NCC Group Research Director Andy Davis presented 'USB Attacks Need Physical Access Right? Not Any More...' at this year's BlackHat Asia in Singapore. Due to recent advances in a number of remoting technologies, USB attacks can now be launched over a network. The talk went into detail about how these technologies work, the resulting impact on the world of USB bugs and included a live demo remotely triggering a USB kernel bug in Windows 2012 server.
6b69c9ca16bc7b4b25c8eaf51bdad117771585a02daec7c27db6c045043dfa9ciOS 7 suffered from an arbitrary code execution vulnerability in kernel mode.
a80dfd22eb4297c3c38e28620d240742691ea94f1473c9e9c446334c23938dffOracle Database 11g suffers from a null pointer denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
7366e77f697aca2ecdba7bfb457e1fe1dfc05c93aea874d256f1f2686baea2f7Oracle Database 11g suffers from a denial of service vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
60d5de1a200f206f295e52a01fff891d50942ff110a36d295495ac71804abc8bNCC Group has discovered a USB RNDIS driver kernel pool overflow in Microsoft Windows. Unfortunately, as usual, the NCC group are withholding any details for three months.
b67f78c8f27b85aad58afde12e4da95467a1c87bf89d8c723683988c3105422cAndy Davis of NCC Group has discovered an arbitrary code execution vulnerability in Apple OS X Lion versions 10.7 to 10.7.4 and OS X Lion Server versions 10.7 to 10.7.4.
4d92bdc3d4a04a081d6ffd6f55afa9423679f106f5b331ef53e98497ba57edaeSamba versions up to 3.4.0 suffer from a code execution vulnerability.
3c60f7d6b21aa91e993400833006fa77981a0d39cf04dc6c46f58d279e888523BlackBerry PlayBook suffers from a samba related code execution vulnerability. Tablet versions prior to 2.0.0.7971 are affected.
1afc8a7ff4c33e0b84d61b7fd3ad9ea453b1ab6f4c8645898025d843d0ecb99cIt was discovered that a local attacker can send a malformed USB hub class descriptor via a malicious USB device and trigger a kernel stack overflow in Solaris versions 8, 9, 10, and 11 Express.
a80d1f9f52f13b9e8415d9d58079861c76c46a4c8467e2a7cfa25f5c7369fe03Lumension Device Control (formerly Sanctuary) version 4.4 SR6 suffers from a remote memory corruption vulnerability.
c57ef1704cb0c41b6705165642f98b7d6449b19cbe982463e50749ab3173be60Version-independent IOS shellcode that does not require hard-coded IOS addresses.
a8749a2b8fbe30c8e89d87a164b28543061e8b5d42e9fadf68560774e487a883Cisco IOS FTP server exploit step-by-step instructions which includes information on connecting to a Cisco router using gdb.
ae635a76307aaf65d0cd771afdc2ccb4754e8f175174fd6311f79b519ae837afA follow up regarding the shellcode used in the Cisco IOS FTP exploit detailing everything used.
e9bd62308e9ef7d31d26080e42ff90895b52c336e707b2c958fabe963635cb3aCisco IOS FTP server remote exploit that escalates privileges to level 15. Specific hard-coded addresses are for IOS 12.3(18) on a 2621XM router. Slightly crippled forcing this to only work when the router is connected to a debugger.
d54246014babb4c769cae5fee17eb1d8d2663d37a25a025002299897d93a764a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed