Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Hello and welcome to the Friday May 10th 2020
0:02
4th edition of the Santa Storms Center's Stormcast.
0:08
My name is Johannes Ulrich
0:10
and today I'm recording from
0:12
San Diego, California. We
0:15
got a great diary today by DDE where yet
0:17
again, he is improving
0:19
one of his tools. If
0:22
you're analyzing a PDF, there
0:25
may be multiple PDF streams
0:27
present. The old
0:29
tool PDFPowersR.py did allow you to
0:31
extract individual streams but well, if
0:34
there are a lot of them,
0:36
that's kind of tedious. So
0:38
users asked for all
0:40
of the PDF streams to be
0:43
exported as at once and
0:45
that's exactly what DDE added
0:48
in version 0.7.9 of PDFPowersR.py.
0:54
Even better, the output is in
0:57
JSON format that can then be
0:59
post-processed with other tools
1:01
in DDE's famous tool
1:03
set. So you can
1:05
decompress, you can analyze
1:08
the mime type
1:10
of different streams and all
1:12
of this all by
1:14
just piping JSON output from one
1:17
tool into the next to further
1:19
process the data. Nice
1:21
examples here from DDE as
1:24
part of the diary if
1:26
you're interested in more details.
1:31
And F5 published an update
1:33
for its Next Central Manager
1:35
product. Next is the name
1:37
of a product series of
1:40
4F5 which is the next
1:42
generation of products and Central
1:44
Manager is the tool that
1:46
you're using to administer these
1:49
different products. The vulnerabilities
1:51
were found by Eclipsium and
1:53
there are a total of
1:55
five vulnerabilities but only two
1:57
of them received CVE numbers.
2:00
These two vulnerabilities are SQL
2:02
injection vulnerabilities. One of them
2:05
actually requires LDAP to be
2:07
enabled. The second one apparently
2:10
doesn't. These SQL
2:12
injection vulnerabilities are
2:14
explained in Eclipsium's blog
2:16
post, including a proof
2:18
of concept that does
2:20
retrieve the admin's password
2:22
hash. The other vulnerabilities
2:24
are less severe, which is why they
2:27
may not have gotten a CVE number,
2:29
like for example a BCrypt hash
2:31
that doesn't use a sufficient cost
2:33
would call this a minor thing.
2:35
The one thing that I'm actually
2:37
a little concerned about, there is
2:39
a vulnerability that allows an attacker
2:41
to change the admin password without
2:43
knowing the old password. However,
2:46
the attacker needs to be
2:48
authenticated as an admin. So
2:52
maybe stealing a session ID or
2:54
something like this could be then
2:56
used to gain more persistent access
2:58
by changing the administrator's password.
3:02
Updates are available from F5, so
3:06
check out that you have the
3:08
latest version of the
3:10
next central manager if you
3:12
already are using this product.
3:16
And backup company Veeam
3:19
did release updates for
3:22
its Veeam service provider console 7 and 8.
3:26
These updates fix de-serialization
3:30
vulnerability that
3:32
according to Veeam could
3:34
be used to achieve
3:37
remote code execution, and
3:39
apparently does not require
3:41
authentication. The vulnerability does
3:44
allow for the remote code execution on
3:46
the Veeam service provider
3:48
console server system. And
3:52
Citrix Ran into a little
3:54
bit of an interesting issue
3:56
with XAN Center, its hypervisor
3:58
solution. That are
4:00
it came with a version of
4:03
party and if you did select
4:05
the connect to as as each
4:07
console option you are basically offered
4:10
to download party and then install
4:12
it of from Zen Center directly.
4:14
This middle bit easier didn't require
4:17
that people have to sort of
4:19
mine as a decline in particular
4:21
for Windows systems are historically they
4:24
weren't some of that readily available
4:26
other a den a puppy but
4:28
recently Party had. A security born
4:31
ability that a would leak private
4:33
keys and Zen center came with
4:35
this war will burst. Not tricky
4:38
part your is that what he
4:40
a patch to send center wouldn't
4:42
really help users who already had
4:45
of the particular of warble versions
4:47
install so instead they're actually going
4:49
to remove party from san center
4:52
and or it's just asking people
4:54
who already have had installed from
4:56
some center from the past versions
4:59
to just directly. Update from
5:01
party. The Six:
5:03
A somewhat reasonable solution than probably better
5:05
for people in particular that are usually
5:08
dealing here with a. People. In
5:10
at least know how to run as
5:12
his age for them to go directly
5:14
to the party website if they want
5:16
install that. Klein and even Windows these
5:19
days comes with an eighth as they
5:21
climbed that can be installed So so
5:23
far that add on be deliberate. As
5:25
part of Zen Center, it's just asking.
5:28
For. More problems down the
5:30
road. And
5:32
visit for two days. So
5:35
thanks for listening to Like
5:37
the podcast and Police are
5:39
recommended to your friends enemies
5:42
pets and your enemies pets.
5:44
Thanks and talk you again
5:46
on a Monday by.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More