Showing posts sorted by relevance for query IPV6. Sort by date Show all posts
Showing posts sorted by relevance for query IPV6. Sort by date Show all posts

Denial of Service Vulnerability in Cisco IOS Software IPv6

Posted by Avik Sarkar On 10/02/2011 03:38:00 pm


Cisco IOS Software contains a vulnerability in the IP version 6 (IPv6) protocol stack implementation that could allow an unauthenticated, remote attacker to cause a reload of an affected device that has IPv6 enabled. The vulnerability may be triggered when the device processes a malformed IPv6 packet.
Cisco has released free software updates that address this vulnerability. There are no workarounds to mitigate this vulnerability.
Note:- The September 28, 2011, Cisco IOS Software Security Advisory bundled publication includes ten Cisco Security Advisories. Nine of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses a vulnerability in Cisco Unified Communications Manager. Each advisory lists the Cisco IOS Software releases that correct the vulnerability or vulnerabilities detailed in the advisory as well as the Cisco IOS Software releases that correct all vulnerabilities in the September 2011 Bundled Publication. 


Affected Products:-

Cisco devices that are running an affected version of Cisco IOS Software and configured for IPv6 operation are vulnerable. A device that is running Cisco IOS Software and that has IPv6 enabled will show some interfaces with assigned IPv6 addresses when the show ipv6 interface brief command is executed.
The show ipv6 interface brief command will produce an error message if the version of Cisco IOS Software in use does not support IPv6, or will not show any interfaces with IPv6 address if IPv6 is disabled. The system is not vulnerable in these scenarios.
Sample output of the show ipv6 interface brief command on a system that is configured for IPv6 operation follows:-
router>show ipv6 interface brief 
FastEthernet0/0            [up/up]
    FE80::222:90FF:FEB0:1098
    2001:DB8:2:93::3
    200A:1::1
FastEthernet0/1            [up/up]
    FE80::222:90FF:FEB0:1099
    2001:DB8:2:94::1
Serial0/0/0                [down/down]
    unassigned
Serial0/0/0.4              [down/down]
    unassigned
Serial0/0/0.5              [down/down]
    unassigned
Serial0/0/0.6              [down/down]
    unassigned
Alternatively, the IPv6 protocol is enabled if the interface configuration command ipv6 address <IPv6 address> or ipv6 enable is present in the configuration. Both may be present, as shown in the vulnerable configuration in the following example shows:-
interface FastEthernet0/1
 ipv6 address 2001:0DB8:C18:1::/64 eui-64
!
interface FastEthernet0/2
 ipv6 enable
A device that is running Cisco IOS Software and that has IPv6 enabled on a physical or logical interface is vulnerable even if ipv6 unicast-routing is globally disabled (that is, the device is not routing IPv6 packets).
To determine the Cisco IOS Software release that is running on a Cisco product, administrators can log in to the device and issue the show version command to display the system banner. The system banner confirms that the device is running Cisco IOS Software by displaying text similar to "Cisco Internetwork Operating System Software" or "Cisco IOS Software." The image name displays in parentheses, followed by "Version" and the Cisco IOS Software release name. Other Cisco devices do not have the show version command or may provide different output.
The following example identifies a Cisco product that is running Cisco IOS Software Release 15.0(1)M1 with an installed image name of C3900-UNIVERSALK9-M:
Router> show version
Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.0(1)M1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 02-Dec-09 17:17 by prod_rel_team

!--- output truncated
 For Additional information click Here


-News Source (Cisco)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

Posted by Avik Sarkar On 10/13/2012 01:26:00 am


THC-IPv6 Attack Toolkit, A Tool to Attack the Inherent Protocol Weaknesses of IPV6 & ICMP6

German hackers group, widely known as THC -The Hacker's Choice released an comprehensive attack toolkit for the IPv6 protocol suite named 'THC-IPv6 Attack Toolkit'. THC is the first group who is releasing such attacking tool for IPv6 protocol. According to the release note this is  a complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library. It comprises of state-of-the-art tools for alive scanning, man-in-the-middle attacks, denial-of-service etc. which exploits inherent vulnerabilities in IPv6. 

Features at a Glance:- 
  • parasite6: icmp neighbor solitication/advertisement spoofer, puts you as man-in-the-middle, same as ARP mitm (and parasite)
  • alive6: an effective alive scanng, which will detect all systems listening to this address
  • dnsdict6: parallized dns ipv6 dictionary bruteforcer
  • fake_router6: announce yourself as a router on the network, with the highest priority
  • redir6: redirect traffic to you intelligently (man-in-the-middle) with a clever icmp6 redirect spoofer
  • toobig6: mtu decreaser with the same intelligence as redir6
  • detect-new-ip6: detect new ip6 devices which join the network, you can run a script to automatically scan these systems etc.
  • dos-new-ip6: detect new ip6 devices and tell them that their chosen IP collides on the network (DOS).
  • trace6: very fast traceroute6 with supports ICMP6 echo request and TCP-SYN
  • flood_router6: flood a target with random router advertisements
  • flood_advertise6: flood a target with random neighbor advertisements
  • exploit6: known ipv6 vulnerabilities to test against a target
  • denial6: a collection of denial-of-service tests againsts a target
  • fuzz_ip6: fuzzer for ipv6
  • implementation6: performs various implementation checks on ipv6
  • implementation6d: listen daemon for implementation6 to check behind a fw
  • fake_mld6: announce yourself in a multicast group of your choice on the net
  • fake_mld26: same but for MLDv2
  • fake_mldrouter6: fake MLD router messages
  • fake_mipv6: steal a mobile IP to yours if IPSEC is not needed for authentication
  • fake_advertiser6: announce yourself on the network
  • smurf6: local smurfer
  • rsmurf6: remote smurfer, known to work only against linux at the moment
  • sendpees6: a tool by willdamn(ad)gmail.com, which generates a neighbor solicitation requests with a lot of CGAs (crypto stuff ;-) to keep the CPU busy. nice.
  • thcping6: sends a hand crafted ping6 packet [and about 25 more tools for you to discover]
For detailed information about the usage, library interface & so on click here. To Download THC-IPv6 Attack Toolkit Click Here (Linux Only). For those who are hearing the name THC first time, we want to give you reminder that before this tool, this German hackers group published few other hack tools like Hydra (Fastest Login Cracker), THC SSL Dos and so on. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 6 Released With Full IPv6 Support, Better Web Scanning & 289 New Scripts

