Next Page >>
network traffic
but I think gives you information about the wifi 'infrastructure',
again, I think :).
-gathers 'useful' information from unencrypted wifi traffic (ala
Ferret,and dsniff, etc); like pop3 credentials, smtp traffic, http
cookies/authinfo, msn messages,ftp credentials, telnet network
traffic, nbt, etc.
-and I think that's it.
Requirements:
-Linux
-scapy
* Rootkit Development
* Code Analysis
* Forensics and Anti-Forensics
* Embedded Device Security
* Web Application Security
* Network Traffic Analysis
* Wireless Network Security
* Cryptography and Cryptanalysis
* Social Engineering
* Law Enforcement Activities
* Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
than most pen-testers know what to do with.
This release includes a set of man-in-the-middle, authentication relay,
and authentication capture modules. These modules can be integrated with
a fake proxy (WPAD), a malicious access point (Karmetasploit), or basic
network traffic interception to gain access to client machines. These
modules tie together browser_autopwn, SMB relaying, and HTTP credential
and form capturing to pillage data from client systems.
Nearly all Metasploit modules now support IPv6 transports. IPv6 stagers
exist for the Windows and Linux platforms, opening the door for
Rules
1. Attacks remain confidential until prize is claimed
Players will connect to the targets with a crossover cable and we will
not record the network traffic or log anything other than what is done
by default.
Successful exploits can be delivered directly to Tipping Point after the
we verify that you control the target.
Aug 04, 2008
I. BACKGROUND
The snoop command line utility is installed by default on Solaris. It is
used to capture and display network traffic, similar to the widely used
tcpdump program. Server Message Block (SMB), is a network protocol used
for Microsoft Windows file sharing. More information can be found on the
vendor's website at the following URL.
http://docs.sun.com/app/docs/doc/816-0211/6m6nc677k?a=view
>
> No patch is available.
>
> *** WORKAROUNDS ***
>
> Put access points on separate wired network and filter network traffic
> to/from 1111 tcp port.
>
>
> *********************
> *** LEGAL NOTICES ***
I. BACKGROUND
Norton Internet Security 2008 is a system security suite that offers
protection from spyware, viruses, identity theft, spam, and malicious
network traffic. More information can be found on the vendor's site at
the following URL.
http://www.symantec.com/home_homeoffice/products/overview.jsp?pcid=is&pvid=nis2008
II. DESCRIPTION
primitives. All fields of a protocol can be addressed using PktAnon,
therefore making PktAnon highly flexible. The anonymization is
configured through XML profiles and allows arbitrary mappings of network
protocol fields to anonymization primitives. Anonymization of live
traffic is as well supported as interplay with other tools such as e.g.
tcpreplay for live replay of anonymized network traffic.
PktAnon is available from http://www.tm.uka.de/pktanon
Feedback and cooperation is highly welcome!
Please note that this is a development release and not yet in a final
CVSS Temporal Score - 6.4
Exploitability - Functional
Remediation Level - Official-Fix
Report Confidence - Confirmed
* CSCsk46770 - CAPF crash with network traffic
CVSS Base Score - 7.8
Access Vector - Network
Access Complexity - Low
Authentication - None
Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)
The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and
The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)
drivers/char/agp/generic.c in the agp subsystem in the Linux kernel
before 2.6.30-rc3 does not zero out pages that may later be available
to a user-space process, which allows local users to obtain sensitive
Details
=======
Documented in RFC2661, L2TP and RFC3931, L2TPv3 are protocols for
tunneling network traffic between two peers over an existing network.
A device running affected 12.2 and 12.4 versions of Cisco IOS and
that has the L2TP mgmt daemon process running will reload when
processing a specially crafted L2TP packet.
2. These accounts have their passwords set to the same simple crackable [using JtR] value across _all_ modems. Worse yet, the passwords are available as javascript variables in clear text in the HTML UI for changing passwords. They are apparently there for user input validation (is the old password correct?). Using these
passwords, one can log as super-user on _any_ airtel modem provided to subscribers.
3. All airtel modems have their external login port (telnet) enabled.
A telnet to the modem, after logging in gives access to the internal (linux) system shell, from where a malicous user (cracker) can change
system configuration and modify/tap network traffic. Most subscribers are not technically inclined to even know what it means - far from
being able to turn it off.
4. The modems also provide an interface for updating their firmware.
The firmware image is readily available for download from airtel's website, and many other websites. The firmware image consists of a
linux kernel, root file-system, configuration and (maybe) other binary blobs. There seems to be no security/check on firmware image's
CVE Id : CVE-2008-4395
Debian Bugs : 504696
Anders Kaseorg discovered that ndiswrapper suffers from buffer overflows
via specially crafted wireless network traffic, due to incorrectly
handling long ESSIDs. This could lead to the execution of arbitrary
code.
For the oldstable distribution (etch), this problem has been fixed in
Details follow:
Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discovered
that the Kerberos Key Distribution Center service did not correctly verify
certain network traffic. An unauthenticated remote attacker could send
a specially crafted request that would cause the KDC to crash, leading
to a denial of service.
