SSD Advisory – Android Printing Man in the Middle Attack

Vulnerabilities Summary
Android 8.1 has introduced the new feature of a default printing service. This service, based on the very similar, freely available Mopria Alliance Print Service on the Google Play Store, suffers from a lack of validation which can lead to both man in the middle attacks and subsequent interception of print jobs, as well as an issue that results in potentially unsafe printing devices to be used without any sort of warning or confirmation.
Credit
An independent security researcher, Matt Parnell, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Affected systems
Android 8.1 Default Printing Service
Vendor Response
“The Android Security Team has conducted an initial severity assessment on this report. Based on our published severity assessment matrix (1) it was rated as not being a security vulnerability that would meet the severity bar for inclusion in an Android security bulletin. If you have additional information that you believe we should use to reassess this report, please let us know.
The Resolution Notes label has been set to NSBC (Not Security Bulletin Class) to reflect this assessment.”
(more…)

October 2, 2018 SecuriTeam Secure Disclosure 1 comment

SSD 安全公告-McAfee LiveSafe MiTM 注册表 修改导致远程执行命令漏洞

漏洞概要
以下安全公告描述了在 McAfee LiveSafe (MLS) 中存在的一个远程命令执行漏洞,该漏洞影响了McAfee LiveSafe(MLS)16.0.3 之前全部版本. 之前全部版本. 漏洞允许网络攻击者通过篡改 HTTP 后端响应, 进而修改与 McAfee 更新相关的 Windows 注册表值.
McAfee Security Scan Plus 是一个免费的诊断工具,通过主动地检查计算机中最新的防病毒软件、防火墙和网络安全软件更新,确保用户免受威胁,同时还会扫᧿正在运行程序中的威胁.
漏洞ᨀ交者
一家独立的安全研究公司 Silent Signal 向 Beyond Security 的 SSD 报告了该漏洞。
厂商响应
厂商已经发布针对该漏洞的补丁地址。获取更多信息: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714
CVE: CVE-2017-3898
(more…)

November 14, 2017 Chinese Translation, SecuriTeam Secure Disclosure 1 comment

SSD Advisory – McAfee LiveSafe MiTM Registry Modification leading to Remote Command Execution

Vulnerabilities Summary
The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe (MLS) versions prior to 16.0.3. The vulnerability allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.
Credit
An independent security research company, Silent Signal, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
The vendor has released patches to address this vulnerability.
For more information: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714
CVE: CVE-2017-3898
(more…)

September 7, 2017 SecuriTeam Secure Disclosure 1 comment

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Vulnerability Summary
The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user.
McAfee Security Scan Plus is a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus, firewall, and web security software. It also scans for threats in any open programs.
Credit
An independent security research company, Silent Signal, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
The vendor has released patches to address this vulnerability.
For more information: https://service.mcafee.com/webcenter/portal/cp/home/articleview?articleId=TS102714
CVE: CVE-2017-3897
(more…)

July 30, 2017 SecuriTeam Secure Disclosure 8 comments

SSD Advisory – Xiaomi Air Purifier 2 Firmware Update Process Vulnerability

Vulnerability Summary
The following advisory describes an Firmware Update Process Vulnerability found in Xiaomi Air Purifier 2.
Mi Air Purifier is a High performance smart air purifier (IoT) that can be controlled remotely.
According to the manufacture (Xiaomi) “Monitor your home air quality in real time from absolutely anywhere when you sync with the Mi Home app on your phone. Control Mi Air Purifier remotely and watch how air is being purified. The app even displays outside air quality and tells you when it’s safe to switch Mi off and open your windows.”
Xiaomi Air Purifier 2, version 1.2.4_59, does not use a secure connection for its firmware update process. The update process is in plain-text HTTP.
A potential attacker can exploit the firmware update process to:

  • Obtaining the firmware binary for analysis to conduct other attacks
  • Enables inject modified firmware

Credit
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
We reported the vulnerability to Xiaomi and they informed us that: “Because of Xiaomi Air Purifier initial design features,there is not enough storage is available to use HTTPS. So this will not be fixed for the time being but it will be fixed in the later versions.”

May 14, 2017 SecuriTeam Secure Disclosure Comments Off on SSD Advisory – Xiaomi Air Purifier 2 Firmware Update Process Vulnerability