Posted by Avik Sarkar On 5/22/2012 10:34:00 pm

Nmap 6 Released With Full IPv6 Support, Better Web Scanning & 289 New Scripts

Earlier we have discussed several times about Nmap. Now the Nmap Project is pleased to announce the immediate, free availability of the Nmap Security Scanner version 6.00. According to the project release - this product of almost three years of work, 3,924 code commits, and more than a dozen point releases since the big Nmap 5 release in July 2009. Nmap 6 includes a more powerful Nmap Scripting Engine, 289 new scripts, better web scanning, full IPv6 support, the Nping packet prober, faster scans, and much more. 
Top 6 improvements in Nmap 6:-
1. NSE Enhanced
The Nmap Scripting Engine (NSE) has exploded in popularity and capabilities. This modular system allows users to automate a wide variety of networking tasks, from querying network applications for configuration information to vulnerability detection and advanced host discovery. The script count has grown from 59 in Nmap 5 to 348 in Nmap 6, and all of them are documented and categorized in our NSE Documentation Portal. The underlying NSE infrastructure has improved dramatically as well.
2. Better Web Scanning
As the Internet has grown more web-centric, Nmap has developed web scanning capabilities to keep pace. When Nmap was first released in 1997, most of the network services offered by a server listened on individual TCP or UDP ports and could be found with a simple port scan. Now, applications are just as commonly accessed via URL path instead, all sharing a web server listening on a single port. Nmap now includes many techniques for enumerating those applications, as well as performing a wide variety of other HTTP tasks, from web site spidering to brute force authentication cracking. Technologies such as SSL encryption, HTTP pipelining, and caching mechanisms are well supported.
3. Full IPv6 Support
Given the exhaustion of available IPv4 addresses, the Internet community is trying to move to IPv6. Nmap has been a leader in the transition, offering basic IPv6 support since 2002. But basic support isn't enough, so we spent many months ensuring that Nmap version 6 contains full support for IP version 6. And we released it just in time for the World IPv6 Launch. We've created a new IPv6 OS detection system, advanced host discovery, raw-packet IPv6 port scanning, and many NSE scripts for IPv6-related protocols. It's easy to use too—just specify the -6 argument along with IPv6 target IP addresses or DNS records. In addition, all of our web sites are now accessible via IPv6. For example, Nmap.org can be found at 2600:3c01::f03c:91ff:fe96:967c.
4. New Nping Tool
The newest member of the Nmap suite of networking and security tools is Nping, an open source tool for network packet generation, response analysis and response time measurement. Nping can generate network packets for a wide range of protocols, allowing full control over protocol headers. While Nping can be used as a simple ping utility to detect active hosts, it can also be used as a raw packet generator for network stack stress testing, ARP poisoning, Denial of Service attacks, route tracing, etc. Nping's novel echo mode lets users see how packets change in transit between the source and destination hosts. That's a great way to understand firewall rules, detect packet corruption, and more.
5. Better Zenmap GUI & results viewer
While Nmap started out as a command-line tool and many (possibly most) users still use it that way, we've also developed an enhanced GUI and results viewer named Zenmap. One addition since Nmap 5 is a “filter hosts” feature which allows you to see only the hosts which match your criteria (e.g. Linux boxes, hosts running Apache, etc.) We've also localized the GUI to support five languages besides English. A new script selection interface helps you find and execute Nmap NSE scripts. It even tells you what arguments each script supports.
6. Faster scans
In Nmap's 15-year history, performance has always been a top priority. Whether scanning one target or a million, users want scans to run as fast as possible without sacrificing accuracy. Since Nmap 5 we've rewritten the traceroute system for higher performance and increased the allowed parallelism of the Nmap Scripting Engine and version detection subsystems. We also performed an intense memory audit which reduced peak consumption during our benchmark scan by 90%. We made many improvements to Zenmap data structures and algorithms as well so that it can now handle large enterprise scans with ease.
For detailed information click here. And to download Nmap 6 for Windows, Linux and many UNIX platforms (Solaris, Free/Net/OpenBSD, etc.) included Zenmap, the GUI frontend Click Here


 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 5.59 BETA1 (With 40 new NSE scripts)

Posted by Avik Sarkar On 7/01/2011 07:55:00 pm



Nmap 5.59 BETA1 released. This version includes 40 new NSE scripts (plus improvements to many others), even more IPv6 goodness than the informal World IPv6 Day release, 7 new NSE protocol libraries and hundreds of bug fixes! This release also expands and improves IPv6 support!

o [NSE] Added 40 scripts, bringing the total to 217!  You can learn
 more about any of them at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + afp-ls: Lists files and their attributes from Apple Filing
   Protocol (AFP) volumes. [Patrik Karlsson]

 + backorifice-brute: Performs brute force password auditing against
   the BackOrifice remote administration (trojan) service. [Gorjan
   Petrovski]

 + backorifice-info: Connects to a BackOrifice service and gathers
   information about the host and the BackOrifice service
   itself. [Gorjan Petrovski]

 + broadcast-avahi-dos: Attempts to discover hosts in the local
   network using the DNS Service Discovery protocol, then tests
   whether each host is vulnerable to the Avahi NULL UDP packet
   denial of service bug (CVE-2011-1002). [Djalal Harouni]

 + broadcast-netbios-master-browser: Attempts to discover master
   browsers and the Windows domains they manage. [Patrik Karlsson]

 + broadcast-novell-locate: Attempts to use the Service Location
   Protocol to discover Novell NetWare Core Protocol (NCP)
   servers. [Patrik Karlsson]

 + creds-summary: Lists all discovered credentials (e.g. from brute
   force and default password checking scripts) at end of scan.
   [Patrik Karlsson]

 + dns-brute: Attempts to enumerate DNS hostnames by brute force
   guessing of common subdomains. [Cirrus]

 + dns-nsec-enum: Attempts to discover target hosts' services using
   the DNS Service Discovery protocol. [Patrik Karlsson]

 + dpap-brute: Performs brute force password auditing against an
   iPhoto Library. [Patrik Karlsson]

 + epmd-info: Connects to Erlang Port Mapper Daemon (epmd) and
   retrieves a list of nodes with their respective port
   numbers. [Toni Ruottu]

 + http-affiliate-id: Grabs affiliate network IDs (e.g. Google
   AdSense or Analytics, Amazon Associates, etc.) from a web
   page. These can be used to identify pages with the same
   owner. [Hani Benhabiles, Daniel Miller]

 + http-barracuda-dir-traversal: Attempts to retrieve the
   configuration settings from a Barracuda Networks Spam & Virus
   Firewall device using the directory traversal vulnerability
   described at
   http://seclists.org/fulldisclosure/2010/Oct/119. [Brendan Coles]

 + http-cakephp-version: Obtains the CakePHP version of a web
   application built with the CakePHP framework by fingerprinting
   default files shipped with the CakePHP framework. [Paulino
   Calderon]

 + http-majordomo2-dir-traversal: Exploits a directory traversal
   vulnerability existing in the Majordomo2 mailing list manager to
   retrieve remote files. (CVE-2011-0049). [Paulino Calderon]

 + http-wp-plugins: Tries to obtain a list of installed WordPress
   plugins by brute force testing for known plugins. [Ange Gutek]

 + ip-geolocation-geobytes: Tries to identify the physical location
   of an IP address using the Geobytes geolocation web service
   (http://www.geobytes.com/iplocator.htm). [Gorjan Petrovski]

 + ip-geolocation-geoplugin: Tries to identify the physical location
   of an IP address using the Geoplugin geolocation web service
   (http://www.geoplugin.com/). [Gorjan Petrovski]

 + ip-geolocation-ipinfodb: Tries to identify the physical location
   of an IP address using the IPInfoDB geolocation web service
   (http://ipinfodb.com/ip_location_api.php). [Gorjan Petrovski]

 + ip-geolocation-maxmind: Tries to identify the physical location of
   an IP address using a Geolocation Maxmind database file (available
   from http://www.maxmind.com/app/ip-location). [Gorjan Petrovski]

 + ldap-novell-getpass: Attempts to retrieve the Novell Universal
   Password for a user. You must already have (and include in script
   arguments) the username and password for an eDirectory server
   administrative account. [Patrik Karlsson]

 + mac-geolocation: Looks up geolocation information for BSSID (MAC)
   addresses of WiFi access points in the Google geolocation
   database. [Gorjan Petrovski]

