NTP crypto-NAK DoS

ntpd is an implementation of Network Time Protocol which sets and maintains the system time of day synchronized with Internet standard time servers or any local references. Many major servers and devices come with inbuilt ntpd.

NTP works with different variants like client/server, symmetric, and broadcast. Symmetric mode is used for time synchronization between the servers with authentication. It operates with two modes active and passive. Active mode packets are used when connection is already set. If connection is not set, passive mode packets are used to set up short passive connection for authentication. If packet which fails to authenticate is received, it responds with crypto-NAK packet.

While processing incoming packets findpeer() function is called to see if packet is from existing peer. It returns pointer to peer structure or NULL depending upon whether peer is found or not. To check whether packet is crypto-NAK, valid_NAK() function is called. One of the parameters for the function is pointer from findpeer() function. Without checking the pointer for NULL, valid_NAK() tries to access keyid and flags field of peer structure. Which causes NULL pointer dereference.


Remote attacker can send undesired crypto-NAK packet to exploit this vulnerability which can lead to Denial of Service.

So, it is time to update your Security Devices to prevent from this attack if you didn't do so yet.

Source : Dell SonicWall Security Center

Have a good time.
(Be knowledgeable, pass it on then)

Unpatched, critical Flash vulnerability being exploited in the wild

Adobe Flash Player is vulnerable to a critical vulnerability. It is reported to be exploited in the wild. The following CVE identifier has been assigned to this vulenrability:

  CVE-2016-4171

This vulnerability affects Flash Player versions running on Windows, Macintosh, Linux as well as Chrome OS. It is reported that any successful exploitabtion could cause a crash and potentially allow an attacker to take control of the affected system. Although, Adobe reports that the vulnerability is exploited on a limited but targeted basis in the wild.

Adobe is aware of the this vulnerability and expected to release the patch as early as June 16. 

It's time to patch you security devices and Adobe as well if you are not done yet.

Source : SonicWall Security Center

Have a good time.
(Be knowledgeable, pass it on then)

Apache Struts Dynamic Method Invocation Remote Code Execution

A remote, unauthenticated vulnerability exists in Apache Struts. The vulnerability allows an attacker to execute arbitrary code on the server with the privileges of the user running the Java Web Container process (e.g. JBoss, Tomcat etc). CVE-2016-3081 is assigned to this vulnerability.
Apache Struts is a MVC (model-view-controller) franework for building Java applications. It uses Java Servlet APIs to expose ActionServlet controller. Any requests coming from a client are sent to the controller in the form of 'actions'. These actions are outlined as a map in a configuration file. Accordingly, the corresponding method is invoked. An interface called ActionMapper is used to provide mapping between the request and the corresponding action. The default implemtation maps to DefaultActionMapper class.
A remote code exection vulnerability exists in Apache Struts 2 framework due to lack of proper santization inside the constructor of DefaultActionMapper. It fails to properly validate the values provided by the attacker. This allows a remote attacker to craft a malicious request to cause the vulnerable server to execute arbitrary code.
The following verions of Apache Struts are vulnerable:
  • Apache Struts 2

So, it is time to update the signature files of your security devices if you haven't done yet.

Source : Dell SonicWall Security Center

Have a good time.
(Be knowledgeable, pass it on then)