Apple disabling the SSL3 support in Push Notification Service

Apple are about to disable SSL3 support in Apple Push Notification Service at Wednesday, October 29.

Developers experiencing issues with Provider Communication interface in the development environment consider immediate updating the code. After this date – Push notification using SSL3 will stop working.

Official apple notification is below

The Apple Push Notification service will be updated and changes to your servers may be required to remain compatible.

In order to protect our users against a recently discovered security issue with SSL version 3.0 the Apple Push Notification server will remove support for SSL 3.0 on Wednesday, October 29. Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected. Providers that support both TLS and SSL 3.0 will not be affected and require no changes.

To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only. Developers can immediately test in this development environment to make sure push notifications can be sent to applications.

Samsung DVR authentication bypass

**************************************************************
Title: Samsung DVR authentication bypass
Version affected: firmware version <= 1.10
Status: unpatched
**************************************************************
Samsung provides a wide range of DVR products, all working with nearly
the same firmware. The firmware it's a Linux embedded system that
expose a web interface through the lighttpd webserver and CGI pages.
The authenticated session is tracked using two cookies, called DATA1
and DATA2, containing respectively the base64 encoded username and
password. So, the first advise for the developers is to don't put the
user credentials into the cookies!
Anyway, the critical vulnerability is that in most of the CGI, the
session check is made in a wrong way, that allows to access protected
pages simply putting an arbitrary cookie into the HTTP request. Yes,
that's all.
This vulnerability allows remote unauthenticated users to:
- Get/set/delete username/password of local users (/cgi-bin/setup_user)
- Get/set DVR/Camera general configuration
- Get info about the device/storage
- Get/set the NTP server
- Get/set many other settings
Vulnerables CGIs:
- /cgi-bin/camera_privacy_area
- /cgi-bin/dev_camera
- /cgi-bin/dev_devinfo
- /cgi-bin/dev_devinfo2
- /cgi-bin/dev_hddalarm
- /cgi-bin/dev_modechange
- /cgi-bin/dev_monitor
- /cgi-bin/dev_pos
- /cgi-bin/dev_ptz
- /cgi-bin/dev_remote
- /cgi-bin/dev_spotout
- /cgi-bin/event_alarmsched
- /cgi-bin/event_motion_area
- /cgi-bin/event_motiondetect
- /cgi-bin/event_sensordetect
- /cgi-bin/event_tamper
- /cgi-bin/event_vldetect
- /cgi-bin/net_callback
- /cgi-bin/net_connmode
- /cgi-bin/net_ddns
- /cgi-bin/net_event
- /cgi-bin/net_group
- /cgi-bin/net_imagetrans
- /cgi-bin/net_recipient
- /cgi-bin/net_server
- /cgi-bin/net_snmp
- /cgi-bin/net_transprotocol
- /cgi-bin/net_user
- /cgi-bin/rec_event
- /cgi-bin/rec_eventrecduration
- /cgi-bin/rec_normal
- /cgi-bin/rec_recopt
- /cgi-bin/rec_recsched
- /cgi-bin/restart_page
- /cgi-bin/setup_admin_setup
- /cgi-bin/setup_datetimelang
- /cgi-bin/setup_group
- /cgi-bin/setup_holiday
- /cgi-bin/setup_ntp
- /cgi-bin/setup_systeminfo
- /cgi-bin/setup_user
- /cgi-bin/setup_userpwd
- /cgi-bin/webviewer
PoC exploit to list device users and password:
Credit: andreafabrizi

Remote 0day Exploit for Tectia SSH Server released

Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from http://www.tectia.com) that allow attacker to bypass Authentication remotely.

Description : An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication.

Download Exploit Code : Click Here
A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it 🙂
hack
Command Source : http://goo.gl/BHqWd
CREDIT: Mohit Kumar