 + mysql-audit: Audit MySQL database server security configuration
   against parts of the CIS MySQL v1.0.2 benchmark (the engine can
   also be used for other MySQL audits by creating appropriate audit
   files).  [Patrik Karlsson]

 + ncp-enum-users: Retrieves a list of all eDirectory users from the
   Novell NetWare Core Protocol (NCP) service. [Patrik Karlsson]

 + ncp-serverinfo: Retrieves eDirectory server information (OS
   version, server name, mounts, etc.) from the Novell NetWare Core
   Protocol (NCP) service. [Patrik Karlsson]

 + nping-brute: Performs brute force password auditing against an
   Nping Echo service. [Toni Ruottu]

 + omp2-brute: Performs brute force password auditing against the
   OpenVAS manager using OMPv2. [Henri Doreau]

 + omp2-enum-targets: Attempts to retrieve the list of target systems
   and networks from an OpenVAS Manager server. [Henri Doreau]

 + ovs-agent-version: Detects the version of an Oracle OVSAgentServer
   by fingerprinting responses to an HTTP GET request and an XML-RPC
   method call. [David Fifield]

 + quake3-master-getservers: Queries Quake3-style master servers for
   game servers (many games other than Quake 3 use this same
   protocol). [Toni Ruottu]

 + servicetags: Attempts to extract system information (OS, hardware,
   etc.) from the Sun Service Tags service agent (UDP port
   6481). [Matthew Flanagan]

 + sip-brute: Performs brute force password auditing against Session
   Initiation Protocol (SIP -

http://en.wikipedia.org/wiki/Session_Initiation_Protocol)

   accounts.  This protocol is most commonly associated with VoIP
   sessions. [Patrik Karlsson]

 + sip-enum-users: Attempts to enumerate valid SIP user accounts.
   Currently only the SIP server Asterisk is supported. [Patrik
   Karlsson]

 + smb-mbenum: Queries information managed by the Windows Master
   Browser. [Patrik Karlsson]

 + smtp-vuln-cve2010-4344: Checks for and/or exploits a heap overflow
   within versions of Exim prior to version 4.69 (CVE-2010-4344) and
   a privilege escalation vulnerability in Exim 4.72 and prior
   (CVE-2010-4345). [Djalal Harouni]

 + smtp-vuln-cve2011-1720: Checks for a memory corruption in the
   Postfix SMTP server when it uses Cyrus SASL library authentication
   mechanisms (CVE-2011-1720).  This vulnerability can allow denial
   of service and possibly remote code execution. [Djalal Harouni]

 + snmp-ios-config: Attempts to downloads Cisco router IOS
   configuration files using SNMP RW (v1) and display or save
   them. [Vikas Singhal, Patrik Karlsson]

 + ssl-known-key: Checks whether the SSL certificate used by a host
   has a fingerprint that matches an included database of problematic
   keys. [Mak Kolybabi]

 + targets-sniffer: Sniffs the local network for a configurable
   amount of time (10 seconds by default) and prints discovered
   addresses. If the newtargets script argument is set, discovered
   addresses are added to the scan queue. [Nick Nikolaou]

 + xmpp: Connects to an XMPP server (port 5222) and collects server
   information such as supported auth mechanisms, compression methods
   and whether TLS is supported and mandatory. [Vasiliy Kulikov]

o Nmap has long supported IPv6 for basic (connect) port scans, basic
 host discovery, version detection, Nmap Scripting Engine.  This
 release dramatically expands and improves IPv6 support:
 + IPv6 raw packet scans (including SYN scan, UDP scan, ACK scan,
   etc.) are now supported. [David, Weilin]
 + IPv6 raw packet host discovery (IPv6 echo requests, TCP/UDP
   discovery packets, etc.) is now supported. [David, Weilin]
 + IPv6 traceroute is now supported [David]
 + IPv6 protocol scan (-sO) is now supported, including creating
   realistic headers for many protocols. [David]
 + IPv6 support to the wsdd, dnssd and upnp NSE libraries. [Daniel
   Miller, Patrik]
 + The --exclude and --excludefile now support IPV6 addresses with
   netmasks.  [Colin]

o Scanme.Nmap.Org (the system anyone is allowed to scan for testing
 purposes) is now dual-stacked (has an IPv6 address as well as IPv4)
 so you can scan it during IPv6 testing.  We also added a DNS record
 for ScanmeV6.nmap.org which is IPv6-only. See
 http://seclists.org/nmap-dev/2011/q2/428. [Fyodor]

o The Nmap.Org website as well as sister sites Insecure.Org,
 SecLists.Org, and SecTools.Org all have working IPv6 addresses now
 (dual stacked). [Fyodor]

o Nmap now determines the filesystem location it is being run from and
 that path is now included early in the search path for data files
 (such as nmap-services).  This reduces the likelihood of needing to
 specify --datadir or getting data files from a different version of
 Nmap installed on the system.  For full details, see
 http://nmap.org/book/data-files-replacing-data-files.html.  Thanks
 to Solar Designer for implementation advice. [David]

o Created a page on our SecWiki for collecting Nmap script ideas! If
 you have a good idea, post it to the incoming section of the page.
 Or if you're in a script writing mood but don't know what to write,
 come here for inspiration: https://secwiki.org/w/Nmap_Script_Ideas.

o The development pace has greatly increased because Google (again)
 sponsored a 7 full-time college and graduate student programmer
 interns this summer as part of their Summer of Code program!
 Thanks, Google Open Source Department!  We're delighted to introduce
 the team: http://seclists.org/nmap-dev/2011/q2/312

o [NSE] Added 7 new protocol libraries, bringing the total to 66.  You
 can read about them all at http://nmap.org/nsedoc/. Here are the new
 ones (authors listed in brackets):

 + creds: Handles storage and retrieval of discovered credentials
   (such as passwords discovered by brute force scripts). [Patrik
   Karlsson]

 + ncp: A tiny implementation of Novell Netware Core Protocol
   (NCP). [Patrik Karlsson]

 + omp2: OpenVAS Management Protocol (OMP) version 2 support. [Henri
   Doreau]

 + sip: Supports a limited subset of SIP commands and
   methods. [Patrik Karlsson]

 + smtp: Simple Mail Transfer Protocol (SMTP) operations. [Djalal
   Harouni]

 + srvloc: A relatively small implementation of the Service Location
   Protocol. [Patrik Karlsson]

 + tftp: Implements a minimal TFTP server. It is used in
   snmp-ios-config to obtain router config files.[Patrik Karlsson]

o Improved Nmap's service/version detection database by adding:
 + Apple iPhoto (DPAP) protocol probe [Patrik]
 + Zend Java Bridge probe [Michael Schierl]
 + BackOrifice probe [Gorjan Petrovski]
 + GKrellM probe [Toni Ruotto]
 + Signature improvements for a wide variety of services (we now have
   7,375 signatures)

o [NSE] ssh-hostkey now additionally has a postrule that prints hosts
 found during the scan which share the same hostkey. [Henri Doreau]

o [NSE] Added 300+ new signatures to http-enum which look for admin
 directories, JBoss, Tomcat, TikiWiki, Majordomo2, MS SQL, WordPress,
 and more. [Paulino]

o Made the final IP address space assignment update as all available
 IPv4 address blocks have now been allocated to the regional
 registries.  Our random IP generation (-iR) logic now only excludes
 the various reserved blocks.  Thanks to Kris for years of regular
 updates to this function!

