| New User, Welcome! Login |
<< Previous Next >>
default configuration
Accellion addressed item #3 on December 21st, 2010 with update FTA_8_0_540
Accellion addressed items #1, #2, #4, #5, #6, and #7 on January 17th, 2011 with update FTA_8_0_562
Item #8 is not exploitable in the default configuration and Accellion recommends the use of SSL VPN when configuring a trusted link between two appliances.
Official Changelog for FTA_8_0_562:
The update randomizes the following on the Accellion setup - Accellion remote management user password, the system mysql password and the keys used for encrypting inter-appliance communication. All internal Daemons are now bound to Loopback Interface. The update also removes an unused SSH key meant for remote troubleshooting login. These fixes are in response to a security scan done by Rapid7.
Previous versions of the lighttpd package are vulnerable to a remote
Denial of Service attack in which the termination of one SSL connection
may cause another concurrent SSL connection to terminate prematurely.
lighttpd is not installed by default on rPath Linux systems, and no
default configuration file is provided; only systems customized to
include and configure lighttpd are vulnerable.
Appliances built with rPath Appliance Platform Agent 2 use lighttpd and
are vulnerable to this denial of service attack. All appliances built
using rPath Appliance Platform Agent 2 should be updated to include the
>> 2) Think things through. If you are going to try to boot sales of
>>
> Win7 to corporate customers by providing free XP VM technology and thus
> play up how important XP is and how many companies still depend upon it
> for business critical application compatibility, don't deploy that
> technology in an other-than-default configuration that is subject to a
> DoS exploit while downplaying the extent that the exploit may be
> leveraged by saying that a "typical" default configuration mitigates it
> while choosing not to ever patch it. Seems like simple logic points
> to me.
>
Amir, et al,
We would not classify this issue as a security vulnerability. The COM
object in question is *NOT* loadable in Internet Explorer in a default
configuration.
CLSID: {9A077D0D-B4A6-4EC0-B6CF-98526DF589E4}
ProgId: vbDevKit.CVariantFileSystem
Path to binary: C:\WINDOWS\vbDevKit.dll
Doesn't implement IObjectSafety
If successful every visitor of the page should see an alert saying 'XSS'
Note:
We can inject php code but the output file (sbox.history.html)has an .html extension so in order for the code to execute the server must be configured to parse .html files for php code which is not the default configuration.
Thor (Hammer of God) wrote:
> Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
>
> t
>
>
>> -----Original Message-----
[*] $Config['DeniedExtensions']['Flash'] = array() ;
[*]
[*] $Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
[*] $Config['DeniedExtensions']['Media'] = array() ;
with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn't properly checked
*/
*/
error_reporting(0);
>>
>> 2) Think things through. If you are going to try to boot sales of
> Win7 to corporate customers by providing free XP VM technology and thus
> play up how important XP is and how many companies still depend upon it
> for business critical application compatibility, don't deploy that
> technology in an other-than-default configuration that is subject to a
> DoS exploit while downplaying the extent that the exploit may be
> leveraged by saying that a "typical" default configuration mitigates it
> while choosing not to ever patch it. Seems like simple logic points
> to me.
>>
>
> 2) Think things through. If you are going to try to boot sales of
Win7 to corporate customers by providing free XP VM technology and thus
play up how important XP is and how many companies still depend upon it
for business critical application compatibility, don't deploy that
technology in an other-than-default configuration that is subject to a
DoS exploit while downplaying the extent that the exploit may be
leveraged by saying that a "typical" default configuration mitigates it
while choosing not to ever patch it. Seems like simple logic points
to me.
>
Axesstel MV 410R is a device offered by the two leading polish telecom
operators Orange and Polish Telecom to provide broadband Internet in
CDMA technology and it's already widely in use.
Overview:
Axesstel MV 410R firmware and its default configuration has many flaws,
which allows remote unauthorized access to device and the internal
network behind it.
#1 Access from the Internet to device enabled by default
Anyone is able to automatically detect devices, which are online and
Summary
McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using vulnerable parameters in a specially-crafted URL to execute script in a victim’s web browser within the security context of the Network Security Manager site.
Affected Products
McAfee Network Security Manager (NSM), version 5.1.7.7 (default configuration).
It is unknown which other versions, if any, are affected as of November 11, 2009.
Vendor Information, Solutions and Workarounds
Previous versions of the lighttpd package are vulnerable to multiple
Information Exposures, the most serious of which may allow a remote
attacker to read arbitrary files.
lighttpd is not installed by default on rPath Linux systems, and no
default configuration file is provided; only systems customized to
include and configure lighttpd are vulnerable.
http://wiki.rpath.com/Advisories:rPSA-2008-0106
Copyright 2008 rPath, Inc.
locate a browser configuration file used to connect through proxy.
Successful attack on WPAD guarantees attackers full access
on user data sent to Internet which could allow stealing critical data like passwords or
credit card numbers. WPAD potential danger depends on two factors: default
configuration and weak awareness among users.
In this article we discuss WPAD architecture and its many functioning principles in home
and corporate networks, real examples of attacks and give recommendations for ordinary
users and system administrators that allow reducing attack consequences.
has assigned the names CVE-2007-5398 and CVE-2007-4572 to these
issues.
Note: By default Samba is not configured as a WINS server or a domain
controller and ESX is not vulnerable unless the administrator
has changed the default configuration.
