OpenBase 10.0.5 (All Platforms)

Netragard's SNOsoft Research Team discovered two critical vulnerabilities in the OpenBase SQL Relational Database that can lead to full system compromise.

The first vulnerability discovered is a command injection vulnerability that affects several of the default Stored Procedures. Specifically, it is possible to execute system commands as the root user by inserting a series of backticks into the pre-defined Stored Procedures.

The second vulnerability discovered in Buffer Overflow that causes heap corruption. This also has the potential to lead to the execution of arbitrary code or a Denial of Service condition.

Click here for the full advisory.

Netragard In The News

Apple patched two issues in Xcode Tools 2.5 on Tuesday, including one flaw that could allow remote code execution. Apple credited researcher Kevin Finisterre of Netragard for reporting both issues. Read the full article here.

SQL Injection funnies.

Hackers Welcome - We're in forbes again.

When legitimate security researchers notify technology vendors about security flaws in their technology, the best thing that the vendor can do is to welcome the information with open arms. When a vendor reacts with hostility it appears as if the vendor is attempting quash the security research instead of resolving the vulnerabilities identified by the research. While the hostile reaction is usually an attempt to "save face" it usually does the opposite and sends a dangerous false message to the vendors customers. That message is "We care more about saving face than we do about your security." On the other hand... Vendors that work with security researchers in a positive and friendly manner send the message that they "care about the security of their customers". This Forbes article contains key examples of "Software Bug Blowups", in fact, it even covers the SNOsoft + HP + DMCA fiasco that happened back in early 2000.

China Hacked by the US?

As the list of nations claiming they were targeted by Internet attacks emanating from China continues to grow, the world's most populous country has turned the mirror back on other governments.

In statements made in the Chinese Cadres Tribune, Vice Minister of Information Industry Lou Qinjian claimed that the United States and other "hostile" governments were attacking China's infrastructure, according to a news report carried by wire service Reuters. Lou recommended a collection of new measures to combat the attacks, including "toughened censorship, new security bodies and commercial controls," stated Reuters.

Click here for the full article.

Pentagon hacked by China?

For all of you who wanted "proof" about the cyberwar between China and the US, here's an article for you. Unfortunately I think that China is in a better technological position with their "Golden Shield" firewall than we are with our ad-hoc Internet infrastructure. Specifically if you consider that "Golden Shield" is rumored to be IPS capable.

China Cyber Shield - Forbes

This article was literally our idea. We contacted Andrew Greenberg at Forbes Magazine and discussed the possibility of China's Operation Golden Shield being used as an offensive weapon during a Cyber war. Jayson Street, a long time SNOsoft team member is quoted in this article.

Bug Brokers: eBay-like Bug Site Doomed

Netragard's CTO (our founder) was interviewed by eWeek for this article. Again, focused on the e-bay like exploit auction site that we feel is doomed to fail.

Hackers Nasdaq - Our founder comments in forbes.

Our founder, Adriel Desautels, comments about purchasing exploits in this Forbes article. The article also outlines a new business called WabiSabiLabi that is attempting to gain traction in the exploit market by using an e-bay like bidding structure. While this seems like a good idea at first glance the idea will face significant trust problems as it appears that anyone can bid on an exploit. The question that we have for WabiSabiLabi is how do they assure that the winning bidder is an ethical legitimate buyer?

Maia Mailguard Security Risk Advisory

SNOsoft has discovered a high risk vulnerability in Maia Mailguard version 1.0.2 that makes it possible for an attacker to execute arbitrary commands on the affected system. The advisory will be published on Netragard's website shortly. Until then users of the Maia Mailguard web application should suspend use or add .htaccess capabilities to the web server to mitigate the risk of compromise.

SNOsoft SILC

For those of you that are participating in our Exploit Acquisition Program please contact simon@snosoft.com for information on how to access our new Secure Internet Live Conferencing (SILC) server for discussing your research in a secure way. Don't try scanning for the server yourself because you won't find it and your IP address will be banned. If you have any new research or items that you would like to submit, please fill out an EAF and email it to simon@snosoft.com.

How secure are security appliances?

We've started focusing on the security of appliances that are installed in corporate and government networks. To our amazement most of these appliances are more insecure than the operating systems and software that we've (being the security industry) been picking on so aggressively. In fact, we are looking at one appliance right now that is made up of software, that is unpatched, and dates back as far as 5 years. This particular appliance is vulnerable to at least 28 critical known security issues, and god knows how many other "unique" issues. Expect to see advisories from us in the future specifically focused on security appliances.

Mac Security

Adriel Desautels, Netragard's CTO was interviewed by ZDNET with regards to his opinion on the security of Apple OSX. Click here to read the interview.

McAfee VirusScan for Mac (Virex) - local root compromise

Netragard has released another vulnerability. This time it is a local root compromise using McAfee VirusScan for Mac. Granted this isn't all that exciting but if you're at all interested it can be found here.

http://www.netragard.com/pdfs/research/NETRAGARD-20070220.txt

FrontBase Database Advisory

Kevin Finisterre found a FrontBase Database <= 4.2.7. buffer overflow vulnerabilitiy that was recently released by SNOsoft on Netragard's website. This particular vulnerability enables an attacker to gain remote access to a system. The official advisory (that contains working Proof of Concept) can be found here.

@Mail Webmail Security Research

The SNOsoft Research Team recently performed a light weight security assessment of the @Mail Webmail product. @Mail is very much like OWA with respect to look, feel and functionality. The result of this research project was the discovery of two bugs in the product. These bugs were released as formal advisories by Netragard and can be viewed below:

http://www.netragard.com/pdfs/research/ATMAIL-XSRF-ADVISORY-20061206.txt
http://www.netragard.com/pdfs/research/ATMAIL-XSS-NETRAGARD-20061206.txt

Month of Web Application Bugs (MOWAB)

Inspired by Kevin at digitalmunitions who also happens to be the Chief Research Officer at Netragard L.L.C., one of the original founders of SNOsoft, and his current Month of Apple Bugs (MOAB), SNOsoft will be working to produce the Month of Web Application Bugs (MOWAB). Any researchers interested in participating should email me directly at simon@snosoft.com, or just post a comment to this blog.

I should note, credit for this idea goes to Titon...