Millions of email servers affected with Remote Code Execution

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs3nrpYY0xcgrriLMt2O8YgpcAxx5VzOhM11lO3WVKA192oTRV8TYnnOQRrpAVvr_65JrSEFVQQSc1hjo4B0dPZSyLKKS0TFbho4HQJb_mckC_cRlrB1Ih-gSHfi07DVFxX40dShzoZHdJ/s1600/remote-code-vulnerability-in-exim.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Vulnerability Affects millions of the Email Servers" border="0" data-original-height="570" data-original-width="1344" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs3nrpYY0xcgrriLMt2O8YgpcAxx5VzOhM11lO3WVKA192oTRV8TYnnOQRrpAVvr_65JrSEFVQQSc1hjo4B0dPZSyLKKS0TFbho4HQJb_mckC_cRlrB1Ih-gSHfi07DVFxX40dShzoZHdJ/s640/remote-code-vulnerability-in-exim.PNG" title="Vulnerability Affects millions of the Email Servers" width="640" /></a></div> <br /> <br /> A critical vulnerability affects millions of email servers. A fix has been released but this flaw affects more than half of the Internet's <a href="http://www.hackerschronicle.com/search/label/Email">email servers</a>, and patching the issue will take a couple of days.<br /> <br /> The vulnerability in <a href="http://www.hackerschronicle.com/search/label/Exim">Exim, a mail transfer agent</a> (MTA) —software that runs on email servers and which relays emails from senders to recipients.According to a survey conducted in March 2018, 56% of all of the Internet's email servers run Exim, with over <b>63,36,687</b> available online at the time.<br /> <br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsc0CuLvNkFMrSfewAAPIZwjDjoWEPgkyD8p6oPc3XB6-9nNG-_sMsKxDDc646zSfVVxTQOQyJVzWRuoS5LRqJR-rirTSGEGlehkVCO2kmy5WBfeJcJwBqkJvl1ieLAFNaQdxGTJBmB_M/s1600/vulnerable-exim-servers.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Vulnerability Affects millions of the Email Servers" border="0" data-original-height="413" data-original-width="1328" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsc0CuLvNkFMrSfewAAPIZwjDjoWEPgkyD8p6oPc3XB6-9nNG-_sMsKxDDc646zSfVVxTQOQyJVzWRuoS5LRqJR-rirTSGEGlehkVCO2kmy5WBfeJcJwBqkJvl1ieLAFNaQdxGTJBmB_M/s640/vulnerable-exim-servers.PNG" title="Vulnerability Affects millions of the Email Servers" width="640" /></a></div> <br /> A Taiwanese security researcher named Meh Chang discovered the bug, which he <a href="https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/">reported</a> to the Exim crew on February 2. The Exim team released Exim distribution 4.90.1 on February 10 that fixes the RCE issue.<br /> <br /> The bug —tracked as <b>CVE-2018-6789</b> is categorized as a "pre-auth <a href="http://www.hackerschronicle.com/search/label/Remote%20Code%20Execution">remote code execution</a>," meaning an attacker could trick the Exim email server into running malicious commands before the attacker would need to authenticate on the server.<br /> <br /> The actual bug is a <b>one-byte buffer overflow</b> in the base64 decode function of Exim and affects all Exim versions ever released. Chang described the bug in a blog post released earlier today, detailing basic steps for exploiting Exim's SMTP daemon.<br /> <br /> In a security advisory, the Exim team publicly acknowledged the issue. "Currently we're unsure about the severity, we believe, an exploit is difficult. A mitigation isn't known," the <a href="https://exim.org/static/doc/security/CVE-2018-6789.txt">Exim team said</a>.<br /> <br /> Since Exim 4.90.1's release, updated Exim versions have trickled down to Linux distros used primarily in data centers, but the question remains about the number of unpatched systems that remain online. Taking into account that Exim is by far the most popular mail agent, CVE-2018-6789 opens a large attack surface, and Exim server owners should look into deploying the Exim 4.90.1 update as soon as possible.<br /> <br /> At the time of writing, there is no public exploit code for taking advantage of vulnerable Exim servers, but this will likely change in the days following Chang's blog post.<br /> <br /></div>

CVE-2018-6789 Email Exim News Remote Code Execution Vulnerability Millions of email servers affected with Remote Code Execution

A critical vulnerability affects millions of email servers. A fix has been released but this flaw affects more than half of the Interne...

