August 6, 2012

I am still getting over the 'conference jetlag' that the double header of Blackhat and Defcon has had on me. It is not so much the three hour time difference but the various after dinner meetings and activities that keep me up till hours I haven't seen since university (or since my kids started sleeping through the night)! coupled with 7am breakfast meetings that when I scheduled them sounded like a good idea... Those of you who know me know I get energized at these types of events, and this year I become super charged. From the Impact Advisory Council Meeting and three Customer Community Meetings were I received great feedback on the direction we are taking Impact to the late night meetings with my peers in the industry I am more excited than ever to be in this field.

But while I was in sunny Las Vegas (I noticed the heat when in the 40 minute cab line out side the Rio...) the folks back in the office were busy. We released 23 updates in July (more than one every business day for the month). As always they were spread out across the multiple vectors we have within Impact.

Updates for July 2012 (excluding maintenance updates):

Remote Code Execution

Symantec Web Gateway PHP Injection Exploit
IBM Cognos tm1admsd Multiple Operations Buffer Overflow Exploit
SugarCRM CE unserialize PHP Code Execution Exploit
FireFly Media Server Remote Format String Exploit
FlexNet License Server Manager lmgrd Buffer Overflow Exploit
Simple Web Server GET Request Buffer Overflow Exploit
Symantec Web Gateway blocked_file.php Remote Code Execution Exploit
Netmechanica NetDecision HTTP Server Buffer Overflow Exploit (Update)
Microsoft Windows Print Spooler Service Impersonation Exploit (MS10-061) (Update)

Client Side

Microsoft Internet Explorer XML Core Services MSXML Uninitialized Memory Exploit
Adobe Flash Player _error Object Confusion Exploit
IrfanView JPEG2000 Plugin Buffer Overflow Exploit
Apple QuickTime TeXML Stack Buffer Overflow Exploit Update
PAC-Designer File Processing Buffer Overflow Exploit Update
Oracle Java AtomicReferenceArray Type Confusion Exploit Update

Privilege Escalation

FreeBSD Sysret Instruction Privilege Escalation Exploit
Microsoft Windows Win32k Keyboard Layout Vulnerability Exploit (MS12-047)

And we added a MySQL Authentication Bypass Detector module, which connects to a MySQL server in order to determine if its vulnerable to the memcmp authentication bypass. The server assumes that the return value of a memcmp function is just one byte length, but in certain platforms, it can return a larger number, leading to an authentication bypass scenario.

- Alex Horan, Senior Product Manager

  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!