Jump to content

Search the Community

Showing results for tags 'symantec'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: < 3.2.0 MP6 Product Website: http://www.symantec.com/en/sg/gateway-email-encryption/ Author: Paul Craig <paul[at]vantagepoint[dot]sg Summary: --------- Symantec Gateway Email Encryption provides centrally managed email encryption to secure email communications with customers and partners regardless of whether or not recipients have their own email encryption software. With Gateway Email Encryption, organizations can minimize the risk of a data breach while complying with regulatory mandates for information security and privacy. Details: --------- Remote Command Injection vulnerabilities occur when user supplied input is used directly as a command line argument to a fork(), execv() or a CreateProcessA() function. It was found that the binary /usr/bin/pgpsysconf calls the binary /usr/bin/pgpbackup with unfiltered user supplied input when restoring a Database Backup from the Symantec Encryption Management Web Interface . The user supplied 'filename' value is used directly as a command argument, and can be concatenated to include additional commands with the use of the pipe character. This can allow a lower privileged Administrator to compromise the Encryption Management Server. This is demonstrated below in a snippet from pgpsysconf; .text:08058FEA mov dword ptr [ebx], offset aUsrBinPgpbacku ; "/usr/bin/pgpbackup" .text:08058FF0 cmp [ebp+var_1D], 0 .text:08058FF4 jnz short loc_8059049 .text:08058FF6 mov ecx, 4 .text:08058FFB mov edx, 8 .text:08059000 mov eax, 0Ch .text:08059005 mov dword ptr [ebx+ecx], offset unk_807AE50 .text:0805900C mov [ebx+edx], esi .text:0805900F mov dword ptr [ebx+eax], 0 .text:08059016 call _fork ; Bingo.. An example to exploit this vulnerability and run the ping command can be seen below. POST /omc/uploadBackup.event .... .... Content-Disposition: form-data; name="file"; filename="test123|`ping`|-whatever.tar.gz.pgp" This vulnerability can be further exploited to gain local root access by calling the setuid binary pgpsysconf to install a local package file. Fix Information: --------- Upgrade to Symantec Encryption Management Server 3.3.2 MP7. See http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150129_00 for more information Timeline: --------- 2014/11/26: Issue Reported. 2015/01/30: Patch Released. About Vantage Point Security: --------- Vantage Point Security is the leading provider for penetration testing and security advisory services in Singapore. Clients in the Financial, Banking and Telecommunications industries select Vantage Point Security based on technical competency and a proven track record to deliver significant and measurable improvements in their security posture. Web: https://www.vantagepoint.sg/ Contact: office[at]vantagepoint[dot]sg Source
  2. The creators of the world's most complicated espionage virus Flame have sent a 'suicide' command that removes it from some infected computers. U.S. computer security researchers said on Sunday that the Flame computer virus, which struck at least 600 specific computer systems in Iran, Syria, Lebanon, Egypt, Sudan, Saudi Arabia and the Palestinian Authority, has gotten orders to vanish, leaving no trace. Sursa:
×
×
  • Create New...