| New User, Welcome! Login |
Next Page >>
blocking
Details:
Now I'm informing about DoS in different browsers via protocols chrome, wmk
and outlook. Attacks via mail clients are also possible, as I wrote about in
corresponding advisory. These Denial of Service vulnerabilities belong to
type (http://websecurity.com.ua/2550/) blocking DoS and resources
consumption DoS. These attacks can be conducted as with using JS, as without
it (via creating of a page with large quantity of iframes).
DoS:
> the machines. However, that unfortunately comes across to those who choose not to think it through as me
> saying something against the Chinese themselves.
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational,
> and to have something to rail about. In the face of the reality of China's horribly infected network, when I
> suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice
> and a racist.
The following is opinion, not necessarily fact.
Inline:
> Subject: Re: All China, All The Time
> The solution of blocking China, however, is one which harms both people
> outside of China, as well as those inside of China. Therefore, it
> translates into an attack on them.
>
> Looking it this operationally:
>
is such hole, it can be possible to make similar attack against any other
installed application which have their URI handler registered in the system.
And not only Firefox (and the system) must know about it, but the attacker
also must know about it :-).
My idea was to made blocking DoS attack on Chrome (first exploit was
blocking DoS, second was blocking DoS and DoS via resources consumption).
Which I wrote about last year in my Classification of DoS vulnerabilities in
browsers (http://websecurity.com.ua/2550/). In 2008 I wrote about many
blocking DoS vulnerabilities in browsers, and this year I continued to write
about such holes, and after this one I'd write about another one soon (which
which I called by general name DoS via protocol handlers, to which belonged
and previous DoS attack via mailto handler.
Now I'm informing about DoS in different browsers via protocols news and
nntp. These Denial of Service vulnerabilities belongs to type
(http://websecurity.com.ua/2550/) blocking DoS and resources consumption
DoS. These attacks can be conducted as with using JS, as without it (via
creating of page with large quantity of iframes).
DoS:
> belonged
> and previous DoS attack via mailto handler.
>
> Now I'm informing about DoS in different browsers via protocols news and
> nntp. These Denial of Service vulnerabilities belongs to type
> (http://websecurity.com.ua/2550/) blocking DoS and resources consumption
> DoS. These attacks can be conducted as with using JS, as without it (via
> creating of page with large quantity of iframes).
>
> DoS:
>
>> belonged
>> and previous DoS attack via mailto handler.
>>
>> Now I'm informing about DoS in different browsers via protocols news and
>> nntp. These Denial of Service vulnerabilities belongs to type
>> (http://websecurity.com.ua/2550/) blocking DoS and resources consumption
>> DoS. These attacks can be conducted as with using JS, as without it (via
>> creating of page with large quantity of iframes).
>>
>> DoS:
>>
>>> belonged
>>> and previous DoS attack via mailto handler.
>>>
>>> Now I'm informing about DoS in different browsers via protocols news and
>>> nntp. These Denial of Service vulnerabilities belongs to type
>>> (http://websecurity.com.ua/2550/) blocking DoS and resources consumption
>>> DoS. These attacks can be conducted as with using JS, as without it (via
>>> creating of page with large quantity of iframes).
>>>
>>> DoS:
>>>
Inline:
> Subject: Re: All China, All The Time
> The solution of blocking China, however, is one which harms both people
> outside of China, as well as those inside of China. Therefore, it
> translates into an attack on them.
>
> Looking it this operationally:
>
The vendor issued security bulletin HPSBMA02477 SSRT090177 to address
the problem and provide fixes. It is available at
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01926980
The database service of HP Openview Network Node Manager is remotely
accessible on port 2690/tcp. Restricting or blocking access to that port
will prevent exploitation but may prevent normal operation of Openview NNM.
7. *Credits*
-----------------------------
Details:
Now I'm informing about DoS in different browsers via protocols firefoxurl
and gopher. These Denial of Service vulnerabilities belong to type
(http://websecurity.com.ua/2550/) crashing DoS, blocking DoS and resources
consumption DoS. These attacks can be conducted as with using JS, as without
it (via creating of page with large quantity of iframes).
