Zero/Day Exploit
Hi there,
Just want to let you know, the Fortinet's FortiGuard Global Security
Research Team has provided an in-depth research on the recent PDF
zero-day exploit (CVE-2009-3459).
http://www.fortiguard.com/analysis/pdfanalysis.html
"Taking a look back over this 0-day attack as a whole, each single
part of it is somehow ingenious - whether it be the vulnerability,
> made the compromise between ease of management of their web site and its
> security.
> Apart from, or actually because of the fact that the victims are security
> experts, this story is noteworthy due to two additional twists in the plot:
>
> * Zero day exploit in the wild - the attacker penetrated twice, once
> using a known SQL injection vulnerability, but the second time using a yet
> unknown vulnerability in WordPress, which was reverse engineered and
> published for the first time by the people at Light Blue Touchpaper.
> * The researchers found that they can use Google to retrieve the hashed
> password of the hacker. Google has become so big that it actually allows
made the compromise between ease of management of their web site and its
security.
Apart from, or actually because of the fact that the victims are security
experts, this story is noteworthy due to two additional twists in the plot:
* Zero day exploit in the wild - the attacker penetrated twice, once
using a known SQL injection vulnerability, but the second time using a yet
unknown vulnerability in WordPress, which was reverse engineered and
published for the first time by the people at Light Blue Touchpaper.
* The researchers found that they can use Google to retrieve the hashed
password of the hacker. Google has become so big that it actually allows
Checkmarx Research Labs has identified a new critical vulnerability in
Internet Explorer (other browsers are probably exposed the same way) that
would allow hackers to easily compromise web applications. Cross-Site
History Manipulation (XSHM) is a newly discovered zero-day attack: attackers
may have been using it for a long time, but the application and security
communities do not know it.
To help major browsers or application developers stop the proliferation of
this exploit, Checkmarx has published a guide to identify and remediate the
vulnerability. It can be downloaded at
On Sun, 23 Sep 2007, Chad Perrin wrote:
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit. In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
> there's no zero day anything unless it's public.
>> it in reserve to attack others at the time of their choosing. Presumably
>> if such a person wanted to keep it for very long, they would have to
>> base it on a vulnerability that they themselves discovered, and did not
>> publish.
>>
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit. In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
> exploiting machines, because that requires inferring intent. IMHO, a POC
> exploit first posted to Bugtraq ahead of the patch counts as an 0day
> exploit, unless it has been so thoroughly obfuscated that the "proof"
> part of "proof of concept" is itself BS.
In the case of that "private zero day exploit", then, nobody will ever
know about it except the person that has it waiting in reserve -- and if
someone else discovers and patches the vulnerability before the exploit
is ever used, it never becomes a "public" zero day exploit. In other
words, you can always posit that there's sort of a Heisenbergian state of
potential private zero day exploitedness, but in real, practical terms
>> it in reserve to attack others at the time of their choosing. Presumably
>> if such a person wanted to keep it for very long, they would have to
>> base it on a vulnerability that they themselves discovered, and did not
>> publish.
>>
> In the case of that "private zero day exploit", then, nobody will ever
> know about it except the person that has it waiting in reserve -- and if
> someone else discovers and patches the vulnerability before the exploit
> is ever used, it never becomes a "public" zero day exploit. In other
> words, you can always posit that there's sort of a Heisenbergian state of
> potential private zero day exploitedness, but in real, practical terms
made the compromise between ease of management of their web site and its
security.
Apart from, or actually because of the fact that the victims are security
experts, this story is noteworthy due to two additional twists in the plot:
* Zero day exploit in the wild - the attacker penetrated twice, once
using a known SQL injection vulnerability, but the second time using a yet
unknown vulnerability in WordPress, which was reverse engineered and
published for the first time by the people at Light Blue Touchpaper.
* The researchers found that they can use Google to retrieve the hashed
password of the hacker. Google has become so big that it actually allows
UV:WE
Unpatched Vulnerability: Working Exploit
. . . or maybe "zero day exploit".
--
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Brian K. Reid: "In computer science, we stand on each other's feet."
Hello list,
this is Kingcope.
You can view a demonstration of the zeroday entitled
'Samba Remote Zero-Day Exploit' with full details
on youtube. The bug is a logic fuckup.
http://www.youtube.com/watch?v=NN50RtZ2N74
I added some nice greek tune so turn your speakers on (or off).
-----Original Message-----
From: paul.szabo@sydney.edu.au [mailto:paul.szabo@sydney.edu.au]
Sent: den 6 februari 2010 22:48
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: Samba Remote Zero-Day Exploit
I find it puzzling how this discussion, including the official Samba
response
http://www.samba.org/samba/news/symlink_attack.html
> Unpatched Vulnerability: Working Exploit
"Working in a white hat's lab" is not as urgent as "being abused right now in the wild".
> . . . or maybe "zero day exploit".
Proposed:
1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or has been abused.
On Thu, Sep 27, 2007 at 05:20:35PM -0700, Marvin Simkin wrote:
> > Unpatched Vulnerability: Working Exploit
>
> "Working in a white hat's lab" is not as urgent as "being abused right now in the wild".
>
> > . . . or maybe "zero day exploit".
>
> Proposed:
>
> 1. A 0-day EXPLOIT is an Unpatched Vulnerability that we realize is being or has been abused.
>
made the compromise between ease of management of their web site and its
security.
Apart from, or actually because of the fact that the victims are security
experts, this story is noteworthy due to two additional twists in the plot:
* Zero day exploit in the wild - the attacker penetrated twice, once
using a known SQL injection vulnerability, but the second time using a yet
unknown vulnerability in WordPress, which was reverse engineered and
published for the first time by the people at Light Blue Touchpaper.
* The researchers found that they can use Google to retrieve the hashed
password of the hacker. Google has become so big that it actually allows
|
