Exploit Shield 0.60 Beta Released

Posted: February 17th, 2009 | Author: xanda | Filed under: IT Related | Tags: exploit, Exploit Shield, f-secure, MS09-002, security | 1 Comment »

For those who are still booting into Microsoft Windows, a new version (0.60) of our F-Secure Exploit Shield Beta is now available.

You may also remember that Microsoft patched MS08-078 around the same time. Multiple versions of Internet Explorer were affected on multiple versions of the Windows OS and exploit code was circulating at the time. Exploit Shield 0.5 was able to proactively protect against those exploits.

Exploit Shield is designed to shield Web browsers between the development of an exploit and the release of the vendor’s patch.

To sum up, Exploit Shield provides:

Zero Day Defense: Protects unpatched machines.
Patch-Equivalent Protection: Vulnerability “shield” updates.
Proactive Measures: Heuristic detection techniques.
Protects Against All Websites: Regardless if untrusted or trusted and malicious or hacked.
Automatic Feedback: detected exploit attempts are automatically reported to F-Secure.

Here’s the main menu:

ExploitShield

Version 0.60 now includes 32-bit Vista support, includes more vulnerability coverage and also includes engine improvements.

Look for the download link from: www.f-secure.com/labs.

If you want or need a reason to test Exploit Shield, consider this month’s Microsoft Updates. There were two vulnerabilities in Internet Explorer 7 for Windows XP and Windows Vista that were patched last week…

Firefox isn’t completely immune either, see Mozilla’s Security Center for details on recent vulnerability patches.

[source: F-Secure Weblog]

P/S: Version 0.5 users will now see a prompt that their installation has expired. The database channel is now closed, but the existing shields and the proactive protections remain.

*** [updated on 22/2/2009] ***

F-Secure Exploit Shield proactively protected against MS09-002 (a vulnerability in Internet Explorer 7) without the need for a shield update.

Installing VMWare Server 1.0.8 on Ubuntu 8.04.1 & 8.0.4.2 (Hardy)

Posted: January 21st, 2009 | Author: xanda | Filed under: IT Related | Tags: 1.0.8, 8.04, 8.04.1, hardy, ubuntu, vmware, vmware server | 4 Comments »

[updated on 12/6/2009]

Need to rush, here is my short update

1) Install the dependencies and prepare environment

sudo apt-get install ia32-libs libc6-i386 build-essential xinetd linux-headers-`uname -r`

sudo mkdir /etc/vmware && sudo mkdir /etc/vmware/ssl && sudo touch /etc/vmware/ssl/rui.key && sudo touch /etc/vmware/ssl/rui.crt

2) Download VMware Server 1.0.8

cd ~/Desktop
wget http://download3.vmware.com/software/vmserver/VMware-server-1.0.8-126538.tar.gz

3) Extract the downloaded (tar.gz) file

tar xvfz VMware-server-*.tar.gz
cd vmware-server-distrib

4) Get the serial number

http://register.vmware.com/content/registration.html

5) Run the installer script

sudo ./vmware-install.pl

6) What ever prompted by the installer, just simply press Enter. Owh ya, once the installer request for serial number, enter the serial number that you get from step 4.

7) Something wrong with the installed libgcc, so remove it and symlink the libgcc back

sudo mv /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1-vmware
sudo ln -s /lib/libgcc_s.so.1 /usr/lib/vmware/lib/libgcc_s.so.1/libgcc_s.so.1

8 ) Now run your VMWare Server. Taddaaa!~

9) Lets clean things up

rm -f VMware-server*
rm -dfr vmware-server-distrib/

Thanks

**[updated on 3rd February 2009]**

If you found this error (OR something similar) :-

The correct version of one or more libraries needed to run VMware Server may be
missing.  This is the output of ldd /usr/bin/vmware:
        linux-gate.so.1 =>  (0xffffe000)
        libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7f5a000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7f57000)
        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7f45000)
        libX11.so.6 => not found
        libXtst.so.6 => not found
        libXext.so.6 => not found
        libXt.so.6 => not found
        libICE.so.6 => not found
        libSM.so.6 => not found
        libXrender.so.1 => not found
        libz.so.1 => /usr/lib/libz.so.1 (0xb7f2f000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7e00000)
        /lib/ld-linux.so.2 (0xb7f83000)
 
This program cannot tell for sure, but you may need to upgrade libc5 to glibc
before you can run VMware Server.

Simply install the following package

sudo apt-get install libx11-6 libxtst6 libxext6 libsm6 libxrender1 libxt6

Sorry to Say, But It is a Lame Exploit

Posted: January 18th, 2009 | Author: xanda | Filed under: IT Related | Tags: exploit, lame | No Comments »

As posted in SEBUG Security DB, puret_t released an exploit on WordPress 2.7.0 admin remote code execution vulnerability. I plan to discuss the exploit and the vulnerability in a knowledge sharing session, so I spent a few minutes to study them.

Sorry to puret_t because I have to say that it is a lame exploit. The reasons are :-

You need to have admin user name and password to execute the exploit.
The exploit will upload a webshell, but since you have admin user name and password, why dont you just use the upload function in wordpress?
The webshell itself contain error :-
<?php eval($_POST[c]); ?>
<?php eval($_POST[c]); ?>
The correct one should be :-
<?php eval($_POST['c']); ?>
<?php eval($_POST['c']); ?>