o [NSE] Replaced http-trace with a new more effective version. [Paulino]

o Performed some output cleanup work to remove unimportant status
 lines so that it is easier to find the good stuff! [David]

o [Zenmap] now properly kills Nmap scan subprocess when you cancel a
 scan or quit Zenmap on Windows. [Shinnok]

o [NSE] Banned scripts from being in both the "default" and
 "intrusive" categories.  We did this by removing dhcp-discover and
 dns-zone-transfer from the set of scripts run by default (leaving
 them "intrusive"), and reclassifying dns-recursion, ftp-bounce,
 http-open-proxy, and socks-open-proxy as "safe" rather than
 "intrusive" (keeping them in the "default" set).

o [NSE] Added a credential storage library (creds.lua) and modified
 the brute library and scripts to make use of it. [Patrik]

o [Ncat] Created a portable version of ncat.exe that you can just drop
 onto Microsoft Windows systems without having to run any installer
 or copy over extra library files. See the Ncat page
 (http://nmap.org/ncat/) for binary downloads and a link to build
 instructions. [Shinnok]

o Fix a segmentation fault which could occur when running Nmap on
 various Android-based phones.  The problem related to NULL being
 passed to freeaddrinfo(). [David, Vlatko Kosturjak]

o [NSE] The host.bin_ip and host.bin_ip_src entries now also work with
 16-byte IPv6 addresses. [David]

o [Ncat] Updated the ca-bundle.crt list of trusted certificate
 authority certificates. [David]

o [NSE] Fixed a bug in the SMB Authentication library which could
 prevent concurrently running scripts with valid credentials from
 logging in. [Chris Woodbury]

o [NSE] Re-worked http-form-brute.nse to better autodetect form
 fields, allow brute force attempts where only the password (no
 username) is needed, follow HTTP redirects, and better detect
 incorrect login attempts. [Patrik, Daniel Miller]

o [Zenmap] Changed the "slow comprehensive scan" profile's NSE script
 selection from "all" to "default or (discovery and safe)"
 categories.  Except for testing and debugging, "--script all" is
 rarely desirable.

o [NSE] Added the stdnse.silent_require method which is used for
 library requires that you know might fail (e.g. "openssl" fails if
 Nmap was compiled without that library).  If these libraries are
 called with silent_require and fail to load, the script will cease
 running but the user won't be presented with ugly failure messages
 as would happen with a normal require. [Patrick Donnelly]

o [Ncat] ncat now listens on both localhost and ::1 when you run ncat
 -l. It works as before if you specify -4 or -6 or a specific
 address. [Colin Rice]

o [Zenmap] Fixed a bug in topology mapper which caused endpoints
 behind firewalls to sometimes show up in the wrong place (see
 http://seclists.org/nmap-dev/2011/q2/733).  [Colin Rice]

o [Zenmap] If you scan a system twice, any open ports from the first
 scan which are closed in the 2nd will be properly marked as
 closed. [Colin Rice].

o [Zenmap] Fixed an error that could cause a crash ("TypeError: an
 integer is required") if a sort column in the ports table was unset.
 [David]

o [Ndiff] Added nmaprun element information (Nmap version, scan date,
 etc.) to the diff.  Also, the Nmap banner with version number and
 data is now only printed if there were other differences in the
 scan. [Daniel Miller, David, Dr. Jesus]

o [NSE] Added nmap.get_interface and nmap.get_interface_info functions
 so scripts can access characteristics of the scanning interface.
 Removed nmap.get_interface_link. [Djalal]

o Fixed an overflow in scan elapsed time display that caused negative
 times to be printed after about 25 days. [Daniel Miller]

o Updated nmap-rpc from the master list, now maintained by IANA.
 [Daniel Miller, David]

o [Zenmap] Fixed a bug in the option parser: -sN (null scan) was
 interpreted as -sn (no port scan). This was reported by
 Shitaneddine. [David]

o [Ndiff] Fixed the Mac OS X packages to use the correct path for
 Python: /usr/bin/python instead of /opt/local/bin/python. The bug
 was reported by Wellington Castello. [David]

o Removed the -sR (RPC scan) option--it is now an alias for -sV
 (version scan), which always does RPC scan when an rpcinfo service
 is detected.

o [NSE] Improved the ms-sql scripts and library in several ways:
 - Improved version detection and server discovery
 - Added support for named pipes, integrated authentication, and
   connecting to instances by name or port
 - Improved script and library stability and documentation.
 [Patrik Karlsson, Chris Woodbury]

o [NSE] Fixed http.validate_options when handling a cookie table.
 [Sebastian Prengel]

o Added a Service Tags UDP probe for port 6481/udp. [David]

o [NSE] Enabled firewalk.nse to automatically find the gateways at
 which probes are dropped and fixed various bugs. [Henri Doreau]

o [Zenmap] Worked around a pycairo bug that prevented saving the
 topology graphic as PNG on Windows: "Error Saving Snapshot:
 Surface.write_to_png takes one argument which must be a filename
 (str), file object, or a file-like object which has a 'write' method
 (like StringIO)". The problem was reported by Alex Kah. [David]

o The -V and --version options now show the platform Nmap was compiled
 on, which features are compiled in, the version numbers of libraries
 it is linked against, and whether the libraries are the ones that
 come with Nmap or the operating system.  [Ambarisha B., David]

o Fixed some inconsistencies in nmap-os-db reported by Xavier Sudre
 from netVigilance.

o The Nmap Win32 uninstaller now properly deletes nping.exe. [Fyodor]

o [NSE] Added a shortport.ssl function which can be used as a script
 portrule to match SSL services.  It is similar in concept to our
 existing shortport.http. [David]

o Set up the RPM build to use the compat-glibc and compat-gcc-34-c++
 packages (on CentOS 5.3) to resolve a report of Nmap failing to run
 on old versions of Glibc. [David]

o We no longer support Nmap on versions of Windows earlier than XP
 SP2.  Even Microsoft no longer supports Windows versions that old.
 But if you must use Nmap on such systems anyway, please see

https://secwiki.org/w/Nmap_On_Old_Windows_Releases.

o There were hundreds of other little bug fixes and improvements
 (especially to NSE scripts).  See the SVN logs for revisions 22,274
 through 24,460 for details.

To Download Nmap 5.59 BETA 1 Click HERE

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 5.52.IPv6.Beta2 is now avilable

Posted by Avik Sarkar On 6/09/2011 02:45:00 am


Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results (Ndiff).

Though Nmap has been supporting IPv6 since 2002, there were a few limitations with raw packet scans (SYN scan, UDP scan, ICMP ping packets,etc.) not being supported. This limitation has finally been emilinated! 

However, the following features related to IPv6 scanning are still not completely supported:-
 
OS detection.
Protocol scan.
IPv6 CIDR address notation.
Neighbor Discovery-based host discovery (analog to ARP scan).
Multicast host discovery.
Windows Teredo tunnels (a system for tunneling IPv6 to systems which don’t support it natively) are not supported by the raw system, but you can still use -6 with –unprivileged to scan through those interfaces.
When scanning link local IPv6 addresses (they start with fe80), you might need to put the interface name at the end like you sometimes do with ping6 and other system IPv6 tools (e.g. fe80::9afc:22ee:bc91:3e1d%eth0)

Whats more is that the same support has been added to the Nmap scanme engine too.