DoS:
On 1/15/10 6:40 PM, Thor (Hammer of God) wrote:
> I could only imagine. The other problem is that many people seem to think I'm saying something against the Chinese *people* themselves, based on the "f* you round-eye* messages I've received (and they call ME racist). They don't seem to get the clear distinction (to me) between the Chinese people and China's network. It's the machines I'm concerned with the attacks coming from those machine. Just because the machine is sourced in China doesn't mean the attacker is - so I have to do the best I can to defend against the machines. However, that unfortunately comes across to those who choose not to think it through as me saying something against the Chinese themselves.
>
> Then again, as you well know, people will take any opportunity they can just to be ugly and confrontational, and to have something to rail about. In the face of the reality of China's horribly infected network, when I suggest blocking that traffic (as many others have and do), they seize the opportunity to call me prejudice and a racist.
The Chinese network is indeed very infected, which in turn causes the
rest of the world great computerized harm. Nobody disputes this.
The solution of blocking China, however, is one which harms both people
outside of China, as well as those inside of China. Therefore, it
> > something against the Chinese *people* themselves
Unfortunately, such a security measure can be read that way, too.
> The solution of blocking China, however, is one which harms both
people
> outside of China, as well as those inside of China. Therefore, it
> translates into an attack on them.
Agree. This already happened in a different context.
from DoS holes in browsers, which I wrote about in 2008 in my articles
Dangers of DoS attacks on browsers and Dangers of resources consumption DoS
attacks. But mostly browser developers ignore to fix these issues.
But in this case it's not only attack on browsers, but on the whole user's
computer - because it's blocking of whole computer and full resource
consumption. Which is working in many browsers, including their last
versions. So browser developers with their neglect to this problem make
possible attacks on the whole users' systems. It was one of leitmotifs of my
advisory.
> consumption DoS
> attacks. But mostly browser developers ignore to fix these issues.
>
> But in this case it's not only attack on browsers, but on the whole
> user's
> computer - because it's blocking of whole computer and full resource
> consumption. Which is working in many browsers, including their last
> versions. So browser developers with their neglect to this problem make
> possible attacks on the whole users' systems. It was one of leitmotifs
> of my
> advisory.
> > something against the Chinese *people* themselves
Unfortunately, such a security measure can be read that way, too.
> The solution of blocking China, however, is one which harms both
people
> outside of China, as well as those inside of China. Therefore, it
> translates into an attack on them.
Agree. This already happened in a different context.
blocked.
The show ip sockets command can be used to determine which protocol
blocks the interface. If In column (sixth from the left) of the
output contains any other number than zero (0) that is an indication
that packets of that particular protocol are blocking, or starting to
block, the interface. The following example shows DNS packets that
are beginning to fill the input queue of the interface. The interface
is not completely blocked because only 13 packets are in the input
queue.
this issue. But even them do it badly and I all the time develop new
exploits which bypassed this protection. And all browsers (if they called
themselves as secure) must protect against this attack. Also remember, in
any affected browser only one infinite loop will lead only to resource
consumption (mostly small one), but in many of my exploits I'm talking about
crashing, blocking or very high resource consumption.
> Here's the simplified JS version of it (lets call it the Universal DoS --
> yes, it'd work for every browser on the planet that can execute JS) -
John, you was left almost on two years.
/-----------
1016 ipp_state_t /* O - Current state */
1017 ippReadIO(void *src, /* I - Data source */
1018 ipp_iocb_t cb, /* I - Read callback function */
1019 int blocking, /* I - Use blocking IO? */
1020 ipp_t *parent, /* I - Parent request, if any */
1021 ipp_t *ipp) /* I - IPP data */
1022 {
1023 int n; /* Length of data */
1024 unsigned char buffer[IPP_MAX_LENGTH + 1],
ftp. I set in exploits the files at servers of Google (for http) and
Microsoft (for ftp) - these companies have more server capacities for this
task.
Denial of Service vulnerabilities belong to type
(http://websecurity.com.ua/2550/) blocking DoS and resources consumption
DoS. These two attacks can be conducted as with using JS, as without it (via
creating of a page with large quantity of iframes and in Chrome it's also
possible to use frames).
File Download and DoS:
creating of page with large quantity of iframes).
