Next Page >>
team
6. *Vendor Information, Solutions and Workarounds*
Novell has a planned release of iManager 2.7.4 in August 2010; this
release should fix these issues. The Novell team notifies they will
provide patches for the current vulnerable versions with the 2.7.3
ftf4 release before August, but this release was not confirmed yet
(see the timeline for more details). In the meantime, users can
mitigate these flaws by applying these countermeasures:
WordPress discriminates bad password from bad user logins, this reduces
the complexity of a brute force attack on WordPress blogs login
(CVE-2009-2335, BID 35584). The same user information disclosure happens
when users use the forgotten mail interface to request a new password
(CVE-2009-2336, same BID 35584). These information disclosures seem to
be previously reported [6] but the WordPress team is refusing to modify
them alleging *user convenience*.
Default installation of WordPress 2.7.1 leaks the name of the user
posting entries inside the HTML of the blog.
9. *Report Timeline*
. 2009-09-01:
Core Security Technologies notifies the Hyperic team of the
vulnerability.
. 2009-09-02:
The Hyperic team asks Core for a technical description of the
vulnerability.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258068-1.
7. *Credits*
These vulnerabilities were discovered by the SCS team from Core Security
Technologies.
8. *Technical Description / Proof of Concept Code*
6. *Vendor Information, Solutions and Workarounds*
This flaw was fixed in Mac OS X 10.5.7 by updating CUPS to 1.3.10. Apple
team intends to fix it on Mac OS X 10.4 in a future update. All CUPS
users should upgrade the software to 1.3.10.
7. *Credits*
6. *Vendor Information, Solutions and Workarounds*
VNC users connecting to untrusted servers should update their VNC
viewers/clients.
The UltraVNC team has released patched binaries [4] for its viewer.
Additional information can be found in the UltraVNC Forum
(http://forum.ultravnc.info/).
The TightVNC team has released patched source code in [5]. TightVNC
1.3.10 will be released by Feb 10th 2009.
6. *Vendor Information, Solutions and Workarounds*
Core would like to thanks Manikandan.T [2] for giving us the following
detailed information about the way Zoho team has addressed the security
vulnerabilities highlighted in this document.
6.1. *Solution to the Weak security question mechanism*
These vulnerabilities (except the Rising one) were discovered by Damian
Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco
y Rodrigo Carvalho from Core Security Technologies, during Bugweek 2007.
The Rising vulnerability was discovered by Anibal Sacco from Core
Security Technologies exploit writers team.
These vulnerabilities were researched by Anibal Sacco and Damian Saura
from Core Security Technologies.
7. *Credits*
This vulnerability was discovered by Nicolas Economou from Core Security
Technologies. Technical analysis and proof-of-concept tools were
developed by Nicolas Economou and Diego Juarez from Core's Exploit
Writers Team.
8. *Technical Description / Proof of Concept Code*
Operating systems based on Microsoft Windows NT technologies provide a
Advisory Id: CORE-2010-0121
Advisory URL:
http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities
Date published: 2010-02-05
Date of last update: 2010-02-05
Vendors contacted: Cherokee team, Nginx team, Mongoose team
Release mode: User release
2. *Vulnerability Information*
Note however that workaround #4 is a simply stop gap measure that could be
circumvented by relatively unsophisticated attackers.
*Credits*
This vulnerability was discovered by Sebastián Muñiz from the CORE IMPACT
Exploit Writers Team (EWT)
*Technical Description*
Lotus 1-2-3 and Lotus Symphony spreadsheet applications use the Worksheet
File format [1] to persist spreadsheet data on the file system. Lotus
3. Chrome:
http://securethoughts.com/security/rssatomxss/googlechromexss.atom.tx [Any
arbitary file extension at. E.g .tx, .tm]
3. Exploit Scenario 3 –
1. Details and PoC will be released after patch is provided by
Opera Security Team in next minor release.
For research purposes, you can try out the PoCs on these virtualized (and
vulnerable) versions of various browsers, without installing any bits on
your computer [5].
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1
6. *Credits*
These vulnerabilities were discovered by the SCS team from Core Security
Technologies.
7. *Technical Description / Proof of Concept Code*
*Credits*
These vulnerabilities were discovered and researched by Felipe Manzano
and Anibal Sacco, both of them from CORE IMPACT's Exploit Writing Team
(EWT), Core Security Technologies.
*Technical Description / Proof of Concept Code*
6. *Vendor Information, Solutions and Workarounds*
Regarding the vulnerability issue in 'SearchSolution' page
[CVE-2011-1510], the SDP team has identified this vulnerability
[2011-05-16] and it was fixed in SDP 8012, June 2011. ManageEngine did
not provide technical information, workaround nor a clear timeline for
fixes regarding [CVE-2011-1509]. Please, contact vendor for further
information and patches.