Download Nmap from the following Links:-



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

Nmap 6.25 Released! With 85 New Scripts, Windows 8 Enhancements & Better Performance

Gordon Lyon also known as Fyodor, the author of world's most popular security scanner 'Nmap' announced another update. Almost after five months we got this new version that is Nmap 6.25. This release of Nmap  contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!  It also includes the work of five Google Summer of Code interns who worked full time with Nmap mentors during the summer. 

Here are the most important change since 6.01:
  • Integrated all of your IPv4 OS fingerprint submissions since January (more than 3,000 of them).  Added 373 fingerprints, bringing the new total to 3,946.  Additions include Linux 3.6, Windows 8, Windows Server 2012, Mac OS X 10.8, and a ton of new WAPs, printers, routers, and other devices--including our first IP-enabled doorbell! Many existing fingerprints were improved.
  • Integrated all of your service/version detection fingerprints submitted since January (more than 1,500)!  Our signature count jumped by more than 400 to 8,645.  We now detect 897 protocols, from extremely popular ones like http, ssh, smtp and imap to the more obscure airdroid, gopher-proxy, and enemyterritory. 
  • Integrated your latest IPv6 OS submissions and corrections. We're still low on IPv6 fingerprints, so please scan any IPv6 systems you own or administer and submit them to http://nmap.org/submit/.  Both new fingerprints (if Nmap doesn't find a good match) and corrections (if Nmap guesses wrong) are useful.
  • Enabled support for IPv6 traceroute using UDP, SCTP, and IPProto(Next Header) probes. 
  • Scripts can now return a structured name-value table so that results are query-able from XML output. Scripts can return a string as before, or a table, or a table and a string. In this last case, the table will go to XML output and the string will go to screen output. See http://nmap.org/book/nse-api.html#nse-structured-output 
  • [Nsock] Added new poll and kqueue I/O engines for improved performance on Windows and BSD-based systems including Mac OS X. These are in addition to the epoll engine (used on Linux) and the classic select engine fallback for other system.  
  • [Ncat] Added support for Unix domain sockets. The new -U and --unixsock options activate this mode.  These provide compatibility with Hobbit's original Netcat. 
  • Moved some Windows dependencies, including OpenSSL, libsvn, and the vcredist files, into a new public Subversion directory /nmap-mswin32-aux and moved it out of the source tarball. This reduces the compressed tarball size from 22 MB to 8 MB and similarly reduces the bandwidth and storage required for an svn checkout.
  • [NSE] Replaced old RPC grinder (RPC enumeration, performed as part of version detection when a port seems to run a SunRPC service) with a faster and easier to maintain NSE-based implementation. This also allowed us to remove the crufty old pos_scan scan engine. 




For additional information and to know the full change log of this release click Here. To download Namp 6.25 (Source Code & Binary Packages) for Windows, Linux, Mac, Unix & few other OS click Here






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Tor 0.2.3.9-alpha With Initial IPv6 Support

Posted by Avik Sarkar On 12/17/2011 11:59:00 pm



Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds a "DisableNetwork" security feature that bundles can use to avoid touching the network until bridges are configured, moves forward on the pluggable transport design, fixes a flaw in the hidden service design that unnecessarily prevented clients with wrong clocks from reaching hidden services, and fixes a wide variety of other issues.

Features:-  

  • Clients can now connect to private bridges over IPv6. Bridges still need at least one IPv4 address in order to connect to other relays. Note that we don't yet handle the case where the user has two bridge lines for the same bridge (one IPv4, one IPv6). Implements parts of proposal 186.


  • New "DisableNetwork" config option to prevent Tor from launching any connections or accepting any connections except on a control port.
  • Bundles and controllers can set this option before letting Tor talk to the rest of the network, for example to prevent any connections to a non-bridge address. Packages like Orbot can also use this   option to instruct Tor to save power when the network is off.
  • Clients and bridges can now be configured to use a separate "transport" proxy. This approach makes the censorship arms race easier by allowing bridges to use protocol obfuscation plugins.  It implements the "managed proxy" part of proposal 180 (ticket 3472).
  • When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode implementation. It makes AES_CTR about 7% faster than our old one (which was about 10% faster than the one OpenSSL used to provide). Resolves ticket 4526.
  •  Add a "tor2web mode" for clients that want to connect to hidden services non-anonymously (and possibly more quickly). As a safety measure to try to keep users from turning this on without knowing what they are doing, tor2web mode must be explicitly enabled at compile time, and a copy of Tor compiled to run in tor2web mode cannot be used as a normal Tor client. Implements feature 2553.
  •  Add experimental support for running on Windows with IOCP and no kernel-space socket buffers. This feature is controlled by a new "UserspaceIOCPBuffers" config option (off by default), which has no effect unless Tor has been built with support for bufferevents, is running on Windows, and has enabled IOCP. This may, in the long run, help solve or mitigate bug 98.
  •  Use a more secure consensus parameter voting algorithm. Now at least three directory authorities or a majority of them must vote on a given parameter before it will be included in the consensus. Implements proposal 178.


Major Bugfixes:-

  • Hidden services now ignore the timestamps on INTRODUCE2 cells.
  • They used to check that the timestamp was within 30 minutes of their system clock, so they could cap the size of their  replay-detection cache, but that approach unnecessarily refused service to clients with wrong clocks. Bugfix on 0.2.1.6-alpha, when the v3 intro-point protocol (the first one which sent a timestamp field in the INTRODUCE2 cell) was introduced; fixes bug 3460.
  • Only use the EVP interface when AES acceleration is enabled, to avoid a 5-7% performance regression. Resolves issue 4525; bugfix on 0.2.3.8-alpha.


Privacy/Anonymity Features (bridge detection):-

  • Make bridge SSL certificates a bit more stealthy by using random serial numbers, in the same fashion as OpenSSL when generating self-signed certificates. Implements ticket 4584.
  • Introduce a new config option "DynamicDHGroups", enabled by default, which provides each bridge with a unique prime DH modulus to be used during SSL handshakes. This option attempts to help against censors who might use the Apache DH modulus as a static identifier for bridges. Addresses ticket 4548.

To Download Tor 0.2.3.9-alpha Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Enhanced Anti-Logger, Privacyware PC Security & Hacking Protection supported by IPv6

Posted by Avik Sarkar On 6/09/2011 05:41:00 pm

 


Privacyware, an innovative provider of web application firewall, pc security and security data analytics software, announced today that it has released a new version of Privatefirewall, the leading free security product for Windows PCs. The new software features full support for IPv6 and enhanced protection against critical hacking, privacy and identity theft threats.
"The frequency and magnitude of reported data theft incidents consistently reminds us of the real threat that exists as our reliance on the Internet to bank, shop, and personally or professionally interconnect continues to grow,” said Greg Salvato, chief executive officer at Privacyware. “Our new Privatefirewall release provides expanded packet inspection to support IPv6 and offers greater protection from keyboard, screen, clipboard and other logging techniques used by hackers and malware to steal private data.”
Privatefirewall employs a multi-layered security architecture that combines stateful packet inspection of inbound and outbound traffic and intelligent HIPS technologies that model and monitor system and application behavior to identify and block activity characteristic of Trojans, keyloggers, port scanning, program hijacking and zero-day threats. Privatefirewall ranks among the best performing desktop defense applications tested against the industry's most rigorous leak, general bypass, spying and termination tests.

