| New User, Welcome! Login |
network connections
Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
t
> -----Original Message-----
> From: Susan Bradley [mailto:sbradcpa@pacbell.net]
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
service, then you have issues. It's like telling me that "the solution
is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of
most typically over HTTP/HTTPs but also over a number of other supported
protocols including an undocumented protocol scheme "verbatim". Untrusted
applets are subject to network access restrictions documented at
http://java.sun.com/sfaq/:
"Applets are not allowed to open network connections to any computer,
except for the host that provided the .class files. This is either the
host where the html page came from, or the host specified in the codebase
parameter in the applet tag, with codebase taking precendence."
By specifying a codebase URI prefixed by "verbatim:" it is possible to
Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).
Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).
Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
>>> withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
>>> EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't
>>> say
>>> 'you can deploy firewall settings via group policy to mitigate
>>> exposure'
>>> when the firewall obviously must be accepting network connections to
>>> get
>>> the settings in the first place. If all it takes is any listening
>>> service, then you have issues. It's like telling me that "the solution
>>> is to take the letter 'f' out of the word "solution."
>>>
Network Connection Tracking Vulnerability
+----------------------------------------
Cisco Unified Communications Manager contains a DoS vulnerability
that involves the tracking of network connections by the embedded
operating system firewall. By establishing many TCP connections with
a vulnerable system, an attacker could overwhelm the operating system
table that is used to track network connections and prevent new
connections from being established to system services. Any service
that listens to a TCP port on a vulnerable system could be affected
> and for which you have no intention of making a patch for, don't tell me
> it's mitigated by ancient, unusable default firewall settings, and don't
> withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
> EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say
> 'you can deploy firewall settings via group policy to mitigate exposure'
> when the firewall obviously must be accepting network connections to get
> the settings in the first place. If all it takes is any listening
> service, then you have issues. It's like telling me that "the solution
> is to take the letter 'f' out of the word "solution."
>>
>> 2) Think things through. If you are going to try to boot sales of
> and for which you have no intention of making a patch for, don't tell me
> it's mitigated by ancient, unusable default firewall settings, and don't
> withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
> EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say
> 'you can deploy firewall settings via group policy to mitigate exposure'
> when the firewall obviously must be accepting network connections to get
> the settings in the first place. If all it takes is any listening
> service, then you have issues. It's like telling me that "the solution
> is to take the letter 'f' out of the word "solution."
>
>> 2) Think things through. If you are going to try to boot sales of
the application. Furthermore, a remote attacker could cause a Denial of
Service affecting multiple services via several vectors, disclose
information and memory contents, write or execute local files, conduct
session hijacking attacks via GIFAR files, steal cookies, bypass the
same-origin policy, load untrusted JAR files, establish network
connections to arbitrary hosts and posts via several vectors, modify
the list of supported graphics configurations, bypass HMAC-based
authentication systems, escalate privileges via several vectors and
cause applet code to be executed with older, possibly vulnerable
versions of the JRE.
Network Connection Tracking Vulnerability
+----------------------------------------
Cisco Unified Presence contains a DoS vulnerability that involves the
tracking of network connections by the embedded firewall. An attacker
can overwhelm the table that is used to track network connections and
prevent new connections from being established to system services by
establishing many TCP connections with a vulnerable system. Any
service that listens to a TCP port on a vulnerable system could be
affected by this vulnerability. This vulnerability is documented in
and for which you have no intention of making a patch for, don't tell me
it's mitigated by ancient, unusable default firewall settings, and don't
withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S
EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say
'you can deploy firewall settings via group policy to mitigate exposure'
when the firewall obviously must be accepting network connections to get
the settings in the first place. If all it takes is any listening
service, then you have issues. It's like telling me that "the solution
is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of
on line 3 of the hex data.
Step 10: For this example, the hex characters are "59 04". This user
account is "Domain\DomainAdminAcct".
Step 11: Double click on "NL$4". Replace your SID hex representation
"5a 04", with DomainAdminAcct's SID hex representation "59 04".
Step 12: *Important* Disconnect all physical network connections from
the workstation.
Step 13: Log off of the domain account, then log back in to your domain account.
Step 14: You will now be logged in to your modified cached account
that is really the Domain Admin's account.
Step 15: You are now free to modify system files and user account
bulletin)
Thor (Hammer of God) wrote:
> Yeah, I know what it is and what it's for ;) That was just my subtle way of trying to make a point. To be more explicit:
>
> 1) If you are publishing a vulnerability for which there is no patch, and for which you have no intention of making a patch for, don't tell me it's mitigated by ancient, unusable default firewall settings, and don't withhold explicit details. Say "THERE WILL BE NO PATCH, EVER. HERE'S EVERYTHING WE KNOW SO YOU CAN DETERMINE YOUR OWN RISK." Also, don't say 'you can deploy firewall settings via group policy to mitigate exposure' when the firewall obviously must be accepting network connections to get the settings in the first place. If all it takes is any listening service, then you have issues. It's like telling me that "the solution is to take the letter 'f' out of the word "solution."
>
> 2) Think things through. If you are going to try to boot sales of Win7 to corporate customers by providing free XP VM technology and thus play up how important XP is and how many companies still depend upon it for business critical application compatibility, don't deploy that technology in an other-than-default configuration that is subject to a DoS exploit while downplaying the extent that the exploit may be leveraged by saying that a "typical" default configuration mitigates it while choosing not to ever patch it. Seems like simple logic points to me.
>
> t
>
3) Technical details
======================
Lexmark products have connection flood protection mechanisms that
limit the number of simultaneous network
connections that can be made to the device on most TCP service ports.
(21/FTP 79/Finger, 515/LPD, 631/IPP,
5001, 9100-9104, 9200, 9300, 9400, 9500-9501 & 9600) The FTP service
exception handler does not properly
maintain the state of the flood protection when passive FTP
connections are aborted. Once a sufficient number
Security researcher Gregory Fleischer reported that when a Java
LiveConnect script was loaded via a data: URL which redirects via a
meta refresh, then the resulting plugin object was created with the
wrong security principal and thus received elevated privileges such
as the abilities to read local files, launch processes, and create
network connections (CVE-2010-3775).
Mozilla added the OTS font sanitizing library to prevent downloadable
fonts from exposing vulnerabilities in the underlying OS font
code. This library mitigates against several issues independently
reported by Red Hat Security Response Team member Marc Schoenefeld
|
|
|