7. *Credits*
This vulnerability was discovered and researched by Jorge Luis Alvarez
Medina from Core Security Consulting Services (SCS). Additional research
was made by Federico Muttis from Core Security Exploit Writers Team (EWT).
8. *Technical Description / Proof of Concept Code*
Internet Explorer uses a feature known as URL Security Zones [2], which
INTRUDERS TIGER TEAM SECURITY - SECURITY ADVISORY
http://www.intruders.com.br/
http://www.security.org.br/
ADVISORY/1907 - Citrix MetaFrame Privilege Escalation
PRIORITY: Low
due to required PIN re-entry and the need for user attention. Triggering
this bug (repeatedly in case no PIN is present) is considered a remote DoS
condition.
The second report addresses a number of issues discovered in the Android's
Dalvik API, one of them has been classified by the Android team as a DoS
vulnerability which leads to restarting the system process.
A specific malicious application can be crafted so that if it is
downloaded and executed by the user, it would trigger the vulnerable API
function and restart the system process. The same condition could occur if
9. *Report Timeline*
. 2009-09-04:
Core Security Technologies notifies the Microsoft team of the
vulnerability #1 and sends a Proof of Concept malformed file.
. 2009-09-04:
Microsoft acknowledges receipt of the vulnerability report, and opens
MSRC case 9368 to track this issue.
Title: Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability
Advisory ID: CORE-2009-0727
Advisory URL: http://www.coresecurity.com/content/libpurple-arbitrary-write
Date published: 2009-08-18
Date of last update: 2009-08-18
Vendors contacted: Pidgin team
Release mode: Coordinated release
2. *Vulnerability Information*
. Available through BigView website (since June 2nd 2008, see below).
*Vendor Information, Solutions and Workarounds*
The NASA BigView team has published a new version fixing this
vulnerability. The tarball is available on BigView's website:
http://opensource.arc.nasa.gov/project/bigview/
*Credits*
7. *Credits*
This vulnerability was discovered and researched by 7safe's
Penetration Testing Team, [2].
8. *Technical Description / Proof of Concept Code*
eFront-learning is vulnerable to local file inclusion vulnerability.
9. *Report Timeline*
. 2009-08-14:
Core Security Technologies notifies the Microsoft team of the
vulnerability and sends a technical description and proof of concept
file. A preliminary publication date is set for November 17th, 2009.
. 2009-08-14:
The Microsoft team acknowledges receipt of the report.
2009.09.15: Sent PoC, Advisory, Disclosure policy and planned disclosure
date (2009.10.01) to Vendor
2009.09.15: Vendor response asking for resending the poc in a zipped and
password protected file (AV problem)
2009.09.15: Resending zipped and password protected
2009.09.17: Symantec Security Response Team verifies the vulnerability
2009.09.22: Symantec product team verifies the finding
2009.09.29: Ask for a status update, because the planned release date is
2009.10.01.
2009.09.29: Symantec Security Response Team tries to get a time line
from the product team.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-255928-1.
7. *Credits*
This vulnerability was discovered by the SCS team [3] from Core Security
Technologies.
8. *Technical Description / Proof of Concept Code*
Title: Vinagre show_error() format string vulnerability
Advisory ID: CORE-2008-1127
Advisory URL: http://www.coresecurity.com/content/vinagre-format-string
Date published: 2008-12-09
Date of last update: 2008-12-09
Vendors contacted: Vinagre team
Release mode: Coordinated release
2. *Vulnerability Information*
Internet Explorer Local Machine Zone Lockdown recommendation at:
http://technet.microsoft.com/enus/library/bb457150.aspx#EHAA
*Credits*
This vulnerability was discovered by Lucas Lavarello from the CORE
Security Consulting Services (CORE SCS) team.
*Technical Description / Proof of Concept Code*
The standard protocol that AIM clients use to communicate is called OSCAR
(Open System for CommunicAtion in Realtime), which is a closed protocol
Internet Explorer Local Machine Zone Lockdown recommendation at:
http://technet.microsoft.com/enus/library/bb457150.aspx#EHAA
*Credits*
This vulnerability was discovered by Lucas Lavarello from the CORE
Security Consulting Services (CORE SCS) team.
*Technical Description / Proof of Concept Code*
The standard protocol that AIM clients use to communicate is called OSCAR
(Open System for CommunicAtion in Realtime), which is a closed protocol
7. *Credits*
This vulnerability was discovered and researched by Nicolas Economou
from Core Security Exploit Writers Team. The publication of this
advisory was coordinated by Fernando Miranda from Core Security
Advisories Team.
8. *Technical Description / Proof of Concept Code*
This vulnerability was discovered and researched by Francisco Falcon
from Core Security Technologies during Bugweek 2009 [1].
The publication of this advisory was coordinated by Jorge Lucangeli Obes
from Core Security Advisories team.
8. *Technical Description / Proof of Concept Code*
Next Page>>
|
