Next Page >>
access controls
** Background **
On July 15 OuTian reported a vulnerability in Apache Tomcat[2] whereby
overwide byte sequences in utf-8 could bypass both Apache Tomcat access
control restrictions as well as path decoding logic.
On July 17 Simon Ryeo reported[3] a variation of the same vulnerability in
Apache httpd server when proxying content generated from Tomcat.
Remy Maucherat wrote a patch to address this particular expression of the
Title:
======
iGuard Biometric Access Control - Multiple Vulnerabilities
Date:
=====
2011-11-08
3. Unauthorized database backup vulnerability in "backup-database.php"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reasons:
1. missing access control
Preconditions:
1. mysqldump utility must be available
2. gzip utility must be available
3. target directory must be writable
4. database name must be known in order to successfully guess archive filename
currently suffer from poor security support and cannot resist common
attacks. Adding security measures typically degrade performance.
This workshop addresses relationships between security and high
performance systems in three directions. First, it considers how to
add security properties (authentication, confidentiality, integrity,
non-repudiation, access control) to high performance computing systems.
In this case, safety properties can also be addressed, such as
availability and fault tolerance for high performance computing systems.
Second, it covers how to use high performance computing systems to solve
security problems. For instance, a grid computation can break an
encryption code, or a cluster can support high performance intrusion
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
SUMMARY
WowWee Rovio - Insufficient Access Controls - Covert Audio/Video
Snooping Possible
OVERVIEW
Rovio from WowWee does not adequately secure all accessible URLs or media
streams, enabling an unauthorized user with network access to the robotic
webcam platform the ability to listen to and view audio/video streamed from
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
this vulnerability.
Products Confirmed Not Vulnerable
+--------------------------------
The Cisco Secure Access Control Server (ACS) Solution Engine, also
known as the ACS appliance, integrates a standalone version of Cisco
Security Agent. However, the ACS Solution Engine is not affected by
this vulnerability because by default it blocks incoming traffic to
the affected TCP ports (139 and 445). Additional information is in the
Details section.
systems and distributed environments currently suffer from poor
security support and cannot resist common attacks (spamming, worms,
session hijacking, buffer overflow, denial of service, social
engineering, etc.). Collaborative organizations require better
security properties (strong authentication, efficient encryption,
Mandatory Access Control, integrity, non-repudiation and
availability). Nowadays, collaborative organizations use new
technologies such as mobile devices, smartcards, wireless networks,
high performance networks, grid computing, multi-agent systems,
peer-to-peer systems, sensor networks. These environments introduce
new needs, requirements and difficulties related to security. Hence,
* National Security and Public Safety
* Trust and Reputation in Self-Organizing Environments
* Security Metrics
* Anonymity and Privacy vs. Accountability
* Recommendation, Reputation and Delivery Technologies
* Access Control and Capability Delegation
* Continuous Authentication
* Representations and Formalizations of Trust in Electronic and
Physical Social Systems
High-quality papers in all PST related areas that, at the time of
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Network Access Control Guest Server
System Software Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20110330-nac
Revison 1.0
- Cellular Networks (GSM,GPRS,CDMA,3G,4G)
- Phreaking / VoIP
- Web Security
- Wireless / Bluetooth / Infrared / Fibre
- Exploitation Techniques
- Access Control and Authentication
- Reverse Engineering
- Application Security, Testing, Fuzzing
- Code Auditing
- Virtualization
- Malware (Viruses, Spam, Phishing, Botnets)
> >
> >No, I do not think this is expected. You could not write to that file
> >under traditional unix, and you can not write into that file when
> >/proc is unmounted.
> >
> >I do not think mounting /proc should change access control semantics.
> >
> It didn't in fact change anything. If the guest created hardlink to
> that file in a unrestricted location, what would you say? Procfs is
> in that respect just another sort of hardlinks, whether you like
> that or not. If you didn't in fact restrict an access to the file,
Secure Network - Security Research Advisory
Vuln name: Failure in Access Controls; multiple Stored Cross Site Scripting
vulnerabilities.
Systems affected: Plunet BusinessManager
Systems not affected:
Severity: High
Local/Remote: Remote
Vendor URL: http://www.plunet.de
Author(s): Matteo Ignaccolo m.ignaccolo@securenetwork.it - Gabriele Zanoni
Mining Practical with Smartcards."
- In the hardware hacking area we have a very interesting presentation from
Travis Goodspeed on reverse engineering and exploiting wireless sensors.
Our lineup of brand new training sessions includes a physical security
training by Zac Franken and Adam Laurie entitled "RFID, Access Control and
Biometric Systems", a Metasploit course called "Tactical Exploitation" by
Metasploit creator HD Moore and a course on "Understanding and Deploying
DNNSEC" by Paul Wouters and Patrick Nauber.
As always, it's best to register early for the training of your choice to
Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both
Linux kernels 2.4.37 and 2.6.27.10
You can download the new version from http://www.rsbac.org
RSBAC is one of the leading access control systems for the Linux
kernel with a good selection of access control models, see
http://www.rsbac.org/why for more details.