Privatefirewall delivers four key benefits:
•Stateful inbound/outbound firewall, process monitor and behavioral monitoring technologies provide deep, proactive protection from malware and hackers for your system and personal data.

•Simple setup and operation ensures powerful out-of-box protection and peace of mind with ease.

•Elegant solution design is extremely light on system resources and won't slow down your PC.

•Unsurpassed value – Privatefirewall is available free of charge.

Key Features of this Privatefirewall Update Include:

•IPv6 packet filtering and tunneling support.

•Expanded anti-logger protection including clipboard and screenshot logging detection, driver load attempt detection and enhanced code injection monitoring.

•Improved leak, general bypass, spying and termination defense performance.

Privatefirewall provides an excellent layer of additional protection for the Windows operating system and supports 32 and 64 bit versions of Windows 7, Vista, and Server 2008/R2 as well as 32 bit versions of XP and Server 2003.

Pricing and Availability:
Privatefirewall 7 is free and available now. Visit http://www.privacyware.com to download today. Privatefirewall supports 32 and 64 bit versions of Windows 7, Vista, and Server 2008/R2 as well as 32 bit versions of XP and Server 2003. Private label and OEM licensing and integration options are also available to ISVs, ISPs and hardware and peripheral equipment vendors.

About Privacyware:
Privacyware is an innovative provider of award-winning pc security, web application firewall and security data analytics software. Privacyware products leverage conventional and neural analytics technologies to help systems administrators, IT security and compliance personnel more effectively identify, understand and prevent malicious, unauthorized and/or deviant computing system activity. Privacyware is a member of the Microsoft Partner Network with Gold Independent Software Vendor (ISV), and Silver Business Intelligence and Data Platform Competencies.
Privacyware and ThreatSentry, Privatefirewall, and Adaptive Security Analyzer are registered trademarks of PWI, Inc. All other registered or unregistered trademarks are the sole property of their respective owners. ©2011 PWI, Inc. All rights reserved.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researchers Found Flaws On The IPv6 Handling System Of Windows 7

Posted by Avik Sarkar On 8/19/2011 04:38:00 pm

Researchers have found a flaw in the way Windows 7 handles IPv6, one of the key protocols underlying the internet, saying attackers could use the vulnerability to crash PCs.
The security firm Barracuda Labs said on Tuesday that someone would have to make a targeted denial-of-service attack to exploit the vulnerability, but exploitation could cause failure in a PC's network connectivity, applications and sound system.
Microsoft has acknowledged and reported the flaw, but has said it will not patch it in a security update, because exploiting the vulnerability requires local network access.
According to Barracuda Labs researcher Thomas Unterleitner, the vulnerability lies in the way Windows 7's remote procedure call (RPC) function handles malformed DHCPv6 requests — DHCP (Dynamic Host Configuration Protocol) being the automatic configuration protocol that lets servers allocate IP addresses to clients at start-up.
DHCPv6 is part of IPv6, the new version of the internet protocol that is being slowly rolled out. 128-bit IPv6 addressing can handle a vastly greater number of connected network devices than 32-bit IPv4, which was introduced in 1981 and is now running out of address space.

Intercept DHCPv6 traffic:-

"To exploit this vulnerability, an attacker would need to intercept DHCPv6 traffic," Unterleitner wrote. "Once a DHCPv6 request has been intercepted, the corresponding reply would have to be modified to contain the malformed Domain Search List option. On reception of this malformed packet, RPC on the remote machine would fail. Exploiting this vulnerability would cause the RPC service to fail, losing any RPC-based services, as well as the potential loss of some COM functions."
Unterleitner told ZDNet UK on Wednesday that a successful attack would "crash the RPC service from the Windows operating system, and without this service Windows 'collapses' slowly — no sound, no IP and so on".
 
Barracuda Labs confirmed the DHCPv6 vulnerability on both 32-bit and 64-bit versions of Windows 7 Ultimate with Service Pack 1, and said it was "very likely" that other versions of Windows 7, and possibly earlier versions of Windows, are also affected.
After the security researchers warned Microsoft of the flaw, the company replied in late July, saying it had replicated the vulnerability. However, Microsoft said that executing a man-in-the-middle attack or establishing a rogue DHCPv6 server to exploit the flaw would require local access, so the flaw would only be fixed in the next version of Windows.
Unterleitner said an incorrectly-configured or buggy Linux DHCP server could also trigger similar effects on the client PC, but the method described by Barracuda Labs is the easiest way for a "pinpoint denial-of-service" attack to compromise a client.
ZDNet UK has asked Microsoft for comment on the vulnerability, but had received none at the time of writing.


