bind9 is a distribution? let's talk about it.... what is it about? what niche does it attempt to fill; does it do so successfully? On Sun, Jan 18, 2009 at 6:40 PM, Lisa Kachold wrote: > Catch the *Patch Procrastinators Recovery Group* > Saturday UAT.EDU Noon until 3PM February 7th > > Various important patches have only recently been released for various > distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC > 10) and SquirrelMail. > > So we will demonstrate exploits available for these issues: > > 1) OpenSSL: (Using Debian) > http://www.metasploit.com/users/hdm/tools/debian-openssl/ > Brute Forcing Tools Include: > http://www.milw0rm.com/exploits/5622 > > http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb > > OpenSSL: Examples will also apply to the recent issues with OpenSSL: > > Several functions inside OpenSSL incorrectly checked the result after > calling the EVP_VerifyFinal function, allowing a malformed signature > to be treated as a good signature rather than as an error. The issue > affected the signature checks on DSA and ECDSA keys used with > SSL/TLS for various mail systems and DNS systems built upon OpenSSL also. > > We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain > to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues. > > > 2) NTP Spoofing: (Using Debian) NTP Spoofing has been a staple of DoS and > remote root exploits since the 1990's. Usually NTP is selectively allowed > to egress DMZ via stateful packet inspection (that will catch spoofed > packets) via source and destination (or served via internal NTP daemons). > It's common to spoof the NTP servers while sending exploitive packets. > A new issue has been identified: > > http://www.debian.org/security/2009/dsa-1702 > > A simple exploit using netcat will be demonstrated: > http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html > > 3) Overview of BEef: > http://www.bindshell.net/tools/beef > > We will also look at forensic image from the November Hackfest and discuss > ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable > pwnership in a production or users system. > > We will not discuss squirrelmail, since it's only a XSS issue (similar to 9 > out of 10 running versions of Apache httpd). We will not discuss Bind9 > because it also relates to the OpenSSL malformed signature. Other PRNG type > entropy issues with SSL exist, just waiting to be popularlized, so we will > wait for the industry to continue to ignore this and other issues inherent > in various protocols. > > Catch us on FreeNode IRC #PLUGLABS > > www.Obnosis.com | http://wiki.obnosis.com | http://hackfest.obnosis.com(503)754-4452 > PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM > > > > ------------------------------ > Windows Live™: Keep your life in sync. Check it out. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- :-)~MIKE~(-: