<< Previous Next >>
spoofing
enforces access using a factory-defined list of authorized IP addresses.
The addresses found on a recent model are listed in the showmount example
below, however this list may differ depending on product version. The IP
addresses are intended for communication internal to the appliance, but are
still accepted from external sources. An attacker can mount this file system
by spoofing an authorized IP address.
The NFS showmount command can be used to obtain a list of the IP addresses:
# showmount -e <Celerra IP address>
Export list for <Celerra IP address>:
It was also possible for an attacker to entice a user to visit a
specially-crafted web page that would trigger one of the
vulnerabilities, leading to execution of arbitrary code within the
confines of the sandbox, successful Cross-Site Scripting attacks,
violation of the same-origin policy, successful website spoofing
attacks, information leak, or a Denial of Service. An attacker could
also trick a user to perform a set of UI actions that might result in a
successful website spoofing attack.
Multiple bugs in the sandbox could result in a sandbox escape.
This software is a popular web browser that supports multiple platforms as (windows,linux,macos).
------------------------------------------------------
Vulnerability
The bug is caused when you try to open a url with a invalid char, in this time, you can edit the error page, and make a "spoof".
This not would be important because when you make the spoof the "invalid web" is loading all time, but as firefox allow that you call the "stop" method of other page you can stop this.
The result of this is a fake page.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-003: EMC NetWorker librpc.dll spoofing vulnerability.
EMC Identifier: ESA-2011-003
CVE Identifier: CVE-2011-0321
O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)
Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)
Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
http://www.debian.org/security/ Devin Carraway
July 27, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : python-dns
Vulnerability : DNS response spoofing
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2008-1447
Debian Bug : 490217
corrupted .jpeg files) (CVE-2009-2687).
The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).
Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)
cache poisoning" exploit, details of which will now be published in a
whitepaper, which also includes some calculations on the reliability of
the attack.
The paper details a way of making DNS cache poisoning / response
spoofing attacks more reliable. A caching server will store any NS
delegation RRs if it receives a delegation which is "closer" to the
answer than the nameservers it already knows. By spoofing replies that
contain a delegation for a single node, the nameserver will eventually
cache the delegation when we hit the right transfer id.
Synopsis
========
An error in the OpenSSL certificate chain validation might allow for
spoofing attacks.
Background
==========
OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
www.secfence.com
On Sat, Jul 24, 2010 at 4:38 PM, <info@securitylab.ir> wrote:
> Spoof Code:
>
> <script>
> function Spoof() {
> oc=window.open('http://www.securitylab.ir/', '','location=1');
> oc.location.replace('http://www.microsoft.com/');
hi ,jplopezy:
IN "http://hi.baidu.com/xisigr/blog/item/edbcba00011864de267fb55a.html",
127.0.0.1 is just a fictitious example.
See real examples:http://xisigr.googlepages.com/firefoxspoofing,test 1
is my,test 2 is your.some "%20" for display a "white space" in the
Status Bar.
On Mon, Jul 27, 2009 at 5:47 PM, Juan Pablo Lopez
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A certificate validation error in GnuTLS might allow for spoofing
attacks.
Background
==========
After implementing this patch on a large scale network, it was discovered that this patch caused a dns memory leak. Microsoft has since corrected this issue with a private fix. Even worse, in my large enterprise, this patch caused the exact spoofing that it intended to prevent. Somehow the code to increase the entropy has caused random xid's to cross and spoof randomly, poisioning the cache through normal usage without the use of extracurricular programs. I've reported this to Microsoft and have been working with them in fixing this issue, which to date has not been fixed.
On Mon, May 31, 2010 at 8:47 PM, Jan Schejbal
<jan.mailinglisten@googlemail.com> wrote:
> PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in
> the console window used for the connection. This could allow a malicious
> server to gain access to a user's passphrase by spoofing that prompt.
>
> We assume that the user is using key-bases ssh auth with ssh and connects
> using PuTTY. PuTTY now asks for the passphrase to the key. The user enters
> the passphrase. If the passphrase is wrong, PuTTY will now request the
> passphrase again after stating that it was wrong. If the passphrase is
O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)
Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)
Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
Address spoofing. Already patched. It's in the news last month.
Just a reminder, XCON'08 is coming in a week - check http://xcon.xfocus.org/
greetz to drewcopley, drorshalev, zwell, liuyuer, lqa21, and, of course
all@topsec
----------
http://liudieyu.com/kissofthedragon.32168816196486005/
Synopsis
========
An error in the OpenSSL certificate chain validation in ntp might allow
for spoofing attacks.