Important changes since 1.3 series:
* Knowledge Management
* Embedded Systems
* Defence Systems
Ubi/Cloud Computing:
* Authentication and Access Control for Data Protection in Ubi/Cloud
Computing
* Context-Awareness and its Data Mining for UbiCom
* Data Grids
* Distributed Information Systems
* Human-Computer Interface and Interaction for UbiCom
_='`"``=.
presents..
Destination Search Admin Console Access Control Bypass
Vendor link: http://www.localmatters.com/
PDF:
http://www.security-assessment.com/files/documents/advisory/Destination_Search_-_Admin_Console_Access_Control_Bypass.pdf
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco Network Access Control Guest Server
System Software Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20110330-nac
Revison 1.0
6. *Vendor Information, Solutions and Workarounds*
Mitigation for the Privileges Unchecked vulnerability (suggested by Core
Security): this vulnerability may be mitigated by controlling access to
files inside the 'wp-admin' folder. Access can be prohibited by using
Apache access control mechanism ('.htaccess' file), see guideline for
more information [11].
7. *Credits*
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Secure Access Control Server for
Windows User-Changeable Password
Vulnerabilities
Advisory ID: cisco-sa-20080312-ucp
http://www.cisco.com/warp/public/707/cisco-sa-20080312-ucp.shtml
Secure Network - Security Research Advisory
Vuln name: Failure in Access Controls; multiple Stored Cross Site Scripting
vulnerabilities.
Systems affected: Plunet BusinessManager
Systems not affected:
Severity: High
Local/Remote: Remote
Vendor URL: http://www.plunet.de
Author(s): Matteo Ignaccolo m.ignaccolo@securenetwork.it - Gabriele Zanoni
TurboFTP Server is a high performance, secure, scalable and management
friendly file transfer server running on Windows platforms. With it you
can easily set up a secure file transfer server that delivers regular FTP,
FTP over SSL/TLS, and SFTP over SSH services with virtual domains,
advanced directory access control, virtual folders, IP access control,
flexible authentication options and many other features.
0x02 : Vulnerability details
http://www.securityfocus.com/archive/1/495937/30/0/threaded
A specially crafted Remote Authentication Dial In User Service
(RADIUS) Extensible Authentication Protocol (EAP) Message Attribute
packet sent to the Cisco Secure Access Control Server (ACS) can crash
the CSRadius and CSAuth processes of Cisco Secure ACS. Because this
affects CSAuth all authentication requests via RADIUS or TACACS+ will
be affected during exploitation of this vulnerability.
Cisco ACS installations that are configured with AAA Clients to
-- Corsaire Security Advisory --
Title: Citrix Access Gateway session ID disclosure issue
Date: 05.09.06
Application: Citrix Advanced Access Control 4.0
Citrix Advanced Access Control 4.2
Citrix Access Gateway 4.5 Advanced Edition
Citrix Access Gateway 4.5 Standard Edition
Environment: Windows
Author: Martin O'Neal [martin.oneal@corsaire.com]
By Michael Brooks
Vulnerability:Broken Access Control
Homepage:http://wordpress.org/download
Software: Wordpress
Version affected:2.3.1 (Latest at the time of writing)
Updated:
Impact : Medium (CVSSv2 Base : 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P)
Bug Description :
Page 'edit.asp' of CJWSoft ASPGuest GuestBook(Free Version) is vulnerable with Security Access Control Bypass and SQL Injection Vulnerability.
POC:
#-------------------------------------------------------------
1) Security Access Control Bypass
Page 'edit.asp' is a page for editing message as administrator privilege, but it can be viewed without authentication by everyone.
By default, Cisco uBR10012 series devices that are configured for
linecard redundancy use a community string of private. This community
string can be changed in Cisco IOS versions 12.3(13)BC and later. It
is recommended to change the community string and apply access
control restrictions that only permit authorized devices SNMP access
to the device.
The following configuration example provides operators with
information on changing the community string and adding SNMP access
control restrictions using an access control list (ACL).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco IOS Software Object-group Access
Control List Bypass Vulnerability
Advisory ID: cisco-sa-20090923-acl
Revision 1.0
Earlier versions may also be affected.
Overview:
1.vendor description of software
------------------------------------------------
TurboFTP Server is a high performance, secure, scalable and management friendly file transfer server running on Windows platforms. With it you can easily set up a secure file transfer server that delivers regular FTP, FTP over SSL/TLS, and "SFTP over SSH" services with virtual domains, advanced directory access control, virtual folders, IP access control, flexible authentication options and many other features.
2.vulnerability details:
------------------------------------------------
Directory Traversal Vulnerability exists in "FTP" and "SFTP" module of Turbo FTP Server that allows an authenticated user to create directories outside the root directory, which may lead to other attacks.
If you could log on the server successfully,
Next Page>>
|
