M32 Security » vulnerability http://m32consulting.com Network Security Info, News, and Resources Sun, 22 Jan 2012 23:37:02 +0000 en hourly 1 phpMyAdmin Exploit Used To Launch New SSH Brute-Force Attackhttp://m32consulting.com/2010/08/phpmyadmin-exploit-used-to-launch-new-ssh-brute-force-attack/?utm_source=rss&utm_medium=rss&utm_campaign=phpmyadmin-exploit-used-to-launch-new-ssh-brute-force-attack http://m32consulting.com/2010/08/phpmyadmin-exploit-used-to-launch-new-ssh-brute-force-attack/#comments Fri, 13 Aug 2010 01:55:13 +0000 Kyle http://m32consulting.com/?p=160 An older vulnerability in phpMyAdmin (CVE-2009-1151) is now being exploited by a botnet known as dd_ssh. Details are still emerging, but it appears that this new bot originated from 91.193.157.206 according to SANS. If the exploit of CVE-2009-1151 is successful on vulnerable phpMyAdmin installs, the files vmsplice.txt, dd.txt, and, in some instances, vm.c are downloaded from the aforementioned IP. The last of those files mentioned contains the vmsplice local root exploit (CVE2008-0600). After being compromised, the infected installations start making connections to multiple addresses on ports 54509 and 54510; most likely for command & control. SANS ISC is actively monitoring this apparent new botnet and has noticed a notable up-tick in machines scanning SSH lately.

More Info Over at SANS ISC and thanks goes to Briareos over at BroadBand Reports for the quick fact-finding and possible discovery.

June Security Advisory posted by F5 on identifying any suspicious activity and mitigating the exploit

Tags: , , , , , ,
]]> http://m32consulting.com/2010/08/phpmyadmin-exploit-used-to-launch-new-ssh-brute-force-attack/feed/ 0 Critical Microsoft Vista/2008/Windows 7 Zero-day Remote BSOD Foundhttp://m32consulting.com/2009/09/critical-microsoft-vista2008windows-7-zero-day-remote-bsod-found/?utm_source=rss&utm_medium=rss&utm_campaign=critical-microsoft-vista2008windows-7-zero-day-remote-bsod-found http://m32consulting.com/2009/09/critical-microsoft-vista2008windows-7-zero-day-remote-bsod-found/#comments Wed, 09 Sep 2009 00:24:06 +0000 Kyle http://m32consulting.com/?p=41 Remember back in the days of Windows 95 when someone could use the OOB attack to remotely BSOD a PC? Well now you can relive your youth with a classic throwback from Microsoft! Windows Vista, 2008, and 2007 of all variants all have a similar vulnerability that allows a remote attacker take your machine down with a simple ampersand. Leave it up to Microsoft to do it all again more than a decade later.

The SMB 2.0 driver in x86 and x64 versions of Windows Vista, Server 2008, and Windows 7 are all one in the same. When sent the “&” character in the “Process ID High” SMB header, the process pagefaults and brings us the beloved Blue Screen of Death we’ve all come to know and love.

Credit goes to Laurent Gaffié and you can find the Proof-of-Concept on his blog.

Tags: , , , , , , , , , , , , , , , ,
]]> http://m32consulting.com/2009/09/critical-microsoft-vista2008windows-7-zero-day-remote-bsod-found/feed/ 0 Abouthttp://m32consulting.com/about/?utm_source=rss&utm_medium=rss&utm_campaign=about http://m32consulting.com/about/#comments Fri, 11 Jul 2008 02:29:56 +0000 Kyle http://m32consulting.com/?page_id=2 My name is Kyle Jones, M32 Security is my collection of noteworthy IT and Network Security news, links, resources, and various other NetSec tidbits. If you find something interesting, feel free to register and make a comment on it or contact me.

[contact-form-7]Tags: , , , , , , , , , , , , , , , ,
]]> http://m32consulting.com/about/feed/ 0