Monthly Archives: February 2016

Full Disclosure

Cisco ASA VPN – Zero Day Exploit

Leave a comment

Posted by Juan Sacco on Feb 18

# Exploit author: Juan Sacco – jsacco () exploitpack com
# Affected program: Cisco ASA VPN Portal – Zero Day
# Cisco ASA VPN is prone to a XSS on the password recovery page.
# This vulnerability can be used by an attacker to capture other user’s
credentials.
# The password recovery form fails to filter properly the hidden inputs
fields.
#
# This Zero Day exploit has been developed and discovered by Juan Sacco.
# Exploit Pack – Team…

Full Disclosure

Vesta Control Panel <= 0.9.8-15 – Persistent XSS Vulnerability

Leave a comment

Posted by Necmettin COŞKUN on Feb 18

# Exploit Title     :Vesta Control Panel <= 0.9.8-15 – Persistent XSS Vulnerability
# Vendor Homepage   :http://www.vestacp.com
# Version           :0.9.8-15
# Exploit Author    :Necmettin COSKUN @babayarisi 
# Blog              :http://ha.cker.io
# Discovery date    :16/02/2016
# Tested on :Fedora23 -…

Hackers News

Using SimpliSafe Home Security? — You're Screwed! It's Easy to Hack & Can't be Patched

Leave a comment
hacking-smart-home-security

If you are using a SimpliSafe wireless home alarm system to improve your home security smartly, just throw it up and buy a new one. It is useless.

The so-called ‘Smart’ Technology, which is designed to make your Home Safer, is actually opening your house doors for hackers. The latest in this field is SimpliSafe Alarm.
SimpliSafe wireless home alarm systems – used by more than 300,000 customers in the United States – are Hell Easy to Hack, allowing an attacker to easily gain full access to the alarm and disable the security system, facilitating unauthorized intrusions and thefts.
…and the most interesting reality is: You Can Not Patch it!
As the Internet of Things (IoT) is growing at a great pace, it continues to widen the attack surface at the same time.
Just last month, a similar hack was discovered in Ring – a Smart doorbell that connects to the user’s home WiFi network – that allowed researchers to hack WiFi password of the home user.

How to Hack SimpliSafe Alarms?

According to the senior security consultant at IOActive Andrew Zonenberg, who discovered this weakness, anyone with basic hardware and software, between $50 and $250, can harvest alarm’s PIN and turn alarm OFF at a distance of up to 200 yards (30 meters) away.
Since SimpliSafe Alarm uses unencrypted communications over the air, thief loitering near a home with some radio equipment could sniff the unencrypted PIN messages transferred from a keypad to the alarm control box when the house owner deactivates the alarm.
The attacker then records the PIN code on the microcontroller board’s memory (RAM) and later replay this PIN code to disable the compromised alarm and carry out burglaries when the owners are out of their homes.
Moreover, the attacker could also send spoofed sensor readings, like the back door closed, in an attempt to fool alarm into thinking no break-in is happening.

Video Demonstration of the Hack

You can watch the video demonstration that shows the hack in work:

“Unfortunately, there’s no easy workaround for the issue since the keypad happily sends unencrypted PINs out to anyone listening,” Zonenberg explains.

Here’s Why Your Smart Alarms are Unpatchable

Besides using the unencrypted channel, SimpliSafe also installs a one-time programmable chip in its wireless home alarm, leaving no option for an over-the-air update.

“Normally, the vendor would fix the vulnerability in a new firmware version by adding cryptography to the protocol,” Zonenberg adds. But, “this isn’t an option for the affected SimpliSafe products because the microcontrollers in currently shipped hardware are one-time programmable.”

This means there is no patch coming to your SimpliSafe Alarm, leaving you as well as over 300,000 homeowners without a solution other than to stop using SimpliSafe alarms and buy another wireless alarm systems.
Zonenberg said he has already contacted Boston-based smart alarm provider several times since September 2015, but the manufacturer has not yet responded to this issue. So, he finally reported the issue to US-CERT.

Ubuntu

USN-2901-1: xdelta3 vulnerability

Leave a comment

Ubuntu Security Notice USN-2901-1

17th February, 2016

xdelta3 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS

Summary

xdelta3 could be made to crash or run programs if it opened a specially
crafted file.

Software description

  • xdelta3
    – Diff utility which works with binary files

Details

It was discovered that xdelta3 incorrectly handled certain files. If a user
or automated system were tricked into processing a specially-crafted file,
a remote attacker could use this issue to cause xdelta3 to crash, resulting
in a denial of service, or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
xdelta3

3.0.8-dfsg-1ubuntu0.15.10.2
Ubuntu 14.04 LTS:
xdelta3

3.0.7-dfsg-2ubuntu0.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9765

Ubuntu

USN-2902-1: graphite2 vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2902-1

17th February, 2016

graphite2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS

Summary

graphite2 could be made to crash or run programs as your login if it
opened a specially crafted font.

Software description

  • graphite2
    – Font rendering engine for Complex Scripts

Details

Yves Younan discovered that graphite2 incorrectly handled certain malformed
fonts. If a user or automated system were tricked into opening a specially-
crafted font file, a remote attacker could use this issue to cause
graphite2 to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libgraphite2-3

1.2.4-3ubuntu1.1
Ubuntu 14.04 LTS:
libgraphite2-3

1.2.4-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart applications using
graphite2, such as LibreOffice, to make all the necessary changes.

References

CVE-2016-1521,

CVE-2016-1522,

CVE-2016-1523,

CVE-2016-1526

Ubuntu

USN-2903-1: NSS vulnerability

Leave a comment

Ubuntu Security Notice USN-2903-1

17th February, 2016

nss vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

NSS could be made to expose sensitive information.

Software description

  • nss
    – Network Security Service library

Details

Hanno Böck discovered that NSS incorrectly handled certain division
functions, possibly leading to cryptographic weaknesses. (CVE-2015-1938)

This update also refreshes the NSS package to version 3.21 which includes
the latest CA certificate bundle, and removes the SPI CA.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:
libnss3

2:3.21-0ubuntu0.15.10.1
Ubuntu 14.04 LTS:
libnss3

2:3.21-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
libnss3

2:3.21-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

CVE-2016-1938