This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
Versions: the games which have been tested and resulted vulnerable
are Unreal Tournament 3 1.3, Unreal Tournament 2003 and
2004, Dead Man's Hand, Pariah, WarPath, Postal2, Shadow
Ops and possibly others.
instead those which "seem" to be not vulnerable (using
their default configuration) are: Fuel of War, America's
Army, Men of Valor, Star Wars Republic Commando, SWAT4
and some older gamess based on the Unreal engine 1 (like
UT'99)
Platforms: Windows, Linux, Mac
Bug: server termination caused by failed assertion
[*] $Config['DeniedExtensions']['Flash'] = array() ;
[*]
[*] $Config['AllowedExtensions']['Media'] = array('aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm', 'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv') ;
[*] $Config['DeniedExtensions']['Media'] = array() ;
with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn't properly checked
*/
*/
error_reporting(0);
has assigned the names CVE-2007-5398 and CVE-2007-4572 to these
issues.
Note: By default Samba is not configured as a WINS server or a domain
controller and ESX is not vulnerable unless the administrator
has changed the default configuration.
This vulnerability can be exploited remotely only if the
attacker has access to the service console network.
Security best practices provided by VMware recommend that the
When you send these requests to the web server, the web server collapses
and stops responding because it has to process (create & delete) an
insane number of files in a very short period of time.
Any website that runs PHP and where file uploading is enabled (which is
the default configuration) is vulnerable. You don't need to have a file
upload script.
PHP does include 2 configuration settings that are related to this
situation: upload_max_filesize and post_max_size.
However, these are not enough to protect us against this denial of
1. The trusted website uses blacklist to block known
executable file types for scripted content. E.g. html, jsp, etc.
2. Attacker uploads a file with extension .rss/.atom/arbitary
extension preceded by .rss/.atom [e.g. .atom.tx]. Most widely used Apache
web server passes Content-Type as “application/{atom/rss}+xml” for all the
three cases automatically in default configuration.
3. Attacker convinces victim to visit the direct link to
uploaded file.
4. Victim’s cookies and other sensitive data gets sent to
attacker’s site.
5. Note: For Internet Explorer (v7,8), the task is easier
It was discovered that Tor, an online privacy tool, incorrectly computes
buffer sizes in certain cases involving SOCKS connections. Malicious
parties could use this to cause a heap-based buffer overflow, potentially
allowing execution of arbitrary code.
In Tor's default configuration this issue can only be triggered by
clients that can connect to Tor's socks port, which listens only on
localhost by default.
In non-default configurations where Tor's SocksPort listens not only on
localhost or where Tor was configured to use another socks server for all of
Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
t
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
-- Affected Products:
EMC Dantz Retrospect 7 backup Client 7.5.116
-- Vulnerability Details:
The retroclient.exe process listens, in a default configuration, on TCP
port 497.
When Continued sending packets with length of 2064 bytes and filling with
0x00,
about 30 seconds to 5 minutes the status box shows: ¡°Client networking
not available, or service not running¡± , keep on sending packets and few
http://www.debian.org/security/ Stefan Fritsch
April 15, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : apache2
Vulnerability : insecure default configuration
Problem type : local/remote
Debian-specific: yes
CVE ID : CVE-2012-0216
Niels Heinen noticed a security issue with the default Apache
substring attack.
The maximal POST request size is typically limited to 8 MB, which when
filled with a set of multi-collisions would consume about four hours of
CPU time on an i7 core. Luckily, this time can not be exhausted because
it is limited by the max_input_time (default configuration: -1,
unlimited), Ubuntu and several BSDs: 60 seconds) configuration
parameter. If the max_input_time parameter is set to -1 (theoretically:
unlimited), it is bound by the max_execution_time configuration
parameter (default value: 30).
Description:
Huawei D100 is a device offered by the polish telecom operator - Play, to provide broadband Internet in CDMA technology and it's already widely in use.
Overview:
Huawei D100 firmware and its default configuration has flaws, which allows LAN users to gain unauthorized full access to device.
#1 No HTTPS support for the web interface
Communication to the web interface can be sniffed by the attacker.
#2 System doesn't force administrator to change default password upon first login
Vendor: The Apache Software Foundation
Versions Affected:
- - Tomcat 7.0.0 to 7.0.4
- Not affected in default configuration.
- Affected if CSRF protection is disabled
- Additional XSS issues if web applications are untrusted
- - Tomcat 6.0.12 to 6.0.29
- Affected in default configuration
- Additional XSS issues if web applications are untrusted
Summary
McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.
Affected Products
McAfee Network Security Manager (NSM), version 5.1.7.7 (default configuration).
It is unknown which other versions, if any, are affected as of November 11, 2009.
Vendor Information, Solutions and Workarounds
> Planting ProofOfConcept
>
> But it *is* worth mentioning that you have to create the
> malicious dll file, copy it to the system, create folders
> etc, and all the other mumbo jumbo to "exploit" this in the
> "default configuration." So, the answer to Dan's question
> is actually, "no, you can't." Which brings into question the
> actual "worth" of mentioning this in the first place. :)
>
> t
>
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information.
References: CVE-2010-1972
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Client Automation Enterprise Infrastructure (Radia)
configuration file using the -C option or by using the macro override
facility (-D option). Unfortunately, fixing this vulnerability is not
possible without some changes in exim4's behvaviour. If you use the -C
or -D options or use the system filter facility, you should evaluate
the changes carefully and adjust your configuration accordingly. The
Debian default configuration is not affected by the changes.
The detailed list of changes is described in the NEWS.Debian file in
the packages. The relevant sections are also reproduced below.
In addition to that, missing error handling for the setuid/setgid
<<Previous Next>>
|
|
|