Read more »

RCE, Information Disclosure and XSS Flaws Found in PayPal

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuIwDgMNaan2uhQRa6VZRiUWTr7JTxgzIBKLz-HDBPC4RznLPMoODa6G5BeZfIo1MifcSy-nP72XWL_DHOY8DwNS8DiHOsRrkhGL1_ilr16MwDXTioCptQS659nbw7bwNvhKfBPK8iKaA/s1600/RCE-Information-Disclosure-and-XSS-Flaws-Found-in-PayPal-Partner-Program-Video.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="RCE, Information Disclosure and XSS Flaws Found in PayPal " border="0" height="218" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuIwDgMNaan2uhQRa6VZRiUWTr7JTxgzIBKLz-HDBPC4RznLPMoODa6G5BeZfIo1MifcSy-nP72XWL_DHOY8DwNS8DiHOsRrkhGL1_ilr16MwDXTioCptQS659nbw7bwNvhKfBPK8iKaA/s1600/RCE-Information-Disclosure-and-XSS-Flaws-Found-in-PayPal-Partner-Program-Video.jpg" title="RCE, Information Disclosure and XSS Flaws Found in PayPal " width="400" /></a></div> <br /> A security expert has managed to identify three <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerabilities</a> on <a href="http://paypal-marketing.com/">paypal-marketing.com</a>, the website used by the payment processor for the <a href="http://www.hackerschronicle.com/search/label/PayPal">PayPal</a> Partner Program.<br /> <br /> Behrouz Sadeghipour has found and reported a <a href="http://www.hackerschronicle.com/search/label/XSS">cross-site scripting (XSS)</a> issue, a <a href="http://www.hackerschronicle.com/search/label/Remote%20Code%20Execution">remote code execution</a> flaw and an <a href="http://www.hackerschronicle.com/search/label/Information%20Disclosure">information disclosure vulnerability</a>.<br /> <br /> Initially, the researcher found the XSS flaw, which he reported to PayPal’s security team on March 19. The XSS was addressed on April 9.<br /> <br /> One day after the XSS was fixed, Sadeghipour identified an information disclosure issue, which he later leveraged for remote code execution. The expert said he was looking for an SQL Injection bug, but he found an RCE instead.<br /> <br /> To demonstrate the existence of the RCE to PayPal, he sent the company’s security team three links showing that he could retrieve the Process ID (PID), the script owner’s Group ID (GID) and the script owner’s User ID (UID) by replacing a parameter in the request with <a href="http://www.hackerschronicle.com/search/label/PHP">PHP</a> commands.<br /> <br /> By April 11, PayPal had addressed the vulnerability. The company has promised to reward the researcher in the next payment cycle.<br /> <br /> Sadeghipour highlights that the RCE he has found is a remote code execution, not a remote command execution bug. This vulnerability allows an attacker to run PHP functions. The flaw produces the same sort of results, but by leveraging PHP.<br /> <br /> Check out the proof-of-concept video for the PayPal Partner Program vulnerabilities. Additional technical details are available on <a href="http://nahamsec.com/2014/04/paypal-marketing-remote-code-execution/">Behrouz Sadeghipour's blog</a>.<br /> <iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/BB3rSd_muBc" width="560"></iframe><br /> Source: <a href="http://softpedia.com/">Softpedia</a></div>

Hacking News Information Disclosure News PayPal Remote Code Execution Vulnerability XSS RCE, Information Disclosure and XSS Flaws Found in PayPal

A security expert has managed to identify three vulnerabilities on paypal-marketing.com , the website used by the payment processor for...

Read more »

Remote Code Execution vulnerability in Yahoo

<div dir="ltr" style="text-align: left;" trbidi="on"> <div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgypjQ4r7519iMUDXnRvxtq7XEu98Xs0kfpGwGcz8Xu-QsyVVSFJeEZJKw_d7Mkpn2K8Fgr_BV2c1QQejY8V9GFjS27VbysAvv7XoT_byjQQL01LKupnpin3qMovIsapjS8HuxWSJqcabQU/s1600/rce+in+yahoo.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgypjQ4r7519iMUDXnRvxtq7XEu98Xs0kfpGwGcz8Xu-QsyVVSFJeEZJKw_d7Mkpn2K8Fgr_BV2c1QQejY8V9GFjS27VbysAvv7XoT_byjQQL01LKupnpin3qMovIsapjS8HuxWSJqcabQU/s320/rce+in+yahoo.PNG" width="400" /></a></div> <br /> Security researcher Behrouz Sadeghipour has identified a number of <a href="http://www.hackerschronicle.com/search/label/Vulnerability" target="_blank">vulnerabilities</a> on a Hong Kong subdomain of Yahoo (<a href="http://hk.yahoo.net/" target="_blank">hk.yahoo.net</a>). Fortunately, Yahoo has rushed to address the security holes reported by the expert.<br /> According to Sadeghipour, he came across the vulnerabilities while analyzing a <a href="https://www.blogger.com/www.hackerschronicle.com/search/label/XSS" target="_blank">cross-site scripting</a> (XSS) issue. While looking at the HTTP headers, he came across an administrator login page for the hk.yahoo.net domain.<br /> He simply tried to log in with the “<span class="highlight pop">admin</span>” username and “<span class="highlight pop">admin</span>” password and it worked. Once he gained access to the administrator panel, he found a page where he could upload images. <br /> There was an upload restriction, but the expert managed to bypass it by naming his file <span class="highlight pop">shell.php.jpg</span>. Once the file was uploaded, he simply renamed it to <span class="highlight pop">shell.php</span>.<br /> “I had read/write/execute permissions in /home which contains few more subdomains and website. Also, Linux kernel is VERY old and is a rootable. Not to mention I was able to read most DIRs and Files but NOT including /etc/shadow),” the researcher explained in a blog post.<br /> The vulnerability was reported to Yahoo on February 20 and it was patched the next day. However, so far, the company hasn’t rewarded <span class="highlight pop">Sadeghipour</span> for his findings.<br /> For additional details on these Yahoo vulnerabilities, check out the video proof-of-concept and the expert’s blog. </div> <iframe allowfullscreen="" frameborder="0" height="315" src="//www.youtube.com/embed/ymG00fiKU6o" width="560"></iframe></div>