Background
==========
ntp contains the client and daemon implementations for the Network Time
Spoof Code:
<script language="javascript">
function pause(pd)
{
date = new Date();
var curDate = null;
do { var curDate = new Date(); }
while(curDate-date < pd);
}
Spoof Code:
<script>
function Spoof() {
oc=window.open('http://www.securitylab.ir/', '','location=1');
oc.location.replace('http://www.microsoft.com/');
}
</script>
<p align="center">
<a href="javascript:void(0);" onClick="Spoof()">Go to the Securitylab.ir</a></p>
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)
Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)
Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)
The Aztech DSL600EU is vulnerable to IP|ARP spoof.
Example:
Webinterface disabled in WAN to LAN or EXT to IN zone but the port 80 is not blocked, one malicious client can be send one SYN inundation and calculate the sequence number (IP spoof) and conect to the web interface.
By AchedDamiman
Synopsis
========
Multiple vulnerabilities in GnuTLS might result in a Denial of Service,
spoofing or the generation of invalid keys.
Background
==========
GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0
PuTTY, a SSH client for Windows, requests the passphrase to the ssh key
in the console window used for the connection. This could allow a
malicious server to gain access to a user's passphrase by spoofing that
prompt.
We assume that the user is using key-bases ssh auth with ssh and
connects using PuTTY. PuTTY now asks for the passphrase to the key. The
user enters the passphrase. If the passphrase is wrong, PuTTY will now
request the passphrase again after stating that it was wrong. If the
passphrase is correct, the connection to the server is established.
> III. Impact
>=20
>=20
> The meta data of signed Microsoft Office documents can be=20
>=20
> changed. An attacker can change the values to spoof the origin=20
>=20
> of signed documents, hoping to induce trust or otherwise=20
>=20
> deceive the user.
>=20
Amusing. They pulled the fix from being released in October at the last
minute, quoting memory leaks. I guess they didn't fully address it after
all...
> Even worse, in my large enterprise, this patch caused the exact spoofing that it intended to prevent. Somehow the code to increase the entropy has caused random xid's to cross and spoof randomly, poisioning the cache through normal usage without the use of extracurricular programs. I've reported this to Microsoft and have been working with them in fixing this issue, which to date has not been fixed.
>
Sounds like they just draw a random number each time, regardless of the
history (i.e. of previously drawn numbers), which can cause collisions
(I think that's the phenomenon you describe). BIND 9 has a mechanism
Multiple vulnerabilities has been found and corrected in libesmtp:
libESMTP, probably 1.0.4 and earlier, does not properly handle a \'\0\'
(NUL) character in a domain name in the subject's Common Name (CN)
field of an X.509 certificate, which allows man-in-the-middle attackers
to spoof arbitrary SSL servers via a crafted certificate issued by a
legitimate Certification Authority, a related issue to CVE-2009-2408
(CVE-2010-1192).
The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and
possibly other versions including 1.0.4, treats two strings as equal if
Spoof Code:
<script language="javascript">
function pause(pd)
{
date = new Date();
var curDate = null;
do { var curDate = new Date(); }
while(curDate-date < pd);
}
attacker could send requests to other applications, authenticated as the
user. (CVE-2009-3983)
Jonathan Morgan discovered that Firefox did not properly display SSL
indicators under certain circumstances. This could be used by an attacker
to spoof an encrypted page, such as in a phishing attack. (CVE-2009-3984)
Jordi Chancel discovered that Firefox did not properly display invalid URLs
for a blank page. If a user were tricked into accessing a malicious
website, an attacker could exploit this to spoof the location bar, such as
in a phishing attack. (CVE-2009-3985)
O. Andersen that Firefox did not properly map undefined positions within
certain 8 bit encodings. An attacker could utilize this to perform
cross-site scripting attacks. (CVE-2010-1210)
Michal Zalewski discovered flaws in how Firefox processed the HTTP 204 (no
content) code. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2010-1206)
Jordi Chancel discovered that Firefox did not properly handle when a server
responds to an HTTPS request with plaintext and then processes JavaScript
history events. An attacker could exploit this to spoof the location bar,
uses DSA_do_verify() to verify DSA signatures, but checks the function
return value incorrectly.
III. Impact
It is in theory possible to spoof a DNS reply even though DNSSEC
is set up to validate answers. This could be used by an attacker for
man-in-the-middle or other spoofing attacks.
IV. Workaround
<<Previous Next>>
|
