[SYSS-2016-115] Cisco Expressway: Security Bypass Vulnerability (CWE-20)

Posted by Micha Borrmann on Dec 19Advisory ID: SYSS-2016-115
Product: Expressway
Manufacturer: Cisco
Affected Version(s): below X8.9
Tested Version(s): X8.8.1
Vulnerability Type: Improper Input Validation (CWE-20)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2016-11-10
Solution Date: 2016-12-05
Public Disclosure: 2016-12-14
CVE Reference: CVE-2016-9207
Author of Advisory: Micha Borrmann, SySS GmbH…

Link: http://seclists.org/bugtraq/2016/Dec/40

Morpheus – Automated Ettercap TCP/IP Hijacking Tool

Morpheus framework automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents by our contents befor forward the packet back to the target host…workflow:1º – attacker -> arp poison local lan (mitm)2º – target   -> requests webpage from network (wan)3º – attacker -> modifies webpage response (contents)4º – attacker -> modified packet its forward back to target hostmorpheus ships with some pre-configurated filters but it will allow users to improve them when lunching the attack (morpheus scripting console). In the end of the attack morpheus will revert the filter back to is default stage, this will allow users to improve filters at running time without the fear of messing with filter command syntax and spoil the filter.”Perfect for scripting fans to safely test new concepts"… What can we acomplish by using filters?morpheus ships with a collection of etter filters writen be me to acomplish various tasks: replacing images in webpages, replace text in webpages, inject payloads using html

tag, denial-of-service attacks (drop,kill packets from source), https/ssh downgrade attacks, redirect target browser traffic to another domain and gives you the ability to build compile your filter from scratch and lunch it through morpheus framework (option W)."filters can be extended using browser languages like: javascript,css,flash,etc"…In this example we are using " HTML tag" to inject an rediretion url in target request In this example we are using ‘CSS3’ to trigger webpage 180º rotation Framework limitations1º – morpheus will fail if target system its protected againt arp poison atacks2º – downgrade attacks will fail if browser target as installed only-https addon’s3º – target system sometimes needs to clear netcache for arp poison to be effective4º – many attacks described in morpheus may be droped by target HSTS detection sys.5º – incorrect number of token (///) in TARGET !!    morpheus by default will run ettercap using IPv6 (USE_IPV6=ACTIVE) like its previousconfigurated into the ‘settings’ file, if you are reciving this error edit settingsfile befor runing morpheus and set (USE_IPV6=DISABLED) to force ettercap to use IPV46º – morpheus needs ettercap to be executed with higth privileges (uid 0 | gid 0). correct ettercap configuration display (running as Admin without ssl disectors active) By default morpheus (at startup) will replace the original etter.conf/etter.dns files provided by ettercap, at framework exit morpheus will revert files to is original state.. Dependencies ettercap, nmap, apache2, zenity Framework option 1 [firewall] screenshots firewall [option 1] pre-configurated filter will capture credentials from the follow services:http,ftp,ssh,telnet (facebook uses https/ssl 🙁 ) report suspicious connections, report commonwebsocial browsing (facebook,twitter,youtube), report the existence of botnet connections like:Mocbot IRC Bot, Darkcomet, redirect browser traffic and allow users to block connections (drop,kill) "Remmenber: morpheus gives is users the ability to ‘add more rules’ to filters befor execution"[morpheus] host:192.168.1.67 [ -> ] port:23 telnet ☆ Source ip addr flow destination rank good[morpheus] host:192.168.1.67 [ <- ] port:23 telnet ☠ Destination ip flow source port rank suspicious Basically firewall filter will act like one offensive and defensive tool analyzing the tcp/udp data flow to report logins,suspicious traffic,brute-force,block target ip,etc. Download morpheus

Link: http://feedproxy.google.com/~r/PentestTools/~3/YzjkXtUGy_U/morpheus-automated-ettercap-tcpip.html

[SECURITY] [DSA 3738-1] tomcat7 security update

Posted by Sebastien Delafond on Dec 19————————————————————————-
Debian Security Advisory DSA-3738-1 security () debian org
https://www.debian.org/security/ Sebastien Delafond
December 18, 2016 https://www.debian.org/security/faq
————————————————————————-

Package : tomcat7
CVE ID : CVE-2016-6816 CVE-2016-8735…

Link: http://seclists.org/bugtraq/2016/Dec/39