HackFest Security: Patch Procrastinators Anonymous February 7 at UAT
bmike1
bmike1 at gmail.com
Sun Jan 18 17:20:24 MST 2009
bind9 is a distribution? let's talk about it.... what is it about? what
niche does it attempt to fill; does it do so successfully?
On Sun, Jan 18, 2009 at 6:40 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
> Catch the *Patch Procrastinators Recovery Group*
> Saturday UAT.EDU Noon until 3PM February 7th
>
> Various important patches have only recently been released for various
> distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC
> 10) and SquirrelMail.
>
> So we will demonstrate exploits available for these issues:
>
> 1) OpenSSL: (Using Debian)
> http://www.metasploit.com/users/hdm/tools/debian-openssl/
> Brute Forcing Tools Include:
> http://www.milw0rm.com/exploits/5622
>
> http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb
>
> OpenSSL: Examples will also apply to the recent issues with OpenSSL:
>
> Several functions inside OpenSSL incorrectly checked the result after
> calling the EVP_VerifyFinal function, allowing a malformed signature
> to be treated as a good signature rather than as an error. The issue
> affected the signature checks on DSA and ECDSA keys used with
> SSL/TLS for various mail systems and DNS systems built upon OpenSSL also.
>
> We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain
> to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues.
>
>
> 2) NTP Spoofing: (Using Debian) NTP Spoofing has been a staple of DoS and
> remote root exploits since the 1990's. Usually NTP is selectively allowed
> to egress DMZ via stateful packet inspection (that will catch spoofed
> packets) via source and destination (or served via internal NTP daemons).
> It's common to spoof the NTP servers while sending exploitive packets.
> A new issue has been identified:
>
> http://www.debian.org/security/2009/dsa-1702
>
> A simple exploit using netcat will be demonstrated:
> http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html
>
> 3) Overview of BEef:
> http://www.bindshell.net/tools/beef
>
> We will also look at forensic image from the November Hackfest and discuss
> ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable
> pwnership in a production or users system.
>
> We will not discuss squirrelmail, since it's only a XSS issue (similar to 9
> out of 10 running versions of Apache httpd). We will not discuss Bind9
> because it also relates to the OpenSSL malformed signature. Other PRNG type
> entropy issues with SSL exist, just waiting to be popularlized, so we will
> wait for the industry to continue to ignore this and other issues inherent
> in various protocols.
>
> Catch us on FreeNode IRC #PLUGLABS
>
> www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com(503)754-4452
> PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM
>
>
>
> ------------------------------
> Windows Live™: Keep your life in sync. Check it out.<http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
:-)~MIKE~(-:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090118/c7e44e98/attachment.htm
More information about the PLUG-discuss
mailing list