Tenable Network Security Podcast Episode 177 - "Securing Management Devices, Database Security?"
- We're hiring! - Visit the Tenable website for more information about open positions.
- Check out our video channel on YouTube which contains new Nessus and SecurityCenter tutorials.
- Tenable Tweets - You can find us on Twitter at http://twitter.com/tenablesecurity where we make product and company announcements, provide Nessus plugin statistics, and more!
- Want to ask questions about Nessus, SecurityCenter, LCE, and PVS and get answers from the experts at Tenable? Join Tenable's Discussion Forum for custom scripts, announcements, and more!
- You can subscribe to the Tenable Network Security Podcast on iTunes!
Discussion & Highlighted Plugins
- Your organization has measures in place to implement physical security. This is likely tied to some risk equation that takes into account attack likelihood, the value of your assets, and the cost of such an attack. I've seen some really outstanding physical security, some really poor physical security, and most organizations implementing something in between. However, leaving gaps in the security of your management devices (access control server, console servers, on-board server management systems) is the equivalent of having almost zero physical security. It allows attackers to gain access to your systems, bypassing any logical security controls you may have in place. There is a fix for Dell's iDRAC system, which if left unlatched, gives attackers root access to the console server. This can very quickly translate into access to the server itself. The fixes for physical security are often expensive, but the fixes for management level access are usually cheaper and easier. Do most organizations miss this? Why? What can we do to raise awareness?
- Patches were released this week for both Oracle and MySQL. Both of these applications come with challenges. You may have this on your network and not know it because its embedded in the application that was purchased by a different department. Database administrators have enough challenges, and constant patching seems to rock their world. What can organizations do to improve the security of database architecture given current challenges?
- Say "passive PVS PHP plugins" 10 times fast! Several new plugins were released to passively detect several issues with PHP, including a Backdoor script detection plugin and vulnerability data. Being able to detect indications of compromise, coupled with vulnerabilities, is the heart of what Tenable products can deliver.
New & Notable Plugins
- IBM Blade Center Advanced Management Console Detection
- Dell iDRAC6 Multiple Vulnerabilities
- Juniper Junos on SRX Series PIM DoS (JSA10573)
- Juniper Junos SRX Series UAC Enforcer HTTP Remote Code Execution (JSA10574)
- Juniper Junos OpenSSL Multiple Vulnerabilities (JSA10575)
- Juniper Junos proxy-arp/arp-resp DoS (JSA10576)
- Juniper Junos SRX Series TCP ALG DoS (JSA10577)
- Juniper Junos SRX Series MSRPC DoS (JSA10578)
- Juniper Junos SRX1400/3400/3600 Etherleak Information Disclosure (JSA10579)
- Juniper Junos SSL/TLS Renegotiation DoS (JSA10580)
- Apache 2.0 < 2.0.65 Multiple Vulnerabilities
- Apache 2.2 < 2.2.25 Multiple Vulnerabilities
- Oracle Linux 6 : kernel (ELSA-2013-1051)
- Blue Coat Authentication and Authorization Agent (BCAAA) Installed
- Blue Coat Authentication and Authorization Agent Remote Overflow
- Adobe ColdFusion 9/9.0.1/9.0.2 On JRun DoS (APSB13-19) (credentialed check)
- Apache Subversion < 1.6.23 / 1.7.x < 1.7.10 Multiple Remote DoS
- IPMI Cipher Suite Zero Authentication Bypass
- IPMI Cipher Suites Supported
- McAfee ePolicy Orchestrator < 4.6.7 Multiple XSS
- Oracle Database July 2013 Critical Patch Update
- Symantec Mail Security for Exchange / Domino Autonomy KeyView Module Multiple Buffer Overflows
- Symantec Mail Security for SMTP Autonomy KeyView Module Multiple Buffer Overflows
- MySQL 5.1 < 5.1.70 Multiple Vulnerabilities
- MySQL 5.5 < 5.5.32 Multiple Vulnerabilities
- MySQL 5.6.x < 5.6.12 Multiple Vulnerabilities
- Sun Java System Application Server Information Disclosure
- Default password (dasdec1) for 'root' account
- Apache Struts2 action: Parameter Arbitrary Remote Command Execution
- IBM WebSphere Application Server 7.0 < Fix Pack 29 Multiple Vulnerabilities
- IceWarp /rpc/gw.html XML External Entity Arbitrary File Disclosure
- Oracle VM VirtualBox 4.2 < 4.2.14 tracepath Local Denial of Service
Passive Vulnerability Scanner
- HUAWEI network device detection
- Google Chrome < 28.0.1500.71 Multiple Security Vulnerabilities
- phpMyAdmin 4.0.x < 4.0.3 'view_create.php' Cross Site Scripting Vulnerability
- Flash Player <= 10.3.183.90 / 11.7.700.225 Multiple Vulnerabilities (APSB13-17)
- WeChat chat client detection
- LINE chat client detection
- KakaoTalk Client Detection
- PHP Backdoor Script Detection
- PHP Code Obfuscation
- Apache 2.2.x < 2.2.25 Remote Denial of Service Vulnerability
- PHP 5.3.x < 5.3.27 Information Disclosure
- PHP 5.4.x < 5.4.17 Buffer Overflow
- Samba 3.6.x < 3.6.6 Remote Security Bypass
- phpMyAdmin 3.5.x < 220.127.116.11 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities
- Squid 3.2.x < 3.2.13 / 3.3.x < 3.3.8 Port Handling Denial of Service
- Squid 3.x < 3.2.12 / 3.3.x < 3.3.7 idnsALookup HTTP Request Denial of Service
Security News Stories
- Ibrahim Balic takes credit for Apple Dev Centre “attack”, but will he shoulder the blame?
- WordPress flaw could cause data leaks | IT News from V3.co.uk
- Adam Gowdiak uncovers new vulnerability in Java 7 which opens door to 10-year-old attack
- Integrating Vulnerability Management Into The Application Development Process
- True tales of (mostly) white-hat hacking
- Hardware Hacking Trends
- Nations Buying as Hackers Sell Flaws in Computer Code | NYTimes.com
- SIM Cards Have Finally Been Hacked, and the Flaw Could Affect Millions of Phones | Forbes
- SSH Brute Force – The 10 Year Old Attack That Still Persists | Sucuri Blog