InfoSec News Summary 02/19/2016
Posted on February 19th, 2016
A stack based buffer overflow in the “getadrrinfo” function in glibc is currently trending as a critical severity vulnerability. The full scope of affected products are not currently none, but are suspected to include linux binaries such as ssh, sudo, and curl. The vulnerability should be patched across Linux distributions leveraging all versions of glibc after 2.9 which are deemed vulnerable. (Version 2.9 was introduced in May 2008).
Exploitation is non-trivial because you need to bypass ASLR in Linux and other OS defense mechanisms. The PoC that Google released now writes B’s “0x42” to random places in memory. Going from those randomly placed B’s to reliable code execution is a non-trivial, and currently no public PoC exists.
Cisco ASA devices are currently vulnerable to a reflected XSS vulnerability in the password recovery portion of the application. The vulnerability is caused by the password recovery form failing to properly filter hidden input fields. This vulnerability can be leveraged by an attacker to capture victim login credentials.
Malware targeting OS X operating systems is currently circulating disguised as an Adobe Flash update. Currently the software is not seen as malicious by any of the 55 anti-virus solutions by VirusTotal, and appears to have been targeting Chinese infrastructure at one time.
Apples CEO Tim Cook has defiantly challenged a U.S federal magistrate judge’s order that would help the FBI break into an iPhone 5c belonging to one of the shooters involved in last December’s attack in San Bernardino, Calif. Cook released a letter expressing his opposition to the court order and called for a public discussion about the implications the decision could have on privacy and security moving forward.
Source code for the BSOD and Privilege Escalation (to SYSTEM) vulnerability has been publicly released. The vulnerability occurs in the WebDAV client and allows users to gain elevated privileges via a crafted application.
The cost of the impact and having no clear options to decrypt their files left the Hospital with little option but to pay out the 17k to the attackers. This gives validity to a scary business model for ransomware targeting larger organizations vs. individuals.
When Comodo Internet Security is installed, an application called “GeekBuddy” is also installed which has a lot of shady business tactics to encourage users to pay for online tech support. In addition, it installs a VNC server and enabled it by default.
New tool that packages several open source hacking tools to make for a more user friendly experience.