If attack via images at a page (which open email client) is only discomfort,
then attack via images or iframes with using my exploits is Denial of
Service vulnerability. It belongs to type (http://websecurity.com.ua/2550/)
blocking DoS and resources consumption DoS. These exploits are very
dangerous - at their starting, if to not stop attack in time, they can lead
to full consumption of computer's resources (potentially even to freezing of
the system).
DoS:
Agent for Windows are affected. This includes Cisco products that
integrate standalone Cisco Security Agents, such as Cisco IP
Communications applications servers and the Cisco Security Manager.
Although the ACS Solution Engine integrates a standalone Cisco Security
Agent, it is not affected because TCP ports 139 and 445 have been
firewalled by the ACS Solution Engine itself. This blocking of traffic
destined to TCP ports 139 and 445 is enabled by default and is not
user-configurable.
This vulnerability is documented in Cisco bug ID CSCsl00618.
- -----------/
This gives an attacker the possibility to disable many features of the
plugin, for example reactivate the forgotten password feature and
reactivate the XML-RPC blog interface. Also you can deny the weblog
service by configuring this plugin to be overly sensitive, blocking any
request. However the plugin cannot be totally disabled because the
essential IDS parameters 'Maximum impact to ignore bad requests' and
'Minimum impact to sanitize bad requests' are verified on the server
side of the blog and cannot be distorted to deactivate the sanitizing or
blocking features of the web IDS plugin.
> If attack via images at a page (which open email client) is only
> discomfort,
> then attack via images or iframes with using my exploits is Denial of
> Service vulnerability. It belongs to type
> (http://websecurity.com.ua/2550/)
> blocking DoS and resources consumption DoS. These exploits are very
> dangerous - at their starting, if to not stop attack in time, they can
> lead
> to full consumption of computer's resources (potentially even to
> freezing of
> the system).
like to share it with you.
It is based on code developed By sinhack research labs:
http://sinhack.net/URLFilteringEvasion/sakeru.tx
Description:
"Fortinet's URL blocking functionality can be bypassed by
specially-crafted HTTP requests that fulfill 3 factors:
1.- HTTP Requests are terminated by the CRLF characters.
2.- Forcing to talk via HTTP/1.0 version so that dont send the host header.
3.- Finally, by Fragmenting the GET or POST requests
Mitigating Factors
==================
- A firewall blocking outbound WebDAV traffic (in addition to blocking all
Windows Networking protocols) could stop an Internet-based attack.
Solution
========
Multiple vulnerabilities has been found and corrected in squidGuard:
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).
Multiple buffer overflows in squidGuard 1.4 allow remote attackers
to bypass intended URL blocking via a long URL, related to (1)
the relationship between a certain buffer size in squidGuard and a
Multiple vulnerabilities has been found and corrected in squidGuard:
Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote
attackers to cause a denial of service (application hang or loss of
blocking functionality) via a long URL with many / (slash) characters,
related to emergency mode. (CVE-2009-3700).
Multiple buffer overflows in squidGuard 1.4 allow remote attackers
to bypass intended URL blocking via a long URL, related to (1)
the relationship between a certain buffer size in squidGuard and a
1. Local File Include vulnerabilities found in script data/inc/themes/predefined_variables.php
Vulnerable GET parameters "blogpost", "cat" and "file".
First discovered by AmnPardaz Security Research Team [http://www.bugreport.ir/index_48.htm].
Vendor fixed vulnerability in version 4.5.2 by blocking directly access to this file [http://www.pluck-cms.org/releasenotes.php#4.5.2].
However, attacker still can exploit this vulnerability from index.php file.
Code [line 15-46]
-----------------
#################################################
With all the hubbub around China yet again, I would like to remind you of the utilities available at Hammer of God that allow one to completely block any or all traffic to or from China or any other country in the world via ISA/TMG.
As many of you know, I¡¯ve been totally blocking China for years, mostly because I¡¯m a Porcelain kind of guy. Oh, and the fact that the entire country¡¯s network is a festering cesspool of scum and villainy.
Here¡¯s an article I wrote about a 1.5 years ago on the subject if it has any relevance to you.
http://www.securityfocus.com/infocus/1900/1
¹¿Կ´µ½һµ㣬²»»ش - Ҳ»»µõ½¡£
Next Page>>
|
|
|
