Home Tags Kerberos

Tag: Kerberos

50 hashes per hour

In this research we'll be revisiting the USB port – this time in attempts to intercept user authentication data on the system that a microcomputer is connected to.

As we discovered, this type of attack successfully allows an intruder to retrieve user authentication data – even when the targeted system is locked.

EMC slings patch at remote hack nonce-nse

Smells like 2010 Remote attackers can hose EMC hybrid flash storage thanks to cryptographic weaknesses. The patched vulnerability (CVE-2016-0917) affects EMC's VNX1, VNX2 and VNXe systems, including the end-of-life Celerra which will not receive a fix. EMC researchers wrote in a security notice that remote attackers could access the SMB service using administrator credentials by messing with authentication protocols such that duplicate cryptographic nonces are produced. "An unauthenticated remote attacker may potentially exploit the NTLM challenge-response authentication protocol causing the server to generate duplicate challenges / nonces to potentially access the SMB service of the target system under the credentials of an authorised user," they wrote in the advisory. "Depending on the privileges of the user, the attacker may be able to obtain and modify files on the target system and execute arbitrary code." It said the vulnerability was is similar to a flaw (CVE-2010-0231) Microsoft patched in 2010 that resulted in elevation of privelege against Windows platforms. "An unauthenticated elevation of privilege vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles authentication attempts.

An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending large amounts of authentication requests to the SMB server.

An attacker who successfully exploited this vulnerability could access the SMB service on the target user under the credentials of an authorised user." EMC says all affected users should upgrade immediately.
If you've got Celerra kit, switch to Kerberos authentication instead of NTLM. ® Sponsored: Customer Identity and Access Management

Guilt by ASN: Compiler’s bad memory bug could sting mobes, cell...

Telco, embedded systems may inherit remote vulns A vulnerability in a widely used ASN.1 compiler isn't a good thing: it means a bunch of downstream systems – including mobile phones and cell towers – will inherit the bug. And an ASN.1 bug is what the Sadosky Foundation in Argentina has turned up, in Objective Systems' software. The Argentinean research foundation says Objective's ASN1C compiler for C/C++ version 7.0.0 (other builds are probably affected) generates code that suffers from heap memory corruption.

This could be potentially exploited to run malware on machines and devices that run the vulnerable compiler output or interfere with their operation. We're in fairly arcane territory here, so Vulture South will beg your patience.

ASN.1 (it stands for Abstract Syntax Notation) is a standard, rather than a programming language.

Among other things, LDAP, H.323, Kerberos, SS7 and the Simple Network Management Protocol (SNMP) use it to describe their data interchange. ASN compilers relieve the developer from having to learn the complicated notation themselves, by automating code production: in other words, rather than writing software that handles ASN data, you use a tool like Objective's ASN1C compiler to generate the source code you need to process ASN-encoded information for your application. You then build that machine-written code, and ship it. That makes a bug in the compiler a serious issue even if, as the Sadosky Foundation's detailed advisory says, it's hard to assess just how big the issue might be right now. The compiler-generated code that controls your mobile phone's radio – the baseband component – and the network providing your phone signal and connectivity may be buggy as a result of this toolchain weakness.

Those bugs, exploitable via data thrown at them over the airwaves, will end up built into critical gear and no one will realize there are security holes present – until now. “The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources, these may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network,” the advisory states. “Due to the fact that the bugs are located in the core runtime support library, it is hard to assess its exploitability in all scenarios but it is safe to assume that it would lead [to] attacker controlled memory corruption.” Objective has issued an interim release, ASN1C 7.0.1, and says the patch will be incorporated in the upcoming 7.0.2 release. And, of course, any programmer using the compiler will have to check whether their software inherits the bug from the toolchain, and push out their own patches. Which then have to be included in shipping products.

And that's where it'll get messy. US CERT is due to publish an advisory detailing the known vulnerable systems and software. ® Sponsored: 2016 Cyberthreat defense report

Microsoft Issues Guidance on Group Policy-Breaking Patches

Microsoft published new advice on how to repair the damage from broken Group Policy Objects from June's patches that had some IT professionals up in arms. Last month, Microsoft once again reminded the IT community about the importance of testing Window...

MS16-072 – Important: Security Update for Group Policy (3163622) – Version:...

Security Update for Group Policy (3163622)Published: June 14, 2016Version: 1.0This security update resolves a vulnerability in Microsoft Windows.

The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.This security update is rated Important for all supported releases of Microsoft Windows.

For more information, see the Affected Software and Vulnerability Severity Ratings section.The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.

For more information about the vulnerability, see the Vulnerability Information section.For more information about this update, see Microsoft Knowledge Base Article 3163622.The following software versions or editions are affected.
Versions or editions that are not listed are either past their support life cycle or are not affected.

To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability.

For information regarding the likelihood, within 30 days of this security bulletin’s release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the June bulletin summary.[1]This update is only available via Windows Update.[2]Windows 10 updates are cumulative.

The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates.

The updates are available via the Microsoft Update Catalog.Note Windows Server 2016 Technical Preview 5 is affected.

Customers running this operating system are encouraged to apply the update, which is available via Windows Update.*The Updates Replaced column shows only the latest update in any chain of superseded updates.

For a comprehensive list of updates replaced, go to the Microsoft Update Catalog, search for the update KB number, and then view update details (updates replaced information is provided on the Package Details tab).Group Policy Elevation of Privilege Vulnerability – CVE-2016-3223An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates.

An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the target machine.To exploit this vulnerability, an attacker would need to launch a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target machine.

An attacker could then create a group policy to grant administrator rights to a standard user.

The security update addresses the vulnerability by enforcing Kerberos authentication for certain calls over LDAP.The following table contains links to the standard entry for each vulnerability in the Common Vulnerabilities and Exposures list: Vulnerability Title CVE number Publicly disclosed Exploited Group Policy Elevation of Privilege Vulnerability CVE-2016-3223 No No Mitigating FactorsThe following mitigating factors may be helpful in your situation:Domain-joined systems with servers running Windows Server 2012 and above and clients running Windows 8 and above are protected from this vulnerability by the Kerberos armoring feature.

For more information, see the following articles: WorkaroundsMicrosoft has not identified any workarounds for these vulnerabilities.For Security Update Deployment information, see the Microsoft Knowledge Base article referenced here in the Executive Summary.Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.
See Acknowledgments for more information.The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages.
Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.V1.0 (June 14, 2016): Bulletin published. Page generated 2016-06-14 09:42-07:00.