Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Hacking with the Oldies!

Published: 2014-10-30
Last Updated: 2014-10-30 02:38:37 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)

Recently we seem to have a theme of new bugs in old code - first (and very publically) openssl and bash.  This past week we've had a bunch more, less public but still neat bugs.

First, a nifty bug in strings - CVE-2014-8485, with more details here http://lcamtuf.blogspot.ca/2014/10/psa-dont-run-strings-on-untrusted-files.html
a problem in wget with ftp: https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
and now the ftp client (found first in BSD) -  http://cxsecurity.com/issue/WLB-2014100174

These all share some common ground, where data that the code legitimately should be processing can be crafted to execute an arbitrary command on the target system.  The other common thing across these as that these utilities are part of our standard, trusted toolkit - we all use these every day.

Who knew?  Coders who wrote stuff in C back in the day didn't always write code that knew how much was too much of a good thing.  Now that we're all looking at problems with bounds checking on input data, expect to see at least a couple more of these!

===============
Rob VandenBrink
Metafore

Keywords:
0 comment(s)
ISC StormCast for Thursday, October 30th 2014 http://isc.sans.edu/podcastdetail.html?id=4215

If you have more information or corrections regarding our diary, please share.

Recent Diaries

The Wonderful World of CMS strikes again
published 16 hours ago by Pedro (0 comments)

Do you remember your "first love"?
published 2 days ago by Russell (2 comments)

CSAM: False Positives, and Managing the Devils
published 3 days ago by tony (1 comment)

Scanning for Single Critical Vulnerabilities
published 5 days ago by Tom (0 comments)

Shellshock via SMTP
published 5 days ago by Kevin Liston (0 comments)

Are you receiving Empty or "Hi" emails?
published 5 days ago by Kevin Liston (13 comments)

Digest: 23 OCT 2014
published 6 days ago by Russ McRee (0 comments)

View All Diaries →

Latest Discussions

SSH Bruteforce Uptick Anyone?
created 4 weeks ago by Philip (0 replies)

XSS vulnerability in opencms v9.0.1 workplace
created 1 month ago by Murali (0 replies)

RSS feeds broken in Sage
created 1 month ago by Madmanguruman (0 replies)

Brown Breach.. . UPS
created 2 months ago by ICI2Eye (0 replies)

So, how dead is antivirus exactly?
created 2 months ago by Safensoft (4 replies)

View All Forums →

Latest News

View All News →