LibSSH, WordPress, and LIVE555 – Hack Naked News #194

This week, Critical Code execution flaws, WordPress working on wiping older versions from existence, Multiple serious flaws in Drupal, TCP/IP flaws leave IoT gear open to mass hijacking, jQuery plugin actively exploited for at least three years, Flaw in libssh leaves thousands of servers at risk of hijacking, and 8 adult websites exposes a bunch of “intimate” user data! Leonard Simon from Springboard joins us for expert commentary on how to get into the field of Information Security!

Security News

  1. Critical Code Execution Flaw Found in LIVE555 Streaming Library – A critical code execution vulnerability has been identified in LIVE555 Streaming Media RTSP Server library used by VLC and other media players. Lilith Wyatt, the IT security researcher at Cisco Talos Intelligence Group has discovered the vulnerability. The vulnerability exists in the HTTP packet-parsing functionality of LIVE555 RTSP Server library through which an attacker can send a crafted malicious packet to trigger the vulnerability and cause a stack-based buffer overflow resulting in code execution.
  2. WordPress team working on “wiping older versions from existence on the internet” | ZDNet – Two interesting points: “Instead, we’re working on figuring out ways to roll those versions forward automatically without breaking sites for people, and essentially we’re working to try to wipe those versions from existence on the internet, and bring people forward. “It is not an easy problem to solve, but we’re working on it,” and Campbell says the WordPress team has been collaborating with the authors of the most popular plugins on its Plugins repository. It’s been helping these plugins follow best coding practices. This has yielded great results, Campbell said, as smaller plugins have now started to follow (or steal) the coding techniques used by these larger projects, and indirectly have raised the security of their own plugins. They gave a presentation at Derbycon, make sure you check it out!
  3. Patch now! Multiple serious flaws found in Drupal – Both critical flaws allow remote code execution (RCE), the first of which is in the PHP DefaultMailSystem::mail() backend affecting Drupal core versions 7.x and 8.x. The advisory for SA-CORE-2018-006 describes this as relating to email variables not being sanitised for shell arguments, leading to a possible RCE. If you run a CMS, or have them in your environment, you need a solid plan to constantly update these systems, and extra protection in the form of security plugins or 3rd party services.
  4. Patch me, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking – Ori Karliner at Zimperium analyzed the operating system and found that all of its varieties are vulnerable to four remote code execution bugs, one denial of service, seven information leak and another undisclosed type of security problem. The versions affected are FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components). Amazon has been notified of the situation and the company responded by releasing patches to mitigate the problems. from: https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-freertos-popular-os-for-embedded-systems/
  5. Hack on 8 adult websites exposes oodles of intimate user data – A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it’s not clear how many of the addresses legitimately belonged to actual users. Robert Angelini, the owner of wifelovers.com and the seven other breached sites, told Ars on Saturday morning that, in the 21 years they operated, fewer than 107,000 people posted to them. You can read the article to get the full list of affected web sites.
  6. Zero-day in popular jQuery plugin actively exploited for at least three years | ZDNet – The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. This worse case scenario is exactly what happened. Earlier this year, Larry Cashdollar, a security researcher for Akamai’s SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin’s source code that handles file uploads to PHP servers. Evidence on YouTube shows tutorials on how to exploit this vulnerability dating all the way back to 2015.
  7. Security flaw in libssh leaves thousands of servers at risk of hijacking | ZDNet – The vulnerability allows an attacker to bypass authentication procedures and gain access to a server with an SSH connection enabled without having to enter the password. An attacker can do this by sending the SSH server “SSH2_MSG_USERAUTH_SUCCESS” message instead of the “SSH2_MSG_USERAUTH_REQUEST” message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate.

Expert Commentary: Leonard Simon, Springboard

Leonard Simon is the Senior Security Engineer Consultant at Springboard

Leonard Simon is a Senior Security Engineer Consultant based in Miami, FL working with businesses to help design, implement, monitor and troubleshoot detailed system security architecture for customers within various industries such as healthcare, government, manufacturing, technology, transportation, retail, financial, legal, hospitality, travel, and utilities. Leonard is an adjunct professor at various university where he teachers several online courses in cybersecurity. Leonard is also a Cybersecurity Mentor at Springboard where he interacts with students weekly talking about their course work as well as providing guidance throughout the course. Leonard holds an M.S. in Management Information System with an Information Security concentration from Nova Southeastern University, a B.S. in Information Technology from Florida International University along with various technical certifications like Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Check Point Certified Security Master (CCSM) and Cisco Certified Network Administrator (CCNA). Leonard is also a doctoral student at Capella University working on his Doctor of Information Technology (DIT) degree in Information Assurance and Cybersecurity.

Certification guides, courses, and resources

Visit http://hacknaked.tv to get all the latest episodes!