadow-file.blogspot.com/2015/05/abandoned-part-04.html

If you care to follow along, remote debugging with IDA Pro and QEMU
will be useful, particularly starting in part 5. Check out my post on
that topic, if you’re interested.
http://shadow-file.blogspot.com/2015/01/dynamically-analyzing-wifi-routers-upnp.html

Full Disclosure

Hue 3.7.1 Local Privilege Escalation

Posted by Julian Horoszkiewicz on May 14

Title: Hue 3.7.1 Local Privilege Escalation
Author: Julian Horoszkiewicz
Description:
An issue with hue-root privilege separation model has been identified. The
reason for this is that /usr/lib/hue/build/env/bin/supervisor python script
is by default owned by user hue, but executed as root. That opens the way
for adding arbitrary commands to be executed as root if one has access to
hue user account.
The hue server itself runs with privileges of…

Full Disclosure

Ambari Server 1.7.0 Local Privilege Escalation

Posted by Julian Horoszkiewicz on May 14

Title: Ambari Server 1.7.0 Local Privilege Escalation
Author: Julian Horoszkiewicz
Description:
An issue with ambari-root privilege separation model has been identified.
The reason for this is that /var/lib/ambari-server/ambari-env.sh script is
by default owned by user ambari, but executed as root. That opens the way
for adding arbitrary commands to be executed as root if one has access to
ambari user account.
The ambari server itself runs with…