Posts Tagged ‘Ghost’

Top 5 server level vulnerabilities you must know!

You might have heard some these vulnerabilities irrespective of domain you are from. These are the well known vulnerabilities which caught attention in social media within the duration of one year (April 2014 and April 2015) Have you ever thought why these vulnerabilities got so much of public/social media exposure?  If not you are at the right place to understand the reason behind it.

Heartbleed was an issue that affected various versions of OpenSSL. This is one such vulnerability which allows attacker to remotely read memory of the systems/servers where vulnerable versions of OpenSSL are implemented. The type of information that could be exposed through depends on number of factors; most cases could include sensitive information like private keys, usernames and passwords of various logged-in users, sessions, database strings and much more.

Since OpenSSL is the most popular open source cryptographic library used to encrypt traffic on the Internet and considering ease of exploitation, large amount of private keys and other confidential information exposed, this vulnerability got much exposure on internet even the CVSS score was 5.0/10.0

Shocking shellshock was discovered by Stephane Chazelas. This is a vulnerability in GNU’s bash shell that allows attackers to run remote commands (remote code execution) on a vulnerable system. GNU Bourne Again shell (Bash) is a shell and command language interpreter used as the default shell on major UNIX based systems like Mac OS, red-hat Linux and much more.

Most of you out there would be thinking that you have bash pre-installed on your systems, now are you guys vulnerable to this attack? Big no! If this bash is accessible on internet then you may vulnerable, let’s say Apache; where in it allow user to set environment variables remotely on that victims system through “mod_cgi”. Shellshock vulnerability not only allows to set few environment variables but also leverages attacker to run malicious code or commands remotely.

  • Poodle :: CVE-2014-3566 (October 2014)

This is the next variant on OpenSSL after Heartbleed. POODLE, it stands for Padding Oracle On Downgraded Legacy Encryption, this bug was discovered by Google Security team. This is such a vulnerability where in attacker can perform man in the middle attack and can easily extract bits of encrypted data using oracle padding. This vulnerability had problem in CBC encryption scheme as implemented in the SSL 3 protocol which was similar to BEAST attack.

This vulnerability was initially affecting the SSLv3 protocol but later it was reported that even TLS 1.0 and 1.1 are also affected. Even though the impact is high, CVSS score given is 4.3 due to easy of exploitation which is pretty much medium/difficult.

  • Ghost :: CVE-2015-0235 (January 2015) 

The GHOST vulnerability is a serious weakness in the Linux glibc library. This is a sort of buffer overflow attack affecting gethostbyname() and gethostbyname2() function calls in the glibc library.

This vulnerability allows a remote attacker to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application or to remotely take complete control of the victim’s machine without having any prior knowledge of any credentials.

  • Freak :: CVE-2015-0204 (March 2015)

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack, this allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption.

Unpatched OpenSSL, Microsoft Schannel, and Apple SecureTransport all suffer from this vulnerability. Note that these libraries are used internally by many other programs, such as wget and curl. You also need to ensure that your software does not offer export cipher suites, since they can be exploited even if the TLS library is patched.

More BUzz:

  • Mozilla said on its blog that “SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users’ private information”.
  • Microsoft also announced that SSL 3.0 will be disabled across Microsoft online services over the coming months.

References:

https://securityblog.redhat.com/

 

Advertisements