Monthly Archives: June 2015

Security

Ubuntu Security Notice USN-2627-1

Ubuntu Security Notice 2627-1 – Jakub Wilk discovered that t1utils incorrectly handled certain malformed fonts. If a user or automated system were tricked into opening a specially crafted font, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

Full Disclosure

[Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)

Posted by Pedro Ribeiro on Jun 03

Hi,

tl;dr Found lots of vulns in SysAid Help Desk 14.4, including RCE.
SysAid have informed me they all have been fixed in 15.2, but no
re-test was performed.

Full advisory below, and a copy can be obtained at [1].
5 Metasploit modules have been released and currently awaiting merge
in the moderation queue [2].

Regards,
Pedro

[1]: https://raw.githubusercontent.com/pedrib/PoC/master/generic/sysaid-14.4-multiple-vulns.txt
[2]:…

Avast

Sixty serious security flaws found in home routers

Scan your router with Avast's Home Network Security scanner.

Scan your router with Avast’s Home Network Security scanner.

Your router is one of the weakest links in your security, and researchers have proven once more that your home router puts you at risk.

Sixty security flaws have been identified in 22 router models that are distributed around the world, mostly by ISPs to their customers. These flaws could allow hackers to break into the device, change the password, and install and execute malicious scripts that change DNS servers to those the attacker wants. They do this so they can send your traffic through servers they control and direct you unwittingly to malicious sites or load malicious code on your machine when you visit a legitimate site.

Other flaws include allowing the hackers to read and write information on USB storage devices attached to the affected routers and reboot the devices.

The research report describes how the attackers can get in – through a backdoor with a universal password that is used by the ISP’s technical support staff to help troubleshoot for their customers over the phone. This second default administrator access is hidden from the router owner.

Which routers did the researchers test?

The researchers tested the following models: Amper Xavi 7968, 7968+ and ASL-26555; Astoria ARV7510; Belkin F5D7632-4; cLinksys WRT54GL; Comtrend WAP-5813n, CT-5365, AR-5387un and 536+; D-Link DSL-2750B and DIR-600; Huawei HG553 and HG556a; ; Netgear CG3100D; Observa Telecom AW4062, RTA01N, Home Station BHS-RTA and VH4032N; Sagem LiveBox Pro 2 SP and Fast 1201 and Zyxel P 660HW-B1A.

Since the researchers are based in Madrid, their interest was mainly in Spanish ISPs and the routers they distribute, but routers like Linksys, D-Link and Belkin are distributed in the U.S. and other countries.

What can you do to protect yourself?

Avast has a feature built into our antivirus products called Home Network Security (HNS), which scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so you can make sure only your known devices are connected. Avast is the only security company to offer a tool to help you secure this neglected area.

How to scan your home router with Home Network Security scanner

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.