Updated packages for Ubuntu 9.10:
1. General information
PRTG Traffic Grapher is a network monitoring solution, which helps
manage and classify bandwidth usage of a network by providing accurate
results about network traffic and usage trends in graphs and tables. The
software also supports SNMP (Simple Network Management Protocol). PRTG
Traffic Grapher is available at http://www.paessler.com.
In April 2009, Bkis discovered a vulnerability in PRTG Traffic Grapher.
A hacker might exploit this hole to insert malicious codes into links to
-------------------------
The iPhone Configuration Web Utility allows centralized management of iPhone configuration settings. The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-only file access outside of the iPhone Configuration Web Utility 1.0 web root.
Solution Description
--------------------
Filter network traffic so that only trusted users can access the web interface.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional
iPhone Configuration Web Utility 1.0 for Windows
The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)
Additionally, along with other things, this kernel update adds support
for D-Link DWM 652 3.5G, some Intel gigabit network chipsets, Avermedia
PCI pure analog (M135A), fixes a bug causing SQLite performance
Impact:
-------
Access to the web interface without authentication enables a
malicious user to [2]:
- call expensive numbers
- listen to the phone conversation by capturing the network traffic
- read SIP username and password
- read and modify all configuration parameters of the phone
- redirect phone calls to another VoIP server
- activate the microphone and listen to the conversation in the room
security, application acceleration, identity policy and control, and
management designed to provide performance, choice and flexibility. The
Company operations are organized into two segments: infrastructure and
service layer technologies (SLT). The Company's infrastructure segment
offers scalable routing and switching products that are used to control
and direct network traffic from the core, through the edge, aggregation
and the customer premise equipment level. /
*I. Description*
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141
Huzaifa Sidhpurwala, Joernchen, and Xiaopeng Zhang discovered several
vulnerabilities in the Wireshark network traffic analyzer.
Vulnerabilities in the DCT3, LDAP and SMB dissectors and in the code to
parse pcag-ng files could lead to denial of service or the execution of
arbitrary code.
For the oldstable distribution (lenny), this problem has been fixed in
AMD64 architectures, allows local users to cause a denial of service
(crash) via certain ptrace calls. (CVE-2008-1615)
Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the
Linux kernel before 2.6.25.3 allows remote attackers to cause a
denial of service (memory consumption) via network traffic to a
Simple Internet Transition (SIT) tunnel interface, related to the
pskb_may_pull and kfree_skb functions, and management of an skb
reference count. (CVE-2008-2136)
Integer overflow in the sctp_getsockopt_local_addrs_old function in
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
The selinux_ip_postroute_iptables_compat function in
security/selinux/hooks.c in the SELinux subsystem in the Linux kernel
before 2.6.27.22, and 2.6.28.x before 2.6.28.10, when compat_net is
enabled, omits calls to avc_has_perm for the (1) node and (2) port,
which allows local users to bypass intended restrictions on network
traffic. NOTE: this was incorrectly reported as an issue fixed in
2.6.27.21. (CVE-2009-1184)
The exit_notify function in kernel/exit.c in the Linux kernel
before 2.6.30-rc1 does not restrict exit signals when the
CAP_KILL capability is held, which allows local users to send an
> On 1/4/2012 12:43 AM, Jann Horn wrote:
> Could this also be used in order to get access to a LAN from the outside,
> e.g. in order to manipulate ARP tables and thereby gain access to all
> unencrypted network traffic? Or is that usually impossible because of how
> the set-top box is connected?
>
We haven't verified whether local LAN could be sniffed or ARP tables of
other
Rules
1. Attacks remain confidential until prize is claimed
Players will connect to the targets with a crossover cable and we will
not record the network traffic or log anything other than what is done
by default.
Successful exploits can be delivered directly to Tipping Point after the
we verify that you control the target.
If they are configured to use bypass mode to allow traffic to pass in
the event of a system failure, all Cisco IPS platforms will fail to
forward traffic except for the 4260 and 4270 platforms. The Cisco IPS
4260 and 4270 platforms contain a hardware bypass feature that allows
them to pass network traffic in the event of a kernel panic or power
outage. They will pass traffic by default if the hardware bypass
feature is engaged.
This vulnerability is documented in Cisco Bug ID CSCso64762 and has
been assigned Common Vulnerabilities and Exposures (CVE) ID
* Remove/disable unnecessary accounts or restrict access according to security policy as required
* Run under the principle of least privilege where possible
* Keep all operating systems and applications updated with the latest vendor patches
* Follow a multi-layered approach to security. Run both firewall and antivirus applications, at a minimum, to
provide multiple points of detection and protection to both inbound and outbound threats
* Deploy network intrusion detection systems to monitor network traffic for signs of anomalous or suspicious
activity. This may aid in detection of attacks or malicious activity related to exploitation of latest vulnerabilities
Credit:
Symantec would like to thank JJ Reyes with Secunia Research for reporting these findings and coordinating closely with
Symantec as we resolved the issues.
net/bridge/netfilter/ebtables.c in the ebtables module in the
netfilter framework in the Linux kernel does not require the
CAP_NET_ADMIN capability for setting or modifying rules, which
allows local users to bypass intended access restrictions and
configure arbitrary network-traffic filtering via a modified ebtables
application. (CVE-2010-0007)
The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel
does not initialize a certain structure, which allows local users to
obtain potentially sensitive information from kernel stack memory by
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)
Next Page>>
|
