‣ Security Audit and Hardening of Java based Software (Marc Schoenefeld)
‣ The Exploit Laboratory (Saumil Udayan Shah)
‣ Design and Implementation of Security Awareness Campaigns (Stefan Schumacher)
‣ Advanced Malware Deobfuscation (Scott Lambert)
‣ Protocol and Traffic Analysis for Snort Signature (Matt Jonkman)
‣ Secure Application Coding for Enterprise Software (Vimal Patel)
The DeepSec IDSC is sponsored by CERT.at, Cisco, Microsoft, Sec Consult, Global
Knowledge Austria/Germany and IronPort.
DeepSec Organisation Team.
‣ Security Audit and Hardening of Java based Software (Marc Schoenefeld)
‣ The Exploit Laboratory (Saumil Udayan Shah)
‣ Design and Implementation of Security Awareness Campaigns (Stefan Schumacher)
‣ Advanced Malware Deobfuscation (Scott Lambert)
‣ Protocol and Traffic Analysis for Snort Signature (Matt Jonkman)
‣ Secure Application Coding for Enterprise Software (Vimal Patel)
List of speakers with presentations:
‣ Achim Reckeweg ; Sun Microsystems ; Germany
‣ Alex Stamos ; iSEC Partners ; USA
Potential Security Impact: Remote execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security problem has been identified with HP Client Automation Enterprise software (HPCA) running on Windows. HPCA was formerly known as Radia Notify. This vulnerability could be exploited to allow execution of arbitrary code.
References: CVE-2011-0889, ZDI-CAN-914
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Client Automation v5.11, v7.2, v7.5, v7.8, and v7.9
arguments of binaries from command line....
On the other hand in the "Common Criteria Evaluation and Validation Scheme
Validation Report" for "Check Point VPN-1/Firewall-1 NGX (R60)" -Report
Number: CCEVS-VR-06-0033- we can read: "A security reporting procedure is
available to all Enterprise Software Subscribers as well as third-party
vulnerability researchers."....
Regarding to this: we have tried to contact CheckPoint since March 2007. Six
months after that first attempt we are still unable to talk with them. We
are sure they have a "reporting procedure"... but we have not been able
read/see/listen about it. The only thing CheckPoint did from their support
As many of you know, the Check Point Secure Platform R60 was certified with the EAL4+ Common Criteria assurance level.
Our tests to locate those vulnerabilities -many memory corruption problems- had been very simple so we are a bit scared about the degree of reliability of the CheckPoint development cycle. In the paper called: "Check Point VPN-1/FireWall-1 NGX Security Target Version 1.2.2" and prepared to achieve the certification, there is a statement like this: "the developer has systematically searched for vulnerabilities in the TOE and provides reasoning about why they cannot be exploited in the intended environment for the TOE".
Systematically? We have found several overflows simply by manual fuzzing arguments of binaries from command line....
On the other hand in the "Common Criteria Evaluation and Validation Scheme Validation Report" for "Check Point VPN-1/Firewall-1 NGX (R60)" -Report Number: CCEVS-VR-06-0033- we can read: "A security reporting procedure is available to all Enterprise Software Subscribers as well as third-party vulnerability researchers."....
Regarding to this: we have tried to contact CheckPoint since March 2007. Six months after that first attempt we are still unable to talk with them. We are sure they have a "reporting procedure"... but we have not been able read/see/listen about it. The only thing CheckPoint did from their support email was to redirect us to our country. Unfortunately, after some contacts with representatives of CheckPoint here in Spain we were unable to arrange a single meeting.
OK, this is a vulnerabilities forum so let's talk about technical issues.
The interest of the released paper is the exploitation environment: RedHat Linux + Exec-Shield + CPSHELL + many vulnerable binaries...
Blackboard Academic Suites Multiple Cross Site Scripting Vulnerabilities
Background:
Blackboard Academic Suite Blackboard is an enterprise software solution for providing interactive learning and management capabilities for educational institutions.
Many institutions currently are using Blackboard such as: Princeton, Yale, Duke University of Pennsylvania, and University of Texas at Austin …
Platforms Affected:
All versions (7.x and lower)
used, the language they speak, your popular pages… and so much more.
Piwik aims to be an open source alternative to Google Analytics."
Piwik recently became sourceforge project of the month and won the
Infoworld Bossie Award for best open source enterprise software which
made it quite popular. Therefore Piwik is nowadays installed on many
high profile websites like: banking websites, political party websites,
gaming websites, blogs and even security company websites.
During our research in unserialize() vulnerabilities it was discovered
version of the ActiveX control to install. When this occurs, an
old version of the ActiveX control will not be instantiated if
one is presented for download.
* Pre-deploy a fixed version of Cisco AnyConnect Secure Mobility
Client through enterprise software upgrade infrastructure. This
action accomplishes the same result as the previous
recommendation -- it deploys new, fixed versions of the ActiveX
control so that old, vulnerable versions of the control are not
instantiated if one is presented for download.
I. BACKGROUND
---------------------
"VMware is a provider of virtualization software which runs on
Microsoft Windows, Linux, and Mac OS X. VMware's enterprise
software, VMware ESX Server, runs directly on server hardware
without requiring an additional underlying operating system".
from wikipedia
II. DESCRIPTION