Remote Code Execution Vulnerability XSS Yahoo Remote Code Execution vulnerability in Yahoo

Security researcher Behrouz Sadeghipour has identified a number of vulnerabilities on a Hong Kong subdomain of Yahoo ( hk.yahoo.net )....

Read more »

Remote Code Execution Vulnerability in Adobe Flash Player

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Remote Code Execution Vulnerability in Adobe Flash Player" border="0" height="175" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxDu6dlxotmtqUKRXqJ1hEft2l0sZCmBKrCleKtNKvkF2ge1HONG_i0F9odi6uhH9vrBooZCBQoV1531Fy79_tU_Jfydvx5UaDv4wHPsSO0iGuwVOBZLDJ_p-L13HlWaPZb1h64aMzfmc/s1600/adobe-flash-remote-code-execution.png" title="Remote Code Execution Vulnerability in Adobe Flash Player" width="400" /></a></div> <br /> A <a href="http://www.hackerschronicle.com/search/label/Remote%10Code%20Execution">remote code execution</a> <a href="http://www.hackerschronicle.com/search/label/Vulnerability">vulnerability</a> has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition when handling specially crafted SWF files. Successful <a href="http://www.hackerschronicle.com/search/label/Exploit">exploitation</a> would allow an attacker to take complete control of the affected system.<br /> <strong>CVE number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0498">CVE-2014-0498</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-0499">CVE-2014-0499</a>, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0502">CVE-2014-0502</a><br /> <br /> <h3> Vulnerable Versions</h3> Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh <br /> Flash Player 11.2.202.336 and earlier for Linux <br /> Flash Player 12.0.0.44 and earlier for Chrome (Windows, Macintosh and Linux) <br /> Flash Player 12.0.0.44 and earlier in Internet Explorer 10 for Windows 8.0 <br /> Flash Player 12.0.0.44 and earlier in Internet Explorer 11 for Windows 8.1 <br /> AIR 4.0.0.1390 and earlier for Android <br /> AIR 4.0.0.1390 SDK & Compiler <br /> AIR 4.0.0.1390 SDK<br /> <br /> <h3> Solution</h3> Adobe recommends users update their software installations by following the instructions below:<br /> <ul> <li>Adobe recommends users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh update to the newest version 12.0.0.70 by downloading it from the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.</li> <li>Adobe recommends users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux update to Adobe Flash Player 11.2.202.341 by downloading it from the Adobe Flash Player Download Center.</li> <li>For users of Flash Player 11.7.700.261 and earlier versions for Windows and Macintosh, who cannot update to Flash Player 12.0.0.44, Adobe has made available the update Flash Player 11.7.700.269, which can be downloaded here.</li> <li>Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Macintosh and Linux.</li> <li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.0.</li> <li>Adobe Flash Player 12.0.0.44 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.70 for Windows 8.1.</li> <li>Users of the Adobe AIR 4.0.0.1390 SDK should update to the Adobe AIR 4.0.0.1628 SDK.</li> <li>Users of the Adobe AIR 4.0.0.1390 SDK & Compiler and earlier versions should update to the Adobe AIR 4.0.0.1680 SDK & Compiler.</li> <li>Users of the Adobe AIR 4.0.0.1390 and earlier versions for Android should update to Adobe AIR 4.0.0.1628 by browsing to Google play on an Android device.</li> </ul> </div>

Adobe Hacking Remote Code Execution Vulnerability Remote Code Execution Vulnerability in Adobe Flash Player

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a double-free condition whe...

Read more »