HackFest Security: Patch Procrastinators Anonymous February 7 at UAT

Ryan Rix phrkonaleash at gmail.com
Sun Jan 18 17:30:42 MST 2009


bind9 is the most prolific DNS server application. It attempts to fill DNS
requests.

On Sun, Jan 18, 2009 at 5:20 PM, bmike1 <bmike1 at gmail.com> wrote:

> bind9 is a distribution? let's talk about it.... what is it about? what
> niche does it attempt to fill; does it do so successfully?
>
> On Sun, Jan 18, 2009 at 6:40 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>>  Catch the *Patch Procrastinators Recovery Group*
>> Saturday UAT.EDU Noon until 3PM February 7th
>>
>> Various important patches have only recently been released for various
>> distros including Bind9, OpenSSL, cups & NTP for Ubuntu; Redhat5 Avahi (FC
>> 10) and SquirrelMail.
>>
>> So we will demonstrate exploits available for these issues:
>>
>> 1) OpenSSL: (Using Debian)
>> http://www.metasploit.com/users/hdm/tools/debian-openssl/
>> Brute Forcing Tools Include:
>> http://www.milw0rm.com/exploits/5622
>>
>> http://metasploit.com/users/hdm/tools/debian-openssl/debian_openssh_key_tester.rb
>>
>> OpenSSL: Examples will also apply to the recent issues with OpenSSL:
>>
>> Several functions inside OpenSSL incorrectly checked the result after
>> calling the EVP_VerifyFinal function, allowing a malformed signature
>> to be treated as a good signature rather than as an error. The issue
>> affected the signature checks on DSA and ECDSA keys used with
>> SSL/TLS for various mail systems and DNS systems built upon OpenSSL also.
>>
>> We will show an easy 'man in the middle' attack to present a malformed SSL/TLS signature from a certificate chain
>> to a vulnerable client, bypassing validation and segway into a discussion of the MD5 Verisign cert issues.
>>
>>
>> 2) NTP Spoofing: (Using Debian)  NTP Spoofing has been a staple of DoS and
>> remote root exploits since the 1990's.  Usually NTP is selectively allowed
>> to egress DMZ via stateful packet inspection (that will catch spoofed
>> packets) via source and destination (or served via internal NTP daemons).
>> It's common to spoof the NTP servers while sending exploitive packets.
>> A new issue has been identified:
>>
>> http://www.debian.org/security/2009/dsa-1702
>>
>> A simple exploit using netcat will be demonstrated:
>> http://cybexin.blogspot.com/2009/01/introduction-to-netcat.html
>>
>> 3) Overview of BEef:
>> http://www.bindshell.net/tools/beef
>>
>> We will also look at forensic image from the November Hackfest and discuss
>> ways to protect (arp, VPN/VLAN, Switches, SELINUX) from the inevitable
>> pwnership in a production or users system.
>>
>> We will not discuss squirrelmail, since it's only a XSS issue (similar to
>> 9 out of 10 running versions of Apache httpd).  We will not discuss Bind9
>> because it also relates to the OpenSSL malformed signature.  Other PRNG type
>> entropy issues with SSL exist, just waiting to be popularlized, so we will
>> wait for the industry to continue to ignore this and other issues inherent
>> in various protocols.
>>
>> Catch us on FreeNode IRC #PLUGLABS
>>
>> www.Obnosis.com |  http://wiki.obnosis.com | http://hackfest.obnosis.com(503)754-4452
>> PLUG HACKFESTS - http://uat.edu Second Saturday of Each Month Noon - 3PM
>>
>>
>>
>> ------------------------------
>> Windows Live™: Keep your life in sync. Check it out.<http://windowslive.com/explore?ocid=TXT_TAGLM_WL_t1_allup_explore_012009>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> :-)~MIKE~(-:
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
Thanks and best regards,
Ryan Rix
TamsPalm - The PalmOS Blog
(623)-239-1103 <-- Grand Central, baby!

Jasmine Bowden - Class of 2009, Marc Rasmussen - Class of 2008, Erica
Sheffey - Class of 2009, Rest in peace.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20090118/4c7c4211/attachment.htm 


More information about the PLUG-discuss mailing list