SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes a stored cross site scripting that can be used to trigger remote code execution in Endian Firewall version 5.0.3.

Endian Firewall is a “turnkey Linux security distribution, which is an independent, unified security management operating system. The Endian Firewall is based on a hardened Linux operating system.”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Endian has released patches to address this vulnerability.

For more information: https://help.endian.com/hc/en-us/articles/115012996087

Continue reading SSD Advisory – Endian Firewall Stored From XSS to Remote Command Execution

SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability Summary
The following advisory describes an unauthenticated stored XSS in the HPE Baseline Smart Gig SFP 24 / 3Com Baseline Switch 2924 SFP Plus Switch.

The vulnerability affect versions:

  • Software Version: 01.00.10
  • Boot version: 1.0.0.14
  • Hardware Version: 01.01.0a

“On April 12, 2010, Hewlett-Packard completed the acquisition of 3Com. Since the acquisition, 3Com has been fully absorbed by Hewlett-Packard and no longer exists as a separate entity.”

Every 3Com model changed its identification number. The new HP name/ID number for this switch is “HP Baseline Smart Gig SFP 24 – JE002A”

There is no other difference between 3CBLSG24 and JE002A.

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
HPE was informed of the vulnerability, their response was: “This issue is not going to be resolved. We had hoped resources could be found to address the issue, but the business determined that the product is out of support life. It’s been this way for several years. We hoped we could communicate something to customers about the product, but this switch is truly not supported in that way either.”

Continue reading SSD Advisory – HPE Baseline Smart Gig SFP 24 Switch Pre-authentication Stored XSS

SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerabilities summary
The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AF_PACKET that can lead to privilege escalation.

AF_PACKET sockets “allow users to send or receive packets on the device driver level. This for example lets them to implement their own protocol on top of the physical layer or to sniff packets including Ethernet and higher levels protocol headers”

Credit
The vulnerability was discovered by an independent security researcher which reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
“It is quite likely that this is already fixed by:
packet: hold bind lock when rebinding to fanout hook – http://patchwork.ozlabs.org/patch/813945/

Also relevant, but not yet merged is
packet: in packet_do_bind, test fanout with bind_lock held – http://patchwork.ozlabs.org/patch/818726/

We verified that this does not trigger on v4.14-rc2, but does trigger when reverting that first mentioned commit (008ba2a13f2d).”

Continue reading SSD Advisory – Linux Kernel AF_PACKET Use-After-Free

SSD Advisory – Ikraus Anti Virus Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom
See our full scope at: https://blogs.securiteam.com/index.php/product_scope

Vulnerability summary
The following advisory describes an remote code execution found in Ikraus Anti Virus version 2.16.7.

KARUS anti.virus “secures your personal data and PC from all kinds of malware. Additionally, the Anti-SPAM module protects you from SPAM and malware from e-mails. Prevent intrusion and protect yourself against cyber-criminals by choosing IKARUS anti.virus, powered by the award-winning IKARUS scan.engine. It is among the best in the world, detecting new and existing threats every day. ”

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor Response
The vendor has released patches to address these vulnerabilities.

For more information: https://www.ikarussecurity.com/about-ikarus/security-blog/vulnerability-in-windows-antivirus-products-ik-sa-2017-0001/

Continue reading SSD Advisory – Ikraus Anti Virus Remote Code Execution