-News Source (ZDNet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage

Posted by Avik Sarkar On 2/24/2012 10:32:00 pm

Metasploit 4.2.0 Released With IPv6 Support & Virtualization Target Coverage
Earlier we haev discussed many times about one of the most famous and widely used exploitation framework named Metasploit. Yet again the Rapid 7 released another updated version of Metasploit. This update brings Metasploit to version 4.2.0, adding IPv6 support and virtualization target coverage. You'll also notice a new Product News section and update notification for our weekly updates. Since the last major release (4.1.0), added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads. 
Brief About Metasploit:- 
The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.
Module Changes:-
  •     Novell eDirectory eMBox Unauthenticated File Access
  •     JBoss Seam 2 Remote Command Execution
  •     NAT-PMP Port Mapper
  •     TFTP File Transfer Utility
  •     VMWare Power Off Virtual Machine
  •     VMWare Power On Virtual Machine
  •     VMWare Tag Virtual Machine
  •     VMWare Terminate ESX Login Sessions
  •     John the Ripper AIX Password Cracker
  •     7-Technologies IGSS 9 IGSSdataServer.exe DoS
  •     Microsoft IIS FTP Server <= 7.0 LIST Stack Exhaustion
  •     DNS and DNSSEC fuzzer
  •     CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
  •     CorpWatch Company ID Information Search
  •     CorpWatch Company Name Information Search
  •     General Electric D20 Password Recovery
  •     NAT-PMP External Address Scanner
  •     Shodan Search
  •     H.323 Version Scanner
  •     Drupal Views Module Users Enumeration
  •     Ektron CMS400.NET Default Password Scanner
  •     Generic HTTP Directory Traversal Utility
  •     Microsoft IIS HTTP Internal IP Disclosure
  •     Outlook Web App (OWA) Brute Force Utility
  •     Squiz Matrix User Enumeration Scanner
  •     Sybase Easerver 6.3 Directory Traversal
  •     Yaws Web Server Directory Traversal
  •     OKI Printer Default Login Credential Scanner
  •     MSSQL Schema Dump
  •     MYSQL Schema Dump
  •     NAT-PMP External Port Scanner
  •     pcAnywhere TCP Service Discovery
  •     pcAnywhere UDP Service Discovery
  •     Postgres Schema Dump
  •     SSH Public Key Acceptance Scanner
  •     Telnet Service Encyption Key ID Overflow Detection
  •     IpSwitch WhatsUp Gold TFTP Directory Traversal
  •     VMWare ESX/ESXi Fingerprint Scanner
  •     VMWare Authentication Daemon Login Scanner
  •     VMWare Authentication Daemon Version Scanner
  •     VMWare Enumerate Permissions
  •     VMWare Enumerate Active Sessions
  •     VMWare Enumerate User Accounts
  •     VMWare Enumerate Virtual Machines
  •     VMWare Enumerate Host Details
  •     VMWare Web Login Scanner
  •     VMWare Screenshot Stealer
  •     Capture: HTTP JavaScript Keylogger
  •     Oracle DB SQL Injection via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
  •     Asterisk Manager Login Utility
  •     FreeBSD Telnet Service Encryption Key ID Buffer Overflow
  •     Linux BSD-derived Telnet Service Encryption Key ID Buffer Overflow
  •     Java Applet Rhino Script Engine Remote Code Execution
  •     Family Connections less.php Remote Command Execution
  •     Gitorious Arbitrary Command Execution
  •     Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
  •     OP5 license.php Remote Command Execution
  •     OP5 welcome Remote Command Execution
  •     Plone and Zope XMLTools Remote Command Execution
  •     PmWiki <= 2.2.34 pagelist.php Remote PHP Code Injection Exploit
  •     Support Incident Tracker <= 3.65 Remote Command Execution
  •     Splunk Search Remote Code Execution
  •     Traq admincp/common.php Remote Code Execution
  •     vBSEO <= 3.6.0 proc_deutf() Remote PHP Code Injection
  •     Mozilla Firefox 3.6.16 mChannel Use-After-Free
  •     CTEK SkyRouter 4200 and 4300 Command Execution
  •     Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
  •     Icona SpA C6 Messenger DownloaderActiveX Control Arbitrary File Download and Execute
  •     HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution
  •     Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control
  •     Java MixerSequencer Object GM_Song Structure Handling Vulnerability
  •     MS05-054 Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution
  •     MS12-004 midiOutPlayNextPolyEvent Heap Overflow
  •     Viscom Software Movie Player Pro SDK ActiveX 6.8
  •     Adobe Reader U3D Memory Corruption Vulnerability
  •     Aviosoft Digital TV Player Professional 1.0 Stack Buffer Overflow
  •     BS.Player 2.57 Buffer Overflow
  •     CCMPlayer 1.5 m3u Playlist Stack Based Buffer Overflow
  •     Free MP3 CD Ripper 1.1 WAV File Stack Buffer Overflow
  •     McAfee SaaS MyCioScan ShowReport Remote Command Execution
  •     Mini-Stream RM-MP3 Converter v3.1.2.1 PLS File Stack Buffer Overflow
  •     MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow
  •     Ability Server 2.34 STOR Command Stack Buffer Overflow
  •     AbsoluteFTP 1.9.6 - 2.2.10 LIST Command Remote Buffer Overflow
  •     Serv-U FTP Server < 4.2 Buffer Overflow
  •     HP OpenView Network Node Manager ov.dll _OVBuildPath Buffer Overflow
  •     XAMPP WebDAV PHP Upload
  •     Avid Media Composer 5.5 - Avid Phonetic Indexer Buffer Overflow
  •     Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
  •     HP Diagnostics Server magentservice.exe Overflow
  •     StreamDown 6.8.0 Buffer Overflow
  •     Wireshark console.lua Pre-Loading Script Execution
  •     Oracle Job Scheduler Named Pipe Command Execution
  •     SCADA 3S CoDeSys CmpWebServer <= v3.4 SP4 Patch 2 Stack Buffer Overflow
  •     Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
  •     OpenTFTP SP 1.4 Error Packet Overflow
  •     AIX Gather Dump Password Hashes
  •     Linux Gather Saved mount.cifs/mount.smbfs Credentials
  •     Multi Gather VirtualBox VM Enumeration
  •     UNIX Gather .fetchmailrc Credentials
  •     Multi Gather VMWare VM Identification
  •     UNIX Gather .netrc Credentials
  •     Multi Gather Mozilla Thunderbird Signon Credential Collection
  •     Multiple Linux / Unix Post Sudo Upgrade Shell
  •     Windows Escalate SMB Icon LNK dropper
  •     Windows Escalate Get System via Administrator
  •     Windows Gather RazorSQL Credentials
  •     Windows Gather File and Registry Artifacts Enumeration
  •     Windows Gather Enumerate Computers
  •     Post Windows Gather Forensics Duqu Registry Check
  •     Windows Gather Privileges Enumeration
  •     Windows Manage Download and/or Execute
  •     Windows Manage Create Shadow Copy
  •     Windows Manage List Shadow Copies
  •     Windows Manage Mount Shadow Copy
  •     Windows Manage Set Shadow Copy Storage Space
  •     Windows Manage Get Shadow Copy Storage Info
  •     Windows Recon Computer Browser Discovery
  •     Windows Recon Resolve Hostname
  •     Windows Gather Wireless BSS Info
  •     Windows Gather Wireless Current Connection Info
  •     Windows Disconnect Wireless Connection
  •     Windows Gather Wireless Profile
For additional information click Here. To Download Metasploit version 4.2.0 for windows & Linux click Here.

 -Source (rapid7)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Nessus 5.0.2 Vulnerability Scanner Released & Available For Download

Posted by Avik Sarkar On 10/11/2012 03:51:00 am

Nessus 5.0.2 Vulnerability Scanner Released & Available For Download 

Earlier we have discussed several times about Nessus, a proprietary comprehensive vulnerability scanning tool. After almost six months, yet again Tenable Network Security officially announced the availability of Nessus 5.0.2. According to surveys done by sectools.org, Nessus is the world's most popular vulnerability scanner, taking first place in the 2000, 2003, and 2006 security tools survey. Tenable estimates that it is used by over 75,000 organizations worldwide. This update is largely a bugfix release, however a new build for Solaris 10 is now available. The major issues addressed in 5.0.2 include enhanced support for UTF8 encoding problems in reports and the detection of network congestion errors during scans more conservatively. 

Official Change Log for Nessus 5.0.2:- 
  • UTF8 encoding problems would sometimes cause the generation of reports to fail 
  • Fixed a case where generating some compliance checks reports would cause the scanner to hang, using 100% of the CPU 
  • Resolved a resource leak issue occurring when a large number of different users are connected at the same time 
  • Network congestion errors are now detected more conservatively 
  • Upgraded libxml2, libxslt, openssl to their newest versions 
  • Some nessusd.rules directives were not honored by the port scanners 
  • Solaris 10 build
Other fixes:-
  • Smarter max_hosts and global.max_hosts defaults
  • Added support for named virtual hosts for IPv6
  • Fixed a memory leak when mixing IPv4 and IPv6 targets
  • Fixed the systemd control script (Fedora 16)
  • Fixed a crash in nessus-mkcert on the command-line (Win32)
  • Fixed a crash in localtime(), when passed an invalid argument (Win32)
  • Fixed scratchpad_query() to allow NULL arguments
  • PSSDK fix (Win32)

To Download Nessus 5.0.2 Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wireshark (Network Protocol Analyzer) 1.6.6 Released

Posted by Avik Sarkar On 3/30/2012 08:39:00 pm

Wireshark (Network Protocol Analyzer) 1.6.6 Released 
Again we have 2 updated version of Wireshark (Wireshark 1.4.12 & 1.6.6) - It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets. Earlier we have discussed several times about Wireshark. The current stable release of Wireshark is 1.6.6. It supersedes all previous releases, including all releases of Ethereal. For a complete list of system requirements and supported platforms, please consult the User's Guide. Information about each release can be found in the release notes.
Official change log for Wireshark 1.6.6:-
Bug Fixes:-
The following vulnerabilities have been fixed:-
  • wnpa-sec-2012-04: The ANSI A dissector could dereference a NULL pointer and crash. (Bug 6823)
  • Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
  • wnpa-sec-2012-05: The IEEE 802.11 dissector could go into an infinite loop. (Bug 6809)
  • Versions affected: 1.6.0 to 1.6.5.
  • wnpa-sec-2012-06: The pcap and pcap-ng file parsers could crash trying to read ERF data. (Bug 6804)
  • Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
  • wnpa-sec-2012-07: The MP2T dissector could try to allocate too much memory and crash. (Bug 6804)
  • Versions affected: 1.4.0 to 1.4.11, 1.6.0 to 1.6.5.
  • The Windows installers now include GnuTLS 1.12.18, which fixes several vulnerabilities.

