Recent WordPress vulns and the Open Source Vuln DB

There’s been too many WordPress vulnerabilities for my liking.  Fortunately they seem to be quick to patch but software updates are always a pain. How long before everyone starts to adopt Chrome’s auto update feature?

Luckily, I’m a fan of the Open Source Vuln Database which makes staying on top of security updates that matter to you easy.  Using the OSVDB is as simple as creating an account and search alerts for any software you’re interested in.  Here’s what I recently received regarding WP:

Osama, new or updated vulnerabilities that match your search watch list have been foundSEARCH ID: 14

OSVDB_ID:  72173

Title: WordPress Arbitrary File Upload
Disclosure Date: Apr 26, 2011Description: WordPress fails to properly validate uploaded files, allowing a remote attacker to upload a .phtml file with an appended extension (such as .gif) to execute arbitrary PHP code.

SophosLabs Released Free Tool to Validate Microsoft Shortcut

I read this on the Internet Storm Center yesterdaySophos has released a tool that will provide detection against the Windows shortcut exploit announced last week (originally being used to exploit Siemens SCADA machines).  Be careful, this is a nasty vulnerability with a large scope — the entire Windows family of OS going back to NT as far I’m aware.  If you want to play with the vulnerability yourself it has to be added to Metasploit — thanks hd!

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.

Trend Officescan – Proof of concept

In April a Trend vulnerability was discovered.  The Trend real time scan service can be exploited by running a scan on a long directory name.  It’s surprising that this vulnerability was discovered and yet is still exploitable in the latest release of Trend — which I’ve confirmed today.  What’s neat is someone who only has user level privilege on a machine would be able to halt the Trend service and then potentially run some nasty code.

Here’s a VB project that will generate a long directory name and then attempt to run the scan: Trend POC (I’ve also compiled the source for those who don’t have VB — rename the .exe_ to .exe)

I’m running AVG Free on my Windows machine and happy with that.