Zero-day vulnerabilities discovered: 7
Segmentation fault
The vulnerability allows a remote attacker to cause DoS condition on the target system.According to MITRE statement, the vulnerability has been exploited in the wild in November 2018.
Software: Suricata
Information disclosure
The vulnerability allows a remote attacker to perform MitM attack.The vulnerability was used in the attack called Poodle against Docker.
Software: OpenSSL
Links:
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/reports/rpt-magnified-losses-a...
https://www.appsecconsulting.com/blog/zero-day-attacks-in-2014
https://technet.microsoft.com/en-us/library/security/3009008.aspx
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc
https://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html
http://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
https://www.tripwire.com/state-of-security/vulnerability-management/ssl-v3-poodle-vulnerability-reve...
https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
https://www.entrust.com/get-support/ssl-certificate-support/poodle-security-vulnerability/
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/poodle-sslv3-vulnerability-t...
Command injection
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists due to incorrect parsing of environment variables. A remote attacker can execute arbitrary code on the target system as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
Successful exploitation may allow an attacker to gain complete control over vulnerable system.
Exploitation example:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Note: this vulnerability was being actively exploited in the wild.
Shellshock is a variety of vulnerabilities in GNU Bash implementation caused by incomplete patches after official release of the fix and public disclosure of the vulnerability. There were 5 failed attempts in total to fix this Shellshock bugs until it was finally patched in version bash43-027, released on October 1, 2014.
Some of these vulnerabilities were exploited in the wild before the patch, which makes them zero-days. These vulnerabilities are covered under the following CVEs:
CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
Giving the nature of the vulnerabilities and attack vectors we have decided to cover these vulnerabilities under one description and count them as one zero-day vulnerability.
Software: Bash
Shellshock is a variety of vulnerabilities in GNU Bash implementation caused by incomplete patches after official release of the fix and public disclosure of the vulnerability. There were 5 failed attempts in total to fix this Shellshock bugs until it was finally patched in version bash43-027, released on October 1, 2014.
Some of these vulnerabilities were exploited in the wild before the patch, which makes them zero-days. These vulnerabilities are covered under the following CVEs:
CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
Giving the nature of the vulnerabilities and attack vectors we have decided to cover these vulnerabilities under one description and count them as one zero-day vulnerability.
Links:
http://lcamtuf.blogspot.cz/2014/09/quick-notes-about-bash-bug-its-impact.html
http://unix.stackexchange.com/questions/157381/when-was-the-shellshock-cve-2014-6271-7169-bug-introd...
http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-shellshock-and-ho...
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/6033/bash-vulnerability-shellsh...
https://www.tripwire.com/state-of-security/off-topic/shell-shocked-bash-bug-detection-tools-cve-2014...
http://security.stackexchange.com/questions/100388/avast-performing-an-attack
http://community.ispyconnect.com/ispybb2/viewtopic.php?t=1360
https://securelist.com/blog/research/66673/bash-cve-2014-6271-vulnerability-qa-2/
http://resources.infosecinstitute.com/bash-bug-cve-2014-6271-critical-vulnerability-scaring-internet...
https://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability
https://www.alienvault.com/blogs/labs-research/attackers-exploiting-shell-shock-cve-2014-6271-in-the...
SQL injection
The vulnerability allows a remote attacker to execute arbitrary SQL commands in vulnerable application.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to the XML-RPC script using the "what" parameter and view, add, modify or delete information in the back-end database.
Successful exploitation may allow an attacker to gain unauthorized access to the vulnerable system.
Note: this vulnerability was being actively exploited.
The vulnerability was discovered and reported to Revive Adserver team by Florian Sander.
The vulnerability is considered to be connected with attacks on web site centralpark[.]com and high-traffic site clipconverter[.]cc
Software: Revive Adserver
Arbitrary PHP code execution
The vulnerability allows a remote attacker to execute arbitrary PHP code on the target system.The vulnerability has been exploited from November 2012 till August 2013.
Software: Revive Adserver
Denial of service
The vulnerability allows a remote attacker to cause DoS conditions on the target system.This vulnerability was the cause of a record-sized NTP reflection attack in late 2013 and early 2014. We consider this a zero-day vulnerability as it was exploited in the wild before the official patch release.
Software: ntp
Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5211
http://www.vmware.com/security/advisories/VMSA-2014-0002.html
https://packetstormsecurity.com/files/125774
http://www.kb.cert.org/vuls/id/348126
https://www.us-cert.gov/ncas/alerts/TA13-088A
http://christian-rossow.de/articles/Amplification_DDoS.php
https://www.symantec.com/connect/blogs/hackers-spend-christmas-break-launching-large-scale-ntp-refle...
http://www.kb.cert.org/vuls/id/348126
http://christian-rossow.de/articles/Amplification_DDoS.php
http://bugs.ntp.org/show_bug.cgi?id=1532
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: FreeBSD
Links:
https://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
https://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
https://www.freebsd.org/security/advisories/FreeBSD-SA-11:08.telnetd.asc
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
http://eromang.zataz.com/2012/01/16/cve-2011-4862-freebsd-telnet-buffer-overflow-metasploit-demo/
https://vulners.com/metasploit/MSF:AUXILIARY/SCANNER/TELNET/TELNET_ENCRYPT_OVERFLOW