[PLUG-Devel] HackFest Security: Patch Procrastinators Anonymous February 14 at UAT

Lisa Kachold lisakachold at obnosis.com
Sun Feb 1 19:41:37 MST 2009 

More Patches released on Friday for you procrastinators:

<b>Ubuntu</b> has updated
<a href="http://lwn.net/Articles/317325/">kernel</a> (multiple vulnerabilities) and
<a href="http://lwn.net/Articles/317326/">moin</a> (multiple vulnerabilities).

<b>Debian</b> has updated
<a href="http://lwn.net/Articles/317318/">netatalk</a> (denial of service).
</p><p>
<b>Fedora 9</b> has updated
<a href="http://lwn.net/Articles/317319/">glpi</a> (SQL injection problem)
and
<a href="http://lwn.net/Articles/317321/">gedit</a> (python plugin path issue).
</p><p>
<b>Fedora 10</b> has updated
<a href="http://lwn.net/Articles/317322/">gedit</a> (python plugin path issue).
</p><p>
<b>rPath</b> has updated
<a href="http://lwn.net/Articles/317323/">sudo</a> (privilege escalation).
</p><p>
</b>

http://www.Obnosis.com |  (503)754-4452
http://l0calh0st.obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com | http://nuke.obnosis.com 
PLUG HACKFESTS - http://uat.edu Second Saturday Every Month at Noon - 3PM

From: lisakachold at obnosis.com
To: plug-devel at lists.plug.phoenix.az.us; plug-discuss at lists.plug.phoenix.az.us
Subject: HackFest Security:  Patch Procrastinators Anonymous February 14 at UAT
Date: Mon, 19 Jan 2009 04:30:42 +0000













Catch the Patch Procrastinators Recovery Group 
Saturday UAT.EDU Noon until 3PM February 14th

Various important patches have only recently been released for various distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC 10) and SquirrelMail.  

So we will demonstrate exploits available for these issues:

1) OpenSSL: (Using Debian)
http://www.metasploit.com/users/hdm/tools/debian-openssl/
Brute Forcing Tools Include:
http://www.milw0rm.com/exploits/5622

http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb

OpenSSL: Examples will also apply to the recent issues with OpenSSL:
Several functions inside OpenSSL incorrectly checked the result after
calling the EVP_VerifyFinal function, allowing a malformed signature
to be treated as a good signature rather than as an error. The issue
affected the signature checks on DSA and ECDSA keys used with
SSL/TLS for various mail systems and DNS systems built upon OpenSSL also.

We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain
to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues.

2) NTP Spoofing: (Using Debian)  NTP Spoofing has been a staple of DoS and remote root exploits since the 1990's.  Usually NTP is selectively allowed to egress DMZ via stateful packet inspection (that will catch spoofed packets) via source and destination (or served via internal NTP daemons).  It's common to spoof the NTP servers while sending exploitive packets.
A new issue has been identified:

http://www.debian.org/security/2009/dsa-1702

A simple exploit using netcat will be demonstrated:
http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html

3) Overview of BEef:
http://www.bindshell.net/tools/beef

We will also look at forensic image from the November Hackfest and discuss ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable pwnership in a production or users system.

We will not discuss squirrelmail, since it's only a XSS issue (similar to 9 out of 10 running versions of Apache httpd).  We will not discuss Bind9 because it also relates to the OpenSSL malformed signature.  Other PRNG type entropy issues with SSL exist, just waiting to be popularlized, so we will wait for the industry to continue to ignore this and other issues inherent in various protocols.  

Catch us on FreeNode IRC #PLUGLABS

www.Obnosis.com |  http://wiki.obnosis.com | http://hackfest.obnosis.com (503)754-4452
PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM

Windows Live™ Hotmail®: Chat. Store. Share. Do more with mail.  See how it works.
_________________________________________________________________
Windows Live™: E-mail. Chat. Share. Get more ways to connect. 
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t2_allup_explore_012009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-devel/attachments/20090202/75e999e6/attachment.htm

More information about the PLUG-devel mailing list