Next Page >>
access control
** Background **
On July 15 OuTian reported a vulnerability in Apache Tomcat[2] whereby
overwide byte sequences in utf-8 could bypass both Apache Tomcat access
control restrictions as well as path decoding logic.
On July 17 Simon Ryeo reported[3] a variation of the same vulnerability in
Apache httpd server when proxying content generated from Tomcat.
Remy Maucherat wrote a patch to address this particular expression of the
3. Unauthorized database backup vulnerability in "backup-database.php"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reasons:
1. missing access control
Preconditions:
1. mysqldump utility must be available
2. gzip utility must be available
3. target directory must be writable
4. database name must be known in order to successfully guess archive filename
Title:
======
iGuard Biometric Access Control - Multiple Vulnerabilities
Date:
=====
2011-11-08
this vulnerability.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Secure Access Control Server (ACS) Solution Engine, also
known as the ACS appliance, integrates a standalone version of Cisco
Security Agent. However, the ACS Solution Engine is not affected by
this vulnerability because by default it blocks incoming traffic to
the affected TCP ports (139 and 445). Additional information is in the
Details section.
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
currently suffer from poor security support and cannot resist common
attacks. Adding security measures typically degrade performance.
This workshop addresses relationships between security and high
performance systems in three directions. First, it considers how to
add security properties (authentication, confidentiality, integrity,
non-repudiation, access control) to high performance computing systems.
In this case, safety properties can also be addressed, such as
availability and fault tolerance for high performance computing systems.
Second, it covers how to use high performance computing systems to solve
security problems. For instance, a grid computation can break an
encryption code, or a cluster can support high performance intrusion
systems and distributed environments currently suffer from poor
security support and cannot resist common attacks (spamming, worms,
session hijacking, buffer overflow, denial of service, social
engineering, etc.). Collaborative organizations require better
security properties (strong authentication, efficient encryption,
Mandatory Access Control, integrity, non-repudiation and
availability). Nowadays, collaborative organizations use new
technologies such as mobile devices, smartcards, wireless networks,
high performance networks, grid computing, multi-agent systems,
peer-to-peer systems, sensor networks. These environments introduce
new needs, requirements and difficulties related to security. Hence,
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
Mining Practical with Smartcards."
- In the hardware hacking area we have a very interesting presentation from
Travis Goodspeed on reverse engineering and exploiting wireless sensors.
Our lineup of brand new training sessions includes a physical security
training by Zac Franken and Adam Laurie entitled "RFID, Access Control and
Biometric Systems", a Metasploit course called "Tactical Exploitation" by
Metasploit creator HD Moore and a course on "Understanding and Deploying
DNNSEC" by Paul Wouters and Patrick Nauber.
As always, it's best to register early for the training of your choice to
TurboFTP Server is a high performance, secure, scalable and management
friendly file transfer server running on Windows platforms. With it you
can easily set up a secure file transfer server that delivers regular FTP,
FTP over SSL/TLS, and SFTP over SSH services with virtual domains,
advanced directory access control, virtual folders, IP access control,
flexible authentication options and many other features.
0x02 : Vulnerability details
Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both
Linux kernels 2.4.37 and 2.6.27.10
You can download the new version from http://www.rsbac.org
RSBAC is one of the leading access control systems for the Linux
kernel with a good selection of access control models, see
http://www.rsbac.org/why for more details.
Important changes since 1.3 series:
* Knowledge Management
* Embedded Systems
* Defence Systems
Ubi/Cloud Computing:
* Authentication and Access Control for Data Protection in Ubi/Cloud
Computing
* Context-Awareness and its Data Mining for UbiCom
* Data Grids
* Distributed Information Systems
* Human-Computer Interface and Interaction for UbiCom
- Cellular Networks (GSM,GPRS,CDMA,3G,4G)
- Phreaking / VoIP
- Web Security
- Wireless / Bluetooth / Infrared / Fibre
- Exploitation Techniques
- Access Control and Authentication
- Reverse Engineering
- Application Security, Testing, Fuzzing
- Code Auditing
- Virtualization
- Malware (Viruses, Spam, Phishing, Botnets)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Secure Access Control Server for
Windows User-Changeable Password
Vulnerabilities
Advisory ID: cisco-sa-20080312-ucp
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
By Michael Brooks
Vulnerability:Broken Access Control
Homepage:http://wordpress.org/download
Software: Wordpress
Version affected:2.3.1 (Latest at the time of writing)
6. *Vendor Information, Solutions and Workarounds*
Mitigation for the Privileges Unchecked vulnerability (suggested by Core
Security): this vulnerability may be mitigated by controlling access to
files inside the 'wp-admin' folder. Access can be prohibited by using
Apache access control mechanism ('.htaccess' file), see guideline for
more information [11].
