| CAPEC |
-
Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts.
With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host.
Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
-
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
|
| nessus
via4
|
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-A253644369.NASL | | description | - Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430
- Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417
----
- Updated Intel GPU, amdgpu, iwlwifi, mvebu wifi, liquidio, QCom a530 & Venus, mlxsw, qed
- Add iwlwifi 9000 series
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-02-02 | | plugin id | 105133 | | published | 2017-12-11 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=105133 | | title | Fedora 26 : linux-firmware (2017-a253644369) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DLA-1573.NASL | | description | Several vulnerabilities have been discovered in the firmware for Broadcom BCM43xx wifi chips that may lead to a privilege escalation or loss of confidentiality.
CVE-2016-0801
Broadgate Team discovered flaws in packet processing in the Broadcom wifi firmware and proprietary drivers that could lead to remote code execution. However, this vulnerability is not believed to affect the drivers used in Debian.
CVE-2017-0561
Gal Beniamini of Project Zero discovered a flaw in the TDLS implementation in Broadcom wifi firmware. This could be exploited by an attacker on the same WPA2 network to execute code on the wifi microcontroller.
CVE-2017-9417 / #869639
Nitay Artenstein of Exodus Intelligence discovered a flaw in the WMM implementation in Broadcom wifi firmware. This could be exploited by a nearby attacker to execute code on the wifi microcontroller.
CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081
Mathy Vanhoef of the imec-DistriNet research group of KU Leuven discovered multiple vulnerabilities in the WPA protocol used for authentication in wireless networks, dubbed 'KRACK'.
An attacker exploiting the vulnerabilities could force the vulnerable system to reuse cryptographic session keys, enabling a range of cryptographic attacks against the ciphers used in WPA1 and WPA2.
These vulnerabilities are only being fixed for certain Broadcom wifi chips, and might still be present in firmware for other wifi hardware.
For Debian 8 'Jessie', these problems have been fixed in version 20161130-4~deb8u1. This version also adds new firmware and packages for use with Linux 4.9, and re-adds firmware-{adi,ralink} as transitional packages.
We recommend that you upgrade your firmware-nonfree packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-13 | | plugin id | 118888 | | published | 2018-11-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=118888 | | title | Debian DLA-1573-1 : firmware-nonfree security update (KRACK) |
| NASL family | Fedora Local Security Checks | | NASL id | FEDORA_2017-355AC8A91A.NASL | | description | - Updated bcm 4339 4354 4356 4358 firmware, new bcm 43430
- Fixes CVE-2016-0801 CVE-2017-0561 CVE-2017-9417
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-02-01 | | plugin id | 105855 | | published | 2018-01-15 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=105855 | | title | Fedora 27 : linux-firmware (2017-355ac8a91a) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_SECUPD2017-003.NASL | | description | The remote host is running Mac OS X 10.10.5, Mac OS X 10.11.6, or macOS 10.12.5 and is missing a security update. It is therefore, affected by multiple vulnerabilities :
- An overflow condition exists in the curl component in the dprintf_formatf() function that is triggered when handling floating point conversion. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code.
(CVE-2016-9586)
- A flaw exits in the curl component in the randit() function within file lib/rand.c due to improper initialization of the 32-bit random value, which is used, for example, to generate Digest and NTLM authentication nonces, resulting in weaker cryptographic operations than expected. (CVE-2016-9594)
- A flaw exists in the curl component in the allocate_conn() function in lib/url.c when using the OCSP stapling feature for checking a X.509 certificate revocation status. The issue is triggered as the request option for OCSP stapling is not properly passed to the TLS library, resulting in no error being returned even when no proof of the validity of the certificate could be provided. A man-in-the-middle attacker can exploit this to provide a revoked certificate. (CVE-2017-2629)
- A remote code execution vulnerability exists in the CoreAudio component due to improper validation of user-supplied input when handling movie files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted movie file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7008)
- A memory corruption issue exists in the IOUSBFamily component due to improper validation of user-supplied input. A local attacker can exploit this, via a specially crafted application, to cause a denial of service condition or the execution of arbitrary code.
(CVE-2017-7009)
- Multiple out-of-bounds read errors exist in the libxml2 component due to improper handling of specially crafted XML documents. An unauthenticated, remote attacker can exploit these to disclose user information.
(CVE-2017-7010, CVE-2017-7013)
- Multiple memory corruption issues exist in the Intel Graphics Driver component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with elevated privileges.
(CVE-2017-7014, CVE-2017-7017, CVE-2017-7035, CVE-2017-7044)
- A remote code execution vulnerability exists in the Audio component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit this, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7015)
- Multiple remote code execution vulnerabilities exist in the afclip component due to improper validation of user-supplied input when handling audio files. An unauthenticated, remote attacker can exploit these vulnerabilities, by convincing a user to play a specially crafted audio file, to execute arbitrary code. (CVE-2017-7016, CVE-2017-7033)
- A memory corruption issue exists in the AppleGraphicsPowerManagement component due to improper validation of input. A local attacker can exploit this to cause a denial of service condition or the execution of arbitrary code with system privileges.
(CVE-2017-7021)
- Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with system privileges. (CVE-2017-7022, CVE-2017-7024, CVE-2017-7026)
- Multiple memory corruption issues exist in the kernel due to improper validation of input. A local attacker can exploit these issues to cause a denial of service condition or the execution of arbitrary code with kernel privileges. (CVE-2017-7023, CVE-2017-7025, CVE-2017-7027, CVE-2017-7069)
- Multiple unspecified flaws exist in the kernel due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents.
(CVE-2017-7028, CVE-2017-7029, CVE-2017-7067)
- A flaw exists in the Foundation component due to improper validation of input. A unauthenticated, remote attacker can exploit this, by convincing a user to open specially crafted file, to execute arbitrary code.
(CVE-2017-7031)
- A memory corruption issue exists in the 'kext tools' component due to improper validation of input. A local attacker can exploit this to execute arbitrary code with elevated privileges. (CVE-2017-7032)
- Multiple unspecified flaws exist in the Intel Graphics Driver component due to a failure to properly sanitize input. A local attacker can exploit these issues, via a specially crafted application, to disclose restricted memory contents. (CVE-2017-7036, CVE-2017-7045)
- A memory corruption issue exists in the libxpc component due to improper validation of input. A local attacker can exploit this issue, via a specifically crafted application, to cause a denial of service condition or the execution of arbitrary code with system privileges.
(CVE-2017-7047)
- Multiple memory corruption issues exist in the Bluetooth component due to improper validation of input.
A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7050, CVE-2017-7051)
- A memory corruption issue exists in the Bluetooth component due to improper validation of input. A local attacker can exploit these issues to execute arbitrary code with system privileges. (CVE-2017-7054)
- A buffer overflow condition exists in the Contacts component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7062)
- A buffer overflow condition exists in the libarchive component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted archive file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2017-7068)
- A certificate validation bypass vulnerability exists in the curl component due to the program attempting to resume TLS sessions even if the client certificate fails. An unauthenticated, remote attacker can exploit this to bypass validation mechanisms. (CVE-2017-7468)
- A memory corruption issue exists in the Broadcom BCM43xx family Wi-Fi Chips component that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2017-9417) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 101957 | | published | 2017-07-25 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101957 | | title | macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-003) |
|