The following bugs have been fixed:-
  • ISO SSAP: ActivityStart: Invalid decoding the activity parameter as a BER Integer. (Bug 2873)
  • Forward slashes in URI need to be converted to backslashes if WIN32. (Bug 5237)
  • Character echo pauses in Capture Filter field in Capture Options. (Bug 5356)
  • Some PGM options are not parsed correctly. (Bug 5687)
  • dumpcap crashes when capturing from pipe to a pcap-ng file (e.g., when passing data from CACE Pilot to Wireshark). (Bug 5939)
  • Unable to rearrange columns in preferences on Windows. (Bug 6077) (Note: this bug still affects the 64-bit package)
  • No error for UDP/IPv6 packet with zero checksum. (Bug 6232)
  • Wireshark installer doesn’t add access_bpf in 10.5.8. (Bug 6526)
  • Corrupted Diameter dictionary file that crashes Wireshark. (Bug 6664)
  • packetBB dissector bug: More than 1000000 items in the tree — possible infinite loop. (Bug 6687)
  • ZEP dissector: Timestamp not always displayed correctly. Fractional seconds never displayed. (Bug 6703)
  • GOOSE Messages don’t use the length field to perform the dissection. (Bug 6734)
  • Ethernet traces in K12 text format sometimes give bogus “malformed frame” errors and other problems. (Bug 6735)
  • max_ul_ext isn’t printed/decoded to the packet details log in GTP protocol packet. (Bug 6761)
  • non-IPP packets to or from port 631 are dissected as IPP. (Bug 6765)
  • lua proto registration fails for uppercase proto / g_ascii_strdown problem. (Bug 6766)
  • no menu item Fle->Export->SSL Session Keys in GTK. (Bug 6813)
  • IAX2 dissector reads past end of packet for unknown IEs. (Bug 6815)
  • TShark 1.6.5 immediately crashes on SSL decryption (every time). (Bug 6817)
  • USB: unknown GET DESCRIPTOR response triggers assert failure. (Bug 6826)
  • IEEE1588 PTPv2 over IPv6. (Bug 6836)
  • Patch to fix DTLS decryption. (Bug 6847)
  • Expression… dialog crash. (Bug 6891)
  • display filter “gtp.msisdn” not working. (Bug 6947)
  • Multiprotocol Label Switching Echo – Return Code: Reserved (5). (Bug 6951)
  • ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972)
  • Adding a Custom HTTP Header Field with a trailing colon causes wireshark to immediately crash (and crash upon restart). (Bug 6982)
  • Radiotap dissector lists a bogus “DBM TX Attenuation” bit. (Bug 7000)
  • MySQL dissector assertion. (Ask 8649)
  • Radiotap header format data rate alignment issues. (Ask 8649)

Updated Protocol Support:-
ANSI A, BSSGP, DIAMETER, DTLS, GOOSE, GSM Management, GTP, HTTP, IAX2, IEEE 802.11, IPP, ISAKMP, ISO SSAP, MP2T, MPLS, MySQL, NTP, PacketBB, PGM, Radiotap, SSL, TCP, UDP, USB, WSP

New and Updated Capture File Support:-
Endace ERF, Pcap-NG, Tektronix K12

To Download Wireshark Click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Wireshark Ver 1.4.11 & 1.6.5 Released (Fixed Many Security Holes)

Posted by Avik Sarkar On 1/14/2012 11:33:00 pm


Earlier we have several times talked about Wireshark. It is the world’s most popular network protocol analyzer. It is used for troubleshooting, analysis, development, and education. Wireshark is widely used by system admins and also cyber criminals as because Wireshark has the capability to sniffing packets.

Official Change Log:-
Bug Fixes:-
  • wnpa-sec-2012-01: Laurent Butti discovered that Wireshark failed to properly check record sizes for many packet capture file formats. (Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670)
  • wnpa-sec-2012-02: Wireshark could dereference a NULL pointer and crash. (Bug 6634)
  • wnpa-sec-2012-03: The RLC dissector could overflow a buffer. (Bug 6391)
  • “Closing File!” Dialog Hangs. (Bug 3046)
  • Sub-fields of data field should appear in exported PDML as children of the data field instead of as siblings to it. (Bug 3809)
  • Incorrect time differences displayed with time reference set. (Bug 5580)
  • Wrong packet type association of SNMP trap after TFTP transfer. (Bug 5727)
  • SSL/TLS decryption needs wireshark to be rebooted. (Bug 6032)
  • Export HTTP Objects -> save all crashes Wireshark. (Bug 6250)
  • Wireshark Netflow dissector complains there is no template found though the template is exported. (Bug 6325)
  • DCERPC EPM tower UUID must be interpreted always as little endian. (Bug 6368)
  • Crash if no recent files. (Bug 6549)
  • IPv6 frame containing routing header with 0 segments left calculates wrong UDP checksum. (Bug 6560)
  • IPv4 UDP/TCP Checksum incorrect if routing header present. (Bug 6561)
  • Incorrect Parsing of SCPS Capabilities Option introduced in response to bug 6194. (Bug 6562)
  • Various crashes after loading NetMon2.x capture file. (Bug 6578)
  • Fixed compilation of dumpcap on some systems (when MUST_DO_SELECT is defined). (Bug 6614)
  • SIGSEGV in SVN 40046. (Bug 6634)
  • Wireshark dissects TCP option 25 as an “April 1″ option. (Bug 6643)
  • ZigBee ZCL Dissector reports invalid status. (Bug 6649)
  • ICMPv6 DNSSL option malformed on padding. (Bug 6660)
  • Wrong tvb_get_bits function call in packet-csn1.c. (Bug 6708)
  • [UDP] – Length Field of Pseudo Header while computing CheckSum is not correct. (Bug 6711)
  • pcapio.c: bug in libpcap_write_interface_description_block. (Bug 6719)
  • Memory leaks in various dissectors.
  • Bytes highlighted in wrong Byte pane when field selected in Details pane.

Updated Protocol Support:-
BGP, BMC CSN1, DCERPC EPM, DCP(ETSI) DMP DTLS GSM Management, H245 HPTEAM, ICMPv6, IEEE 802.15.4 IPSEC IPv4, IPv6, ISAKMP KERBEROS LDSS NFS RLC, RPC-NETLOGON RRC RTMPT SIGCOMP SSL SYSLOG TCP, UDP, XML ZigBee ZCL

New and Updated Capture File Support:-
Accellent 5Views, AIX iptrace, HP-UX nettl, I4B, Microsoft Network Monitor, Novell LANalyzer, PacketLogger, Pcap-ng, Sniffer, Tektronix K12, WildPackets {Airo,Ether}Peek.


To Download Wireshark Click Here



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search