7. *Credits*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Network Access Control Guest Server
System Software Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20110330-nac
Revison 1.0
_='`"``=.
presents..
Destination Search Admin Console Access Control Bypass
Vendor link: http://www.localmatters.com/
PDF:
http://www.security-assessment.com/files/documents/advisory/Destination_Search_-_Admin_Console_Access_Control_Bypass.pdf
-- Corsaire Security Advisory --
Title: Citrix Access Gateway session ID disclosure issue
Date: 05.09.06
Application: Citrix Advanced Access Control 4.0
Citrix Advanced Access Control 4.2
Citrix Access Gateway 4.5 Advanced Edition
Citrix Access Gateway 4.5 Standard Edition
Environment: Windows
Author: Martin O'Neal [martin.oneal@corsaire.com]
http://www.securityfocus.com/archive/1/495937/30/0/threaded
A specially crafted Remote Authentication Dial In User Service
(RADIUS) Extensible Authentication Protocol (EAP) Message Attribute
packet sent to the Cisco Secure Access Control Server (ACS) can crash
the CSRadius and CSAuth processes of Cisco Secure ACS. Because this
affects CSAuth all authentication requests via RADIUS or TACACS+ will
be affected during exploitation of this vulnerability.
Cisco ACS installations that are configured with AAA Clients to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Object-group Access
Control List Bypass Vulnerability
Advisory ID: cisco-sa-20090923-acl
Revision 1.0
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01866178
Version: 1
HPSBUX02457 SSRT090174 rev.1 - HP-UX Running Role-Based Access Control (RBAC), Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-09-21
Last Updated: 2009-09-21
By default, Cisco uBR10012 series devices that are configured for
linecard redundancy use a community string of private. This community
string can be changed in Cisco IOS versions 12.3(13)BC and later. It
is recommended to change the community string and apply access
control restrictions that only permit authorized devices SNMP access
to the device.
The following configuration example provides operators with
information on changing the community string and adding SNMP access
control restrictions using an access control list (ACL).
Earlier versions may also be affected.
Overview:
1.vendor description of software
------------------------------------------------
TurboFTP Server is a high performance, secure, scalable and management friendly file transfer server running on Windows platforms. With it you can easily set up a secure file transfer server that delivers regular FTP, FTP over SSL/TLS, and "SFTP over SSH" services with virtual domains, advanced directory access control, virtual folders, IP access control, flexible authentication options and many other features.
2.vulnerability details:
------------------------------------------------
Directory Traversal Vulnerability exists in "FTP" and "SFTP" module of Turbo FTP Server that allows an authenticated user to create directories outside the root directory, which may lead to other attacks.
If you could log on the server successfully,
Status :
Impact : High
Bug Description :
mavili guestbook(version update : 200711) is vulnerable with Security Access Control Bypass, SQL Injection, XSS, etc.
Proof Of Concept :
1)Security Access Control Bypass:
User can edit, approve and delete messages without admin permission, POC below (Remarks: id=91 exists was necessary) :
1.1)GET http://192.168.10.211/edit.asp?id=91
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Network Access Control Guest Server
System Software Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20110330-nac
Revison 1.0
> >
> >No, I do not think this is expected. You could not write to that file
> >under traditional unix, and you can not write into that file when
> >/proc is unmounted.
> >
> >I do not think mounting /proc should change access control semantics.
> >
> It didn't in fact change anything. If the guest created hardlink to
> that file in a unrestricted location, what would you say? Procfs is
> in that respect just another sort of hardlinks, whether you like
> that or not. If you didn't in fact restrict an access to the file,
* Crafted H.323 packet DoS vulnerability
* SQL*Net packet DoS vulnerability
* Access control list (ACL) bypass vulnerability
Workarounds are available for some of the vulnerabilities.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090408-asa.shtml.
TACACS+ Authentication Bypass Vulnerability
+------------------------------------------
Devices running vulnerable versions of Cisco FWSM Software are
affected by this vulnerability if they are configured to use the
Terminal Access Controller Access-Control System Plus (TACACS+)
protocol for AAA. A device is configured for TACACS+ if an AAA server
group is defined in a manner similar to the following:
aaa-server my-tacacs-server protocol tacacs+
aaa-server my-tacacs-server (inside) host 192.168.1.1
Next Page>>
|
